Extracting prog: 59m33.875955657s
Minimizing prog: 2h17m20.461109158s
Simplifying prog options: 16m16.302764065s
Extracting C: 5m12.462755376s
Simplifying C: 0s


extracting reproducer from 52 programs
testing a last program of every proc
single: executing 12 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmsg$nl_route-socket$nl_route-socket$inet6_icmp_raw-ioctl$sock_SIOCGIFINDEX-syz_emit_ethernet-socket$inet_udplite-socket-socket$inet6_udp-socket$kcm-recvmsg-sendmsg$inet-socket-setsockopt$netlink_NETLINK_TX_RING-sendmsg$nl_route-sendmmsg$inet6-socket$phonet_pipe-recvfrom$phonet-getsockopt-sendmsg$NL80211_CMD_REQ_SET_REG-setsockopt$inet_pktinfo-bpf$PROG_LOAD_XDP-sendmsg$nl_route-socket$inet_icmp_raw-setsockopt$inet_int-sendto$inet
detailed listing:
executing program 0:
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYBLOB="00000000100000001c001a80"], 0x44}}, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
syz_emit_ethernet(0x46, &(0x7f00000000c0)={@local, @random="7f0a00034011", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x12, 0x0, 0x2802, {0x5, 0x2, 0x0, 0x0, 0x0, 0x64, 0x0, 0x0, 0x6c, 0x0, @loopback, @local}, '8\x00eX\x00\x00\x00\x00'}}}}}, 0x0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
r4 = socket(0x40000000015, 0x805, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
r6 = socket$kcm(0x10, 0x2, 0x0)
recvmsg(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000003600)=[{&(0x7f0000000140)=""/111, 0x6f}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f00000014c0)=""/4096, 0x1000}, {&(0x7f0000000000)=""/104, 0x68}, {&(0x7f00000001c0)=""/112, 0x70}, {&(0x7f0000003680)=""/4103, 0x1007}], 0x6}, 0x2002)
sendmsg$inet(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000fc0)="5c00000012006bab9a3fe3d86e17aa0a046b4877c4aaf68187bae53dca2ba35bda6a876c1d0048007ea608649e7524765f0ef82e3c0000a705259a3651f60a84c9f4d4938037e70e4509c5bb00000000e513aeac9bf2bee150d5fe86", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r7 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r7, 0x10e, 0xc, &(0x7f0000000040)={0x8604}, 0x10)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c0000001a0069ae00000000000000001c000000fe00000400e800"], 0x1c}}, 0x0)
sendmmsg$inet6(r5, &(0x7f0000005b80)=[{{&(0x7f0000000780)={0xa, 0x4e21, 0x4c4, @empty, 0x1c77}, 0x1c, 0x0, 0x0, &(0x7f0000001800)=[@dstopts_2292={{0x18, 0x29, 0x4, {0x73}}}, @dstopts_2292={{0x18, 0x29, 0x4, {0x5c}}}], 0x30}}], 0x1, 0x40000)
r8 = socket$phonet_pipe(0x23, 0x5, 0x2)
recvfrom$phonet(r8, 0x0, 0x0, 0x40010102, 0x0, 0x0)
getsockopt(r4, 0x114, 0x5, 0x0, &(0x7f00000000c0))
sendmsg$NL80211_CMD_REQ_SET_REG(r4, &(0x7f00000001c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000180)={&(0x7f0000001700)={0x2a4, 0x0, 0x400, 0x70bd2d, 0x25dfdbfd, {}, [@NL80211_ATTR_REG_RULES={0xc4, 0x22, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x8}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x4}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x40}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x2}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x80000000}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x5}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x4}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0xffff}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_ATTR_REG_RULE_FLAGS={0x8}, @NL80211_ATTR_REG_RULE_FLAGS={0x8}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x4}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x5}]}, {0x44, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x9e23}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x4}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x8}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x6d9f3a02}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x1}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0xfffffff9}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x8}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x5}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0xd}]}]}, @NL80211_ATTR_REG_RULES={0xd4, 0x22, 0x0, 0x1, [{0x2c, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x9}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x5}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0xfffffff9}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x80}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x8}]}, {0x4}, {0x4}, {0x34, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0xfc7}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x8}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x89}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x8}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x7}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x500}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x101}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x4}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x7}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x8}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x5}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x1000}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0xd7}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x9}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x4}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x7}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0xffff}]}]}, @NL80211_ATTR_REG_RULES={0xe4, 0x22, 0x0, 0x1, [{0x44, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x2}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x7}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0xd}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x9cb2}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x3}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x1}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x5}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x8001}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x5f023103}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x4}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0xa}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x80000001}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x6}]}, {0x2c, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x7}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x3}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x2f7}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x5}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x7}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x10001}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0xffff8688}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x73}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0xc}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_ATTR_DFS_CAC_TIME={0x8}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x8}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0xe}]}]}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}]}, 0x2a4}, 0x1, 0x0, 0x0, 0x40000}, 0x80)
setsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000080)={r2, @private=0xa010101, @empty}, 0xc)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x3, 0x4, &(0x7f00000016c0)=ANY=[@ANYBLOB="180000000000000000000000000000002000e0ff0000000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x1000, &(0x7f00000006c0)=""/4096, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000070000100000000000000000007000000", @ANYRES32=r1, @ANYBLOB="2c000180080001"], 0x44}}, 0x0)
r9 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_int(r9, 0x0, 0x3, &(0x7f0000000000)=0x6, 0x4)
sendto$inet(r9, &(0x7f0000000040)='\f\x00', 0xffeb, 0x0, &(0x7f0000000340), 0x10)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-bpf$BPF_GET_BTF_INFO-bpf$PROG_LOAD-setsockopt$netlink_NETLINK_TX_RING-socket$kcm-sendmsg$kcm-sendmsg$nl_route-socket$netlink-epoll_create1-socket$netlink-bpf$PROG_BIND_MAP-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_STOP_NAN-socket$nl_route-socket$nl_route-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-pipe-getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR-socket$packet-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$nl_route-socket$pppl2tp-ioctl$SIOCSIFMTU-socket-sendto-recvmmsg-sendmsg$nl_route-socket$nl_route-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000cc0)={0xffffffffffffffff, 0x20, &(0x7f0000000440)={&(0x7f0000000bc0)=""/216, 0xd8, <r1=>0x0, &(0x7f0000000640)=""/96, 0x60}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000001600)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x3}, 0x8, 0x10, 0x0, 0x0, r1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000d80)={0x1ff, 0x1000, 0xffffbfff, 0x3c}, 0x10)
r2 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000003c0)="89000000120081ae08060cdc030ec0007f03e3f7fffe000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120c000200040000000400446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="240000004a00010000000000000000000a"], 0x24}}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x2)
epoll_create1(0x0)
r4 = socket$netlink(0x10, 0x3, 0x8000000004)
bpf$PROG_BIND_MAP(0xa, 0x0, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000005c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_STOP_NAN(r3, &(0x7f0000000500)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000004c0)={&(0x7f0000000600)={0x14, r5, 0x300, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, ["", "", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x24000000}, 0x84)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f0000000040))
pipe(0x0)
getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(0xffffffffffffffff, 0x84, 0xc, &(0x7f0000000d00), &(0x7f0000000d40)=0x4)
socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000480))
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=@setlink={0x20, 0x13, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2a00}}, 0x20}}, 0x0)
r8 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r8, 0x8922, &(0x7f0000000080)={'dummy0\x00'})
r9 = socket(0x10, 0x803, 0x0)
sendto(r9, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r9, &(0x7f00000037c0)=[{{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f00000000c0)=""/100, 0x64}, {&(0x7f0000000380)=""/156, 0x9c}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000a00)=""/202, 0xca}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000540)=""/76, 0x4c}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f00000001c0)=""/17, 0x11}, {&(0x7f0000000300)=""/106, 0x6a}, {&(0x7f0000000880)=""/198, 0xc6}, {&(0x7f0000000780)=""/203, 0xcb}, {&(0x7f00000006c0)=""/122, 0x7a}], 0xc, 0x0, 0x0, 0xb00}, 0x40d60b70}], 0x4000000000002e6, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="4400000010000100000300"/20, @ANYRES32, @ANYBLOB="00000000000000001c0012800b00010067656e65766500000c00028008000200ac1414bb080004"], 0x44}, 0x1, 0x2}, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000e00)={&(0x7f0000000040)=ANY=[@ANYRES32, @ANYRES32=0x0, @ANYRES16=r10], 0x50}}, 0x4000000)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-socket$nl_netfilter-sendmsg$NFT_MSG_GETRULE-unshare-socket$packet-setsockopt$packet_int-setsockopt$packet_rx_ring-socket$inet6_sctp-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-bind$inet6-sendto$inet6-shutdown-bpf$PROG_LOAD-openat$tun-ioctl$TUNSETIFF-ioctl$SIOCSIFHWADDR-writev-ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL-close-setsockopt$IP6T_SO_SET_REPLACE-socket$netlink-socket$kcm-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-bpf$PROG_LOAD-setsockopt$sock_attach_bpf-socket$netlink
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETRULE(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000a80)={0x1a4, 0x19, 0xa, 0x5, 0x0, 0x0, {}, [@NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x1}, @NFTA_RULE_USERDATA={0x77, 0x7, 0x1, 0x0, "2117a3a0ca6bead4b2affca81cb36d623843a09caac7c60cc10db68f9bd1302e297a212d278947f6c5f84380ea54538713c854eca55bc10a4cbb5c3dc9bde47d5b40f3a48f7f76ed821b47bfbf5ce8d41300b68af5acb031c11fbbadd121be33fad0718050f676454bed7aee1101e5e42c1945"}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x2}, @NFTA_RULE_EXPRESSIONS={0xe4, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_MASQ_REG_PROTO_MAX={0x8}, @NFTA_MASQ_REG_PROTO_MAX={0x8, 0x3, 0x1, 0x0, 0x1}]}}}, {0x10, 0x1, 0x0, 0x1, @queue={{0xa}, @void}}, {0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_SREG={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0x15}]}}}, {0x64, 0x1, 0x0, 0x1, @hash={{0x9}, @val={0x54, 0x2, 0x0, 0x1, [@NFTA_HASH_MODULUS={0x8}, @NFTA_HASH_DREG={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_HASH_TYPE={0x8, 0x7, 0x1, 0x0, 0x1}, @NFTA_HASH_SEED={0x8, 0x5, 0x1, 0x0, 0x800}, @NFTA_HASH_SEED={0x8, 0x5, 0x1, 0x0, 0x5}, @NFTA_HASH_SREG={0x8, 0x1, 0x1, 0x0, 0xf}, @NFTA_HASH_SREG={0x8, 0x1, 0x1, 0x0, 0xb}, @NFTA_HASH_TYPE={0x8}, @NFTA_HASH_MODULUS={0x8, 0x4, 0x1, 0x0, 0x2}, @NFTA_HASH_SEED={0x8, 0x5, 0x1, 0x0, 0x400}]}}}, {0x10, 0x1, 0x0, 0x1, @range={{0xa}, @void}}, {0x14, 0x1, 0x0, 0x1, @byteorder={{0xe}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x4}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x4}]}, 0x1a4}}, 0x0)
unshare(0x62040200)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0xfffffffc, 0xff, 0x80000000}, 0x1c)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x30}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shutdown(r3, 0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
writev(r4, &(0x7f0000000480)=[{&(0x7f0000000a40)="2e9b3d0007e03dd65193dfb6c575963f86ddf06712e9232f2f8db0049d90491ceaebfd26d4eef23248000000f858dbb8a19052343f", 0x35}, {&(0x7f0000000180)="050000000e80006558", 0x9}, {&(0x7f0000000280)="4cdabfd01f55", 0x6}], 0x3)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, 0x0)
close(0xffffffffffffffff)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b0, 0x348, 0x18c, 0x203, 0x348, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x7fffffe, 0x0, {[{{@uncond, 0x300, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310)
socket$netlink(0x10, 0x3, 0x2)
r5 = socket$kcm(0x11, 0x200000000000002, 0x300)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x34, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x2}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x5c}}, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001540)=ANY=[@ANYBLOB], &(0x7f0000000300)='syzkaller\x00', 0xf, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x7, @void, @value}, 0x94)
setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f0000000000)=r7, 0x4)
socket$netlink(0x10, 0x3, 0x4)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): recvmsg-sendmsg$nl_route_sched-socket$netlink-socketpair$unix-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route_sched-socket$inet6_udp-socket$nl_route-sendmsg$nl_route-setsockopt$inet6_IPV6_XFRM_POLICY-sendmmsg-socket$igmp-clock_gettime-socket$inet_smc-getsockopt$IP_VS_SO_GET_SERVICES-socket$nl_route-ioctl$ifreq_SIOCGIFINDEX_team-socket$nl_route-sendmsg$nl_route_sched-sendmsg$nl_route-sendmsg$nl_route-syz_emit_ethernet-syz_init_net_socket$bt_sco-setsockopt$ax25_SO_BINDTODEVICE-socket$pppl2tp-ioctl$SIOCSIFMTU-ioctl$sock_netdev_private-clock_gettime-sendmsg$can_bcm-setsockopt$MRT_ADD_MFC_PROXY
detailed listing:
executing program 0:
recvmsg(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)=[{0x0}], 0x1}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=@delchain={0x24, 0x65, 0x8, 0x70bd26, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0xc, 0x6}, {0x0, 0xf}, {0xfff2, 0xfff1}}}, 0x24}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newqdisc={0x3c, 0x24, 0xd0f, 0x70bd27, 0x4000, {0x60, 0x0, 0x0, r2, {0x0, 0x8}, {0xffff, 0xffff}, {0xfff1, 0xc}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x3, 0x7ffffffb}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80d1}, 0x3000c81c)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @vti={{0x8}, {0x14, 0x2, 0x0, 0x1, [@vti_common_policy=[@IFLA_VTI_IKEY={0x8}, @IFLA_VTI_LINK={0x8}]]}}}]}, 0x40}}, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f00000002c0)={{{@in=@loopback, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x4e22, 0x4004, 0x4e21, 0x800, 0xa, 0x80, 0x80, 0x3e62f441d3188772}, {0x8, 0xead, 0x4, 0x6, 0x5, 0xae2, 0x6, 0x385}, {0x1081, 0xfffffffffffffffc, 0x2, 0x6}, 0xfffffffc, 0x6e6bbe, 0x0, 0x0, 0x3, 0x1}, {{@in=@multicast2, 0x4d2, 0xff}, 0xa, @in=@local, 0x0, 0x0, 0x3, 0x3, 0x5391c3b0, 0x4, 0x10001}}, 0xe8)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)
r5 = socket$igmp(0x2, 0x3, 0x2)
clock_gettime(0x0, &(0x7f00000000c0)={<r6=>0x0, <r7=>0x0})
r8 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_SERVICES(r8, 0x0, 0x482, &(0x7f0000000180)=""/78, &(0x7f0000000040)=0x4e)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r9, 0x8933, &(0x7f0000000100)={'team0\x00', <r10=>0x0})
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r11, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000014c0)=@newtaction={0x68, 0x30, 0xb, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x6, 0xff, 0x4, 0x6, 0x6}, 0x4, r10}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@dellink={0x20, 0x11, 0x101, 0x0, 0x0, {0x0, 0x0, 0x0, r10, 0x1}}, 0x20}, 0x1, 0x0, 0x0, 0x80d5}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=@ipv6_newnexthop={0x44, 0x68, 0x20, 0x70bd2a, 0x25dfdbfe, {0xa, 0x0, 0x2, 0x0, 0x10}, [@NHA_GROUP={0x24, 0x2, [{0x0, 0x19}, {0x1, 0x4}, {0x2, 0x6}, {0x2, 0x2}]}, @NHA_OIF={0x8, 0x5, r10}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000804}, 0x400084c)
syz_emit_ethernet(0x5e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd60122d9200283a904048ae0d644e3000f871e908d747fffe880000000000000000000000000001ff0200030000000000000000000000018900907800000000feffffff0000000000000001ff0000aafc"], 0x0)
r12 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@rose={'rose', 0x0}, 0x10)
r13 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r13, 0x8992, &(0x7f0000000040)={'gre0\x00', 0x400})
ioctl$sock_netdev_private(r12, 0x8914, &(0x7f0000000000))
clock_gettime(0x0, &(0x7f00000001c0)={<r14=>0x0, <r15=>0x0})
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000040)={0x1d, r2}, 0x10, &(0x7f0000000400)={&(0x7f00000004c0)=ANY=[@ANYBLOB="0200000e2009002107134bf361646cf0def38c271999f1b24e1aa55373d0e58eb538c5da2f4b4c735111e13f58e05fe3774d6af04f51a79b90eba4a63f13a5fb12f927b9ca42fd12553cad5f8fc1a2e84760349021ec9c6c502d33b3a3e8680c6d31d5b2f643b2cb0c30a32cdad0dc961c398b85fcbe9c76c1f97a5e65f63142919a125107d2606bfe89198c3b74eba7bf18392da162ffd63a314f6104b49b5d9089a8b116d4872aca6e93d1f001eb6738d70b0b6faa33c8943e2e45a42f9d04214ca48c4d04", @ANYRES64=r6, @ANYRES64=r7/1000+10000, @ANYRES64=r14, @ANYRES64=r15/1000+10000, @ANYBLOB="030000a0010000000200004020020000da9223b7125aef9f891ba6ced51ae80dfa3b769322e1e1db64df031277414d1b3cb6f7da2d7ee6d437ac1940a84a6bcd7ad4cca1657d3355348e2ed736ce5618"], 0x80}, 0x1, 0x0, 0x0, 0x800}, 0x0)
setsockopt$MRT_ADD_MFC_PROXY(r5, 0x0, 0xd2, &(0x7f0000000000)={@local, @private=0xa010100, 0xffffffffffffffff, "9d7f4b2b9475e1108ea379e3a483f3405f4b71202ecd32d71104001039e099a6", 0x0, 0x65c, 0x0, 0x1}, 0x3c)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nfc_llcp-bind$bt_hci-bpf$BPF_TASK_FD_QUERY-openat$cgroup_root-mkdirat$cgroup-close-bpf$PROG_LOAD-socket-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_hci-gettid-sendmsg$unix-socketpair$unix-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-openat$cgroup_ro-bpf$ITER_CREATE-bpf$PROG_LOAD-bpf$MAP_CREATE_CONST_STR-syz_emit_ethernet-bpf$PROG_LOAD-bpf$BPF_PROG_TEST_RUN-socket$nl_netfilter-sendmsg$IPCTNL_MSG_CT_GET-ioctl$sock_bt_hci-socket$nl_route-socket$inet6_udp-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route_sched-socketpair$unix
detailed listing:
executing program 0:
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000000)={0x27}, 0x74)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x1d, &(0x7f0000000000)='/proc/\x00et/\x00\x00t4/\x06\x00aK\fX\a0\x04\x00\x00\a\x00\xee'}, 0x30)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
mkdirat$cgroup(r1, &(0x7f0000000340)='syz1\x00', 0x1ff)
close(r0)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000ff0d0000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000bd000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x42)
r2 = socket(0x11, 0x800000003, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00'})
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x6)
r4 = gettid()
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@cred={{0x1c, 0x1, 0x2, {r4, 0x0, 0xee01}}}], 0x20}, 0x40000)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000340), 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001340)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @random="50a245d5cde0", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @broadcast}, @timestamp_reply={0x12}}}}}, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x16, 0x10, &(0x7f0000000780)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8de00000100b7080000000000007b8af0ff00000000db3fbfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7020000080000001823000074ac3a45fc92e6e570ecf9b9551a7b24f3199cac4ae37aab25005a34b4741ff0bffaeb53fb601218818f", @ANYBLOB="5c0ac911fa66a41064958cf26692ffe5a092df2fb8645cb449dda7b928b8bc8e14aafb276a316d9ab14e2ec33a4bdc34a92ba4b47b179551c48e54b562a288deabb2d07ab08c144c557b1fbe27ca458c237121263673cdd481fdfa6e93069e992d775b16e7d87e5740e24227b2a7", @ANYRESDEC=r5], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r6, 0x0, 0xe, 0x0, &(0x7f0000000040)="4e3f261e29a7fa764a1131a77b8a", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000000153610200000000000000005700000008001a4000400028"], 0x1c}}, 0x0)
ioctl$sock_bt_hci(r3, 0x800448d2, &(0x7f0000000040))
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000c80)={'lo\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4}}]}, 0x30}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nfc_llcp-bind$bt_hci-bpf$BPF_TASK_FD_QUERY-openat$cgroup_root-mkdirat$cgroup-close-bpf$PROG_LOAD-socket-ioctl$sock_SIOCGIFINDEX-syz_init_net_socket$bt_hci-gettid-sendmsg$unix-socketpair$unix-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-openat$cgroup_ro-bpf$ITER_CREATE-bpf$PROG_LOAD-bpf$MAP_CREATE_CONST_STR-syz_emit_ethernet-bpf$PROG_LOAD-bpf$BPF_PROG_TEST_RUN-socket$nl_netfilter-sendmsg$IPCTNL_MSG_CT_GET-ioctl$sock_bt_hci-socket$nl_route-socket$inet6_udp-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route_sched-socketpair$unix
detailed listing:
executing program 0:
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000000)={0x27}, 0x74)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x1d, &(0x7f0000000000)='/proc/\x00et/\x00\x00t4/\x06\x00aK\fX\a0\x04\x00\x00\a\x00\xee'}, 0x30)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
mkdirat$cgroup(r1, &(0x7f0000000340)='syz1\x00', 0x1ff)
close(r0)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000ff0d0000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000bd000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x42)
r2 = socket(0x11, 0x800000003, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00'})
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x6)
r4 = gettid()
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@cred={{0x1c, 0x1, 0x2, {r4, 0x0, 0xee01}}}], 0x20}, 0x40000)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000340), 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001340)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @random="50a245d5cde0", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @broadcast}, @timestamp_reply={0x12}}}}}, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x16, 0x10, &(0x7f0000000780)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8de00000100b7080000000000007b8af0ff00000000db3fbfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7020000080000001823000074ac3a45fc92e6e570ecf9b9551a7b24f3199cac4ae37aab25005a34b4741ff0bffaeb53fb601218818f", @ANYBLOB="5c0ac911fa66a41064958cf26692ffe5a092df2fb8645cb449dda7b928b8bc8e14aafb276a316d9ab14e2ec33a4bdc34a92ba4b47b179551c48e54b562a288deabb2d07ab08c144c557b1fbe27ca458c237121263673cdd481fdfa6e93069e992d775b16e7d87e5740e24227b2a7", @ANYRESDEC=r5], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r6, 0x0, 0xe, 0x0, &(0x7f0000000040)="4e3f261e29a7fa764a1131a77b8a", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000000153610200000000000000005700000008001a4000400028"], 0x1c}}, 0x0)
ioctl$sock_bt_hci(r3, 0x800448d2, &(0x7f0000000040))
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000c80)={'lo\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4}}]}, 0x30}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-socket$nl_generic-socket$netlink-ioctl$sock_SIOCGIFINDEX_80211-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-socket$inet_dccp-ioctl$sock_SIOCETHTOOL-bpf$PROG_LOAD-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-syz_init_net_socket$bt_hci-bind$bt_hci-socket$xdp-getsockopt$XDP_STATISTICS-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPGETCONNINFO-write$bt_hci-socket$nl_generic-accept4$netrom-syz_genetlink_get_family_id$nl80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-sendmsg$NL80211_CMD_DEL_INTERFACE-sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000580)={'wlan1\x00', <r3=>0x0})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x4, &(0x7f0000000000)=@framed={{}, [@alu={0x7, 0x0, 0x9, 0x0, 0x0, 0x1, 0xfffffffffffffff0}]}, &(0x7f00000000c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = socket$inet_dccp(0x2, 0x6, 0x0)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000440)={'bond0\x00', &(0x7f0000000240)=@ethtool_link_settings={0x4d, 0x9, 0x98, 0x0, 0x0, 0x3f, 0x81, 0x0, 0x29, 0x1, [0x0, 0x0, 0x0, 0x7fffffff, 0x3, 0x3, 0x3, 0x80]}})
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x13, 0x4, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x18, 0x63, 0xa, 0x2}, [@call]}, &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffd0c, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x23)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r5}, 0x10)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r7, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
r8 = socket$xdp(0x2c, 0x3, 0x0)
getsockopt$XDP_STATISTICS(r8, 0x11b, 0x7, &(0x7f0000000040), &(0x7f0000001100)=0x30)
r9 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPGETCONNINFO(r9, 0x800448d3, &(0x7f0000000440)={@any, 0x9, 0x8, 0x7, 0x1, 0xd9f6, "9008a2388a4fd9db334d35c2b30077c901617ff0b6b4fee278f9e99085eca4ad317b59d43e5fbbfd9f7d815b35687f0306d79270ce3a53c42c51cd0f2da3afb586936972c4286914ab0bb5f360b930ab9cdbd03f5c0720a10895e13832c817753afa726a39448cc03be7357f2dc1612bf8d62baa43235c294f48204fbddcf667"})
write$bt_hci(r7, &(0x7f0000000280)=ANY=[@ANYBLOB="0e000100020075", @ANYRES8=r0, @ANYRES32=0x0, @ANYRES8=r8, @ANYRESOCT=r7, @ANYRES16=r6, @ANYRES32=r0], 0x8)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
accept4$netrom(0xffffffffffffffff, &(0x7f0000000340)={{0x3, @netrom}, [@rose, @rose, @null, @remote, @netrom, @default, @rose, @rose]}, &(0x7f00000003c0)=0x48, 0x800)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_INTERFACE(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$ \x00\x00', @ANYRES16=r11, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=0x0, @ANYBLOB="0800050002000000"], 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x34, r11, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5cd, 0x22}}}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x34}}, 0x0)
sendmsg$NL80211_CMD_DEL_INTERFACE(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={0x1c, r11, 0x201, 0x70bd25, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x700}, 0x40040)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x48, 0x3, 0x8, 0x101, 0x0, 0x0, {}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}, @CTA_TIMEOUT_DATA={0x24, 0x4, 0x0, 0x1, @sctp=[@CTA_TIMEOUT_SCTP_HEARTBEAT_SENT={0x8}, @CTA_TIMEOUT_SCTP_CLOSED={0x8}, @CTA_TIMEOUT_SCTP_SHUTDOWN_SENT={0x8}, @CTA_TIMEOUT_SCTP_ESTABLISHED={0x8}]}, @CTA_TIMEOUT_L3PROTO={0x6}]}, 0x48}}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-socket$nl_generic-socket$netlink-ioctl$sock_SIOCGIFINDEX_80211-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-socket$inet_dccp-ioctl$sock_SIOCETHTOOL-bpf$PROG_LOAD-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-syz_init_net_socket$bt_hci-bind$bt_hci-socket$xdp-getsockopt$XDP_STATISTICS-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPGETCONNINFO-write$bt_hci-socket$nl_generic-accept4$netrom-syz_genetlink_get_family_id$nl80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-sendmsg$NL80211_CMD_DEL_INTERFACE-sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000580)={'wlan1\x00', <r3=>0x0})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x4, &(0x7f0000000000)=@framed={{}, [@alu={0x7, 0x0, 0x9, 0x0, 0x0, 0x1, 0xfffffffffffffff0}]}, &(0x7f00000000c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = socket$inet_dccp(0x2, 0x6, 0x0)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000440)={'bond0\x00', &(0x7f0000000240)=@ethtool_link_settings={0x4d, 0x9, 0x98, 0x0, 0x0, 0x3f, 0x81, 0x0, 0x29, 0x1, [0x0, 0x0, 0x0, 0x7fffffff, 0x3, 0x3, 0x3, 0x80]}})
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x13, 0x4, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x18, 0x63, 0xa, 0x2}, [@call]}, &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffd0c, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x23)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r5}, 0x10)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r7, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
r8 = socket$xdp(0x2c, 0x3, 0x0)
getsockopt$XDP_STATISTICS(r8, 0x11b, 0x7, &(0x7f0000000040), &(0x7f0000001100)=0x30)
r9 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPGETCONNINFO(r9, 0x800448d3, &(0x7f0000000440)={@any, 0x9, 0x8, 0x7, 0x1, 0xd9f6, "9008a2388a4fd9db334d35c2b30077c901617ff0b6b4fee278f9e99085eca4ad317b59d43e5fbbfd9f7d815b35687f0306d79270ce3a53c42c51cd0f2da3afb586936972c4286914ab0bb5f360b930ab9cdbd03f5c0720a10895e13832c817753afa726a39448cc03be7357f2dc1612bf8d62baa43235c294f48204fbddcf667"})
write$bt_hci(r7, &(0x7f0000000280)=ANY=[@ANYBLOB="0e000100020075", @ANYRES8=r0, @ANYRES32=0x0, @ANYRES8=r8, @ANYRESOCT=r7, @ANYRES16=r6, @ANYRES32=r0], 0x8)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
accept4$netrom(0xffffffffffffffff, &(0x7f0000000340)={{0x3, @netrom}, [@rose, @rose, @null, @remote, @netrom, @default, @rose, @rose]}, &(0x7f00000003c0)=0x48, 0x800)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_INTERFACE(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$ \x00\x00', @ANYRES16=r11, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=0x0, @ANYBLOB="0800050002000000"], 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x34, r11, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5cd, 0x22}}}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x34}}, 0x0)
sendmsg$NL80211_CMD_DEL_INTERFACE(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={0x1c, r11, 0x201, 0x70bd25, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x700}, 0x40040)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x48, 0x3, 0x8, 0x101, 0x0, 0x0, {}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}, @CTA_TIMEOUT_DATA={0x24, 0x4, 0x0, 0x1, @sctp=[@CTA_TIMEOUT_SCTP_HEARTBEAT_SENT={0x8}, @CTA_TIMEOUT_SCTP_CLOSED={0x8}, @CTA_TIMEOUT_SCTP_SHUTDOWN_SENT={0x8}, @CTA_TIMEOUT_SCTP_ESTABLISHED={0x8}]}, @CTA_TIMEOUT_L3PROTO={0x6}]}, 0x48}}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-setsockopt$inet6_buf-connect$inet6-ioctl$F2FS_IOC_DEFRAGMENT-mmap-socket$inet_smc-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNDEL-getsockopt$ARPT_SO_GET_REVISION_TARGET
detailed listing:
executing program 0:
r0 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000e86000)="0022040000ffffebfffffffeffffff0700000000ff000207835eeb1317b208feefaf234b4ff8b4cc4c39bdc8451792b903f4b7d8c8cf2153622652328c19ef68234f905557c4070000008735e9ab2f77c62e0a5cdd2cf9984c070400000000000003ff23353d8b2fc6a3ae1ebfcb49004a3ccd3560ae01010000079c60ed7449b842f3e253be8a62b37f820fe75a9ea937ea4efbfb9b4a128f2dbe2837496d00ad7765abaac2ec0f91c88a1ea1ff6ee308c72febedcf00798d41991ac25bb6fce2220c25ea380c7e112ab358c3a6bd8a59c100000001b4e82cb03419544a3988bc226a85abe6eb60cd7cf8d103d38c31c7c86d16c4d86cbe4ab190c092d077ce70590fbbd4f8bf4d6ab1cea6dbe9d4a54c17aac0db6e3845", 0x118)
connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0xd5, @local, 0x5}, 0x1c)
ioctl$F2FS_IOC_DEFRAGMENT(r0, 0xc010f508, &(0x7f0000000040)={0x7, 0x7})
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r3 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r3, 0x400448c8, &(0x7f0000000280)={r2, r2, 0xc, 0x7, &(0x7f0000000340)="9ccf7041e63e3d", 0x9, 0xfd, 0x458, 0x3, 0x9, 0x1, 0x7, 'syz0\x00'})
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNDEL(r4, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}})
getsockopt$ARPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x63, &(0x7f0000001c40)={'IDLETIMER\x00'}, &(0x7f0000004580)=0x1e)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-syz_genetlink_get_family_id$nl80211-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet_tcp-socketpair$unix-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-getsockopt$inet_sctp6_SCTP_MAX_BURST-socket$inet6_sctp-socket$nl_rdma-syz_open_procfs$namespace-ioctl$TUNGETDEVNETNS-openat$cgroup_ro-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-sendmsg$RDMA_NLDEV_CMD_SET-syz_genetlink_get_family_id$tipc-socket$nl_generic-sendmsg$TIPC_CMD_ENABLE_BEARER-sendmsg$IPCTNL_MSG_EXP_DELETE-sendmsg$NFT_BATCH-mmap-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNDEL-syz_emit_ethernet-socket$nl_netfilter-sendmsg$IPCTNL_MSG_CT_NEW-socket$nl_netfilter
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000e00))
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f00000002c0))
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
r1 = syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/cgroup\x00')
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x2c, 0x1402, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}]}, 0x2c}}, 0x0)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, 0x2, 0x2, 0x201, 0x0, 0x0, {}, [@CTA_EXPECT_HELP_NAME={0x5, 0x6, '\x00'}]}, 0x1c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000ae5000/0x1000)=nil, 0x1000, 0xd, 0x11, 0xffffffffffffffff, 0x1000)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000280)={r3, r3, 0xc, 0xfffffffffffffe42, &(0x7f0000000340)="9ccf7041e63e3d", 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})
r5 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNDEL(r5, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}})
syz_emit_ethernet(0x82, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbbbbbbbbaa0000aaaabb88a810008100000086dd60fc104600442f00fc000000000000000000000000000000ff020000000000000000000000000001242081000000000000000800000086dd080088be86dd"], 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="8800000001010104000000000000000002000000240001801400018008000100ac1e000108000200e00000010c0002"], 0x88}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

program crashed: INFO: task hung in hidp_session_remove
single: successfully extracted reproducer
found reproducer with 30 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-syz_genetlink_get_family_id$nl80211-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet_tcp-socketpair$unix-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-getsockopt$inet_sctp6_SCTP_MAX_BURST-socket$inet6_sctp-socket$nl_rdma-syz_open_procfs$namespace-ioctl$TUNGETDEVNETNS-openat$cgroup_ro-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-sendmsg$RDMA_NLDEV_CMD_SET-syz_genetlink_get_family_id$tipc-socket$nl_generic-sendmsg$TIPC_CMD_ENABLE_BEARER-sendmsg$IPCTNL_MSG_EXP_DELETE-sendmsg$NFT_BATCH-mmap-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNDEL-syz_emit_ethernet-socket$nl_netfilter-sendmsg$IPCTNL_MSG_CT_NEW
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000e00))
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f00000002c0))
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
r1 = syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/cgroup\x00')
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x2c, 0x1402, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}]}, 0x2c}}, 0x0)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, 0x2, 0x2, 0x201, 0x0, 0x0, {}, [@CTA_EXPECT_HELP_NAME={0x5, 0x6, '\x00'}]}, 0x1c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000ae5000/0x1000)=nil, 0x1000, 0xd, 0x11, 0xffffffffffffffff, 0x1000)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000280)={r3, r3, 0xc, 0xfffffffffffffe42, &(0x7f0000000340)="9ccf7041e63e3d", 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})
r5 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNDEL(r5, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}})
syz_emit_ethernet(0x82, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbbbbbbbbaa0000aaaabb88a810008100000086dd60fc104600442f00fc000000000000000000000000000000ff020000000000000000000000000001242081000000000000000800000086dd080088be86dd"], 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="8800000001010104000000000000000002000000240001801400018008000100ac1e000108000200e00000010c0002"], 0x88}}, 0x0)

program crashed: INFO: task hung in uevent_show
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-syz_genetlink_get_family_id$nl80211-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet_tcp-socketpair$unix-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-getsockopt$inet_sctp6_SCTP_MAX_BURST-socket$inet6_sctp-socket$nl_rdma-syz_open_procfs$namespace-ioctl$TUNGETDEVNETNS-openat$cgroup_ro-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-sendmsg$RDMA_NLDEV_CMD_SET-syz_genetlink_get_family_id$tipc-socket$nl_generic-sendmsg$TIPC_CMD_ENABLE_BEARER-sendmsg$IPCTNL_MSG_EXP_DELETE-sendmsg$NFT_BATCH-mmap-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNDEL-syz_emit_ethernet-socket$nl_netfilter
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000e00))
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f00000002c0))
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
r1 = syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/cgroup\x00')
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x2c, 0x1402, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}]}, 0x2c}}, 0x0)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, 0x2, 0x2, 0x201, 0x0, 0x0, {}, [@CTA_EXPECT_HELP_NAME={0x5, 0x6, '\x00'}]}, 0x1c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000ae5000/0x1000)=nil, 0x1000, 0xd, 0x11, 0xffffffffffffffff, 0x1000)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000280)={r3, r3, 0xc, 0xfffffffffffffe42, &(0x7f0000000340)="9ccf7041e63e3d", 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})
r5 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNDEL(r5, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}})
syz_emit_ethernet(0x82, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbbbbbbbbaa0000aaaabb88a810008100000086dd60fc104600442f00fc000000000000000000000000000000ff020000000000000000000000000001242081000000000000000800000086dd080088be86dd"], 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

program crashed: INFO: task hung in uevent_show
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-syz_genetlink_get_family_id$nl80211-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet_tcp-socketpair$unix-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-getsockopt$inet_sctp6_SCTP_MAX_BURST-socket$inet6_sctp-socket$nl_rdma-syz_open_procfs$namespace-ioctl$TUNGETDEVNETNS-openat$cgroup_ro-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-sendmsg$RDMA_NLDEV_CMD_SET-syz_genetlink_get_family_id$tipc-socket$nl_generic-sendmsg$TIPC_CMD_ENABLE_BEARER-sendmsg$IPCTNL_MSG_EXP_DELETE-sendmsg$NFT_BATCH-mmap-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNDEL-syz_emit_ethernet
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000e00))
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f00000002c0))
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
r1 = syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/cgroup\x00')
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x2c, 0x1402, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}]}, 0x2c}}, 0x0)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, 0x2, 0x2, 0x201, 0x0, 0x0, {}, [@CTA_EXPECT_HELP_NAME={0x5, 0x6, '\x00'}]}, 0x1c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000ae5000/0x1000)=nil, 0x1000, 0xd, 0x11, 0xffffffffffffffff, 0x1000)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000280)={r3, r3, 0xc, 0xfffffffffffffe42, &(0x7f0000000340)="9ccf7041e63e3d", 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})
r5 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNDEL(r5, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}})
syz_emit_ethernet(0x82, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbbbbbbbbaa0000aaaabb88a810008100000086dd60fc104600442f00fc000000000000000000000000000000ff020000000000000000000000000001242081000000000000000800000086dd080088be86dd"], 0x0)

program crashed: INFO: task hung in hidp_session_remove
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-syz_genetlink_get_family_id$nl80211-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet_tcp-socketpair$unix-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-getsockopt$inet_sctp6_SCTP_MAX_BURST-socket$inet6_sctp-socket$nl_rdma-syz_open_procfs$namespace-ioctl$TUNGETDEVNETNS-openat$cgroup_ro-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-sendmsg$RDMA_NLDEV_CMD_SET-syz_genetlink_get_family_id$tipc-socket$nl_generic-sendmsg$TIPC_CMD_ENABLE_BEARER-sendmsg$IPCTNL_MSG_EXP_DELETE-sendmsg$NFT_BATCH-mmap-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNDEL
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000e00))
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f00000002c0))
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
r1 = syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/cgroup\x00')
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x2c, 0x1402, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}]}, 0x2c}}, 0x0)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, 0x2, 0x2, 0x201, 0x0, 0x0, {}, [@CTA_EXPECT_HELP_NAME={0x5, 0x6, '\x00'}]}, 0x1c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000ae5000/0x1000)=nil, 0x1000, 0xd, 0x11, 0xffffffffffffffff, 0x1000)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000280)={r3, r3, 0xc, 0xfffffffffffffe42, &(0x7f0000000340)="9ccf7041e63e3d", 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})
r5 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNDEL(r5, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}})

program crashed: INFO: task hung in uevent_show
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-syz_genetlink_get_family_id$nl80211-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet_tcp-socketpair$unix-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-getsockopt$inet_sctp6_SCTP_MAX_BURST-socket$inet6_sctp-socket$nl_rdma-syz_open_procfs$namespace-ioctl$TUNGETDEVNETNS-openat$cgroup_ro-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-sendmsg$RDMA_NLDEV_CMD_SET-syz_genetlink_get_family_id$tipc-socket$nl_generic-sendmsg$TIPC_CMD_ENABLE_BEARER-sendmsg$IPCTNL_MSG_EXP_DELETE-sendmsg$NFT_BATCH-mmap-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD-syz_init_net_socket$bt_hidp
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000e00))
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f00000002c0))
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
r1 = syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/cgroup\x00')
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x2c, 0x1402, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}]}, 0x2c}}, 0x0)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, 0x2, 0x2, 0x201, 0x0, 0x0, {}, [@CTA_EXPECT_HELP_NAME={0x5, 0x6, '\x00'}]}, 0x1c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000ae5000/0x1000)=nil, 0x1000, 0xd, 0x11, 0xffffffffffffffff, 0x1000)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000280)={r3, r3, 0xc, 0xfffffffffffffe42, &(0x7f0000000340)="9ccf7041e63e3d", 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)

program crashed: INFO: task hung in hidp_session_remove
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-syz_genetlink_get_family_id$nl80211-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet_tcp-socketpair$unix-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-getsockopt$inet_sctp6_SCTP_MAX_BURST-socket$inet6_sctp-socket$nl_rdma-syz_open_procfs$namespace-ioctl$TUNGETDEVNETNS-openat$cgroup_ro-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-sendmsg$RDMA_NLDEV_CMD_SET-syz_genetlink_get_family_id$tipc-socket$nl_generic-sendmsg$TIPC_CMD_ENABLE_BEARER-sendmsg$IPCTNL_MSG_EXP_DELETE-sendmsg$NFT_BATCH-mmap-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000e00))
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f00000002c0))
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
r1 = syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/cgroup\x00')
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x2c, 0x1402, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}]}, 0x2c}}, 0x0)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, 0x2, 0x2, 0x201, 0x0, 0x0, {}, [@CTA_EXPECT_HELP_NAME={0x5, 0x6, '\x00'}]}, 0x1c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000ae5000/0x1000)=nil, 0x1000, 0xd, 0x11, 0xffffffffffffffff, 0x1000)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000280)={r3, r3, 0xc, 0xfffffffffffffe42, &(0x7f0000000340)="9ccf7041e63e3d", 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})

program crashed: INFO: task hung in uevent_show
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-syz_genetlink_get_family_id$nl80211-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet_tcp-socketpair$unix-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-getsockopt$inet_sctp6_SCTP_MAX_BURST-socket$inet6_sctp-socket$nl_rdma-syz_open_procfs$namespace-ioctl$TUNGETDEVNETNS-openat$cgroup_ro-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-sendmsg$RDMA_NLDEV_CMD_SET-syz_genetlink_get_family_id$tipc-socket$nl_generic-sendmsg$TIPC_CMD_ENABLE_BEARER-sendmsg$IPCTNL_MSG_EXP_DELETE-sendmsg$NFT_BATCH-mmap-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000e00))
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f00000002c0))
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
r1 = syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/cgroup\x00')
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x2c, 0x1402, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}]}, 0x2c}}, 0x0)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, 0x2, 0x2, 0x201, 0x0, 0x0, {}, [@CTA_EXPECT_HELP_NAME={0x5, 0x6, '\x00'}]}, 0x1c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000ae5000/0x1000)=nil, 0x1000, 0xd, 0x11, 0xffffffffffffffff, 0x1000)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-syz_genetlink_get_family_id$nl80211-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet_tcp-socketpair$unix-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-getsockopt$inet_sctp6_SCTP_MAX_BURST-socket$inet6_sctp-socket$nl_rdma-syz_open_procfs$namespace-ioctl$TUNGETDEVNETNS-openat$cgroup_ro-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-sendmsg$RDMA_NLDEV_CMD_SET-syz_genetlink_get_family_id$tipc-socket$nl_generic-sendmsg$TIPC_CMD_ENABLE_BEARER-sendmsg$IPCTNL_MSG_EXP_DELETE-sendmsg$NFT_BATCH-mmap-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000e00))
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f00000002c0))
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
r1 = syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/cgroup\x00')
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x2c, 0x1402, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}]}, 0x2c}}, 0x0)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, 0x2, 0x2, 0x201, 0x0, 0x0, {}, [@CTA_EXPECT_HELP_NAME={0x5, 0x6, '\x00'}]}, 0x1c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000ae5000/0x1000)=nil, 0x1000, 0xd, 0x11, 0xffffffffffffffff, 0x1000)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, &(0x7f0000000280)={r3, r3, 0xc, 0xfffffffffffffe42, &(0x7f0000000340)="9ccf7041e63e3d", 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-syz_genetlink_get_family_id$nl80211-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet_tcp-socketpair$unix-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-getsockopt$inet_sctp6_SCTP_MAX_BURST-socket$inet6_sctp-socket$nl_rdma-syz_open_procfs$namespace-ioctl$TUNGETDEVNETNS-openat$cgroup_ro-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-sendmsg$RDMA_NLDEV_CMD_SET-syz_genetlink_get_family_id$tipc-socket$nl_generic-sendmsg$TIPC_CMD_ENABLE_BEARER-sendmsg$IPCTNL_MSG_EXP_DELETE-sendmsg$NFT_BATCH-mmap-syz_init_net_socket$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000e00))
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f00000002c0))
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
r1 = syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/cgroup\x00')
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x2c, 0x1402, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}]}, 0x2c}}, 0x0)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, 0x2, 0x2, 0x201, 0x0, 0x0, {}, [@CTA_EXPECT_HELP_NAME={0x5, 0x6, '\x00'}]}, 0x1c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000ae5000/0x1000)=nil, 0x1000, 0xd, 0x11, 0xffffffffffffffff, 0x1000)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000280)={r3, r3, 0xc, 0xfffffffffffffe42, &(0x7f0000000340)="9ccf7041e63e3d", 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-syz_genetlink_get_family_id$nl80211-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet_tcp-socketpair$unix-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-getsockopt$inet_sctp6_SCTP_MAX_BURST-socket$inet6_sctp-socket$nl_rdma-syz_open_procfs$namespace-ioctl$TUNGETDEVNETNS-openat$cgroup_ro-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-sendmsg$RDMA_NLDEV_CMD_SET-syz_genetlink_get_family_id$tipc-socket$nl_generic-sendmsg$TIPC_CMD_ENABLE_BEARER-sendmsg$IPCTNL_MSG_EXP_DELETE-sendmsg$NFT_BATCH-mmap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000e00))
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f00000002c0))
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
r1 = syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/cgroup\x00')
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x2c, 0x1402, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}]}, 0x2c}}, 0x0)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, 0x2, 0x2, 0x201, 0x0, 0x0, {}, [@CTA_EXPECT_HELP_NAME={0x5, 0x6, '\x00'}]}, 0x1c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000ae5000/0x1000)=nil, 0x1000, 0xd, 0x11, 0xffffffffffffffff, 0x1000)
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r3 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r3, 0x400448c8, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff, 0xc, 0xfffffffffffffe42, &(0x7f0000000340)="9ccf7041e63e3d", 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-syz_genetlink_get_family_id$nl80211-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet_tcp-socketpair$unix-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-getsockopt$inet_sctp6_SCTP_MAX_BURST-socket$inet6_sctp-socket$nl_rdma-syz_open_procfs$namespace-ioctl$TUNGETDEVNETNS-openat$cgroup_ro-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-sendmsg$RDMA_NLDEV_CMD_SET-syz_genetlink_get_family_id$tipc-socket$nl_generic-sendmsg$TIPC_CMD_ENABLE_BEARER-sendmsg$IPCTNL_MSG_EXP_DELETE-sendmsg$NFT_BATCH-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000e00))
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f00000002c0))
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
r1 = syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/cgroup\x00')
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x2c, 0x1402, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}]}, 0x2c}}, 0x0)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, 0x2, 0x2, 0x201, 0x0, 0x0, {}, [@CTA_EXPECT_HELP_NAME={0x5, 0x6, '\x00'}]}, 0x1c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000280)={r3, r3, 0xc, 0xfffffffffffffe42, &(0x7f0000000340)="9ccf7041e63e3d", 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})

program crashed: INFO: task hung in uevent_show
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-syz_genetlink_get_family_id$nl80211-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet_tcp-socketpair$unix-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-getsockopt$inet_sctp6_SCTP_MAX_BURST-socket$inet6_sctp-socket$nl_rdma-syz_open_procfs$namespace-ioctl$TUNGETDEVNETNS-openat$cgroup_ro-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-sendmsg$RDMA_NLDEV_CMD_SET-syz_genetlink_get_family_id$tipc-socket$nl_generic-sendmsg$TIPC_CMD_ENABLE_BEARER-sendmsg$IPCTNL_MSG_EXP_DELETE-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000e00))
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f00000002c0))
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
r1 = syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/cgroup\x00')
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x2c, 0x1402, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}]}, 0x2c}}, 0x0)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, 0x2, 0x2, 0x201, 0x0, 0x0, {}, [@CTA_EXPECT_HELP_NAME={0x5, 0x6, '\x00'}]}, 0x1c}}, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000280)={r3, r3, 0xc, 0xfffffffffffffe42, &(0x7f0000000340)="9ccf7041e63e3d", 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})

program crashed: lost connection to test machine
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-syz_genetlink_get_family_id$nl80211-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet_tcp-socketpair$unix-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-getsockopt$inet_sctp6_SCTP_MAX_BURST-socket$inet6_sctp-socket$nl_rdma-syz_open_procfs$namespace-ioctl$TUNGETDEVNETNS-openat$cgroup_ro-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-sendmsg$RDMA_NLDEV_CMD_SET-syz_genetlink_get_family_id$tipc-socket$nl_generic-sendmsg$TIPC_CMD_ENABLE_BEARER-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000e00))
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f00000002c0))
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
r1 = syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/cgroup\x00')
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x2c, 0x1402, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}]}, 0x2c}}, 0x0)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000280)={r3, r3, 0xc, 0xfffffffffffffe42, &(0x7f0000000340)="9ccf7041e63e3d", 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})

program crashed: INFO: task hung in uevent_show
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-syz_genetlink_get_family_id$nl80211-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet_tcp-socketpair$unix-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-getsockopt$inet_sctp6_SCTP_MAX_BURST-socket$inet6_sctp-socket$nl_rdma-syz_open_procfs$namespace-ioctl$TUNGETDEVNETNS-openat$cgroup_ro-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-sendmsg$RDMA_NLDEV_CMD_SET-syz_genetlink_get_family_id$tipc-socket$nl_generic-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000e00))
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f00000002c0))
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
r1 = syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/cgroup\x00')
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x2c, 0x1402, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}]}, 0x2c}}, 0x0)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r3 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r3, 0x400448c8, &(0x7f0000000280)={r2, r2, 0xc, 0xfffffffffffffe42, &(0x7f0000000340)="9ccf7041e63e3d", 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})

program crashed: INFO: task hung in uevent_show
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-syz_genetlink_get_family_id$nl80211-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet_tcp-socketpair$unix-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-getsockopt$inet_sctp6_SCTP_MAX_BURST-socket$inet6_sctp-socket$nl_rdma-syz_open_procfs$namespace-ioctl$TUNGETDEVNETNS-openat$cgroup_ro-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-sendmsg$RDMA_NLDEV_CMD_SET-syz_genetlink_get_family_id$tipc-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000e00))
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f00000002c0))
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
r1 = syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/cgroup\x00')
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x2c, 0x1402, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}]}, 0x2c}}, 0x0)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r3 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r3, 0x400448c8, &(0x7f0000000280)={r2, r2, 0xc, 0xfffffffffffffe42, &(0x7f0000000340)="9ccf7041e63e3d", 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})

program crashed: INFO: task hung in uevent_show
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-syz_genetlink_get_family_id$nl80211-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet_tcp-socketpair$unix-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-getsockopt$inet_sctp6_SCTP_MAX_BURST-socket$inet6_sctp-socket$nl_rdma-syz_open_procfs$namespace-ioctl$TUNGETDEVNETNS-openat$cgroup_ro-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-sendmsg$RDMA_NLDEV_CMD_SET-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000e00))
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f00000002c0))
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
r1 = syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/cgroup\x00')
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x2c, 0x1402, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}]}, 0x2c}}, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r3 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r3, 0x400448c8, &(0x7f0000000280)={r2, r2, 0xc, 0xfffffffffffffe42, &(0x7f0000000340)="9ccf7041e63e3d", 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})

program crashed: INFO: task hung in uevent_show
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-syz_genetlink_get_family_id$nl80211-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet_tcp-socketpair$unix-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-getsockopt$inet_sctp6_SCTP_MAX_BURST-socket$inet6_sctp-socket$nl_rdma-syz_open_procfs$namespace-ioctl$TUNGETDEVNETNS-openat$cgroup_ro-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000e00))
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f00000002c0))
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_rdma(0x10, 0x3, 0x14)
syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/cgroup\x00')
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000280)={r0, r0, 0xc, 0xfffffffffffffe42, &(0x7f0000000340)="9ccf7041e63e3d", 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})

program crashed: INFO: task hung in uevent_show
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-syz_genetlink_get_family_id$nl80211-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet_tcp-socketpair$unix-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-getsockopt$inet_sctp6_SCTP_MAX_BURST-socket$inet6_sctp-socket$nl_rdma-syz_open_procfs$namespace-ioctl$TUNGETDEVNETNS-openat$cgroup_ro-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000e00))
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f00000002c0))
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_rdma(0x10, 0x3, 0x14)
syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/cgroup\x00')
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000280)={r0, r0, 0xc, 0xfffffffffffffe42, &(0x7f0000000340)="9ccf7041e63e3d", 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})

program crashed: INFO: task hung in uevent_show
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-syz_genetlink_get_family_id$nl80211-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet_tcp-socketpair$unix-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-getsockopt$inet_sctp6_SCTP_MAX_BURST-socket$inet6_sctp-socket$nl_rdma-syz_open_procfs$namespace-ioctl$TUNGETDEVNETNS-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000e00))
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f00000002c0))
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_rdma(0x10, 0x3, 0x14)
syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/cgroup\x00')
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000280)={r0, r0, 0xc, 0xfffffffffffffe42, &(0x7f0000000340)="9ccf7041e63e3d", 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})

program crashed: INFO: task hung in uevent_show
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-syz_genetlink_get_family_id$nl80211-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet_tcp-socketpair$unix-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-getsockopt$inet_sctp6_SCTP_MAX_BURST-socket$inet6_sctp-socket$nl_rdma-syz_open_procfs$namespace-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000e00))
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f00000002c0))
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_rdma(0x10, 0x3, 0x14)
syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/cgroup\x00')
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000280)={r0, r0, 0xc, 0xfffffffffffffe42, &(0x7f0000000340)="9ccf7041e63e3d", 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})

program crashed: INFO: task hung in uevent_show
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-syz_genetlink_get_family_id$nl80211-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet_tcp-socketpair$unix-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-getsockopt$inet_sctp6_SCTP_MAX_BURST-socket$inet6_sctp-socket$nl_rdma-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000e00))
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f00000002c0))
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_rdma(0x10, 0x3, 0x14)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000280)={r0, r0, 0xc, 0xfffffffffffffe42, &(0x7f0000000340)="9ccf7041e63e3d", 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})

program crashed: INFO: task hung in uevent_show
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-syz_genetlink_get_family_id$nl80211-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet_tcp-socketpair$unix-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-getsockopt$inet_sctp6_SCTP_MAX_BURST-socket$inet6_sctp-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000e00))
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f00000002c0))
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000280)={r0, r0, 0xc, 0xfffffffffffffe42, &(0x7f0000000340)="9ccf7041e63e3d", 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})

program crashed: INFO: task hung in uevent_show
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-syz_genetlink_get_family_id$nl80211-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet_tcp-socketpair$unix-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-getsockopt$inet_sctp6_SCTP_MAX_BURST-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000e00))
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f00000002c0))
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000280)={r0, r0, 0xc, 0xfffffffffffffe42, &(0x7f0000000340)="9ccf7041e63e3d", 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})

program crashed: INFO: task hung in uevent_show
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-syz_genetlink_get_family_id$nl80211-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet_tcp-socketpair$unix-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000e00))
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f00000002c0))
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000280)={r0, r0, 0xc, 0xfffffffffffffe42, &(0x7f0000000340)="9ccf7041e63e3d", 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})

program crashed: INFO: task hung in uevent_show
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-syz_genetlink_get_family_id$nl80211-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet_tcp-socketpair$unix-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000e00))
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000280)={r0, r0, 0xc, 0xfffffffffffffe42, &(0x7f0000000340)="9ccf7041e63e3d", 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})

program crashed: INFO: task hung in uevent_show
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-syz_genetlink_get_family_id$nl80211-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet_tcp-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000280)={r0, r0, 0xc, 0xfffffffffffffe42, &(0x7f0000000340)="9ccf7041e63e3d", 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})

program crashed: INFO: task hung in uevent_show
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-syz_genetlink_get_family_id$nl80211-bpf$BPF_RAW_TRACEPOINT_OPEN-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000280)={r0, r0, 0xc, 0xfffffffffffffe42, &(0x7f0000000340)="9ccf7041e63e3d", 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})

program crashed: INFO: task hung in uevent_show
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-syz_genetlink_get_family_id$nl80211-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000280)={r0, r0, 0xc, 0xfffffffffffffe42, &(0x7f0000000340)="9ccf7041e63e3d", 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})

program crashed: INFO: task hung in hidp_session_remove
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000280)={r0, r0, 0xc, 0xfffffffffffffe42, &(0x7f0000000340)="9ccf7041e63e3d", 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})

program crashed: INFO: task hung in uevent_show
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000280)={r0, r0, 0xc, 0xfffffffffffffe42, &(0x7f0000000340)="9ccf7041e63e3d", 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})

program crashed: INFO: task hung in uevent_show
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, 0x0, 0x0)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000280)={r0, r0, 0xc, 0xfffffffffffffe42, &(0x7f0000000340)="9ccf7041e63e3d", 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000280)={r0, r0, 0xc, 0x0, 0x0, 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000280)={r0, r0, 0xc, 0x0, &(0x7f0000000340), 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
simplifying guilty program options
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000280)={r0, r0, 0xc, 0x0, &(0x7f0000000340), 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000280)={r0, r0, 0xc, 0x0, &(0x7f0000000340), 0x9, 0x1, 0x458, 0x9, 0x9, 0x0, 0x7, 'syz0\x00'})

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
reproducing took 3h38m57.87987359s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in __mutex_waiter_is_first kernel/locking/mutex.c:172 [inline]
BUG: KASAN: slab-use-after-free in __mutex_lock_common kernel/locking/mutex.c:664 [inline]
BUG: KASAN: slab-use-after-free in __mutex_lock+0x830/0x1010 kernel/locking/mutex.c:730
Read of size 8 at addr ffff888025694060 by task khidpd_04580009/25800

CPU: 1 UID: 0 PID: 25800 Comm: khidpd_04580009 Not tainted 6.14.0-rc3-syzkaller-00760-g91c8d8e4b7a3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:408 [inline]
 print_report+0x16e/0x5b0 mm/kasan/report.c:521
 kasan_report+0x143/0x180 mm/kasan/report.c:634
 __mutex_waiter_is_first kernel/locking/mutex.c:172 [inline]
 __mutex_lock_common kernel/locking/mutex.c:664 [inline]
 __mutex_lock+0x830/0x1010 kernel/locking/mutex.c:730
 l2cap_unregister_user+0x6a/0x1c0 net/bluetooth/l2cap_core.c:1726
 hidp_session_thread+0x450/0x490 net/bluetooth/hidp/core.c:1304
 kthread+0x7a9/0x920 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>

Allocated by task 25025:
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
 __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394
 kasan_kmalloc include/linux/kasan.h:260 [inline]
 __do_kmalloc_node mm/slub.c:4294 [inline]
 __kmalloc_noprof+0x285/0x4c0 mm/slub.c:4306
 kmalloc_noprof include/linux/slab.h:905 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 hci_alloc_dev_priv+0x27/0x2030 net/bluetooth/hci_core.c:2419
 hci_alloc_dev include/net/bluetooth/hci_core.h:1693 [inline]
 __vhci_create_device drivers/bluetooth/hci_vhci.c:399 [inline]
 vhci_create_device+0x116/0x6b0 drivers/bluetooth/hci_vhci.c:470
 vhci_get_user drivers/bluetooth/hci_vhci.c:527 [inline]
 vhci_write+0x3cf/0x490 drivers/bluetooth/hci_vhci.c:607
 new_sync_write fs/read_write.c:586 [inline]
 vfs_write+0xacf/0xd10 fs/read_write.c:679
 ksys_write+0x18f/0x2b0 fs/read_write.c:731
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Freed by task 25025:
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:576
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:233 [inline]
 slab_free_hook mm/slub.c:2353 [inline]
 slab_free mm/slub.c:4609 [inline]
 kfree+0x196/0x430 mm/slub.c:4757
 hci_release_dev+0x1525/0x16b0 net/bluetooth/hci_core.c:2738
 bt_host_release+0x83/0x90 net/bluetooth/hci_sysfs.c:87
 device_release+0x99/0x1c0
 kobject_cleanup lib/kobject.c:689 [inline]
 kobject_release lib/kobject.c:720 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x22f/0x480 lib/kobject.c:737
 vhci_release+0x88/0xd0 drivers/bluetooth/hci_vhci.c:665
 __fput+0x3e9/0x9f0 fs/file_table.c:464
 task_work_run+0x24f/0x310 kernel/task_work.c:227
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0xa2a/0x28e0 kernel/exit.c:938
 do_group_exit+0x207/0x2c0 kernel/exit.c:1087
 get_signal+0x168c/0x1720 kernel/signal.c:3036
 arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0xce/0x340 kernel/entry/common.c:218
 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Last potentially related work creation:
 kasan_save_stack+0x3f/0x60 mm/kasan/common.c:47
 kasan_record_aux_stack+0xaa/0xc0 mm/kasan/generic.c:548
 insert_work+0x3e/0x330 kernel/workqueue.c:2183
 __queue_work+0xb66/0xf50 kernel/workqueue.c:2343
 queue_work_on+0x1c2/0x380 kernel/workqueue.c:2390
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xabe/0x18e0 kernel/workqueue.c:3317
 worker_thread+0x870/0xd30 kernel/workqueue.c:3398
 kthread+0x7a9/0x920 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Second to last potentially related work creation:
 kasan_save_stack+0x3f/0x60 mm/kasan/common.c:47
 kasan_record_aux_stack+0xaa/0xc0 mm/kasan/generic.c:548
 insert_work+0x3e/0x330 kernel/workqueue.c:2183
 __queue_work+0xc8b/0xf50 kernel/workqueue.c:2339
 call_timer_fn+0x187/0x650 kernel/time/timer.c:1789
 expire_timers kernel/time/timer.c:1835 [inline]
 __run_timers kernel/time/timer.c:2414 [inline]
 __run_timer_base+0x695/0x8e0 kernel/time/timer.c:2426
 run_timer_base kernel/time/timer.c:2435 [inline]
 run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2445
 handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561
 __do_softirq kernel/softirq.c:595 [inline]
 invoke_softirq kernel/softirq.c:435 [inline]
 __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702

The buggy address belongs to the object at ffff888025694000
 which belongs to the cache kmalloc-8k of size 8192
The buggy address is located 96 bytes inside of
 freed 8192-byte region [ffff888025694000, ffff888025696000)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888025690000 pfn:0x25690
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000240 ffff88801b042280 ffffea0000c24c10 ffffea00009a5610
raw: ffff888025690000 0000000000020001 00000000f5000000 0000000000000000
head: 00fff00000000240 ffff88801b042280 ffffea0000c24c10 ffffea00009a5610
head: ffff888025690000 0000000000020001 00000000f5000000 0000000000000000
head: 00fff00000000003 ffffea000095a401 ffffffffffffffff 0000000000000000
head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3469, tgid 3469 (kworker/u8:8), ts 391732402065, free_ts 391727708018
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x1f4/0x240 mm/page_alloc.c:1551
 prep_new_page mm/page_alloc.c:1559 [inline]
 get_page_from_freelist+0x365c/0x37a0 mm/page_alloc.c:3477
 __alloc_frozen_pages_noprof+0x292/0x710 mm/page_alloc.c:4739
 alloc_pages_mpol+0x311/0x660 mm/mempolicy.c:2270
 alloc_slab_page mm/slub.c:2423 [inline]
 allocate_slab+0x8f/0x3a0 mm/slub.c:2587
 new_slab mm/slub.c:2640 [inline]
 ___slab_alloc+0xc27/0x14a0 mm/slub.c:3826
 __slab_alloc+0x58/0xa0 mm/slub.c:3916
 __slab_alloc_node mm/slub.c:3991 [inline]
 slab_alloc_node mm/slub.c:4152 [inline]
 __do_kmalloc_node mm/slub.c:4293 [inline]
 __kmalloc_noprof+0x2e6/0x4c0 mm/slub.c:4306
 kmalloc_noprof include/linux/slab.h:905 [inline]
 kmalloc_array_noprof include/linux/slab.h:946 [inline]
 __sta_info_alloc+0xd78/0x2100 net/mac80211/sta_info.c:634
 ieee80211_ibss_add_sta+0x5ad/0x860 net/mac80211/ibss.c:621
 ieee80211_update_sta_info net/mac80211/ibss.c:1008 [inline]
 ieee80211_rx_bss_info net/mac80211/ibss.c:1100 [inline]
 ieee80211_rx_mgmt_probe_beacon net/mac80211/ibss.c:1581 [inline]
 ieee80211_ibss_rx_queued_mgmt+0x15e1/0x2e00 net/mac80211/ibss.c:1608
 ieee80211_iface_process_skb net/mac80211/iface.c:1611 [inline]
 ieee80211_iface_work+0x8dc/0xf90 net/mac80211/iface.c:1665
 cfg80211_wiphy_work+0x2f0/0x490 net/wireless/core.c:435
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xabe/0x18e0 kernel/workqueue.c:3317
 worker_thread+0x870/0xd30 kernel/workqueue.c:3398
 kthread+0x7a9/0x920 kernel/kthread.c:464
page last free pid 23792 tgid 23792 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1127 [inline]
 free_frozen_pages+0xe0d/0x10e0 mm/page_alloc.c:2660
 discard_slab mm/slub.c:2684 [inline]
 __put_partials+0x160/0x1c0 mm/slub.c:3153
 put_cpu_partial+0x17c/0x250 mm/slub.c:3228
 __slab_free+0x290/0x380 mm/slub.c:4479
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x9a/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x14f/0x170 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x23/0x80 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4115 [inline]
 slab_alloc_node mm/slub.c:4164 [inline]
 kmem_cache_alloc_noprof+0x1d9/0x380 mm/slub.c:4171
 vm_area_dup+0x27/0x290 kernel/fork.c:487
 __split_vma+0x1bf/0xbf0 mm/vma.c:466
 vms_gather_munmap_vmas+0x4c1/0x1600 mm/vma.c:1289
 __mmap_prepare mm/vma.c:2242 [inline]
 __mmap_region mm/vma.c:2444 [inline]
 mmap_region+0xa50/0x2fa0 mm/vma.c:2535
 do_mmap+0xecc/0x13a0 mm/mmap.c:561
 vm_mmap_pgoff+0x214/0x430 mm/util.c:575
 ksys_mmap_pgoff+0x4eb/0x720 mm/mmap.c:607
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83

Memory state around the buggy address:
 ffff888025693f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff888025693f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff888025694000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                                       ^
 ffff888025694080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888025694100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in __mutex_waiter_is_first kernel/locking/mutex.c:172 [inline]
BUG: KASAN: slab-use-after-free in __mutex_lock_common kernel/locking/mutex.c:664 [inline]
BUG: KASAN: slab-use-after-free in __mutex_lock+0x830/0x1010 kernel/locking/mutex.c:730
Read of size 8 at addr ffff888025694060 by task khidpd_04580009/25800

CPU: 1 UID: 0 PID: 25800 Comm: khidpd_04580009 Not tainted 6.14.0-rc3-syzkaller-00760-g91c8d8e4b7a3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:408 [inline]
 print_report+0x16e/0x5b0 mm/kasan/report.c:521
 kasan_report+0x143/0x180 mm/kasan/report.c:634
 __mutex_waiter_is_first kernel/locking/mutex.c:172 [inline]
 __mutex_lock_common kernel/locking/mutex.c:664 [inline]
 __mutex_lock+0x830/0x1010 kernel/locking/mutex.c:730
 l2cap_unregister_user+0x6a/0x1c0 net/bluetooth/l2cap_core.c:1726
 hidp_session_thread+0x450/0x490 net/bluetooth/hidp/core.c:1304
 kthread+0x7a9/0x920 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>

Allocated by task 25025:
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
 __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394
 kasan_kmalloc include/linux/kasan.h:260 [inline]
 __do_kmalloc_node mm/slub.c:4294 [inline]
 __kmalloc_noprof+0x285/0x4c0 mm/slub.c:4306
 kmalloc_noprof include/linux/slab.h:905 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 hci_alloc_dev_priv+0x27/0x2030 net/bluetooth/hci_core.c:2419
 hci_alloc_dev include/net/bluetooth/hci_core.h:1693 [inline]
 __vhci_create_device drivers/bluetooth/hci_vhci.c:399 [inline]
 vhci_create_device+0x116/0x6b0 drivers/bluetooth/hci_vhci.c:470
 vhci_get_user drivers/bluetooth/hci_vhci.c:527 [inline]
 vhci_write+0x3cf/0x490 drivers/bluetooth/hci_vhci.c:607
 new_sync_write fs/read_write.c:586 [inline]
 vfs_write+0xacf/0xd10 fs/read_write.c:679
 ksys_write+0x18f/0x2b0 fs/read_write.c:731
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Freed by task 25025:
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:576
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:233 [inline]
 slab_free_hook mm/slub.c:2353 [inline]
 slab_free mm/slub.c:4609 [inline]
 kfree+0x196/0x430 mm/slub.c:4757
 hci_release_dev+0x1525/0x16b0 net/bluetooth/hci_core.c:2738
 bt_host_release+0x83/0x90 net/bluetooth/hci_sysfs.c:87
 device_release+0x99/0x1c0
 kobject_cleanup lib/kobject.c:689 [inline]
 kobject_release lib/kobject.c:720 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x22f/0x480 lib/kobject.c:737
 vhci_release+0x88/0xd0 drivers/bluetooth/hci_vhci.c:665
 __fput+0x3e9/0x9f0 fs/file_table.c:464
 task_work_run+0x24f/0x310 kernel/task_work.c:227
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0xa2a/0x28e0 kernel/exit.c:938
 do_group_exit+0x207/0x2c0 kernel/exit.c:1087
 get_signal+0x168c/0x1720 kernel/signal.c:3036
 arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0xce/0x340 kernel/entry/common.c:218
 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Last potentially related work creation:
 kasan_save_stack+0x3f/0x60 mm/kasan/common.c:47
 kasan_record_aux_stack+0xaa/0xc0 mm/kasan/generic.c:548
 insert_work+0x3e/0x330 kernel/workqueue.c:2183
 __queue_work+0xb66/0xf50 kernel/workqueue.c:2343
 queue_work_on+0x1c2/0x380 kernel/workqueue.c:2390
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xabe/0x18e0 kernel/workqueue.c:3317
 worker_thread+0x870/0xd30 kernel/workqueue.c:3398
 kthread+0x7a9/0x920 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Second to last potentially related work creation:
 kasan_save_stack+0x3f/0x60 mm/kasan/common.c:47
 kasan_record_aux_stack+0xaa/0xc0 mm/kasan/generic.c:548
 insert_work+0x3e/0x330 kernel/workqueue.c:2183
 __queue_work+0xc8b/0xf50 kernel/workqueue.c:2339
 call_timer_fn+0x187/0x650 kernel/time/timer.c:1789
 expire_timers kernel/time/timer.c:1835 [inline]
 __run_timers kernel/time/timer.c:2414 [inline]
 __run_timer_base+0x695/0x8e0 kernel/time/timer.c:2426
 run_timer_base kernel/time/timer.c:2435 [inline]
 run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2445
 handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561
 __do_softirq kernel/softirq.c:595 [inline]
 invoke_softirq kernel/softirq.c:435 [inline]
 __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702

The buggy address belongs to the object at ffff888025694000
 which belongs to the cache kmalloc-8k of size 8192
The buggy address is located 96 bytes inside of
 freed 8192-byte region [ffff888025694000, ffff888025696000)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888025690000 pfn:0x25690
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000240 ffff88801b042280 ffffea0000c24c10 ffffea00009a5610
raw: ffff888025690000 0000000000020001 00000000f5000000 0000000000000000
head: 00fff00000000240 ffff88801b042280 ffffea0000c24c10 ffffea00009a5610
head: ffff888025690000 0000000000020001 00000000f5000000 0000000000000000
head: 00fff00000000003 ffffea000095a401 ffffffffffffffff 0000000000000000
head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3469, tgid 3469 (kworker/u8:8), ts 391732402065, free_ts 391727708018
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x1f4/0x240 mm/page_alloc.c:1551
 prep_new_page mm/page_alloc.c:1559 [inline]
 get_page_from_freelist+0x365c/0x37a0 mm/page_alloc.c:3477
 __alloc_frozen_pages_noprof+0x292/0x710 mm/page_alloc.c:4739
 alloc_pages_mpol+0x311/0x660 mm/mempolicy.c:2270
 alloc_slab_page mm/slub.c:2423 [inline]
 allocate_slab+0x8f/0x3a0 mm/slub.c:2587
 new_slab mm/slub.c:2640 [inline]
 ___slab_alloc+0xc27/0x14a0 mm/slub.c:3826
 __slab_alloc+0x58/0xa0 mm/slub.c:3916
 __slab_alloc_node mm/slub.c:3991 [inline]
 slab_alloc_node mm/slub.c:4152 [inline]
 __do_kmalloc_node mm/slub.c:4293 [inline]
 __kmalloc_noprof+0x2e6/0x4c0 mm/slub.c:4306
 kmalloc_noprof include/linux/slab.h:905 [inline]
 kmalloc_array_noprof include/linux/slab.h:946 [inline]
 __sta_info_alloc+0xd78/0x2100 net/mac80211/sta_info.c:634
 ieee80211_ibss_add_sta+0x5ad/0x860 net/mac80211/ibss.c:621
 ieee80211_update_sta_info net/mac80211/ibss.c:1008 [inline]
 ieee80211_rx_bss_info net/mac80211/ibss.c:1100 [inline]
 ieee80211_rx_mgmt_probe_beacon net/mac80211/ibss.c:1581 [inline]
 ieee80211_ibss_rx_queued_mgmt+0x15e1/0x2e00 net/mac80211/ibss.c:1608
 ieee80211_iface_process_skb net/mac80211/iface.c:1611 [inline]
 ieee80211_iface_work+0x8dc/0xf90 net/mac80211/iface.c:1665
 cfg80211_wiphy_work+0x2f0/0x490 net/wireless/core.c:435
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xabe/0x18e0 kernel/workqueue.c:3317
 worker_thread+0x870/0xd30 kernel/workqueue.c:3398
 kthread+0x7a9/0x920 kernel/kthread.c:464
page last free pid 23792 tgid 23792 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1127 [inline]
 free_frozen_pages+0xe0d/0x10e0 mm/page_alloc.c:2660
 discard_slab mm/slub.c:2684 [inline]
 __put_partials+0x160/0x1c0 mm/slub.c:3153
 put_cpu_partial+0x17c/0x250 mm/slub.c:3228
 __slab_free+0x290/0x380 mm/slub.c:4479
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x9a/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x14f/0x170 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x23/0x80 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4115 [inline]
 slab_alloc_node mm/slub.c:4164 [inline]
 kmem_cache_alloc_noprof+0x1d9/0x380 mm/slub.c:4171
 vm_area_dup+0x27/0x290 kernel/fork.c:487
 __split_vma+0x1bf/0xbf0 mm/vma.c:466
 vms_gather_munmap_vmas+0x4c1/0x1600 mm/vma.c:1289
 __mmap_prepare mm/vma.c:2242 [inline]
 __mmap_region mm/vma.c:2444 [inline]
 mmap_region+0xa50/0x2fa0 mm/vma.c:2535
 do_mmap+0xecc/0x13a0 mm/mmap.c:561
 vm_mmap_pgoff+0x214/0x430 mm/util.c:575
 ksys_mmap_pgoff+0x4eb/0x720 mm/mmap.c:607
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83

Memory state around the buggy address:
 ffff888025693f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff888025693f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff888025694000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                                       ^
 ffff888025694080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888025694100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================