Extracting prog: 3h11m1.087999471s
Minimizing prog: 25m51.680001937s
Simplifying prog options: 11m41.359847874s
Extracting C: 4m29.702639685s
Simplifying C: 0s


extracting reproducer from 45 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$auto_nl80211-close_range$auto-socket$nl_generic-mmap$auto-openat$auto_vmwgfx_driver_fops_vmwgfx_drv-socket-setsockopt$auto-openat$auto_kernfs_file_fops_kernfs_internal-write$auto-socket$nl_generic-openat$auto_zero_fops_mem-syz_genetlink_get_family_id$auto_mac80211_hwsim-sendmsg$auto_HWSIM_CMD_NEW_RADIO-timer_create$auto-close_range$auto-io_uring_setup$auto-io_uring_register$auto-socket-mmap$auto-socket-openat$auto_force_devcoredump_fops_hci_vhci-openat$auto_fb_fops_fb_chrdev-write$auto-getsockopt$auto-openat$auto_v4l2_fops_v4l2_dev-read$auto_v4l2_fops_v4l2_dev-close_range$auto-openat$auto_tty_fops_tty_io-ioctl$auto
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program did not crash
single: failed to extract reproducer
bisect: bisecting 45 programs with base timeout 30s
testing program (duration=41s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [29, 3, 22, 29, 30, 11, 11, 6, 30, 30, 6, 30, 30, 30, 10, 27, 2, 15, 30, 17, 17, 6, 29, 26, 27, 3, 8, 13, 6, 9, 15, 13, 2, 3, 30, 17, 30, 30, 16, 3, 30, 1, 30, 30, 3]
detailed listing:
executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000140), 0xffffffffffffffff)
mmap$auto(0x0, 0x2020009, 0x0, 0xf8, 0xfffffffffbfffffa, 0x3)
r1 = mq_open$auto(&(0x7f00000001c0)='netpci0\x00', 0x56c, 0x40, 0x0)
r2 = open(&(0x7f0000000080)='./file0\x00', 0x4242, 0xe1d2b27bdc14aab4)
flock$auto(r2, 0x1)
close_range$auto(0x2, 0x8, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r3 = socket(0x10, 0x2, 0xc)
r4 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}}, 0x40000)
sendmsg$auto_CTRL_CMD_GETPOLICY(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYRES16=r4, @ANYBLOB="f50128bd7000fbdbdf250a00000abfcd7331c69d92e81bac9296be82dc0aa95e29f78cb3a7fb9dc673b28cd7a90863bc02d715c0acabe729ad22ed216a88fa990274f194d2e078b834926da8e676aa9212c9007cab71b7a9facf1bb77212e8b7971f61ac864e1fdfc1027740c2640fe9cd2c352888433b6e385b1204495de9292187dc29c77ee107463ae16850220d3bda8b85370af6bba0462abec34ef18d01ea9de2f9e9cea54fc9675e39fe8f1727632b3c75ebdb8b37"], 0xfdef}, 0x1, 0x0, 0x0, 0x20000000}, 0x2000000)
socket(0x1e, 0x805, 0x0)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0)
ioctl$auto(r0, 0x800554ff, r1)
sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x8001)
socket(0x10, 0x2, 0xfffffffc)
sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="c2ff2f4e08000000000000000600"], 0x14}, 0x1, 0x0, 0x0, 0x30000881}, 0xc040804)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x1ac}}, 0x40000)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000100), 0xffffffffffffffff)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x4, 0x8000)
sysfs$auto(0x2, 0x0, 0x0)
r5 = fsopen$auto(0x0, 0x1)
fsconfig$auto(r5, 0x8, 0x0, 0x0, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
pidfd_open$auto(0x0, 0x549)
executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd7000f9dbdf250100000006000200003f00000500070004000011080009000100000008000a002b00000014001f0000000000000000000000ffff7f00000114002000"], 0x64}, 0x1, 0x0, 0x0, 0x40000}, 0x400c004)
executing program 3:
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r0, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x3, 0x6)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x100002, 0x0)
socketpair$auto(0xf392, 0x5, 0x401, 0x0)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptyxe\x00', 0x42402, 0x0)
ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0)
ioctl$auto_TCFLSH2(r1, 0x8926, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r0, 0x0, 0x20004000)
close_range$auto(r0, r0, 0xd95)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
getsockopt$auto_SO_TXTIME(r0, 0x809, 0x3d, 0x0, 0x0)
syz_clone(0x80022000, &(0x7f0000000300)="2ef8cdcd3c2f291d04", 0x9, &(0x7f0000000380), 0x0, 0x0)
syz_genetlink_get_family_id$auto_ovs_meter(0x0, r0)
executing program 3:
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/net/bond0/queues/tx-13/xps_cpus\x00', 0x2, 0x0)
mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x40001, 0x0)
write$auto(r0, 0x0, 0xeffd)
ioctl$auto(r0, 0x402e542b, 0x38)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
getrandom$auto(0x0, 0x6000000, 0x3)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
write$auto(0x3, 0x0, 0xfffffdef)
openat$auto_adf_ctl_ops_adf_ctl_drv(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write$auto(0x3, 0x0, 0xfffffdef)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
read$auto(r1, 0x0, 0x20)
r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3)
getsockopt$auto_SO_MARK(r1, 0x6, 0x24, 0x0, 0x0)
openat$auto_tracing_stats_fops_trace(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_prog_fd=r2, 0x4007, @old_prog_fd=0x13b}, 0xa3)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2)
madvise$auto(0x0, 0x5, 0x15)
madvise$auto(0x4000a, 0x2000000000009, 0xb)
ppoll$auto(0x0, 0x402, 0x0, 0x0, 0x8)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x2c0180, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x0, 0xffffffffffffffff, 0x801, 0x10008, 0x400, 0x1000049, 0xffffffffffffffff, 0x20000000000804, 0x3}, 0x6f3)
executing program 3:
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/ksm/advisor_min_pages_to_scan\x00', 0x88282, 0x0)
r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/audit\x00', 0x2, 0x0)
write$auto_tomoyo_operations_securityfs_if(r0, 0x0, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x101080, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_OVS_CT_LIMIT_CMD_DEL(0xffffffffffffffff, 0x0, 0x4)
socketpair$auto(0x20, 0x5, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sysfs$auto(0x2, 0x10000000000002e, 0x0)
fsopen$auto(0x0, 0x1)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000)
io_uring_setup$auto(0x40, 0x0)
mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
io_uring_enter$auto(0x3, 0xa84, 0x80000001, 0xa, 0x0, 0x46)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1e, 0x4, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
get_robust_list$auto(0x0, 0x0, 0x0)
setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14)
setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14)
write$auto(0x3, 0x0, 0xfdef)
recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd)
r2 = openat$auto_dfs_global_fops_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ubifs/chk_orphans\x00', 0x800, 0x0)
mmap$auto(0x0, 0x400008, 0xd7, 0x9b7f, r2, 0x800008000)
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
write$auto(0x3, 0x0, 0xfffffdf2)
syz_clone(0x1000000, &(0x7f0000000240)="553167a66adfc2e39d9d694384efdf4216f2c31e0aa81b81000000000000001446e4c51228bf866be6f729c85c1c4fb9362538a2184254398d212e685df002787851b96685ac1b54f35c10c2042fcaca83e4ad72bac644e178091c1465aaf88de9892ab42e0303516ec641122ec8671a0990e0499d48044458483718cf5706e3fba1f782bbae1fc056c633de868c9d331dca5521f8bf46653851126a0e81c7665fd8a54016608202ec9dd932b4f7951ddc6226ae0416aa2dae0dca68374f6bb7593a0d5f8737df16b8af7864f980510ceb7439a4c736b28fe1625680975774ab0b0fb758955fb574e7e572925e2640763038e26d70184a786db6d2", 0xfb, &(0x7f00000000c0), &(0x7f0000000200), &(0x7f0000000340)="0d0a8e1797459cd05e4300f9d9c200f099037aaa937d850a79dcc9d6a0f0a288505bd94838f9009a55a5cbf65aafe77e5a0f71bcf725e6fbacb0674d41646be3c61043acbde0a4a497ed168ae7a5d80769e1d8a4b2ffa08eee377f3bd78fcd719df5d80b771943236c002e22186d33d6676e530143a622cba251b04c1b019c9c44b1b9df7adb320830f43ac3ef")
executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000d40), 0xffffffffffffffff)
sendmsg$auto_NFSD_CMD_LISTENER_SET(r0, &(0x7f00000020c0)={0x0, 0x0, &(0x7f0000002080)={&(0x7f0000000040)={0x24, r1, 0x1, 0x70bd28, 0x25dfdbff, {}, [@NFSD_A_SERVER_SOCK_ADDR={0x10, 0x1, 0x0, 0x1, [@NFSD_A_SOCK_TRANSPORT_NAME={0x6, 0x2, ']\x00'}, @NFSD_A_SOCK_ADDR={0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x4000)
r2 = socket(0x10, 0x2, 0xc)
sendmmsg$auto(r2, &(0x7f0000000080)={{0x0, 0x60da, &(0x7f00000002c0)={0x0, 0xc4}, 0x8001, 0x0, 0x1, 0x4a0}, 0x7}, 0x3, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r5=>0x0})
sendmsg$auto_NL80211_CMD_SET_WOWLAN(r3, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000000080)={0x1c, r4, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r5}]}, 0x1c}}, 0x4000000)
sendmsg$auto_NL80211_CMD_SET_TX_BITRATE_MASK(r2, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r4, 0x200, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x2000}]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c0d4}, 0x20000013)
sendmsg$auto_NL80211_CMD_FRAME_WAIT_CANCEL(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2840040}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r4, 0x8, 0x70bd28, 0x25dfdbfc, {}, [@NL80211_ATTR_MLO_TTLM_DLINK={0x15, 0x148, "7afb12c3c589ff4e46e722d889f31d8954"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
executing program 32:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000d40), 0xffffffffffffffff)
sendmsg$auto_NFSD_CMD_LISTENER_SET(r0, &(0x7f00000020c0)={0x0, 0x0, &(0x7f0000002080)={&(0x7f0000000040)={0x24, r1, 0x1, 0x70bd28, 0x25dfdbff, {}, [@NFSD_A_SERVER_SOCK_ADDR={0x10, 0x1, 0x0, 0x1, [@NFSD_A_SOCK_TRANSPORT_NAME={0x6, 0x2, ']\x00'}, @NFSD_A_SOCK_ADDR={0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x4000)
r2 = socket(0x10, 0x2, 0xc)
sendmmsg$auto(r2, &(0x7f0000000080)={{0x0, 0x60da, &(0x7f00000002c0)={0x0, 0xc4}, 0x8001, 0x0, 0x1, 0x4a0}, 0x7}, 0x3, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r5=>0x0})
sendmsg$auto_NL80211_CMD_SET_WOWLAN(r3, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000000080)={0x1c, r4, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r5}]}, 0x1c}}, 0x4000000)
sendmsg$auto_NL80211_CMD_SET_TX_BITRATE_MASK(r2, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r4, 0x200, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x2000}]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c0d4}, 0x20000013)
sendmsg$auto_NL80211_CMD_FRAME_WAIT_CANCEL(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2840040}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r4, 0x8, 0x70bd28, 0x25dfdbfc, {}, [@NL80211_ATTR_MLO_TTLM_DLINK={0x15, 0x148, "7afb12c3c589ff4e46e722d889f31d8954"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
executing program 4:
r0 = socket(0x10, 0x3, 0x6)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000012c0)='/proc/sys/net/ipv6/conf/bridge_slave_0/mldv1_unsolicited_report_interval\x00', 0x88542, 0x0)
lseek$auto(r1, 0x0, 0x0)
r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0xf8, r2, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@ETHTOOL_A_LINKMODES_OURS={0xe1, 0x3, 0x0, 0x1, [@typed={0x8, 0xc0, 0x0, 0x0, @ipv4=@multicast2}, @typed={0x4, 0x2a}, @typed={0x4, 0x11}, @typed={0x8, 0x2e, 0x0, 0x0, @fd}, @generic="d152e64e22695352dd73864415aa8a78c65e6ab752fb4d469a47a092ae7d5061cdd9690cac4138553ecfbb1b6cdd7c33b14cc842bc1e2a5da4203e64ceaa9db5223aa655b6313c011b3e73a75f1aa1f7b2ea43344b15bd494886e355cf6d92c8fe670a42bc677830013e9c4aa4fa30c3e6630bf0ed13206d5a18f6813c6fb03466112aedf5d67bb5b99fe96a6dcd279916b0bce029925b63c48d41ca8a76e46c6014", @nested={0x10, 0x5, 0x0, 0x1, [@typed={0xc, 0xc5, 0x0, 0x0, @u64=0x3}]}, @generic="21aadf3f78e2cd52d7f733c38da99fe8ec1ead"]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x50) (async)
sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0xf8, r2, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@ETHTOOL_A_LINKMODES_OURS={0xe1, 0x3, 0x0, 0x1, [@typed={0x8, 0xc0, 0x0, 0x0, @ipv4=@multicast2}, @typed={0x4, 0x2a}, @typed={0x4, 0x11}, @typed={0x8, 0x2e, 0x0, 0x0, @fd}, @generic="d152e64e22695352dd73864415aa8a78c65e6ab752fb4d469a47a092ae7d5061cdd9690cac4138553ecfbb1b6cdd7c33b14cc842bc1e2a5da4203e64ceaa9db5223aa655b6313c011b3e73a75f1aa1f7b2ea43344b15bd494886e355cf6d92c8fe670a42bc677830013e9c4aa4fa30c3e6630bf0ed13206d5a18f6813c6fb03466112aedf5d67bb5b99fe96a6dcd279916b0bce029925b63c48d41ca8a76e46c6014", @nested={0x10, 0x5, 0x0, 0x1, [@typed={0xc, 0xc5, 0x0, 0x0, @u64=0x3}]}, @generic="21aadf3f78e2cd52d7f733c38da99fe8ec1ead"]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x50)
executing program 4:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0)
ioctl$auto_SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0305710, &(0x7f00000000c0)={0x1, 0xf8, 0x0, 0x1, 0x418, "00000f00ea0200"})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000002ec0), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000002f80)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c00000956a4a25d090000000a68d40c593a8dbb67a276fc233e8bfdd9f555", @ANYRES16=0x0, @ANYRES32=r0], 0x2c}, 0x1, 0x0, 0x0, 0x11}, 0x24000803)
mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000)
writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1)
mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000)
socket(0x18, 0x2, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000780)='/proc/self/net/rpc/auth.rpcsec.init/channel\x00', 0x441, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/self/net/rpc/auth.unix.ip/channel\x00', 0x141481, 0x0)
quotactl_fd$auto(0xffffffffffffffff, 0x1, 0x0, 0x0)
adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x1, 0x6, 0x0, 0x1, 0x368e, 0x2, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x80000004, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804})
socket(0x2b, 0x1, 0x1)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9)
socket(0x2, 0x1, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket(0x15, 0x5, 0x0)
bind$auto(r3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
ustat$auto(0x801, 0x0)
sendmsg$auto(r3, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffd]}, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0xa, 0x0)
read$auto(0x3, 0x0, 0x80)
mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2)
mbind$auto(0xf000, 0x1, 0x1, 0x0, 0x7fff, 0x2)
executing program 4:
bind$auto(0xffffffffffffffff, &(0x7f0000000040)=@in={0x2, 0x0, @local}, 0x69)
mmap$auto(0x8001, 0x202000b, 0x3, 0x8000000000000010, 0xffffffffffffffff, 0x1)
setsockopt$auto(0x3, 0x10000000084, 0x1e, 0x0, 0x8)
r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000180)='/dev/tty0\x00', 0x102, 0x0)
write$auto_console_fops_tty_io(r0, &(0x7f0000000840)="4cea6ed1dc1f91f3c388b5622a274610e10800ca08ba7aa1995d92e1d0ae2ef23f241b2942", 0x25)
mmap$auto(0x0, 0x4000000000000003, 0xf285, 0x9b73, 0x2, 0x8000)
socket(0xa, 0x801, 0x84)
io_uring_setup$auto(0x6, 0x0)
ioperm$auto(0x3, 0xe, 0x2000000000000149)
sched_getscheduler$auto(0x0)
setsockopt$auto(0x3, 0xc, 0x7d, 0x0, 0xffffffff)
getrandom$auto(0x0, 0x6000000, 0x3)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
r1 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f00000000c0), 0x800, 0x0)
read$auto_mISDN_fops_timerdev(r1, &(0x7f0000000a00)=""/4096, 0x1000)
ioctl$auto_IMADDTIMER(r1, 0x80044940, 0x0)
madvise$auto(0x0, 0x454, 0x9)
setsockopt$auto(0x3, 0x10000000084, 0x18, 0x0, 0x8)
r2 = socket(0x1e, 0x2, 0xe7a)
syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000040), r2)
getsockopt$auto(0xffffffffffffffff, 0x2, 0xb, 0x0, 0x0)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
read$auto(r3, 0x0, 0x20)
shmctl$auto_IPC_SET(0x5, 0x1, 0x0)
msgctl$auto_IPC_INFO(0x9, 0x3, &(0x7f0000001500)={{0x1, 0xffffffffffffffff, 0xee00, 0x940e, 0x7ffe, 0xac68aede, 0x1}, &(0x7f0000001480)=0x2, &(0x7f00000014c0)=0x5, 0xe6, 0x1000002, 0x5, 0xe4, 0x5, 0x400, 0x7, 0x0, @inferred, @raw=0xe09})
sendmsg$auto_OVS_VPORT_CMD_SET(0xffffffffffffffff, 0x0, 0x20080805)
r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0xf93)
pivot_root$auto(0x0, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x12, 0xffffffffffffffff, 0x28000)
executing program 4:
close_range$auto(0x2, 0x8, 0x0)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
fstatfs$auto(0x0, 0x0)
syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/pid_for_children\x00')
socket(0xa, 0x3, 0x3a)
setsockopt$auto(0x400000000000003, 0x29, 0xd0, 0x0, 0x4)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000002340), 0xffffffffffffffff)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
write$auto(0x3, 0x0, 0xfffffdef)
socket$nl_generic(0x10, 0x3, 0x10)
madvise$auto(0x0, 0x20499d, 0x9)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, 0x0, 0x0)
io_uring_setup$auto(0x6, 0x0)
clone$auto(0x7, 0x7fffffffffffffff, 0xffffffffffffffff, 0x0, 0x1)
io_uring_register$auto(0x2, 0x9, 0x0, 0x0)
rt_sigprocmask$auto(0x0, 0x0, 0x0, 0x8)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
madvise$auto(0x8000000, 0x10, 0x200010b)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_udc.7/driver_override\x00', 0x182, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
sendfile$auto(r0, r0, 0x0, 0x20000000088)
read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x204180, 0x0)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
executing program 4:
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
r0 = socket(0x11, 0x3, 0x2)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) (async)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x200040c4}, 0x800) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
socket(0x2, 0x80002, 0x73) (async)
socket(0xa, 0x1, 0x84) (async)
connect$auto(0x3, &(0x7f0000000080)=@llc={0x1a, 0xfffe, 0x7f, 0x7, 0x20, 0x8, @broadcast}, 0x54) (async)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x33a00, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x3, 0x9}, 0x7}, 0x6, 0x1000)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
mincore$auto(0x1000, 0x8001, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptyw5\x00', 0x0, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(r0, 0x40045431, 0x0) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000)
pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xf7s\x1cJ\x99\x8a>c\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) (async)
bind$auto(0x3, 0x0, 0x6b) (async)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) (async)
rseq$auto(&(0x7f0000000300)={0xb, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x8)
close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async)
socket(0x25, 0x1, 0x3) (async)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x3, 0x7) (async)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async)
madvise$auto(0x0, 0x2003f0, 0x15)
lstat$auto(0x0, &(0x7f0000000340)={0x0, 0x5, 0xfffb, 0x39b, 0x0, 0xffffffffffffffff, 0x0, 0x81, 0xfec1, 0x0, 0x8000000000000000, 0xfffffffffffffff6, 0x3, 0x3, 0x1005, 0x4, 0x9}) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10)
executing program 33:
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
r0 = socket(0x11, 0x3, 0x2)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) (async)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x200040c4}, 0x800) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
socket(0x2, 0x80002, 0x73) (async)
socket(0xa, 0x1, 0x84) (async)
connect$auto(0x3, &(0x7f0000000080)=@llc={0x1a, 0xfffe, 0x7f, 0x7, 0x20, 0x8, @broadcast}, 0x54) (async)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x33a00, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x3, 0x9}, 0x7}, 0x6, 0x1000)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
mincore$auto(0x1000, 0x8001, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptyw5\x00', 0x0, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(r0, 0x40045431, 0x0) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000)
pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xf7s\x1cJ\x99\x8a>c\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) (async)
bind$auto(0x3, 0x0, 0x6b) (async)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) (async)
rseq$auto(&(0x7f0000000300)={0xb, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x8)
close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async)
socket(0x25, 0x1, 0x3) (async)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x3, 0x7) (async)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async)
madvise$auto(0x0, 0x2003f0, 0x15)
lstat$auto(0x0, &(0x7f0000000340)={0x0, 0x5, 0xfffb, 0x39b, 0x0, 0xffffffffffffffff, 0x0, 0x81, 0xfec1, 0x0, 0x8000000000000000, 0xfffffffffffffff6, 0x3, 0x3, 0x1005, 0x4, 0x9}) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10)
executing program 5:
r0 = openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000040), 0x2dc08f24db163610, 0x0)
preadv$auto(0x3, &(0x7f00000004c0)={0x0, 0x8000000}, 0x3, 0x10000, 0x10)
mmap$auto(0x7, 0x6, 0x200, 0x18, r0, 0x2)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/blkio.bfq.time_recursive\x00', 0x40880, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)=""/255, 0xff)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, r1, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x5, 0x0)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x8000, 0x0)
ioctl$auto(0x3, 0x2286, 0x7)
executing program 5:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async)
unshare$auto(0x40000080) (async)
timer_settime$auto(0xd, 0x8, &(0x7f0000000640)={{0x344, 0x80000000}, {0xc4c5, 0x8}}, 0x0) (async)
r0 = openat$dir(0xffffffffffffff9c, 0x0, 0xc40a41, 0x78)
dup2$auto(r0, r0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
getpeername$auto(0x3, 0x0, 0x0) (async)
mmap$auto(0x2, 0x9, 0xb0e, 0x14, r0, 0xfff) (async, rerun: 64)
unshare$auto(0x40000080) (async, rerun: 64)
ioctl$auto(0x3, 0x80084d17, 0x38) (async)
r1 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x460f, 0x0) (async)
recvmmsg$auto(r0, 0x0, 0x1, 0xffffffff, &(0x7f0000000380)={0xa, 0x4}) (async, rerun: 64)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="17000000", @ANYBLOB='v\x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) (async, rerun: 64)
r2 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8) (async)
r3 = openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/ieee80211/phy0/aql_txq_limit\x00', 0x121c01, 0x0)
write$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(r3, 0x0, 0x0) (async)
r4 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x20081, 0x0) (async)
r5 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000000), 0xc0040, 0x0)
ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f00000000c0)={0x1, "e6c26c22ab89af11056b0001ac097e0a0728d9300000c500"}) (async)
ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000000)={0xdc, "bbb5ce66e24cce7eea982cab480b47beebef0d74884dc693a7ad9cbdbda6070f", @inferred=r3})
write$auto(r4, &(0x7f0000000140)='/dt0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00+0q;\xbb\xea5.\xadX\xb9QW\x04\xcd\xef\xaf\xad \x90\x8f\xee\xb4\x8c\x1c;\xf0TL\x1a\x1f\xb5\x93\xb9P\x06\xae\xb8\xc1s\x88\x1c\xb1o\x04\x00\x00\x00\x8dW\xf9\xef\xdf\xc78\xb1\x1f\x19Y\x8fi}\x1d#\x16*\xd0\x85e\x05D\xd1w\x1b\xe5g\xf4\x92^[2\x971N\xf8\x97d@\x13\x8eE{\xa5\xda\x160\xc9\x94|I\xb7\x91 dS\xeec\xda\xa2V\x1e\x1aN\xf6\xac/\xb8\xbc\fO\xaa\xc8\xa7\xa5\xd5\xa7I\xf9\xaau\xb5\xfa\x94\xec\xb5\x81\xf6\xdc\x1aN\x89\xe5\x11\x880\xef\x14N\x95HZD|\xfc\t\x8d,u(\x16g\x88\xc6\xd3\xb4ZR\x1c\x15\x95g[\xd3\xe8 \xa1\x92\x92\xff\x1b\xf8&\xf4\xfd3\xe9\xa3\xc9\xb3%\xb7\'\xear\xfbS\xf9\x81\xcd\xb0\xd2)\xd6\xf62\xe5\x8e\x9a7k\x9d>0\x06\xeeS\x8a\xe9\xfe\x88\xa2Z\xb8#\x87\xda\x19]F\xec?\xce\xb1\x17%\x86\xbbV3M\xba\xb1P\xbd?\x1e\x12`\"\x82\x1b\x16\xde\xe7\x17A1^c6\xdd\xff\x84=\x00`\xe0\xf2\x85\xc8}\xe3\xa9\xe1\x1b\xe1\xcc\xae<O\x8c\xfd\xa1%\xbf\xe6\xf4', 0x7fe) (async)
acct$auto(&(0x7f0000000080)='/dev/input/event2\x00') (async, rerun: 64)
r6 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/002/001\x00', 0xa901, 0x0) (rerun: 64)
ioctl$auto(r6, 0x41045508, r6)
executing program 5:
r0 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0)
write$auto_fuse_dev_operations_fuse_i(r0, &(0x7f0000000440)="11000000030000000000000000000000f4", 0x11)
executing program 5:
mmap$auto(0xac, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mlockall$auto(0x7)
set_mempolicy$auto(0x2005, &(0x7f0000000080)=0x87e, 0x4)
mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000)
open(0x0, 0x22240, 0x55)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/module/rcutree/parameters/rcu_resched_ns\x00', 0x88282, 0x0)
connect$auto(0x3, 0x0, 0x55)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
openat$auto_severities_coverage_fops_severity(0xffffffffffffff9c, 0x0, 0x189041, 0x0)
select$auto(0x804, 0x0, 0x0, 0x0, 0x0)
r0 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/numa_maps\x00', 0x20000, 0x0)
read$auto_proc_sessionid_operations_base(r0, &(0x7f00000000c0)=""/4096, 0x1000)
executing program 5:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r1, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, 0x0, 0x20004000)
close_range$auto(r1, r1, 0xd95)
connect$auto(0x3, &(0x7f0000000080)=@nl=@unspec, 0x20000054)
getsockopt$auto_SO_TXTIME(r1, 0x809, 0x3d, 0x0, 0x0)
syz_clone(0x80022000, &(0x7f0000000300)="2ef8cdcd3c2f291d04", 0x9, &(0x7f0000000380), 0x0, 0x0)
syz_genetlink_get_family_id$auto_ovs_meter(0x0, r1)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x155)
socket(0x10, 0x2, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, 0x0, 0x4)
tkill$auto(0x1, 0x7)
keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x0, 0x0, 0x0, 0x48eafc79)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES16=r1], 0x1ac}}, 0x40000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd14/queue/nomerges\x00', 0x80000, 0x0)
sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x4000023}, 0x4008098)
read$auto(r3, 0x0, 0x9)
executing program 5:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
socket(0x29, 0x5, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/v4l-subdev2\x00', 0x80000, 0x0)
r1 = socket(0xa, 0x2, 0x3a)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x2, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/bdi/43:320/uevent\x00', 0x0, 0x0)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
socket(0x11, 0x80003, 0x300)
socket(0xa, 0x801, 0x106)
setsockopt$auto(r1, 0x29, 0x4b, 0x0, 0x10000110)
ioctl$auto_SG_GET_RESERVED_SIZE(r0, 0x2272, &(0x7f0000000000)="fa3b12811e1ad7a84755ece9710dbb767aec3a0870ae90f8292fbd8dd451126ff4cfdb7488f7722f39157b8b8cc0df74bcdb20895381a2b6dfe0eab3f77e6742e278ac1e6b5e2090e04f365b40c02b07a564c99d0b35c9a2f1266bf209dd8f1043ec727d66f59e7a9b3f78eba00a92bc25c33752b59ec714abc941670bfb46ea7b65858f3f809a0b653f399b3c49285331a626e76dd7886905c2ceee664246dc15d9261732490887a3eacd6b818b613b76c3d80826fbf34822c9b8ccf3d5cea0fd2b3ebd84a4c317b032e797b036255d55eb901a451c70911168f2d9381db2d446ab14")
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
setitimer$auto(0x200, 0x0, 0x0)
executing program 34:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
socket(0x29, 0x5, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/v4l-subdev2\x00', 0x80000, 0x0)
r1 = socket(0xa, 0x2, 0x3a)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x2, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/bdi/43:320/uevent\x00', 0x0, 0x0)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
socket(0x11, 0x80003, 0x300)
socket(0xa, 0x801, 0x106)
setsockopt$auto(r1, 0x29, 0x4b, 0x0, 0x10000110)
ioctl$auto_SG_GET_RESERVED_SIZE(r0, 0x2272, &(0x7f0000000000)="fa3b12811e1ad7a84755ece9710dbb767aec3a0870ae90f8292fbd8dd451126ff4cfdb7488f7722f39157b8b8cc0df74bcdb20895381a2b6dfe0eab3f77e6742e278ac1e6b5e2090e04f365b40c02b07a564c99d0b35c9a2f1266bf209dd8f1043ec727d66f59e7a9b3f78eba00a92bc25c33752b59ec714abc941670bfb46ea7b65858f3f809a0b653f399b3c49285331a626e76dd7886905c2ceee664246dc15d9261732490887a3eacd6b818b613b76c3d80826fbf34822c9b8ccf3d5cea0fd2b3ebd84a4c317b032e797b036255d55eb901a451c70911168f2d9381db2d446ab14")
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
setitimer$auto(0x200, 0x0, 0x0)
executing program 0:
mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000)
r0 = io_uring_setup$auto(0x6, 0x0)
r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0xa101, 0x0)
r2 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000080), r0)
sendmsg$auto_OVS_VPORT_CMD_NEW(r0, &(0x7f0000001300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000012c0)={&(0x7f00000000c0)={0x1200, r2, 0x100, 0x70bd25, 0x25dfdbfb, {}, [@OVS_VPORT_ATTR_PORT_NO={0x8, 0x1, 0x5}, @OVS_VPORT_ATTR_UPCALL_STATS={0x11dc, 0xa, 0x0, 0x1, [@nested={0x101, 0x65, 0x0, 0x1, [@generic="c0e38807e656e8311d36ca01f4c5ac33", @generic="2ce8e17a97deb7a02b81dab5b682d386bd394b8be1e174a441b9c95071e2d889b30765354242e598a89065f24ba1c0b81fdbc61453d1e767295064886c109d16ea8849a0ede4158d3ce5e76c56b10e82957d2284a5406007d4e5a1fefe9faf6aaa0d8131bdc9cfc91d2fedbf72f9e0247d5eaadab6fe41b1c69345e98e4319b15da72b0b9ac554a018e708beb4686d510187b30c5b50f7ebda146533d06aedb3e61d6c8492c8346e0fe5750f453a3b82675ebb5fbbf881721d6f56dfa554fa32689bc8f3e5b320b6b1ab76b76170a15c35ca98b07ae59d79a62dfade40e253209c6e56478258e5d58eae516457"]}, @generic="fd509107789b61f62816407ddd1e622c3f60f7e9c97187901862cd20e1825cf978e33190328a125f970f6861373e6258ad74cce461930f133d1d89720d78c8e2a0aba764ccfe418c204043ac203f38ce0c9340679f72d0360fdadbdd45abbe66314e36c2a2dc1fc80c9e62da269235d09368c3f92a8d263d34a4db3e6925c87d9639ebd64107139fd90d25c16b239de742a38537542e3c79c25ca76f950ef3b7a2fa9aae23786929efca0d19584c7a57bbed7efc77bba5b01baa15b25a853578621fa2ab00343191d0c76c6d1f2a9672797ba2253a682069f3f998b183a8779c53914dce9378e5f412da96a11ea81d9bddb4a31e6104b02d2aae3061e931cc9c7265523e98310abc1bc68a345139dd6e1f87ff5f9ef2d1808ddbceba6d13a204be16c1dee92c118e2d66cb13ec4fcdb866f061e10c1ce8911a95df9b96ff135ab5813e322043685b5e6d9dc8f4991dcf3f9bb6aad3d46afb9ce123cbb40696210029ca0b6894387c6a8cabc8092e8d38fd0f05d7ee24b7d47e8f72e89860dec1b275dc673be35677ae167d64f1718bfdc0d91f837fd16d05ea7acddee047eab23a148aec61a493c4e5d3f9be591e5794a4870f27ea0960d580a1d88fafd66ffefcfb4e85d15d5da3afba59805c680766362cee6cc82f22f004caa790eb7dd4712878bc53eccead0af73712490e2bd3833719e6ede67a81a4a97b48e7a2a65b29f62dab8ef8766ae4fe959ce348079d502f3b99c14d7ea71a0256010c9cb0f53d2a1708717d0d48b126e2d6012309db96ea7236778f95a3c8ef9d082849b6e87e334b8eda883a17c7d1fce9ff3804565bdc0e6713c1cf95ccb331541d00f92e1a20d1a22f4634cb9211dd5e00ea1632d581f713937cf02450de37ad8d4b6628051b2fa0386200834ee4e6f1a927fbb88b357e593efb4bf7949537898addba532ca9673eeb81c15e8e452e26ee1e1916f6467b7b2a5f31dba29fc1b13f6a188488e2db4ab2040ad16d74e27cff22e5a70267bff47813f79b91488af9c3a625e59ea021022f74dbcffcfe298b13b389641715adaf1082284770669fa6a85702e2767dd2c70a664fa3706eb694a1341cfd16177429234a9e26858e1348f6697d7f0070d1e79af67f0f77e16ec4213632226eb8cc3d43da9d763baabe9359aa9ba52f283740c9f07589b5a3853e26d16651c532d66aefdf39684276015dd33004a1c9c12f4cff44cb8cb0923d66a556de684da21f30402117b5596ee097cc138d1bf1ec42d5fcc08d7e51b7aa4b9add181f8ef67d11ac554a919de3c38287a93a556e0d73b17a8263a6550133ff7e24fa8992c7601211c0ecbcfb6f69f9daf5b43a16201086e4bf98ad452f4a89bb6df7508297e8b338d6bbde4ffce7cb155f00a6597743272f5b696f49a8c5eeea353223a577bfa58101e1e1ba76cc086c5b9d3b9f2b9f9a11b515ec2d435f5d00c6af9687fe8cf9b213c725241247454377a31bfa1265fafb81a741d540e794a45e71e4b52c5f3eafca1970134289feaf9e0ba34ae77420291187a76e73bd08a2857d1edd480e252744711a3231ec6de1cc2c8f48f2dd6462664a1d67d712e5a6dace55d0055bf19a7debe58e07944a02564c1b9264ab91ad4d69c8db3b44e1bad5ef23056322b9659164566defbfd29451c59752da84589ae76c126299ccc2ba8c0096327c75877249172f5987565000775215a9646a8f58468c7fced8ce6ae4f1288abb0d33a402d4e4e88c7ddcd8d52195fd6bb1372115385909c236ed90f210188cdcd7d182227b53fd05803250cca4895ecc0db5ab2643606f27e89dba26857194811ba7caf94291b78beff59fc8184b377963483efebce5349a068e4668291ea582b906dd0df31c39896039ab3bca430f85d72f8eb28b99156f3dcd9db2380322b8f89785a25158f70e0d19665fa467f49baf10198b76e8e288e9c58da1fdca43a7bd1c01ae018dd0ab7a1f094f2459cfc5a2ecf5e71a8d63c7fdcbb5803578bbd45ea1ee6b4bc4a5739ace9e8c557b1e4b3ca3ecaadb1b1afaf32ee6a3fba38ac928447438d350af8864f79ff3bf2ec95861c974cc3ed6c7c297eefca7dfe09fb7c894aab070fce5edae709b7e720c1976fee33065905335a036c876b6ed4124f3e9c3e47760caf7ed86b8753a2d65869a4f884b048521a8ff3880b074c72e1c262d1fc76b12ff5bdf90e278b0dbc087b592a18c8992f0d7e6d678b00dbf68cdcf62168015b99b353081d1a3a669cf771dc6e13639766265e14f4e24e06dede986447cb190946d548b3b453af84f74a34e5892a83bb73e863b6e6b192d0e3aeff228a9c22d529c0cf4cf2f09044519c4560cb7178255426210930fc467c0080ffb24e19cbf008ba0a550fc7b548bd8c2a2497fcafff2f3321831a271230a7458675a61ca301bf54e4be6610fb3d08aeb7da78ca7da82f1b7869b4a9e7ac114ffceb35263f2b72465cf57e1f052f3fb7204625942f81a39d72032902b716d95127d99b849c2c9e7c1255f095dc87b8593ff78415dcce4722d90ba4973013ac398030fd7fb951bb57b3056898028c6ddd88090bc780df791cd34adfac76ad8667c95e837a4606d7b7d54c3af4dd2a3bdd47f07832cb96fc25e6b1e12c4b3bef5ab4fee4803b18c7468e614a01bc969ccbaf63cf0a3f4f003943c29f66cbf69e4f5bef5238ceacc6fca75300d33327846b4523b67a77f128637138215973223eb9b7e5ceac50a9f8eccc24a3e4a8fabcf8de72bb393285915fadd73edaeb458ae91bb39ce211c58ea013f329802168bfe10077773ed4119fe7d371074030d7d1432a89aa83ba867529d32a6a499c2d390daa1bba93a7e7f1beb629b0d6225caaecfd1a550c58dbcc0ac72efd01c81ec8ce14f21856224dde3e2b45445ad586b064ebb44ec79311c93fb9188593c3230041bfacc84a3396be377121e523060086694a1143b6de909dd7f7ca449783977f2dd7a79199c35b4a31bb41d3a653b13c7b0bd42ecfb8c8366b0e423934cf119458ffbd83a4c89d33573a066c414e2f785f2e716035bb5f44ce3241fa2a64880f199886081ad1edba356a0eee01af39a45161669bc7c601a47b7b8e526bc00029a08625f93233c6d04701b116f1fb87c9555d263dd442795aea13523aee6fe28fcfce94de109d95ade256faa4cc511517af138b03aa13fde25f24d671a794827426a3e60b22b91ebca6330426a0c59cbe38cff8257693a0920c13c5e1662edfe8d5118507050b881eed9de1461f426f545f33cb0ebb67e192c2ec91664f87ee35684f648ebc7fb22d41996dc26d4fe472fd3cf4c30765b5dd0b3cff30fa5235b7b6af7fb57338722e1fdb10ccfbae6cf896f7632c2db661c75c97abd7a02e1c0a6c728fea0b8dfffb0f76a2d969587b5b2489fd3d3cf683e4f66c929e7ecdbbfd00582a38f105347c180911fe60c7faefc8782bf04e21b9958f719503cb2bdb06fc41e9a9575ec2378b3d5caa9da7af6adeaf7ab6345b0b0d5eb84bb2d388884378b91c206d1352b29ebcb2c906d50e21ebaf20ddaccd6492454567dde7e3d5805cc2ca058b9b3c615387563fe4d9c33c3c0c72825bdca1fb78dae6f8cf9b82959cab8b3167fc25003fd352a0dcbba9c8f488ae7728da8a2822e0b7617777f25054d6bb09e2dcf7c97643f3d1971769215ff1e9f84942f4ebf06c03a75e9a78f21d18e7887aef67749324edc553570d22a4c1048c0e5ef48cf53ed822950a772b0d890fc95e7b949ff2a1dc06bd26de80f620b1578d2d572fa4280c46ac9c58bd1ac1523760c3a4bb661841c5a47f54254711abd11781a30c73d24da971f84728c77009b5c3a96beb40c1554b677c585602c070a9521f952d35cd668179bf3c086a9c232f7ed19e524765149d010300d761ea2951ebcc6810e4d0a6dd3d8ee417ca61b73baf8a8799fc5423698d119826e1b35e81db8d4fb7dce1e9b1fff4f373c25205b4c612acf90d39f1d8e45764d7f2c2e95f73e1571f23921e3100cf3b69879966cf04be787c8f2d9573b28c8f9163efea551dd0bf56fe4cb5ab66199b8fd535fd0ca157ff9b2f0482a47cfb58b1c2153e6e2c2b816388691653e4333fd24429d81987866de21ad684f775046ed65ec897cb31300e678c84081b8e9b6c46c05abf7dc73f4a98c901ea7986910f45ea1f84599d26a0aff855594c17ea270ac4c6c71f1999bfb2e794af4957dee0de202aac377c3570c882fca8f5697386c4d892ba8c27421a94a3d8a6dfe9e50a508257c9501602b684beea03936acd00013f9c231a571048701a06df17a5387ebc9fe662056d5920071b9157fe9568188478cb5ca5e09dc4cae5398c77599f5fd2134d084a1fd1200ba158fcc5617c9add910ee35672d693e5cbd66b15160ef11718b867039c7940cdb1e70b7d67980cdc643de565f04a4212ee547caa753955c79c47c858d953537876060d524fff80e56d4d46a66a412bb146db09f30f9e0c346af290f0e401be80d2d247fc6f6754b3ad09d27aa8290984ab80559f32f7bcbc38ba42f8b0bc2b4b04ccb949040f831c5ed197ff39049b43d4d61abc93150ccbdbd942c56e0e16a4f1cfb73443cf09fe673ff40ab310c5636a6ef3562c48047ce589ea37a98e61becca02f537c32a22511d48f3a23bace2cad00afa802bee24722db7d3aabfa2cbc5267a0410fec51462ca9ac35aed94470d860dccf6aedce2b44f974bec575cafa985bcb062695a7ca6e366c871bae236770c5e60dd872540cc7ba60df22dae788c662b398a3fa26bb78dfe4069e24034d11e550888effbefe9fb2cfb0f330022ef4c8067caf68ad2819a20c9e6b865c50b267eee1a9b4c773a846acca87b1505f53651c1ab23b0793cdd1c1a5af6c7e3dbe68560a88ef08c8a3976ee05b678007c1612bcbb8ce8791f235b6f440b0574a5f977126345cb155219d3fb42aba7813aceb29feffc2f740f5a3f2ca5bcbf0317b76b72c38b29558c70efb254ac17851e7728a81e1888ec4d7a507a176f4173ac0a719a5e47b889c34a63e2c50d46ab671f64cc79239c9b71de9fa86c45bbd0440f1a0f82ff0ca7170d8e1286b1f91c76d71664632f1b296bdff759bf0e01a6ed34f3ba4fb30f62a1227968289d222e241845940cad88383a8eac4b7ff6b5b019f957a68c122a6b6a1dad5516fce2b2ede79d3e5f0a78437b9fc68a05eb80ae758814f600c0f3ac07521fc1c6f8b920db9af3d406e449258829bad1f912b972c35be8a2219a342104c34e55e1ef02a3024b9e5bd9285cb6cf698fd5f3a9d7a7e5c4e0b90f51e9613e9ca8e9047a438dd505ce9c125b5421ea278339a05467bbefea6ee399cfc0762339694d6dc0a5cc303c37316938d6642629979a35e444623d24d11bd89ae44c78f1aadc86d924f2bf779e02da57797e77ddca57730ec183f8c9cb2efec9f05958050bf5894daf0aed40835e4c729ff31a164d3944930730c2660c7928e476ea82098372f2a629ed70f0292a7e79d66180ea151ba4d57fecff2f13c6c0fbd2fa66f161560b21c27ad693fe68a552268d3605e10742aa43ef39fbb394ed3bec2c9313eab3e1619b2934313877605a3c9a8f6d1a907ba92f302c39fbd15b2b2515a12e36acffa88a46d8ef9572e2c406ecaf0304b7372223d3c25754274bd51745b2fb659f09f3cbc7f4662babb09a246afc5e658fa26a3f4eb453f4e9375ed38fa654f32cb4b65a5df141ab19074948fc544054c34334a481b3b59ce0c059c5619d9d189c50aee4c1784fe08da8c013046fd460", @nested={0x8, 0x12b, 0x0, 0x1, [@typed={0x4, 0x93}]}, @typed={0xcb, 0x12a, 0x0, 0x0, @binary="c258b346ea75c82b630ac9a1e55c1825a7ea0f2a92b0d0c464d3849ae13419d5f8e28a887137039aace3cddb28ea80e70c64fb8ce95c9643d9059ace9cc6f20689f0a38068b2fa3d9ac41867b83cc6bac74f5f17c30865570c8a6caac1e207895e27ec882a70bddebd09d6432d9ed8534972ce077ee3645fa34d7ab6a3b458a33f309522850d30710a5c581ab41ad510bb5f95b431c31993e479856a8a89a2414f085c2c6ba4462bbd1b1f2c885b8a1ae8a828fbce80845cb86126ed3e6e281db9d9e3cdb43b6b"}]}, @OVS_VPORT_ATTR_PORT_NO={0x8, 0x1, 0x6}]}, 0x1200}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000001)
ioctl$auto(r1, 0x802c550a, 0x1)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000001f00), 0xffffffffffffffff)
sendmsg$auto_TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000003a80)={0x0, 0x0, &(0x7f0000003a40)={&(0x7f0000001f80)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002abd7000fbdbdf2503000100"/30], 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x24040004)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/netfilter/nfnetlink_queue\x00', 0x101000, 0x0)
socket(0x10, 0x2, 0x0)
r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vbi30\x00', 0x0, 0x0)
read$auto_v4l2_fops_v4l2_dev(r2, &(0x7f0000000080)=""/27, 0x1b)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0xa, 0x0)
io_uring_setup$auto(0x8, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x300, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/swradio4\x00', 0xa82, 0x0)
process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x2000)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
socketpair$auto(0x1, 0x0, 0x1, 0x0)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x301100, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0)
r5 = socket(0x10, 0x2, 0x0)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
sendmmsg$auto(r5, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
ioctl$auto(0x3, 0xae41, r4)
ioctl$auto_KVM_CREATE_VM(r3, 0x9000aecf, 0x0)
r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r0)
sendmsg$auto_NL80211_CMD_GET_KEY(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, r6, 0x200, 0x70bd2a, 0x25dfdbff, {}, [@NL80211_ATTR_COLOR_CHANGE_COUNT={0x5, 0x12f, 0x3}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6}, @NL80211_ATTR_USE_RRM={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x4004}, 0x400c045)
executing program 0:
connect$auto(0x3, 0x0, 0x55)
r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/smaps_rollup\x00', 0x8000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
ioctl$auto_XFS_IOC_FREESP(0xffffffffffffffff, 0x4030580b, &(0x7f0000000080)={0x9, 0x6, 0x6, 0x2, 0x8})
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x2, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000007a80), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_MODULE_FW_FLASH_ACT(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2], 0x14}, 0x1, 0x0, 0x0, 0x90}, 0x40)
recvfrom$auto(r1, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket(0x2, 0x5, 0x0)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
read$auto_proc_pid_maps_operations_internal(r0, &(0x7f00000010c0)=""/4096, 0x1000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x200802, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_XFS_IOC_ALLOCSP64(0xffffffffffffffff, 0x40305824, &(0x7f0000000040)={0x8001, 0x7, 0x56ee, 0x7, 0x10001, <r4=>0x0})
fcntl$auto_F_GETOWNER_UIDS(r3, 0x11, r4)
msgget$auto(0xa, 0x0)
socket(0x1d, 0x2, 0x6)
getpeername$auto(0x3, 0xfffffffffffffffc, 0xfffffffffffffffe)
r5 = openat$auto_state_fops_(0xffffffffffffff9c, &(0x7f0000000900), 0x101002, 0x0)
read$auto_state_fops_(r5, &(0x7f0000000940)=""/19, 0x13)
socket(0x3, 0x3, 0x500000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0xff, 0x0, 0x1, 0x3}, 0xed7138c}, 0xb, 0x0)
r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8002, 0x0)
write$auto(r6, &(0x7f0000000100)='\t\nD\\\'\x02\x00\x0f;\xd1\t\xbe\b\xe8P\xd2#\xcb\x98p\x81\xe7\x82k\xde|P\xfc\xcb%\xd4\xc2\xe8\x16A\xed \xec7\xa7\x9f\x969\x92t\xc9\xe9J\x1d-X_\xa1\xff@\x88\xbfP\xe9\x91\x82R+N\xe5\x10\x87\x92j\x953\x94\x13\xc4`\xbf\xa0\'\xd5F\x1a\xa0lSQ\x00\x99\xcf\xea\x86\xc3J\x8aE\f*T\x9dn5w}\x17\x97\x92*,\xddn6\xc3\xa4\xbc_\x9a\x9c\xc8\x80\xa3\xb9\x9aQL\x1d\xae\x14Ycd\xc0\xcf,\xb5Z\xab\xac_\xd5e3P\x97\x10X\x7fB\x88\xe63\xca\x00\xcf\xd1\xe3\xce*6\x11\xcbmv\x86\x0eM\xe7\x90\xbb]\xf5\x0f\x00\xee\x8e\x00\x00\x00\x00\x00\x00\x008\x1f\x9a\xe3\xa0\x14\xac\xf2{\x94E;\xef\xd0\x80\x8an\v\x9b\xf4M\xf8\x02\xd2\xe9\xb1\x81\x8d@\r\xc7\x11/\xaa9\xbbl\xb7\x90__[r\\\x9e\xcc\xbe2nw\xac\x02(\xf9\x9ajI\x1c\x91\xd7\xc7\xbc\x15\x8d\x03q\xb9\xd5\xe1\xb2\xc6\x89\x93M\x7f\xaf\xa1\xb9g\f\xe4\xfcfA\x8b\xd0\xd7\x8f\xd8R\x90*\xa6\x8d\xf7\xe5\xb1`E\xb8J[\xa9N\xac\x9bg\xe4\xeegb\xcab\xd1\x10\xfe\xac\xca1XH\xde\xc4\x10l\xaa\x012\x80\xac', 0xce)
executing program 0:
open(&(0x7f0000000100)='./file0\x00', 0x440, 0x0) (async)
prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x80001)
lstat$auto(0x0, 0x0) (async)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x181400, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)=""/114, 0x72) (async)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0)
socket(0x29, 0x6, 0x5) (async)
socket(0x28, 0xa, 0x0) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYRES16=0x0, @ANYBLOB="2f212abd7800fddbdf25210000"], 0x14}}, 0x4000000) (async)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) (async)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D1\x00', 0x1, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/fs/pipe-max-size\x00', 0x382, 0x0) (async)
write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) (async)
r3 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, 0x0, 0x200000, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x2, 0x15f4da0a, 0x1, 0x3, 0x300000000000000, 0x80000001, 0x7, 0x6d3c, 0x5, 0x2]}, 0x0)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f00000000c0), 0x100000, 0x0)
unshare$auto(0x40000080) (async)
mmap$auto(0x0, 0x20409, 0xdf, 0xeb1, r3, 0x8000000000008000)
close_range$auto(0x0, 0xfffffffffffff000, 0x0) (async)
mmap$auto(0x0, 0x2020009, 0x3b, 0xebf, 0xfffffffffffffffa, 0x3) (async)
r4 = socket(0xa, 0x801, 0x84)
setsockopt$auto(r4, 0x10000000084, 0x76, 0x0, 0x9c) (async)
setreuid$auto(0x0, 0x7) (async)
setreuid$auto(0x0, 0x0) (async)
open(&(0x7f0000000040)='./file0\x00', 0x6a640, 0x20) (async)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
executing program 0:
statmount$auto(0x0, &(0x7f0000000380)={0x8, 0xa, 0x1ff, 0xcc, 0x8, 0x4909b6f8, 0x1ffdf, 0x9, 0x9, 0x7, 0xa121, 0x3, 0x0, 0x8004, 0x3, 0xa, 0x2, 0x10001, 0x2, 0x100000000, 0xe, 0x7, 0x2100, 0x200, 0x0, 0x84, [0x4000000000, 0x8, 0x0, 0x50100000000000, 0xa, 0x4000002000, 0x0, 0x6, 0x70624ce7, 0xff, 0x4, 0xffffffffffffffff, 0x0, 0x80001, 0xb, 0x801, 0xffffffffffffbfff, 0xf31, 0xf7fffffffffffffe, 0x0, 0xffffffffffffffff, 0x800000000000007, 0x10000000004, 0x2000000000000000, 0x0, 0x4, 0x400000000005b8, 0xc, 0x0, 0x0, 0x8000000000000001, 0x6, 0xfffffffbfffffffc, 0x88e, 0x8000000000008, 0xfffffffffffffffb, 0x9, 0xa38, 0x6, 0x3, 0xffffffffffffffed, 0x8, 0x4000000000, 0x7]}, 0x1fe, 0xe)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x20081, 0x0)
write$auto(r0, &(0x7f0000000000)='/\x00'/18, 0x7fe)
executing program 6:
r0 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000002c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL802154_CMD_SET_CCA_MODE(r1, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000000)={0x28, r0, 0x101, 0x70bd2b, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x60040440}, 0x800)
r2 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_SET_TID_TO_LINK_MAPPING(r2, &(0x7f0000000a40)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000a00)={&(0x7f00000000c0)={0x914, r3, 0x100, 0x70bd29, 0x25dfdbfb, {}, [@NL80211_ATTR_STA_EXT_CAPABILITY={0xea, 0xac, "f2a5c38b2e7df35d998fb1f614d9b83b2afbaf264ebe4dbad834a5ebc898d1ba27182384f0578fbe677968d7195fd4810cd0100803a20581d4a6b1356d825782c1a5875e8524083e51022f6a1bf70def04333a032d4cf2da3d0968f156af721d2808a204f9afd4016ea62679a4384f3061e27a3d29042b2f1bfcd90d6ee749cb0c1811a7442094f6a95a1b4f1b48c712f13b01c3e506a55e5e919cc334fbe92287f6f63b8d7b68dd5a7465eb5aa4f2f74e6864b07a2cb0787e7bcd83e8f095b2ff85c72b7c6243a7102c47c73cf72f1895a38b11482dd8cbaac8e2f3d5203a5453202566c969"}, @NL80211_ATTR_4ADDR={0x5, 0x53, 0x3}, @NL80211_ATTR_IE_ASSOC_RESP={0x73e, 0x80, "5e856c603ecfcffc560bdc37f136b7317f8459065b82f3a5797fb951311cde4c48f6520f2064310e448ec769b50ef6e28bbf325272aff20ff1dbf1b49062a4efedf71b6a3f169b4c608a8399a657784f057ddbafc7f9b340813b2ba03d6ab617433b21c1f3251c72677fb9dc176347eadd3a559f39a0b9aa88f49438996a106b87c5ab8e40cde110edd0707d73e025d83ede9e77e97f4cbd0d3e9be1691c9c31c046640d35bc2701b6308ab9913ee87ffa40b4cb1b05c0a3844af97a7389323ba3ac27874acd2e2d0918e4b3cffb3abe5303f8e9ee5fc133856b15c9389b132b430e593080856cc7e610f63777b722355319a1bdfe3d4f3960465b4ef41cb29e8197ac202846126ad510cbb707b2070441398376effc0b464c950990357f41b60eb70e82d6415d6c0dd97fc15ddd6a84761f30d034552fc556219c6d1f8de3167533ef0cf9043d1a1b6f5386f561688e76fdf19f71bf9d7ad5b0c1dfc1034fb8ea2efda052bbd996f1682dd163c899330ba1d5b173ea3af52aa2a9b58b3db10638971389442569517c421bac5c1e5a68fa452d24f617e740e46edd418d7be4c8ddbfb345281eecce158fff4068c7a2c03aff98663ca0d71f0fa535bdf4956c3471d47dbd330c5c6f16a173021c7883e20fa41aceadc472667d3979c62e0d243ee9831ff4c3fccda87d51782ddbe0df33bf3ab8b34bd0a0b48ef90131383b9d29dab2783359c1724b2282cd514430a92d075ff1218514a1b75ccc5f341cb82d33b5b9b8ff4472e5fcdbfe948e5760fca4f9b5c73aca9e7d549b266f224d6f26975c42caf8b3272a5000ab74bd9386564cf8751ea83089f84a534341812ce1d1c613e35d306f41bcf386b1e7b3157935ce3c4334592345615215abba5fed4215e1295eb0f516a4f97e84f20c5fc3821f3cc56bea853936345a2c6df6ac0e000e476016af6d3a926448cb6808839905cbe945b86e7a3edc5e6e0a41303dab1edfe6fc5cc18c8b58123f9ec8824c203c7f496fc774b75eecb7e463aad90c6c2de30aa7bb325b9c8ed45f37eeb6eda754e6631d88fa08740fbadbe71832e14a7712a07a2348ee6f73d156e518b3937021ba97698e7d93381965f6961cfc41db776c4dda2ee63ceeb442aacf417f2f2f56768036ada3a65e05a66a68f0c8cd296a8b40b253e548bf37666465915de6da6fa479b1feffc83503618a965bfa69da4525d7e4a59547ef43f3cd5b1ffb493433e6120097594d2c7a87088990421c32572f43864bc60b9a80b16e2c956d173d57c78c015a2fe54a45694fa0215f2beca6989570b577e38a765050ca80f4ec0e778e844551b5212dd80d3af88d47ca86e8beb6174359c036187250d7371294064452eb87d10d3476c64e3ce1477e0e89d243b8e18251b8ddc73e33277f56362bc796de4fd5df297383cfb8ce142f44698c1cc322d0cd232761ddd06be7599ba9ed384c9f128a848e4792e0fc1bd6a728dc552c6ce74cb19f95897b98091e19b95e597cf1f5fd9300601abfe44908ae3c5494600456a266a22bae23bbe01ea3ad099e4b7b6b07311860ebf45d66c2962177987e2b2931598aa84e840d63ad3e9984732c36d5c61b5b90fa5099ba53170161669bccb8979dbf117762071d1e9a7d2efb29f84e8691aa18d54d959bb7ba8763ef24cfcb53e20d759569fb14def3b242f3910b8f5da86c82c1a4930b0220cedf3da268a3812562e9cc93ecdf405d43bbb7fbf94c9d7c06976b88fb9197ffd61c267c4a38c723d96f45d22eeea74290a90e0923cb088aef11216ba01d2b6536390ef6f4ff431abbd7cc9b20d798c84a3475627c914b0cff85cfe7119b2404ba89d334a8619e16dda08630a97f67f6e4a826c4f3e09faa9e567aed2672168a479d69013723509921d4c052ad9b36b00222b7b1e8ff5f16765d07953ceec1691bbfa9186fc35977a4eab7d10d11f933b7dc0f020da9bc6a73f09ee5a00aa588b506d14e5a1c11b5cf9e3aca9119e9836d77e29d49705ff6a3657cdf53cfea4805096eae7cde9646c8107d3adef382912a2bdca022cf9488e56eff2cc5f57eb838d71ad736a0d64ceb60501cc48f543754b4f23e3ac1f0ae9fe9f155232ffc72b472ff3e47bf5738fdb806971d68a9d4569da928d6791d116943bfe5f48e1a93e8293e7fbe9baf93004062ebec950a3addc5be5447aa2070f3c812c52868a11fb108ea8da6d551822472d5a61f232f2a490c745b06b69515dc2cdc6877278df1c82860074744997c71dd89a16c7da84151dd7cb8d6174dc31df18d8f67dddf9f3c1fe6da82b6228678532d727c95896b56530c492bf947e7bf36cbb4ece3b9210f0d087be9595a5bfffd6b36eebf245fe70f82c24358af1216ea5d1e1399c826d802d7e6f4ebd70221528937bf71739851a355e9198410afa7b404dba1a189a409c3aa08c953281e3134f20d907233183dac0350adfcbc32dde6b0ead718a65598ba50bef7d15fb0c0164cf87342c97aa0af9cf78ccd510151d3059c33d423303746c178f4295c2a86ffadbafad281ccd6dcba490e1b431c16c2e5f5f7efb5d8191a6726f7c9cf835abf5cffa568c5e4db6804e4d9435258198ffad138b6"}, @NL80211_ATTR_STA_SUPPORTED_CHANNELS={0xc2, 0xbd, "93cdda6f8421fe0b561f691e9ad73184d34fce888e93482abf98e3de7b60d370b81a32089bea8cae6600a62ad4b181626bcdc2220c473b3e0da19a43f42a88b4aaca0f25884567753354d99dc935d1fc5b8804f9b179ea92a8054a6bfc5010b9e694f1d1e6d73d0bb94949ca4990b4c0e653024d5f28e7c52581da8e57fbbcc4ac73fbb5995e8512ec9ad4418118c5b7b185bd9c0ecf19931735fbe91e0efa5e6dbfb28cd117b04204c19b14cd7b579a2e56c702163cf6a0c85e8bce840f"}, @NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x3}]}, 0x914}, 0x1, 0x0, 0x0, 0x4000000}, 0x24000000)
sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x18, r3, 0x300, 0x70bd27, 0x25dfdbfd, {}, [@NL80211_ATTR_MLO_SUPPORT={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x14}, 0x4000c40)
executing program 6:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xc, 0x800008000)
close_range$auto(0x2, 0x8, 0x0) (async)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x2, 0x88) (async)
r0 = socket(0xa, 0x2, 0x88)
fanotify_init$auto(0x5, 0x0)
fanotify_mark$auto(r0, 0x205, 0xa, 0x4, 0x0)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) (async)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0)
ioctl$auto(0x3, 0x541b, 0x10000000000402)
executing program 2:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/lapb0/carrier_changes\x00', 0xc2481, 0x0)
write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop5\x00', 0x208080, 0x0)
getxattrat$auto(0xffffffffffffffff, 0x0, 0x4000001, 0x0, 0x0, 0xbb1)
r1 = openat$auto_bsg_fops_bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg/1:0:0:0\x00', 0x208002, 0x0)
ioctl$auto_SG_GET_RESERVED_SIZE(r1, 0x401870cb, 0x0)
executing program 1:
r0 = socket(0x1a, 0x80000, 0x8005)
socket(0x2, 0x6, 0x0) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000) (async)
shutdown$auto(0x200000003, 0x2)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x300, 0x0) (async)
mmap$auto(0x0, 0x400008, 0xff09, 0x9b72, 0xffffffffffffffff, 0x8000) (async)
read$auto(0x3, 0x0, 0x80)
setsockopt$auto(r0, 0x1, 0x9, &(0x7f0000000000)='\'-+\x00\x10\xa4#\x92`\xdb\xafL\x0f\xfbUV\xa6KH]Cv\xbf\xf2a\v', 0xeb66) (async)
bind$auto(0x3, &(0x7f0000000140), 0x6c)
executing program 6:
r0 = socket(0x10, 0x2, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x14, 0x0, 0x200, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4c894}, 0x24008000)
sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x4000804)
lstat$auto(0x0, &(0x7f0000000180)={0x12, 0x94, 0x3, 0xfffffffe, <r1=>0x0, 0x0, 0x0, 0x1000000006, 0x7, 0x7fffffffffffffff, 0x4, 0x7fefffff, 0x42, 0x7, 0x1, 0x64, 0x40000104})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x89fc, &(0x7f0000000040)={'bridge0\x00'})
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB='\rV'], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x200000c4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0xc000}, 0xc814)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0)
r4 = socket(0xa, 0x2, 0x3a)
setsockopt$auto(r4, 0x29, 0x4e, 0x0, 0x7)
ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYRESOCT=r0, @ANYRES32=r1], 0x1ac}, 0x1, 0x0, 0x0, 0x4001854}, 0x98014)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
executing program 2:
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0)
r0 = socket(0xa, 0x2, 0x3a)
setsockopt$auto(r0, 0x29, 0x11, &(0x7f0000000080)='\x15\x00\x00\x00\xf3\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\x8a\xfbM\xf6\xf8,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"tH%\x01\x17\r\x92\xf4\xf0\x01\rNK\xfd\xf3\r\xa7\x17\xa0\xa7M\xdb\xcc\xe1W\xb5(3\xa9D\n\xbf\xceRs\x1e', 0x400)
socket(0xa, 0x1, 0x84)
mremap$auto(0x110c230000, 0x4, 0x4, 0x7, 0x100000000)
mmap$auto(0x0, 0x6, 0xdb, 0x9b72, 0x5, 0x8000)
setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0xc)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0x200007, 0x19)
ioctl$auto(0x3, 0x5453, 0xffffffffffffffff)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/ip_vs_app\x00', 0xc80, 0x0)
lseek$auto(0x3, 0x7fffffffffffffff, 0x1)
write$auto(0x3, 0x0, 0xfdef)
executing program 1:
r0 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0)
write$auto_fuse_dev_operations_fuse_i(r0, &(0x7f0000000440)="110000000300"/17, 0x11)
executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd7000f9dbdf250100000006000200000000000500070004000011080009000100000008000a002b0000fc14001f0000000000000000000000ffff7f00000114002000"], 0x64}, 0x1, 0x0, 0x0, 0x40000}, 0x400c004)
executing program 1:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
prctl$auto(0x10000000024, 0x2, 0x2008, 0x4000000c, 0x7fffd)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x0)
r0 = prctl$auto(0x10000000024, 0x2, 0x2008, 0x4000000c, 0x80001)
openat$auto_short_retry_limit_ops_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy0/short_retry_limit\x00', 0x8200, 0x0)
openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/mountinfo\x00', 0x42100, 0x0)
read$auto_vmwgfx_driver_fops_vmwgfx_drv(r0, &(0x7f00000000c0)=""/184, 0xb8)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket(0xa, 0x3, 0x100)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
io_uring_setup$auto(0x1, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
fcntl$auto(0x8000000000000001, 0x26, 0x8)
fcntl$auto(r1, 0x7, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x3, 0xa)
eventfd$auto(0x3)
pipe$auto(0x0)
sched_get_priority_max$auto(0x9)
r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyd9\x00', 0x0, 0x0)
ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0)
ioctl$auto_TCFLSH2(r2, 0x800455cc, 0x0)
executing program 2:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x2020009, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000)
name_to_handle_at$auto(0xffffffffffffffff, &(0x7f0000000700)='/proc/thread-self/cmdline\x00', 0x0, 0x0, 0x200)
getrandom$auto(0x0, 0x6000000, 0x3)
madvise$auto(0x0, 0xf663, 0x15)
close_range$auto(0x2, 0x8000, 0x0)
mkdir$auto(&(0x7f0000000040)='./file0\x00', 0x2)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x8000, 0x70)
mknodat$auto(r0, &(0x7f00000003c0)='./file0\x00', 0xfff, 0xfffffff8)
renameat2$auto(r0, &(0x7f0000000200)='./file0\x00', r0, &(0x7f0000000240)='./file1\x00', 0x1)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x8000, 0x70)
mkdir$auto(&(0x7f0000000000)='./file0/file0\x00', 0x3)
renameat2$auto(r1, &(0x7f0000000200)='./file0\x00', r1, &(0x7f0000000240)='./file1\x00', 0x2)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8000, 0x0)
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}})
io_uring_enter$auto(r2, 0x9, 0x820e, 0x29, 0x0, 0x18)
executing program 1:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffa, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000d40), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[], 0x14}}, 0x4000000)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer\x00', 0xc8c02, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000)
madvise$auto(0x9, 0xdd, 0x17)
prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0)
r1 = prctl$auto(0x43, 0x0, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[@ANYRES32=r0, @ANYBLOB="712b738fa1868b61828c4edf70835ba590a23c42b164ed528cc9775a3bb89199f0b13cf225fa2a3a283f28371dd6bf97a0577c6c917409ac137621de47b61a1edd3654a8cd230deef92baec70515ef96aa714c66e670694dc010c3abf539ed7d78b6dd764235d81a0f1ef6dd0651536df9a95ca5452a11c348a3f0419fb9b1a4ac3f1847ccafd5e62bb96377c84adda4a5cf58d6cf0c12e2b3", @ANYRES16=r1], 0x30}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800)
sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="db002cbd7000fbdbdf250af4"], 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810)
r2 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0)
write$auto_fuse_dev_operations_fuse_i(r2, &(0x7f0000000440)="110000000700000000000000000000f400", 0x11)
close_range$auto(0x2, 0xa, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0)
r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0)
mmap$auto(0x0, 0x2020009, 0x2, 0x8000000000000011, 0xfffffffffffffffa, 0x1000000000008000)
read$auto(r3, 0x0, 0xb4d3)
write$auto(0x3, 0x0, 0x2)
write$auto(0x3, 0x0, 0xffd8)
timer_create$auto(0x3, 0x0, &(0x7f0000000140)=0x6)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @private=0xa010100}, 0x6a)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
socket(0x2, 0x5, 0x0)
executing program 6:
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x5, 0x0)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x8000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000300)={{0x0, 0x17, &(0x7f0000000040)={&(0x7f00000003c0), 0x1}, 0xcf, 0x0, 0x1, 0x100}, 0x9}, 0x900000, 0x8, 0x0)
getrandom$auto(0x0, 0x6000000, 0x3)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
r0 = io_uring_setup$auto(0x6, 0x0)
close_range$auto(0x2, 0x8, 0x0)
close_range$auto(0x2, 0xa, 0x0)
r1 = socket(0xa, 0x2, 0x0)
r2 = socket(0xa, 0x3, 0xff)
connect$auto(r2, &(0x7f00000018c0)=@generic={0xa}, 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x1ffff000, 0x7, 0x100000000)
mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2)
shmget$auto(0x8, 0x10563, 0x568d1af2)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
r3 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000040), r1)
getpgid$auto(0x0)
getpgid$auto(0x0)
sendmsg$auto_IPVS_CMD_SET_CONFIG(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="200025bd7000fddbdf250c0000000800060005000000c90203800ae556ea96b6aac20a2df353bb08ecd46a7f933d1b2db8ce9af498e5ff3a90bfe88cc0b1e2e58b0f02ef589c88720e1e867e4da84e9bd27e4e7c2e138ed9b259006d0495ac1d03abe76afce408df49a9a4d2c79e8416718b6ea62d96bfe4d485b5898da01e69d213069313429fe114911f46d2480f5c0057801400cf00fc0200000000000000000000000000011400a30020010000000000000000000000000002040053800baa9962d832bfc7a1598f73f290676159d5d963f0ef3f3694e8c4769e09a76a5681c9ac27bac987157191375b4616330f58eec7166fdb5686acea5e1073d07a6eb7b91e3eb3ad97fb23c2aa1e37e9c9253c0115d7c961fed3edb90a3043132ec20bdf79be7ae10344c3f520acf5783d0eb3c0e11c56c454f6919da28e35da492fd3bd376918d0d1db7541fe3db6ce2b222834198cbee80a7b8b144af6a3fea938b06a01046b00b17c01cfd1230a8c25de9c6f31e39a6bcfad2f409551b2465a4c1003d3a46dc8740e9d4e1794644249f256fb7ba7b4475e04825ebcdadeb3d0824157cddbcb471d53880652048b58569b6e4c33ce64cb48ab36673752d6980118e2b398045597a158fb9fcc22e5ba4cdb205e8980f4ca5620bc9270655998e15fd4623e70d35bb1c3c2d4386f44f98217d65dc1b99d0995bb4e2f1eecf67e42a1d61f4e23ea7292fa8f0b334f8861a5905219476eac17430e2a6298df7834dd39fea33d5140246b3c8cede37cc5d84006fce1b686f9aa64fbd490f5bdb6e8810fecef991664c54e804cd59dc1e3ce75bb3e4f7e12a5b3c9a7022868b3de8ec536b30525e4728d360702f8d5b0e5ddfdaefc630b8e9dcec51b6492186a79401903db258e75a34ca1c0f85639b3bdb06d35b5d22055894e299d6260a47e11406008a472f6a9725b9fef7c39d86f448a815b8fe22729001580dc641df00c5037ab80751ccffa98cf32a2937c8ff7aa7c751f859c9c5dba646cfa7737c23e000000000000a400028097009280d4ad4d603c22496113937a8eaa783c1c540b4fee3e91dd97e7e7c707d5c6824da6f81cd4ccfaa1e0192047d92a084580d8d3dcec9e0e1f05aaec27e0061c3bc62f4e2956b774100f323c35da387294d9002cdfc7442311ac9be9543f563477c79fa349fab57e1367f10dbcd33bf486e3e1c04b1bec3231ac4c345e364b8096f1b0b51235e4aa6a8610394439291a753b17c79a0008000f00ac1414bb"], 0x38c}}, 0x4c0a4)
shmctl$auto(0x0, 0x0, 0xfffffffffffffffd)
lsm_set_self_attr$auto(0x1, 0x0, 0x80, 0x0)
io_setup$auto(0x1, 0x0)
close_range$auto(0x2, 0x8000, 0x0)
executing program 2:
ioperm$auto(0xefdd, 0x4, 0xfffffffa)
fsconfig$auto(0xffffffffffffffff, 0x4, 0x0, 0x0, 0x0)
r0 = openat$auto_ctl_device_fops_user(0xffffffffffffff9c, &(0x7f0000000100), 0x20082, 0x0)
mmap$auto(0x0, 0x8, 0xdc, 0x9b72, 0x2, 0x8000)
r1 = socket(0x15, 0x5, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
close_range$auto(0x2, 0x8, 0x0)
r2 = socket(0x10, 0x2, 0x4)
sendmsg$auto_SEG6_CMD_SETHMAC(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="0181"], 0x1c}, 0x1, 0x0, 0x0, 0x40012}, 0x24000090)
r3 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='Z'], 0x1ac}}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
setsockopt$auto(r1, 0x114, 0x8, 0x0, 0x4)
close_range$auto(0x2, 0x8, 0x0)
write$auto_ctl_device_fops_user(r0, &(0x7f0000000000)="a504ff4c280e43904055ceb3bc98cf2af453126b06d1f8b678ad4700b35e33bf24e0c6269dd4fcfeafaacd781a02e63a0f9cf51e53fd5433203e1a4531a69c151e3714d2418d3a55d79a114e8309e48778a229eef16577bd021ce7b48a29a4e1c32f5f0c3393287d", 0x68)
executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd7000f9dbdf250100000006000200000000000500070004000011080009000100000008000a002b00006014001f0000000000000000000000ffff7f00000114002000"], 0x64}, 0x1, 0x0, 0x0, 0x40000}, 0x400c004)
executing program 2:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000)
unshare$auto(0x40000080)
r0 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154)
r1 = fcntl$auto(r0, 0x400, 0x1)
execve$auto(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x6, 0xfdb, 0xfffffffffffffffa, 0x8000)
socketpair$auto(0x1, 0x5, 0x4, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket(0x2b, 0x1, 0x1)
listen$auto(r3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
setsockopt$auto(0x3, 0x6, 0x1, 0x0, 0x4)
r4 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$auto_TIPC_NL_MEDIA_GET(r2, &(0x7f0000001c00)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r4, @ANYBLOB="60883ebed100879e9dd1cca41069c7eb2906fb1a5f223173662e657f277be7cfa3d012c2ed81402ea0edd2ca0c", @ANYRESOCT=r1, @ANYRES32=r4], 0x20}}, 0x2000c880)
ioctl$auto(0x3, 0x89e0, 0x38)
close_range$auto(0x2, 0x8, 0x0)
truncate$auto(&(0x7f0000000000)='./file0\x00', 0x3f2ec021)
socket(0xa, 0x3, 0x3a)
openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0xb00, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_vhost_net_fops_net(0xffffffffffffff9c, 0x0, 0x214102, 0x0)
msgrcv$auto(0x1ff, 0xfffffffffffffffd, 0x1fffffffffffffc, 0x10, 0xdf66)
mmap$auto(0x0, 0x4020008, 0xdf, 0xeb1, 0x401, 0x8000)
set_mempolicy$auto(0x4005, &(0x7f0000000000)=0x1, 0x4)
r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0)
read$auto(r5, 0x0, 0x20)
r6 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
kexec_load$auto(0x880b, 0x2, 0x0, 0x4)
writev$auto(r6, &(0x7f0000000200)={0x0, 0x7}, 0x3)
select$auto(0x804, 0x0, &(0x7f0000000100)={[0x9, 0x0, 0x0, 0x80000300, 0x1, 0x4, 0x9, 0x3, 0x81, 0x10000005e58296b, 0x1e, 0x9, 0x7ff, 0x200, 0x20000000008, 0x4000000000006]}, 0x0, 0x0)
executing program 1:
semctl$auto(0x0, 0x9, 0x0, 0x2)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)
executing program 0:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, 0x0, 0x2, 0x0)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x4c440, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000002500), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/dynamic_debug/control\x00', 0x80040, 0x0)
r3 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff)
r4 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/scsi/sg/version\x00', 0x280, 0x0)
read$auto_proc_single_file_operations_base(r4, &(0x7f0000000080)=""/162, 0xa2)
sendmsg$auto_OVS_DP_CMD_NEW(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010026bd7020f8dbdf250100000008000200", @ANYRES32=0x4, @ANYBLOB="080001004866520100001e00", @ANYRES32=0x9, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x80)
syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_OVS_DP_CMD_DEL(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x20040011}, 0x20000000)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000500)={'gretap0\x00', <r7=>0x0})
socket(0xa, 0x23af690fef30229, 0x9)
r8 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f00000000c0), r0)
sendmsg$auto_IPVS_CMD_SET_DEST(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f0000000540)={0x2a8, r8, 0x4, 0x70bd25, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x294, 0x1, 0x0, 0x1, [@typed={0xc, 0x7a, 0x0, 0x0, @u64=0x2}, @typed={0x7, 0x13b, 0x0, 0x0, @str='!\\\x00'}, @nested={0x24, 0x13c, 0x0, 0x1, [@typed={0x14, 0x2a, 0x0, 0x0, @ipv6=@private0}, @typed={0x8, 0x53, 0x0, 0x0, @ipv4=@multicast2}, @typed={0x4, 0x11e}]}, @nested={0x8f, 0x14a, 0x0, 0x1, [@generic="c7f56f4a18a893f672bbfedceb336607cb6d05b577868e28c3489445cceba01fbf0fd99f7b947a041419e6bd79d8a20c3f45203a9b5376dc395e4c33f6427566c5876b5b23842788b76056086192391eaaf7e9016477189e5e80ebfbd6663c16a41fe40f7fc32f5291e20e99a24db43924ac127e", @nested={0x4, 0xf4}, @generic="d0ae637828845a", @typed={0x8, 0x56, 0x0, 0x0, @ipv4=@local}, @nested={0x4, 0x3adf}]}, @generic="b45032ae25a12d7f18fe71e556d472443d66eefeac11565013408c7da1c7fb44e16a63ff63842fbe427cbe018f8515a7a229f8c2b1a188156385f8c2a59c270b50d651f4e57213187d67b8e23eefafdbadaa7434", @typed={0x8, 0x64, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x21}}, @typed={0x14, 0x10d, 0x0, 0x0, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}}, @typed={0x14, 0x7d, 0x0, 0x0, @ipv6=@local}, @nested={0x30, 0xb6, 0x0, 0x1, [@nested={0x4, 0x11d}, @typed={0x5, 0xe0, 0x0, 0x0, @str='\x00'}, @nested={0x4, 0x12c}, @typed={0x8, 0x64, 0x0, 0x0, @u32=0x8cb5}, @nested={0x4, 0xbe}, @typed={0xc, 0xa9, 0x0, 0x0, @str='gretap0\x00'}, @nested={0x4, 0x31}]}, @nested={0x112, 0x34, 0x0, 0x1, [@generic="e00fdc88255e98ea2db1d78b84c6632ebbf6330216eabb0f4b298d65f8004ad3ee36a8101a6b2db3f40e74517ea7f504c16c0e4525936bac2c2e8f2b530ae929afd46d10f69e85b88322b1dd2676beb147363c3aa1f2057cd85037ce1a2d", @typed={0xc, 0x7c, 0x0, 0x0, @u64=0x8}, @generic="b370076313997f5c7e2abf12e9c7e235a40136f105faf5e073c3924772b54dc11a63", @nested={0x4, 0xaa}, @generic="d25cbdbb692329cbaf711e65a9eb240f0d239273c16660a6ce7ae0431ea6641c5a5c66fb66855aeb6eb2ad9996976739d43d05749cd6d5acdab03263c659c19fa3bb3b6db4c3a781a90d9f8b15c48ab3d68db4ccd87a4fa2ee2574f7a8b8", @generic="d3eb3b90551508cd87f774852ec097a521c83cbf94e62526141767e0a345809e"]}]}]}, 0x2a8}, 0x1, 0x0, 0x0, 0x8000}, 0x40044015)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x2e01, 0x0)
sendmsg$auto_BATADV_CMD_SET_MESH(0xffffffffffffffff, 0x0, 0x140080e4)
ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0)
r9 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, 0x0, 0x2802, 0x0)
ioctl$auto__ctl_fops_dm_ioctl(r9, 0xfffffff7effffd05, &(0x7f00000001c0))
sendmsg$auto_OVS_DP_CMD_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x28, r1, 0x5, 0x70bd29, 0x25dfdbfc, {}, [@OVS_DP_ATTR_IFINDEX={0x8, 0x9, r7}, @OVS_DP_ATTR_NAME={0xb, 0x1, '.\x02:\xb6-$\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000c000}, 0x4000024)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
write$auto(0x3, 0x0, 0x100082)
executing program 1:
statmount$auto(0x0, &(0x7f0000000380)={0x8, 0xa, 0x1ff, 0xcc, 0x8, 0x4909b6f8, 0x1ffdf, 0x9, 0x9, 0x7, 0xa121, 0x3, 0x0, 0x8004, 0x3, 0xa, 0x2, 0x10001, 0x2, 0x100000000, 0xe, 0x7, 0x2100, 0x200, 0x0, 0x84, [0x4000000000, 0x8, 0x0, 0x50100000000000, 0x9, 0x4000002000, 0x0, 0x6, 0x70624ce7, 0xff, 0x4, 0xffffffffffffffff, 0x0, 0x80004, 0xb, 0x801, 0xffffffffffffbfff, 0xf31, 0xf7fffffffffffffe, 0x0, 0xffffffffffffffff, 0x0, 0x10000000004, 0x2000000000000000, 0x0, 0x4, 0x400000000005b8, 0xc, 0x0, 0x0, 0x8000000000000001, 0x6, 0xfffffffbfffffffc, 0x88e, 0x8000000000008, 0xfffffffffffffffb, 0x9, 0xa38, 0x6, 0x3, 0xffffffffffffffed, 0x8, 0x4000000000, 0x7]}, 0x1fe, 0xe)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x20081, 0x0)
write$auto(r0, &(0x7f0000000000)='/\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x01', 0x7fe)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$auto_nl80211-close_range$auto-socket$nl_generic-mmap$auto-openat$auto_vmwgfx_driver_fops_vmwgfx_drv-socket-setsockopt$auto-openat$auto_kernfs_file_fops_kernfs_internal-write$auto-socket$nl_generic-openat$auto_zero_fops_mem-syz_genetlink_get_family_id$auto_mac80211_hwsim-sendmsg$auto_HWSIM_CMD_NEW_RADIO-timer_create$auto-close_range$auto-io_uring_setup$auto-io_uring_register$auto-socket-mmap$auto-socket-openat$auto_force_devcoredump_fops_hci_vhci-openat$auto_fb_fops_fb_chrdev-write$auto-getsockopt$auto-openat$auto_v4l2_fops_v4l2_dev-read$auto_v4l2_fops_v4l2_dev-close_range$auto-openat$auto_tty_fops_tty_io-ioctl$auto
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program did not crash
single: failed to extract reproducer
bisect: bisecting 45 programs with base timeout 1m40s
testing program (duration=1m51s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [29, 3, 22, 29, 30, 11, 11, 6, 30, 30, 6, 30, 30, 30, 10, 27, 2, 15, 30, 17, 17, 6, 29, 26, 27, 3, 8, 13, 6, 9, 15, 13, 2, 3, 30, 17, 30, 30, 16, 3, 30, 1, 30, 30, 3]
detailed listing:
executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000140), 0xffffffffffffffff)
mmap$auto(0x0, 0x2020009, 0x0, 0xf8, 0xfffffffffbfffffa, 0x3)
r1 = mq_open$auto(&(0x7f00000001c0)='netpci0\x00', 0x56c, 0x40, 0x0)
r2 = open(&(0x7f0000000080)='./file0\x00', 0x4242, 0xe1d2b27bdc14aab4)
flock$auto(r2, 0x1)
close_range$auto(0x2, 0x8, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r3 = socket(0x10, 0x2, 0xc)
r4 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}}, 0x40000)
sendmsg$auto_CTRL_CMD_GETPOLICY(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYRES16=r4, @ANYBLOB="f50128bd7000fbdbdf250a00000abfcd7331c69d92e81bac9296be82dc0aa95e29f78cb3a7fb9dc673b28cd7a90863bc02d715c0acabe729ad22ed216a88fa990274f194d2e078b834926da8e676aa9212c9007cab71b7a9facf1bb77212e8b7971f61ac864e1fdfc1027740c2640fe9cd2c352888433b6e385b1204495de9292187dc29c77ee107463ae16850220d3bda8b85370af6bba0462abec34ef18d01ea9de2f9e9cea54fc9675e39fe8f1727632b3c75ebdb8b37"], 0xfdef}, 0x1, 0x0, 0x0, 0x20000000}, 0x2000000)
socket(0x1e, 0x805, 0x0)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0)
ioctl$auto(r0, 0x800554ff, r1)
sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x8001)
socket(0x10, 0x2, 0xfffffffc)
sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="c2ff2f4e08000000000000000600"], 0x14}, 0x1, 0x0, 0x0, 0x30000881}, 0xc040804)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x1ac}}, 0x40000)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000100), 0xffffffffffffffff)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x4, 0x8000)
sysfs$auto(0x2, 0x0, 0x0)
r5 = fsopen$auto(0x0, 0x1)
fsconfig$auto(r5, 0x8, 0x0, 0x0, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
pidfd_open$auto(0x0, 0x549)
executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd7000f9dbdf250100000006000200003f00000500070004000011080009000100000008000a002b00000014001f0000000000000000000000ffff7f00000114002000"], 0x64}, 0x1, 0x0, 0x0, 0x40000}, 0x400c004)
executing program 3:
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r0, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x3, 0x6)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x100002, 0x0)
socketpair$auto(0xf392, 0x5, 0x401, 0x0)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptyxe\x00', 0x42402, 0x0)
ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0)
ioctl$auto_TCFLSH2(r1, 0x8926, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r0, 0x0, 0x20004000)
close_range$auto(r0, r0, 0xd95)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
getsockopt$auto_SO_TXTIME(r0, 0x809, 0x3d, 0x0, 0x0)
syz_clone(0x80022000, &(0x7f0000000300)="2ef8cdcd3c2f291d04", 0x9, &(0x7f0000000380), 0x0, 0x0)
syz_genetlink_get_family_id$auto_ovs_meter(0x0, r0)
executing program 3:
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/net/bond0/queues/tx-13/xps_cpus\x00', 0x2, 0x0)
mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x40001, 0x0)
write$auto(r0, 0x0, 0xeffd)
ioctl$auto(r0, 0x402e542b, 0x38)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
getrandom$auto(0x0, 0x6000000, 0x3)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
write$auto(0x3, 0x0, 0xfffffdef)
openat$auto_adf_ctl_ops_adf_ctl_drv(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write$auto(0x3, 0x0, 0xfffffdef)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
read$auto(r1, 0x0, 0x20)
r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3)
getsockopt$auto_SO_MARK(r1, 0x6, 0x24, 0x0, 0x0)
openat$auto_tracing_stats_fops_trace(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_prog_fd=r2, 0x4007, @old_prog_fd=0x13b}, 0xa3)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2)
madvise$auto(0x0, 0x5, 0x15)
madvise$auto(0x4000a, 0x2000000000009, 0xb)
ppoll$auto(0x0, 0x402, 0x0, 0x0, 0x8)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x2c0180, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x10, 0x2, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x0, 0xffffffffffffffff, 0x801, 0x10008, 0x400, 0x1000049, 0xffffffffffffffff, 0x20000000000804, 0x3}, 0x6f3)
executing program 3:
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/ksm/advisor_min_pages_to_scan\x00', 0x88282, 0x0)
r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/audit\x00', 0x2, 0x0)
write$auto_tomoyo_operations_securityfs_if(r0, 0x0, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x101080, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_OVS_CT_LIMIT_CMD_DEL(0xffffffffffffffff, 0x0, 0x4)
socketpair$auto(0x20, 0x5, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sysfs$auto(0x2, 0x10000000000002e, 0x0)
fsopen$auto(0x0, 0x1)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000)
io_uring_setup$auto(0x40, 0x0)
mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
io_uring_enter$auto(0x3, 0xa84, 0x80000001, 0xa, 0x0, 0x46)
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1e, 0x4, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
get_robust_list$auto(0x0, 0x0, 0x0)
setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14)
setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14)
write$auto(0x3, 0x0, 0xfdef)
recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd)
r2 = openat$auto_dfs_global_fops_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ubifs/chk_orphans\x00', 0x800, 0x0)
mmap$auto(0x0, 0x400008, 0xd7, 0x9b7f, r2, 0x800008000)
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
write$auto(0x3, 0x0, 0xfffffdf2)
syz_clone(0x1000000, &(0x7f0000000240)="553167a66adfc2e39d9d694384efdf4216f2c31e0aa81b81000000000000001446e4c51228bf866be6f729c85c1c4fb9362538a2184254398d212e685df002787851b96685ac1b54f35c10c2042fcaca83e4ad72bac644e178091c1465aaf88de9892ab42e0303516ec641122ec8671a0990e0499d48044458483718cf5706e3fba1f782bbae1fc056c633de868c9d331dca5521f8bf46653851126a0e81c7665fd8a54016608202ec9dd932b4f7951ddc6226ae0416aa2dae0dca68374f6bb7593a0d5f8737df16b8af7864f980510ceb7439a4c736b28fe1625680975774ab0b0fb758955fb574e7e572925e2640763038e26d70184a786db6d2", 0xfb, &(0x7f00000000c0), &(0x7f0000000200), &(0x7f0000000340)="0d0a8e1797459cd05e4300f9d9c200f099037aaa937d850a79dcc9d6a0f0a288505bd94838f9009a55a5cbf65aafe77e5a0f71bcf725e6fbacb0674d41646be3c61043acbde0a4a497ed168ae7a5d80769e1d8a4b2ffa08eee377f3bd78fcd719df5d80b771943236c002e22186d33d6676e530143a622cba251b04c1b019c9c44b1b9df7adb320830f43ac3ef")
executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000d40), 0xffffffffffffffff)
sendmsg$auto_NFSD_CMD_LISTENER_SET(r0, &(0x7f00000020c0)={0x0, 0x0, &(0x7f0000002080)={&(0x7f0000000040)={0x24, r1, 0x1, 0x70bd28, 0x25dfdbff, {}, [@NFSD_A_SERVER_SOCK_ADDR={0x10, 0x1, 0x0, 0x1, [@NFSD_A_SOCK_TRANSPORT_NAME={0x6, 0x2, ']\x00'}, @NFSD_A_SOCK_ADDR={0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x4000)
r2 = socket(0x10, 0x2, 0xc)
sendmmsg$auto(r2, &(0x7f0000000080)={{0x0, 0x60da, &(0x7f00000002c0)={0x0, 0xc4}, 0x8001, 0x0, 0x1, 0x4a0}, 0x7}, 0x3, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r5=>0x0})
sendmsg$auto_NL80211_CMD_SET_WOWLAN(r3, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000000080)={0x1c, r4, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r5}]}, 0x1c}}, 0x4000000)
sendmsg$auto_NL80211_CMD_SET_TX_BITRATE_MASK(r2, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r4, 0x200, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x2000}]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c0d4}, 0x20000013)
sendmsg$auto_NL80211_CMD_FRAME_WAIT_CANCEL(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2840040}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r4, 0x8, 0x70bd28, 0x25dfdbfc, {}, [@NL80211_ATTR_MLO_TTLM_DLINK={0x15, 0x148, "7afb12c3c589ff4e46e722d889f31d8954"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
executing program 32:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000d40), 0xffffffffffffffff)
sendmsg$auto_NFSD_CMD_LISTENER_SET(r0, &(0x7f00000020c0)={0x0, 0x0, &(0x7f0000002080)={&(0x7f0000000040)={0x24, r1, 0x1, 0x70bd28, 0x25dfdbff, {}, [@NFSD_A_SERVER_SOCK_ADDR={0x10, 0x1, 0x0, 0x1, [@NFSD_A_SOCK_TRANSPORT_NAME={0x6, 0x2, ']\x00'}, @NFSD_A_SOCK_ADDR={0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x4000)
r2 = socket(0x10, 0x2, 0xc)
sendmmsg$auto(r2, &(0x7f0000000080)={{0x0, 0x60da, &(0x7f00000002c0)={0x0, 0xc4}, 0x8001, 0x0, 0x1, 0x4a0}, 0x7}, 0x3, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r5=>0x0})
sendmsg$auto_NL80211_CMD_SET_WOWLAN(r3, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000000080)={0x1c, r4, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r5}]}, 0x1c}}, 0x4000000)
sendmsg$auto_NL80211_CMD_SET_TX_BITRATE_MASK(r2, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r4, 0x200, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x2000}]}, 0x1c}, 0x1, 0x0, 0x0, 0x2400c0d4}, 0x20000013)
sendmsg$auto_NL80211_CMD_FRAME_WAIT_CANCEL(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2840040}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r4, 0x8, 0x70bd28, 0x25dfdbfc, {}, [@NL80211_ATTR_MLO_TTLM_DLINK={0x15, 0x148, "7afb12c3c589ff4e46e722d889f31d8954"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
executing program 4:
r0 = socket(0x10, 0x3, 0x6)
r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000012c0)='/proc/sys/net/ipv6/conf/bridge_slave_0/mldv1_unsolicited_report_interval\x00', 0x88542, 0x0)
lseek$auto(r1, 0x0, 0x0)
r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0xf8, r2, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@ETHTOOL_A_LINKMODES_OURS={0xe1, 0x3, 0x0, 0x1, [@typed={0x8, 0xc0, 0x0, 0x0, @ipv4=@multicast2}, @typed={0x4, 0x2a}, @typed={0x4, 0x11}, @typed={0x8, 0x2e, 0x0, 0x0, @fd}, @generic="d152e64e22695352dd73864415aa8a78c65e6ab752fb4d469a47a092ae7d5061cdd9690cac4138553ecfbb1b6cdd7c33b14cc842bc1e2a5da4203e64ceaa9db5223aa655b6313c011b3e73a75f1aa1f7b2ea43344b15bd494886e355cf6d92c8fe670a42bc677830013e9c4aa4fa30c3e6630bf0ed13206d5a18f6813c6fb03466112aedf5d67bb5b99fe96a6dcd279916b0bce029925b63c48d41ca8a76e46c6014", @nested={0x10, 0x5, 0x0, 0x1, [@typed={0xc, 0xc5, 0x0, 0x0, @u64=0x3}]}, @generic="21aadf3f78e2cd52d7f733c38da99fe8ec1ead"]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x50) (async)
sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0xf8, r2, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@ETHTOOL_A_LINKMODES_OURS={0xe1, 0x3, 0x0, 0x1, [@typed={0x8, 0xc0, 0x0, 0x0, @ipv4=@multicast2}, @typed={0x4, 0x2a}, @typed={0x4, 0x11}, @typed={0x8, 0x2e, 0x0, 0x0, @fd}, @generic="d152e64e22695352dd73864415aa8a78c65e6ab752fb4d469a47a092ae7d5061cdd9690cac4138553ecfbb1b6cdd7c33b14cc842bc1e2a5da4203e64ceaa9db5223aa655b6313c011b3e73a75f1aa1f7b2ea43344b15bd494886e355cf6d92c8fe670a42bc677830013e9c4aa4fa30c3e6630bf0ed13206d5a18f6813c6fb03466112aedf5d67bb5b99fe96a6dcd279916b0bce029925b63c48d41ca8a76e46c6014", @nested={0x10, 0x5, 0x0, 0x1, [@typed={0xc, 0xc5, 0x0, 0x0, @u64=0x3}]}, @generic="21aadf3f78e2cd52d7f733c38da99fe8ec1ead"]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x50)
executing program 4:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0)
ioctl$auto_SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0305710, &(0x7f00000000c0)={0x1, 0xf8, 0x0, 0x1, 0x418, "00000f00ea0200"})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000002ec0), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000002f80)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c00000956a4a25d090000000a68d40c593a8dbb67a276fc233e8bfdd9f555", @ANYRES16=0x0, @ANYRES32=r0], 0x2c}, 0x1, 0x0, 0x0, 0x11}, 0x24000803)
mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000)
writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1)
mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000)
socket(0x18, 0x2, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000780)='/proc/self/net/rpc/auth.rpcsec.init/channel\x00', 0x441, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/self/net/rpc/auth.unix.ip/channel\x00', 0x141481, 0x0)
quotactl_fd$auto(0xffffffffffffffff, 0x1, 0x0, 0x0)
adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x1, 0x6, 0x0, 0x1, 0x368e, 0x2, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x1008000, 0x0, 0x80000004, 0x81, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x804})
socket(0x2b, 0x1, 0x1)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9)
socket(0x2, 0x1, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket(0x15, 0x5, 0x0)
bind$auto(r3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
ustat$auto(0x801, 0x0)
sendmsg$auto(r3, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffd]}, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0xa, 0x0)
read$auto(0x3, 0x0, 0x80)
mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2)
mbind$auto(0xf000, 0x1, 0x1, 0x0, 0x7fff, 0x2)
executing program 4:
bind$auto(0xffffffffffffffff, &(0x7f0000000040)=@in={0x2, 0x0, @local}, 0x69)
mmap$auto(0x8001, 0x202000b, 0x3, 0x8000000000000010, 0xffffffffffffffff, 0x1)
setsockopt$auto(0x3, 0x10000000084, 0x1e, 0x0, 0x8)
r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000180)='/dev/tty0\x00', 0x102, 0x0)
write$auto_console_fops_tty_io(r0, &(0x7f0000000840)="4cea6ed1dc1f91f3c388b5622a274610e10800ca08ba7aa1995d92e1d0ae2ef23f241b2942", 0x25)
mmap$auto(0x0, 0x4000000000000003, 0xf285, 0x9b73, 0x2, 0x8000)
socket(0xa, 0x801, 0x84)
io_uring_setup$auto(0x6, 0x0)
ioperm$auto(0x3, 0xe, 0x2000000000000149)
sched_getscheduler$auto(0x0)
setsockopt$auto(0x3, 0xc, 0x7d, 0x0, 0xffffffff)
getrandom$auto(0x0, 0x6000000, 0x3)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
r1 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f00000000c0), 0x800, 0x0)
read$auto_mISDN_fops_timerdev(r1, &(0x7f0000000a00)=""/4096, 0x1000)
ioctl$auto_IMADDTIMER(r1, 0x80044940, 0x0)
madvise$auto(0x0, 0x454, 0x9)
setsockopt$auto(0x3, 0x10000000084, 0x18, 0x0, 0x8)
r2 = socket(0x1e, 0x2, 0xe7a)
syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000040), r2)
getsockopt$auto(0xffffffffffffffff, 0x2, 0xb, 0x0, 0x0)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
read$auto(r3, 0x0, 0x20)
shmctl$auto_IPC_SET(0x5, 0x1, 0x0)
msgctl$auto_IPC_INFO(0x9, 0x3, &(0x7f0000001500)={{0x1, 0xffffffffffffffff, 0xee00, 0x940e, 0x7ffe, 0xac68aede, 0x1}, &(0x7f0000001480)=0x2, &(0x7f00000014c0)=0x5, 0xe6, 0x1000002, 0x5, 0xe4, 0x5, 0x400, 0x7, 0x0, @inferred, @raw=0xe09})
sendmsg$auto_OVS_VPORT_CMD_SET(0xffffffffffffffff, 0x0, 0x20080805)
r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0xf93)
pivot_root$auto(0x0, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x12, 0xffffffffffffffff, 0x28000)
executing program 4:
close_range$auto(0x2, 0x8, 0x0)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
fstatfs$auto(0x0, 0x0)
syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/pid_for_children\x00')
socket(0xa, 0x3, 0x3a)
setsockopt$auto(0x400000000000003, 0x29, 0xd0, 0x0, 0x4)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000002340), 0xffffffffffffffff)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
write$auto(0x3, 0x0, 0xfffffdef)
socket$nl_generic(0x10, 0x3, 0x10)
madvise$auto(0x0, 0x20499d, 0x9)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, 0x0, 0x0)
io_uring_setup$auto(0x6, 0x0)
clone$auto(0x7, 0x7fffffffffffffff, 0xffffffffffffffff, 0x0, 0x1)
io_uring_register$auto(0x2, 0x9, 0x0, 0x0)
rt_sigprocmask$auto(0x0, 0x0, 0x0, 0x8)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
madvise$auto(0x8000000, 0x10, 0x200010b)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_udc.7/driver_override\x00', 0x182, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
sendfile$auto(r0, r0, 0x0, 0x20000000088)
read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x204180, 0x0)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
executing program 4:
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
r0 = socket(0x11, 0x3, 0x2)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) (async)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x200040c4}, 0x800) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
socket(0x2, 0x80002, 0x73) (async)
socket(0xa, 0x1, 0x84) (async)
connect$auto(0x3, &(0x7f0000000080)=@llc={0x1a, 0xfffe, 0x7f, 0x7, 0x20, 0x8, @broadcast}, 0x54) (async)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x33a00, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x3, 0x9}, 0x7}, 0x6, 0x1000)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
mincore$auto(0x1000, 0x8001, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptyw5\x00', 0x0, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(r0, 0x40045431, 0x0) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000)
pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xf7s\x1cJ\x99\x8a>c\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) (async)
bind$auto(0x3, 0x0, 0x6b) (async)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) (async)
rseq$auto(&(0x7f0000000300)={0xb, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x8)
close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async)
socket(0x25, 0x1, 0x3) (async)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x3, 0x7) (async)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async)
madvise$auto(0x0, 0x2003f0, 0x15)
lstat$auto(0x0, &(0x7f0000000340)={0x0, 0x5, 0xfffb, 0x39b, 0x0, 0xffffffffffffffff, 0x0, 0x81, 0xfec1, 0x0, 0x8000000000000000, 0xfffffffffffffff6, 0x3, 0x3, 0x1005, 0x4, 0x9}) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10)
executing program 33:
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
r0 = socket(0x11, 0x3, 0x2)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) (async)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x200040c4}, 0x800) (async)
close_range$auto(0x2, 0x8, 0x0) (async)
socket(0x2, 0x80002, 0x73) (async)
socket(0xa, 0x1, 0x84) (async)
connect$auto(0x3, &(0x7f0000000080)=@llc={0x1a, 0xfffe, 0x7f, 0x7, 0x20, 0x8, @broadcast}, 0x54) (async)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x33a00, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x3, 0x9}, 0x7}, 0x6, 0x1000)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
mincore$auto(0x1000, 0x8001, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptyw5\x00', 0x0, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(r0, 0x40045431, 0x0) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000)
pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xf7s\x1cJ\x99\x8a>c\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) (async)
bind$auto(0x3, 0x0, 0x6b) (async)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) (async)
rseq$auto(&(0x7f0000000300)={0xb, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x8)
close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async)
socket(0x25, 0x1, 0x3) (async)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x3, 0x7) (async)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async)
madvise$auto(0x0, 0x2003f0, 0x15)
lstat$auto(0x0, &(0x7f0000000340)={0x0, 0x5, 0xfffb, 0x39b, 0x0, 0xffffffffffffffff, 0x0, 0x81, 0xfec1, 0x0, 0x8000000000000000, 0xfffffffffffffff6, 0x3, 0x3, 0x1005, 0x4, 0x9}) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10)
executing program 5:
r0 = openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000040), 0x2dc08f24db163610, 0x0)
preadv$auto(0x3, &(0x7f00000004c0)={0x0, 0x8000000}, 0x3, 0x10000, 0x10)
mmap$auto(0x7, 0x6, 0x200, 0x18, r0, 0x2)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/blkio.bfq.time_recursive\x00', 0x40880, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000000c0)=""/255, 0xff)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, r1, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x5, 0x0)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x8000, 0x0)
ioctl$auto(0x3, 0x2286, 0x7)
executing program 5:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async)
unshare$auto(0x40000080) (async)
timer_settime$auto(0xd, 0x8, &(0x7f0000000640)={{0x344, 0x80000000}, {0xc4c5, 0x8}}, 0x0) (async)
r0 = openat$dir(0xffffffffffffff9c, 0x0, 0xc40a41, 0x78)
dup2$auto(r0, r0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
getpeername$auto(0x3, 0x0, 0x0) (async)
mmap$auto(0x2, 0x9, 0xb0e, 0x14, r0, 0xfff) (async, rerun: 64)
unshare$auto(0x40000080) (async, rerun: 64)
ioctl$auto(0x3, 0x80084d17, 0x38) (async)
r1 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x460f, 0x0) (async)
recvmmsg$auto(r0, 0x0, 0x1, 0xffffffff, &(0x7f0000000380)={0xa, 0x4}) (async, rerun: 64)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="17000000", @ANYBLOB='v\x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) (async, rerun: 64)
r2 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8) (async)
r3 = openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/ieee80211/phy0/aql_txq_limit\x00', 0x121c01, 0x0)
write$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(r3, 0x0, 0x0) (async)
r4 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x20081, 0x0) (async)
r5 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000000), 0xc0040, 0x0)
ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f00000000c0)={0x1, "e6c26c22ab89af11056b0001ac097e0a0728d9300000c500"}) (async)
ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000000)={0xdc, "bbb5ce66e24cce7eea982cab480b47beebef0d74884dc693a7ad9cbdbda6070f", @inferred=r3})
write$auto(r4, &(0x7f0000000140)='/dt0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00+0q;\xbb\xea5.\xadX\xb9QW\x04\xcd\xef\xaf\xad \x90\x8f\xee\xb4\x8c\x1c;\xf0TL\x1a\x1f\xb5\x93\xb9P\x06\xae\xb8\xc1s\x88\x1c\xb1o\x04\x00\x00\x00\x8dW\xf9\xef\xdf\xc78\xb1\x1f\x19Y\x8fi}\x1d#\x16*\xd0\x85e\x05D\xd1w\x1b\xe5g\xf4\x92^[2\x971N\xf8\x97d@\x13\x8eE{\xa5\xda\x160\xc9\x94|I\xb7\x91 dS\xeec\xda\xa2V\x1e\x1aN\xf6\xac/\xb8\xbc\fO\xaa\xc8\xa7\xa5\xd5\xa7I\xf9\xaau\xb5\xfa\x94\xec\xb5\x81\xf6\xdc\x1aN\x89\xe5\x11\x880\xef\x14N\x95HZD|\xfc\t\x8d,u(\x16g\x88\xc6\xd3\xb4ZR\x1c\x15\x95g[\xd3\xe8 \xa1\x92\x92\xff\x1b\xf8&\xf4\xfd3\xe9\xa3\xc9\xb3%\xb7\'\xear\xfbS\xf9\x81\xcd\xb0\xd2)\xd6\xf62\xe5\x8e\x9a7k\x9d>0\x06\xeeS\x8a\xe9\xfe\x88\xa2Z\xb8#\x87\xda\x19]F\xec?\xce\xb1\x17%\x86\xbbV3M\xba\xb1P\xbd?\x1e\x12`\"\x82\x1b\x16\xde\xe7\x17A1^c6\xdd\xff\x84=\x00`\xe0\xf2\x85\xc8}\xe3\xa9\xe1\x1b\xe1\xcc\xae<O\x8c\xfd\xa1%\xbf\xe6\xf4', 0x7fe) (async)
acct$auto(&(0x7f0000000080)='/dev/input/event2\x00') (async, rerun: 64)
r6 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/002/001\x00', 0xa901, 0x0) (rerun: 64)
ioctl$auto(r6, 0x41045508, r6)
executing program 5:
r0 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0)
write$auto_fuse_dev_operations_fuse_i(r0, &(0x7f0000000440)="11000000030000000000000000000000f4", 0x11)
executing program 5:
mmap$auto(0xac, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mlockall$auto(0x7)
set_mempolicy$auto(0x2005, &(0x7f0000000080)=0x87e, 0x4)
mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000)
open(0x0, 0x22240, 0x55)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/module/rcutree/parameters/rcu_resched_ns\x00', 0x88282, 0x0)
connect$auto(0x3, 0x0, 0x55)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
openat$auto_severities_coverage_fops_severity(0xffffffffffffff9c, 0x0, 0x189041, 0x0)
select$auto(0x804, 0x0, 0x0, 0x0, 0x0)
r0 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/numa_maps\x00', 0x20000, 0x0)
read$auto_proc_sessionid_operations_base(r0, &(0x7f00000000c0)=""/4096, 0x1000)
executing program 5:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r1, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, 0x0, 0x20004000)
close_range$auto(r1, r1, 0xd95)
connect$auto(0x3, &(0x7f0000000080)=@nl=@unspec, 0x20000054)
getsockopt$auto_SO_TXTIME(r1, 0x809, 0x3d, 0x0, 0x0)
syz_clone(0x80022000, &(0x7f0000000300)="2ef8cdcd3c2f291d04", 0x9, &(0x7f0000000380), 0x0, 0x0)
syz_genetlink_get_family_id$auto_ovs_meter(0x0, r1)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x155)
socket(0x10, 0x2, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, 0x0, 0x4)
tkill$auto(0x1, 0x7)
keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x0, 0x0, 0x0, 0x48eafc79)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES16=r1], 0x1ac}}, 0x40000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd14/queue/nomerges\x00', 0x80000, 0x0)
sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x4000023}, 0x4008098)
read$auto(r3, 0x0, 0x9)
executing program 5:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
socket(0x29, 0x5, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/v4l-subdev2\x00', 0x80000, 0x0)
r1 = socket(0xa, 0x2, 0x3a)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x2, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/bdi/43:320/uevent\x00', 0x0, 0x0)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
socket(0x11, 0x80003, 0x300)
socket(0xa, 0x801, 0x106)
setsockopt$auto(r1, 0x29, 0x4b, 0x0, 0x10000110)
ioctl$auto_SG_GET_RESERVED_SIZE(r0, 0x2272, &(0x7f0000000000)="fa3b12811e1ad7a84755ece9710dbb767aec3a0870ae90f8292fbd8dd451126ff4cfdb7488f7722f39157b8b8cc0df74bcdb20895381a2b6dfe0eab3f77e6742e278ac1e6b5e2090e04f365b40c02b07a564c99d0b35c9a2f1266bf209dd8f1043ec727d66f59e7a9b3f78eba00a92bc25c33752b59ec714abc941670bfb46ea7b65858f3f809a0b653f399b3c49285331a626e76dd7886905c2ceee664246dc15d9261732490887a3eacd6b818b613b76c3d80826fbf34822c9b8ccf3d5cea0fd2b3ebd84a4c317b032e797b036255d55eb901a451c70911168f2d9381db2d446ab14")
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
setitimer$auto(0x200, 0x0, 0x0)
executing program 34:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
socket(0x29, 0x5, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/v4l-subdev2\x00', 0x80000, 0x0)
r1 = socket(0xa, 0x2, 0x3a)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x2, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/bdi/43:320/uevent\x00', 0x0, 0x0)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
socket(0x11, 0x80003, 0x300)
socket(0xa, 0x801, 0x106)
setsockopt$auto(r1, 0x29, 0x4b, 0x0, 0x10000110)
ioctl$auto_SG_GET_RESERVED_SIZE(r0, 0x2272, &(0x7f0000000000)="fa3b12811e1ad7a84755ece9710dbb767aec3a0870ae90f8292fbd8dd451126ff4cfdb7488f7722f39157b8b8cc0df74bcdb20895381a2b6dfe0eab3f77e6742e278ac1e6b5e2090e04f365b40c02b07a564c99d0b35c9a2f1266bf209dd8f1043ec727d66f59e7a9b3f78eba00a92bc25c33752b59ec714abc941670bfb46ea7b65858f3f809a0b653f399b3c49285331a626e76dd7886905c2ceee664246dc15d9261732490887a3eacd6b818b613b76c3d80826fbf34822c9b8ccf3d5cea0fd2b3ebd84a4c317b032e797b036255d55eb901a451c70911168f2d9381db2d446ab14")
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
setitimer$auto(0x200, 0x0, 0x0)
executing program 0:
mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000)
r0 = io_uring_setup$auto(0x6, 0x0)
r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0xa101, 0x0)
r2 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000080), r0)
sendmsg$auto_OVS_VPORT_CMD_NEW(r0, &(0x7f0000001300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000012c0)={&(0x7f00000000c0)={0x1200, r2, 0x100, 0x70bd25, 0x25dfdbfb, {}, [@OVS_VPORT_ATTR_PORT_NO={0x8, 0x1, 0x5}, @OVS_VPORT_ATTR_UPCALL_STATS={0x11dc, 0xa, 0x0, 0x1, [@nested={0x101, 0x65, 0x0, 0x1, [@generic="c0e38807e656e8311d36ca01f4c5ac33", @generic="2ce8e17a97deb7a02b81dab5b682d386bd394b8be1e174a441b9c95071e2d889b30765354242e598a89065f24ba1c0b81fdbc61453d1e767295064886c109d16ea8849a0ede4158d3ce5e76c56b10e82957d2284a5406007d4e5a1fefe9faf6aaa0d8131bdc9cfc91d2fedbf72f9e0247d5eaadab6fe41b1c69345e98e4319b15da72b0b9ac554a018e708beb4686d510187b30c5b50f7ebda146533d06aedb3e61d6c8492c8346e0fe5750f453a3b82675ebb5fbbf881721d6f56dfa554fa32689bc8f3e5b320b6b1ab76b76170a15c35ca98b07ae59d79a62dfade40e253209c6e56478258e5d58eae516457"]}, @generic="fd509107789b61f62816407ddd1e622c3f60f7e9c97187901862cd20e1825cf978e33190328a125f970f6861373e6258ad74cce461930f133d1d89720d78c8e2a0aba764ccfe418c204043ac203f38ce0c9340679f72d0360fdadbdd45abbe66314e36c2a2dc1fc80c9e62da269235d09368c3f92a8d263d34a4db3e6925c87d9639ebd64107139fd90d25c16b239de742a38537542e3c79c25ca76f950ef3b7a2fa9aae23786929efca0d19584c7a57bbed7efc77bba5b01baa15b25a853578621fa2ab00343191d0c76c6d1f2a9672797ba2253a682069f3f998b183a8779c53914dce9378e5f412da96a11ea81d9bddb4a31e6104b02d2aae3061e931cc9c7265523e98310abc1bc68a345139dd6e1f87ff5f9ef2d1808ddbceba6d13a204be16c1dee92c118e2d66cb13ec4fcdb866f061e10c1ce8911a95df9b96ff135ab5813e322043685b5e6d9dc8f4991dcf3f9bb6aad3d46afb9ce123cbb40696210029ca0b6894387c6a8cabc8092e8d38fd0f05d7ee24b7d47e8f72e89860dec1b275dc673be35677ae167d64f1718bfdc0d91f837fd16d05ea7acddee047eab23a148aec61a493c4e5d3f9be591e5794a4870f27ea0960d580a1d88fafd66ffefcfb4e85d15d5da3afba59805c680766362cee6cc82f22f004caa790eb7dd4712878bc53eccead0af73712490e2bd3833719e6ede67a81a4a97b48e7a2a65b29f62dab8ef8766ae4fe959ce348079d502f3b99c14d7ea71a0256010c9cb0f53d2a1708717d0d48b126e2d6012309db96ea7236778f95a3c8ef9d082849b6e87e334b8eda883a17c7d1fce9ff3804565bdc0e6713c1cf95ccb331541d00f92e1a20d1a22f4634cb9211dd5e00ea1632d581f713937cf02450de37ad8d4b6628051b2fa0386200834ee4e6f1a927fbb88b357e593efb4bf7949537898addba532ca9673eeb81c15e8e452e26ee1e1916f6467b7b2a5f31dba29fc1b13f6a188488e2db4ab2040ad16d74e27cff22e5a70267bff47813f79b91488af9c3a625e59ea021022f74dbcffcfe298b13b389641715adaf1082284770669fa6a85702e2767dd2c70a664fa3706eb694a1341cfd16177429234a9e26858e1348f6697d7f0070d1e79af67f0f77e16ec4213632226eb8cc3d43da9d763baabe9359aa9ba52f283740c9f07589b5a3853e26d16651c532d66aefdf39684276015dd33004a1c9c12f4cff44cb8cb0923d66a556de684da21f30402117b5596ee097cc138d1bf1ec42d5fcc08d7e51b7aa4b9add181f8ef67d11ac554a919de3c38287a93a556e0d73b17a8263a6550133ff7e24fa8992c7601211c0ecbcfb6f69f9daf5b43a16201086e4bf98ad452f4a89bb6df7508297e8b338d6bbde4ffce7cb155f00a6597743272f5b696f49a8c5eeea353223a577bfa58101e1e1ba76cc086c5b9d3b9f2b9f9a11b515ec2d435f5d00c6af9687fe8cf9b213c725241247454377a31bfa1265fafb81a741d540e794a45e71e4b52c5f3eafca1970134289feaf9e0ba34ae77420291187a76e73bd08a2857d1edd480e252744711a3231ec6de1cc2c8f48f2dd6462664a1d67d712e5a6dace55d0055bf19a7debe58e07944a02564c1b9264ab91ad4d69c8db3b44e1bad5ef23056322b9659164566defbfd29451c59752da84589ae76c126299ccc2ba8c0096327c75877249172f5987565000775215a9646a8f58468c7fced8ce6ae4f1288abb0d33a402d4e4e88c7ddcd8d52195fd6bb1372115385909c236ed90f210188cdcd7d182227b53fd05803250cca4895ecc0db5ab2643606f27e89dba26857194811ba7caf94291b78beff59fc8184b377963483efebce5349a068e4668291ea582b906dd0df31c39896039ab3bca430f85d72f8eb28b99156f3dcd9db2380322b8f89785a25158f70e0d19665fa467f49baf10198b76e8e288e9c58da1fdca43a7bd1c01ae018dd0ab7a1f094f2459cfc5a2ecf5e71a8d63c7fdcbb5803578bbd45ea1ee6b4bc4a5739ace9e8c557b1e4b3ca3ecaadb1b1afaf32ee6a3fba38ac928447438d350af8864f79ff3bf2ec95861c974cc3ed6c7c297eefca7dfe09fb7c894aab070fce5edae709b7e720c1976fee33065905335a036c876b6ed4124f3e9c3e47760caf7ed86b8753a2d65869a4f884b048521a8ff3880b074c72e1c262d1fc76b12ff5bdf90e278b0dbc087b592a18c8992f0d7e6d678b00dbf68cdcf62168015b99b353081d1a3a669cf771dc6e13639766265e14f4e24e06dede986447cb190946d548b3b453af84f74a34e5892a83bb73e863b6e6b192d0e3aeff228a9c22d529c0cf4cf2f09044519c4560cb7178255426210930fc467c0080ffb24e19cbf008ba0a550fc7b548bd8c2a2497fcafff2f3321831a271230a7458675a61ca301bf54e4be6610fb3d08aeb7da78ca7da82f1b7869b4a9e7ac114ffceb35263f2b72465cf57e1f052f3fb7204625942f81a39d72032902b716d95127d99b849c2c9e7c1255f095dc87b8593ff78415dcce4722d90ba4973013ac398030fd7fb951bb57b3056898028c6ddd88090bc780df791cd34adfac76ad8667c95e837a4606d7b7d54c3af4dd2a3bdd47f07832cb96fc25e6b1e12c4b3bef5ab4fee4803b18c7468e614a01bc969ccbaf63cf0a3f4f003943c29f66cbf69e4f5bef5238ceacc6fca75300d33327846b4523b67a77f128637138215973223eb9b7e5ceac50a9f8eccc24a3e4a8fabcf8de72bb393285915fadd73edaeb458ae91bb39ce211c58ea013f329802168bfe10077773ed4119fe7d371074030d7d1432a89aa83ba867529d32a6a499c2d390daa1bba93a7e7f1beb629b0d6225caaecfd1a550c58dbcc0ac72efd01c81ec8ce14f21856224dde3e2b45445ad586b064ebb44ec79311c93fb9188593c3230041bfacc84a3396be377121e523060086694a1143b6de909dd7f7ca449783977f2dd7a79199c35b4a31bb41d3a653b13c7b0bd42ecfb8c8366b0e423934cf119458ffbd83a4c89d33573a066c414e2f785f2e716035bb5f44ce3241fa2a64880f199886081ad1edba356a0eee01af39a45161669bc7c601a47b7b8e526bc00029a08625f93233c6d04701b116f1fb87c9555d263dd442795aea13523aee6fe28fcfce94de109d95ade256faa4cc511517af138b03aa13fde25f24d671a794827426a3e60b22b91ebca6330426a0c59cbe38cff8257693a0920c13c5e1662edfe8d5118507050b881eed9de1461f426f545f33cb0ebb67e192c2ec91664f87ee35684f648ebc7fb22d41996dc26d4fe472fd3cf4c30765b5dd0b3cff30fa5235b7b6af7fb57338722e1fdb10ccfbae6cf896f7632c2db661c75c97abd7a02e1c0a6c728fea0b8dfffb0f76a2d969587b5b2489fd3d3cf683e4f66c929e7ecdbbfd00582a38f105347c180911fe60c7faefc8782bf04e21b9958f719503cb2bdb06fc41e9a9575ec2378b3d5caa9da7af6adeaf7ab6345b0b0d5eb84bb2d388884378b91c206d1352b29ebcb2c906d50e21ebaf20ddaccd6492454567dde7e3d5805cc2ca058b9b3c615387563fe4d9c33c3c0c72825bdca1fb78dae6f8cf9b82959cab8b3167fc25003fd352a0dcbba9c8f488ae7728da8a2822e0b7617777f25054d6bb09e2dcf7c97643f3d1971769215ff1e9f84942f4ebf06c03a75e9a78f21d18e7887aef67749324edc553570d22a4c1048c0e5ef48cf53ed822950a772b0d890fc95e7b949ff2a1dc06bd26de80f620b1578d2d572fa4280c46ac9c58bd1ac1523760c3a4bb661841c5a47f54254711abd11781a30c73d24da971f84728c77009b5c3a96beb40c1554b677c585602c070a9521f952d35cd668179bf3c086a9c232f7ed19e524765149d010300d761ea2951ebcc6810e4d0a6dd3d8ee417ca61b73baf8a8799fc5423698d119826e1b35e81db8d4fb7dce1e9b1fff4f373c25205b4c612acf90d39f1d8e45764d7f2c2e95f73e1571f23921e3100cf3b69879966cf04be787c8f2d9573b28c8f9163efea551dd0bf56fe4cb5ab66199b8fd535fd0ca157ff9b2f0482a47cfb58b1c2153e6e2c2b816388691653e4333fd24429d81987866de21ad684f775046ed65ec897cb31300e678c84081b8e9b6c46c05abf7dc73f4a98c901ea7986910f45ea1f84599d26a0aff855594c17ea270ac4c6c71f1999bfb2e794af4957dee0de202aac377c3570c882fca8f5697386c4d892ba8c27421a94a3d8a6dfe9e50a508257c9501602b684beea03936acd00013f9c231a571048701a06df17a5387ebc9fe662056d5920071b9157fe9568188478cb5ca5e09dc4cae5398c77599f5fd2134d084a1fd1200ba158fcc5617c9add910ee35672d693e5cbd66b15160ef11718b867039c7940cdb1e70b7d67980cdc643de565f04a4212ee547caa753955c79c47c858d953537876060d524fff80e56d4d46a66a412bb146db09f30f9e0c346af290f0e401be80d2d247fc6f6754b3ad09d27aa8290984ab80559f32f7bcbc38ba42f8b0bc2b4b04ccb949040f831c5ed197ff39049b43d4d61abc93150ccbdbd942c56e0e16a4f1cfb73443cf09fe673ff40ab310c5636a6ef3562c48047ce589ea37a98e61becca02f537c32a22511d48f3a23bace2cad00afa802bee24722db7d3aabfa2cbc5267a0410fec51462ca9ac35aed94470d860dccf6aedce2b44f974bec575cafa985bcb062695a7ca6e366c871bae236770c5e60dd872540cc7ba60df22dae788c662b398a3fa26bb78dfe4069e24034d11e550888effbefe9fb2cfb0f330022ef4c8067caf68ad2819a20c9e6b865c50b267eee1a9b4c773a846acca87b1505f53651c1ab23b0793cdd1c1a5af6c7e3dbe68560a88ef08c8a3976ee05b678007c1612bcbb8ce8791f235b6f440b0574a5f977126345cb155219d3fb42aba7813aceb29feffc2f740f5a3f2ca5bcbf0317b76b72c38b29558c70efb254ac17851e7728a81e1888ec4d7a507a176f4173ac0a719a5e47b889c34a63e2c50d46ab671f64cc79239c9b71de9fa86c45bbd0440f1a0f82ff0ca7170d8e1286b1f91c76d71664632f1b296bdff759bf0e01a6ed34f3ba4fb30f62a1227968289d222e241845940cad88383a8eac4b7ff6b5b019f957a68c122a6b6a1dad5516fce2b2ede79d3e5f0a78437b9fc68a05eb80ae758814f600c0f3ac07521fc1c6f8b920db9af3d406e449258829bad1f912b972c35be8a2219a342104c34e55e1ef02a3024b9e5bd9285cb6cf698fd5f3a9d7a7e5c4e0b90f51e9613e9ca8e9047a438dd505ce9c125b5421ea278339a05467bbefea6ee399cfc0762339694d6dc0a5cc303c37316938d6642629979a35e444623d24d11bd89ae44c78f1aadc86d924f2bf779e02da57797e77ddca57730ec183f8c9cb2efec9f05958050bf5894daf0aed40835e4c729ff31a164d3944930730c2660c7928e476ea82098372f2a629ed70f0292a7e79d66180ea151ba4d57fecff2f13c6c0fbd2fa66f161560b21c27ad693fe68a552268d3605e10742aa43ef39fbb394ed3bec2c9313eab3e1619b2934313877605a3c9a8f6d1a907ba92f302c39fbd15b2b2515a12e36acffa88a46d8ef9572e2c406ecaf0304b7372223d3c25754274bd51745b2fb659f09f3cbc7f4662babb09a246afc5e658fa26a3f4eb453f4e9375ed38fa654f32cb4b65a5df141ab19074948fc544054c34334a481b3b59ce0c059c5619d9d189c50aee4c1784fe08da8c013046fd460", @nested={0x8, 0x12b, 0x0, 0x1, [@typed={0x4, 0x93}]}, @typed={0xcb, 0x12a, 0x0, 0x0, @binary="c258b346ea75c82b630ac9a1e55c1825a7ea0f2a92b0d0c464d3849ae13419d5f8e28a887137039aace3cddb28ea80e70c64fb8ce95c9643d9059ace9cc6f20689f0a38068b2fa3d9ac41867b83cc6bac74f5f17c30865570c8a6caac1e207895e27ec882a70bddebd09d6432d9ed8534972ce077ee3645fa34d7ab6a3b458a33f309522850d30710a5c581ab41ad510bb5f95b431c31993e479856a8a89a2414f085c2c6ba4462bbd1b1f2c885b8a1ae8a828fbce80845cb86126ed3e6e281db9d9e3cdb43b6b"}]}, @OVS_VPORT_ATTR_PORT_NO={0x8, 0x1, 0x6}]}, 0x1200}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000001)
ioctl$auto(r1, 0x802c550a, 0x1)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000001f00), 0xffffffffffffffff)
sendmsg$auto_TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000003a80)={0x0, 0x0, &(0x7f0000003a40)={&(0x7f0000001f80)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002abd7000fbdbdf2503000100"/30], 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x24040004)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/netfilter/nfnetlink_queue\x00', 0x101000, 0x0)
socket(0x10, 0x2, 0x0)
r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vbi30\x00', 0x0, 0x0)
read$auto_v4l2_fops_v4l2_dev(r2, &(0x7f0000000080)=""/27, 0x1b)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0xa, 0x0)
io_uring_setup$auto(0x8, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x300, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/swradio4\x00', 0xa82, 0x0)
process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x2000)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
socketpair$auto(0x1, 0x0, 0x1, 0x0)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x301100, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0)
r5 = socket(0x10, 0x2, 0x0)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
sendmmsg$auto(r5, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
ioctl$auto(0x3, 0xae41, r4)
ioctl$auto_KVM_CREATE_VM(r3, 0x9000aecf, 0x0)
r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r0)
sendmsg$auto_NL80211_CMD_GET_KEY(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, r6, 0x200, 0x70bd2a, 0x25dfdbff, {}, [@NL80211_ATTR_COLOR_CHANGE_COUNT={0x5, 0x12f, 0x3}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6}, @NL80211_ATTR_USE_RRM={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x4004}, 0x400c045)
executing program 0:
connect$auto(0x3, 0x0, 0x55)
r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/smaps_rollup\x00', 0x8000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
ioctl$auto_XFS_IOC_FREESP(0xffffffffffffffff, 0x4030580b, &(0x7f0000000080)={0x9, 0x6, 0x6, 0x2, 0x8})
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x2, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000007a80), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_MODULE_FW_FLASH_ACT(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2], 0x14}, 0x1, 0x0, 0x0, 0x90}, 0x40)
recvfrom$auto(r1, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket(0x2, 0x5, 0x0)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
read$auto_proc_pid_maps_operations_internal(r0, &(0x7f00000010c0)=""/4096, 0x1000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x200802, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_XFS_IOC_ALLOCSP64(0xffffffffffffffff, 0x40305824, &(0x7f0000000040)={0x8001, 0x7, 0x56ee, 0x7, 0x10001, <r4=>0x0})
fcntl$auto_F_GETOWNER_UIDS(r3, 0x11, r4)
msgget$auto(0xa, 0x0)
socket(0x1d, 0x2, 0x6)
getpeername$auto(0x3, 0xfffffffffffffffc, 0xfffffffffffffffe)
r5 = openat$auto_state_fops_(0xffffffffffffff9c, &(0x7f0000000900), 0x101002, 0x0)
read$auto_state_fops_(r5, &(0x7f0000000940)=""/19, 0x13)
socket(0x3, 0x3, 0x500000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0xff, 0x0, 0x1, 0x3}, 0xed7138c}, 0xb, 0x0)
r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8002, 0x0)
write$auto(r6, &(0x7f0000000100)='\t\nD\\\'\x02\x00\x0f;\xd1\t\xbe\b\xe8P\xd2#\xcb\x98p\x81\xe7\x82k\xde|P\xfc\xcb%\xd4\xc2\xe8\x16A\xed \xec7\xa7\x9f\x969\x92t\xc9\xe9J\x1d-X_\xa1\xff@\x88\xbfP\xe9\x91\x82R+N\xe5\x10\x87\x92j\x953\x94\x13\xc4`\xbf\xa0\'\xd5F\x1a\xa0lSQ\x00\x99\xcf\xea\x86\xc3J\x8aE\f*T\x9dn5w}\x17\x97\x92*,\xddn6\xc3\xa4\xbc_\x9a\x9c\xc8\x80\xa3\xb9\x9aQL\x1d\xae\x14Ycd\xc0\xcf,\xb5Z\xab\xac_\xd5e3P\x97\x10X\x7fB\x88\xe63\xca\x00\xcf\xd1\xe3\xce*6\x11\xcbmv\x86\x0eM\xe7\x90\xbb]\xf5\x0f\x00\xee\x8e\x00\x00\x00\x00\x00\x00\x008\x1f\x9a\xe3\xa0\x14\xac\xf2{\x94E;\xef\xd0\x80\x8an\v\x9b\xf4M\xf8\x02\xd2\xe9\xb1\x81\x8d@\r\xc7\x11/\xaa9\xbbl\xb7\x90__[r\\\x9e\xcc\xbe2nw\xac\x02(\xf9\x9ajI\x1c\x91\xd7\xc7\xbc\x15\x8d\x03q\xb9\xd5\xe1\xb2\xc6\x89\x93M\x7f\xaf\xa1\xb9g\f\xe4\xfcfA\x8b\xd0\xd7\x8f\xd8R\x90*\xa6\x8d\xf7\xe5\xb1`E\xb8J[\xa9N\xac\x9bg\xe4\xeegb\xcab\xd1\x10\xfe\xac\xca1XH\xde\xc4\x10l\xaa\x012\x80\xac', 0xce)
executing program 0:
open(&(0x7f0000000100)='./file0\x00', 0x440, 0x0) (async)
prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x80001)
lstat$auto(0x0, 0x0) (async)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x181400, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)=""/114, 0x72) (async)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0)
socket(0x29, 0x6, 0x5) (async)
socket(0x28, 0xa, 0x0) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYRES16=0x0, @ANYBLOB="2f212abd7800fddbdf25210000"], 0x14}}, 0x4000000) (async)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) (async)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D1\x00', 0x1, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/fs/pipe-max-size\x00', 0x382, 0x0) (async)
write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) (async)
r3 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, 0x0, 0x200000, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x2, 0x15f4da0a, 0x1, 0x3, 0x300000000000000, 0x80000001, 0x7, 0x6d3c, 0x5, 0x2]}, 0x0)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f00000000c0), 0x100000, 0x0)
unshare$auto(0x40000080) (async)
mmap$auto(0x0, 0x20409, 0xdf, 0xeb1, r3, 0x8000000000008000)
close_range$auto(0x0, 0xfffffffffffff000, 0x0) (async)
mmap$auto(0x0, 0x2020009, 0x3b, 0xebf, 0xfffffffffffffffa, 0x3) (async)
r4 = socket(0xa, 0x801, 0x84)
setsockopt$auto(r4, 0x10000000084, 0x76, 0x0, 0x9c) (async)
setreuid$auto(0x0, 0x7) (async)
setreuid$auto(0x0, 0x0) (async)
open(&(0x7f0000000040)='./file0\x00', 0x6a640, 0x20) (async)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
executing program 0:
statmount$auto(0x0, &(0x7f0000000380)={0x8, 0xa, 0x1ff, 0xcc, 0x8, 0x4909b6f8, 0x1ffdf, 0x9, 0x9, 0x7, 0xa121, 0x3, 0x0, 0x8004, 0x3, 0xa, 0x2, 0x10001, 0x2, 0x100000000, 0xe, 0x7, 0x2100, 0x200, 0x0, 0x84, [0x4000000000, 0x8, 0x0, 0x50100000000000, 0xa, 0x4000002000, 0x0, 0x6, 0x70624ce7, 0xff, 0x4, 0xffffffffffffffff, 0x0, 0x80001, 0xb, 0x801, 0xffffffffffffbfff, 0xf31, 0xf7fffffffffffffe, 0x0, 0xffffffffffffffff, 0x800000000000007, 0x10000000004, 0x2000000000000000, 0x0, 0x4, 0x400000000005b8, 0xc, 0x0, 0x0, 0x8000000000000001, 0x6, 0xfffffffbfffffffc, 0x88e, 0x8000000000008, 0xfffffffffffffffb, 0x9, 0xa38, 0x6, 0x3, 0xffffffffffffffed, 0x8, 0x4000000000, 0x7]}, 0x1fe, 0xe)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x20081, 0x0)
write$auto(r0, &(0x7f0000000000)='/\x00'/18, 0x7fe)
executing program 6:
r0 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000002c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL802154_CMD_SET_CCA_MODE(r1, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000000)={0x28, r0, 0x101, 0x70bd2b, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x60040440}, 0x800)
r2 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_SET_TID_TO_LINK_MAPPING(r2, &(0x7f0000000a40)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000a00)={&(0x7f00000000c0)={0x914, r3, 0x100, 0x70bd29, 0x25dfdbfb, {}, [@NL80211_ATTR_STA_EXT_CAPABILITY={0xea, 0xac, "f2a5c38b2e7df35d998fb1f614d9b83b2afbaf264ebe4dbad834a5ebc898d1ba27182384f0578fbe677968d7195fd4810cd0100803a20581d4a6b1356d825782c1a5875e8524083e51022f6a1bf70def04333a032d4cf2da3d0968f156af721d2808a204f9afd4016ea62679a4384f3061e27a3d29042b2f1bfcd90d6ee749cb0c1811a7442094f6a95a1b4f1b48c712f13b01c3e506a55e5e919cc334fbe92287f6f63b8d7b68dd5a7465eb5aa4f2f74e6864b07a2cb0787e7bcd83e8f095b2ff85c72b7c6243a7102c47c73cf72f1895a38b11482dd8cbaac8e2f3d5203a5453202566c969"}, @NL80211_ATTR_4ADDR={0x5, 0x53, 0x3}, @NL80211_ATTR_IE_ASSOC_RESP={0x73e, 0x80, "5e856c603ecfcffc560bdc37f136b7317f8459065b82f3a5797fb951311cde4c48f6520f2064310e448ec769b50ef6e28bbf325272aff20ff1dbf1b49062a4efedf71b6a3f169b4c608a8399a657784f057ddbafc7f9b340813b2ba03d6ab617433b21c1f3251c72677fb9dc176347eadd3a559f39a0b9aa88f49438996a106b87c5ab8e40cde110edd0707d73e025d83ede9e77e97f4cbd0d3e9be1691c9c31c046640d35bc2701b6308ab9913ee87ffa40b4cb1b05c0a3844af97a7389323ba3ac27874acd2e2d0918e4b3cffb3abe5303f8e9ee5fc133856b15c9389b132b430e593080856cc7e610f63777b722355319a1bdfe3d4f3960465b4ef41cb29e8197ac202846126ad510cbb707b2070441398376effc0b464c950990357f41b60eb70e82d6415d6c0dd97fc15ddd6a84761f30d034552fc556219c6d1f8de3167533ef0cf9043d1a1b6f5386f561688e76fdf19f71bf9d7ad5b0c1dfc1034fb8ea2efda052bbd996f1682dd163c899330ba1d5b173ea3af52aa2a9b58b3db10638971389442569517c421bac5c1e5a68fa452d24f617e740e46edd418d7be4c8ddbfb345281eecce158fff4068c7a2c03aff98663ca0d71f0fa535bdf4956c3471d47dbd330c5c6f16a173021c7883e20fa41aceadc472667d3979c62e0d243ee9831ff4c3fccda87d51782ddbe0df33bf3ab8b34bd0a0b48ef90131383b9d29dab2783359c1724b2282cd514430a92d075ff1218514a1b75ccc5f341cb82d33b5b9b8ff4472e5fcdbfe948e5760fca4f9b5c73aca9e7d549b266f224d6f26975c42caf8b3272a5000ab74bd9386564cf8751ea83089f84a534341812ce1d1c613e35d306f41bcf386b1e7b3157935ce3c4334592345615215abba5fed4215e1295eb0f516a4f97e84f20c5fc3821f3cc56bea853936345a2c6df6ac0e000e476016af6d3a926448cb6808839905cbe945b86e7a3edc5e6e0a41303dab1edfe6fc5cc18c8b58123f9ec8824c203c7f496fc774b75eecb7e463aad90c6c2de30aa7bb325b9c8ed45f37eeb6eda754e6631d88fa08740fbadbe71832e14a7712a07a2348ee6f73d156e518b3937021ba97698e7d93381965f6961cfc41db776c4dda2ee63ceeb442aacf417f2f2f56768036ada3a65e05a66a68f0c8cd296a8b40b253e548bf37666465915de6da6fa479b1feffc83503618a965bfa69da4525d7e4a59547ef43f3cd5b1ffb493433e6120097594d2c7a87088990421c32572f43864bc60b9a80b16e2c956d173d57c78c015a2fe54a45694fa0215f2beca6989570b577e38a765050ca80f4ec0e778e844551b5212dd80d3af88d47ca86e8beb6174359c036187250d7371294064452eb87d10d3476c64e3ce1477e0e89d243b8e18251b8ddc73e33277f56362bc796de4fd5df297383cfb8ce142f44698c1cc322d0cd232761ddd06be7599ba9ed384c9f128a848e4792e0fc1bd6a728dc552c6ce74cb19f95897b98091e19b95e597cf1f5fd9300601abfe44908ae3c5494600456a266a22bae23bbe01ea3ad099e4b7b6b07311860ebf45d66c2962177987e2b2931598aa84e840d63ad3e9984732c36d5c61b5b90fa5099ba53170161669bccb8979dbf117762071d1e9a7d2efb29f84e8691aa18d54d959bb7ba8763ef24cfcb53e20d759569fb14def3b242f3910b8f5da86c82c1a4930b0220cedf3da268a3812562e9cc93ecdf405d43bbb7fbf94c9d7c06976b88fb9197ffd61c267c4a38c723d96f45d22eeea74290a90e0923cb088aef11216ba01d2b6536390ef6f4ff431abbd7cc9b20d798c84a3475627c914b0cff85cfe7119b2404ba89d334a8619e16dda08630a97f67f6e4a826c4f3e09faa9e567aed2672168a479d69013723509921d4c052ad9b36b00222b7b1e8ff5f16765d07953ceec1691bbfa9186fc35977a4eab7d10d11f933b7dc0f020da9bc6a73f09ee5a00aa588b506d14e5a1c11b5cf9e3aca9119e9836d77e29d49705ff6a3657cdf53cfea4805096eae7cde9646c8107d3adef382912a2bdca022cf9488e56eff2cc5f57eb838d71ad736a0d64ceb60501cc48f543754b4f23e3ac1f0ae9fe9f155232ffc72b472ff3e47bf5738fdb806971d68a9d4569da928d6791d116943bfe5f48e1a93e8293e7fbe9baf93004062ebec950a3addc5be5447aa2070f3c812c52868a11fb108ea8da6d551822472d5a61f232f2a490c745b06b69515dc2cdc6877278df1c82860074744997c71dd89a16c7da84151dd7cb8d6174dc31df18d8f67dddf9f3c1fe6da82b6228678532d727c95896b56530c492bf947e7bf36cbb4ece3b9210f0d087be9595a5bfffd6b36eebf245fe70f82c24358af1216ea5d1e1399c826d802d7e6f4ebd70221528937bf71739851a355e9198410afa7b404dba1a189a409c3aa08c953281e3134f20d907233183dac0350adfcbc32dde6b0ead718a65598ba50bef7d15fb0c0164cf87342c97aa0af9cf78ccd510151d3059c33d423303746c178f4295c2a86ffadbafad281ccd6dcba490e1b431c16c2e5f5f7efb5d8191a6726f7c9cf835abf5cffa568c5e4db6804e4d9435258198ffad138b6"}, @NL80211_ATTR_STA_SUPPORTED_CHANNELS={0xc2, 0xbd, "93cdda6f8421fe0b561f691e9ad73184d34fce888e93482abf98e3de7b60d370b81a32089bea8cae6600a62ad4b181626bcdc2220c473b3e0da19a43f42a88b4aaca0f25884567753354d99dc935d1fc5b8804f9b179ea92a8054a6bfc5010b9e694f1d1e6d73d0bb94949ca4990b4c0e653024d5f28e7c52581da8e57fbbcc4ac73fbb5995e8512ec9ad4418118c5b7b185bd9c0ecf19931735fbe91e0efa5e6dbfb28cd117b04204c19b14cd7b579a2e56c702163cf6a0c85e8bce840f"}, @NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x3}]}, 0x914}, 0x1, 0x0, 0x0, 0x4000000}, 0x24000000)
sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x18, r3, 0x300, 0x70bd27, 0x25dfdbfd, {}, [@NL80211_ATTR_MLO_SUPPORT={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x14}, 0x4000c40)
executing program 6:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xc, 0x800008000)
close_range$auto(0x2, 0x8, 0x0) (async)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x2, 0x88) (async)
r0 = socket(0xa, 0x2, 0x88)
fanotify_init$auto(0x5, 0x0)
fanotify_mark$auto(r0, 0x205, 0xa, 0x4, 0x0)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) (async)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0)
ioctl$auto(0x3, 0x541b, 0x10000000000402)
executing program 2:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/lapb0/carrier_changes\x00', 0xc2481, 0x0)
write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop5\x00', 0x208080, 0x0)
getxattrat$auto(0xffffffffffffffff, 0x0, 0x4000001, 0x0, 0x0, 0xbb1)
r1 = openat$auto_bsg_fops_bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg/1:0:0:0\x00', 0x208002, 0x0)
ioctl$auto_SG_GET_RESERVED_SIZE(r1, 0x401870cb, 0x0)
executing program 1:
r0 = socket(0x1a, 0x80000, 0x8005)
socket(0x2, 0x6, 0x0) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000) (async)
shutdown$auto(0x200000003, 0x2)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x300, 0x0) (async)
mmap$auto(0x0, 0x400008, 0xff09, 0x9b72, 0xffffffffffffffff, 0x8000) (async)
read$auto(0x3, 0x0, 0x80)
setsockopt$auto(r0, 0x1, 0x9, &(0x7f0000000000)='\'-+\x00\x10\xa4#\x92`\xdb\xafL\x0f\xfbUV\xa6KH]Cv\xbf\xf2a\v', 0xeb66) (async)
bind$auto(0x3, &(0x7f0000000140), 0x6c)
executing program 6:
r0 = socket(0x10, 0x2, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x14, 0x0, 0x200, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4c894}, 0x24008000)
sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x4000804)
lstat$auto(0x0, &(0x7f0000000180)={0x12, 0x94, 0x3, 0xfffffffe, <r1=>0x0, 0x0, 0x0, 0x1000000006, 0x7, 0x7fffffffffffffff, 0x4, 0x7fefffff, 0x42, 0x7, 0x1, 0x64, 0x40000104})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x89fc, &(0x7f0000000040)={'bridge0\x00'})
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB='\rV'], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x200000c4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0xc000}, 0xc814)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0)
r4 = socket(0xa, 0x2, 0x3a)
setsockopt$auto(r4, 0x29, 0x4e, 0x0, 0x7)
ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYRESOCT=r0, @ANYRES32=r1], 0x1ac}, 0x1, 0x0, 0x0, 0x4001854}, 0x98014)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
executing program 2:
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0)
r0 = socket(0xa, 0x2, 0x3a)
setsockopt$auto(r0, 0x29, 0x11, &(0x7f0000000080)='\x15\x00\x00\x00\xf3\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\x8a\xfbM\xf6\xf8,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"tH%\x01\x17\r\x92\xf4\xf0\x01\rNK\xfd\xf3\r\xa7\x17\xa0\xa7M\xdb\xcc\xe1W\xb5(3\xa9D\n\xbf\xceRs\x1e', 0x400)
socket(0xa, 0x1, 0x84)
mremap$auto(0x110c230000, 0x4, 0x4, 0x7, 0x100000000)
mmap$auto(0x0, 0x6, 0xdb, 0x9b72, 0x5, 0x8000)
setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0xc)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0x200007, 0x19)
ioctl$auto(0x3, 0x5453, 0xffffffffffffffff)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/ip_vs_app\x00', 0xc80, 0x0)
lseek$auto(0x3, 0x7fffffffffffffff, 0x1)
write$auto(0x3, 0x0, 0xfdef)
executing program 1:
r0 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0)
write$auto_fuse_dev_operations_fuse_i(r0, &(0x7f0000000440)="110000000300"/17, 0x11)
executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd7000f9dbdf250100000006000200000000000500070004000011080009000100000008000a002b0000fc14001f0000000000000000000000ffff7f00000114002000"], 0x64}, 0x1, 0x0, 0x0, 0x40000}, 0x400c004)
executing program 1:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
prctl$auto(0x10000000024, 0x2, 0x2008, 0x4000000c, 0x7fffd)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x0)
r0 = prctl$auto(0x10000000024, 0x2, 0x2008, 0x4000000c, 0x80001)
openat$auto_short_retry_limit_ops_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy0/short_retry_limit\x00', 0x8200, 0x0)
openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/mountinfo\x00', 0x42100, 0x0)
read$auto_vmwgfx_driver_fops_vmwgfx_drv(r0, &(0x7f00000000c0)=""/184, 0xb8)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket(0xa, 0x3, 0x100)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
io_uring_setup$auto(0x1, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
fcntl$auto(0x8000000000000001, 0x26, 0x8)
fcntl$auto(r1, 0x7, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x3, 0xa)
eventfd$auto(0x3)
pipe$auto(0x0)
sched_get_priority_max$auto(0x9)
r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyd9\x00', 0x0, 0x0)
ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0)
ioctl$auto_TCFLSH2(r2, 0x800455cc, 0x0)
executing program 2:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x2020009, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000)
name_to_handle_at$auto(0xffffffffffffffff, &(0x7f0000000700)='/proc/thread-self/cmdline\x00', 0x0, 0x0, 0x200)
getrandom$auto(0x0, 0x6000000, 0x3)
madvise$auto(0x0, 0xf663, 0x15)
close_range$auto(0x2, 0x8000, 0x0)
mkdir$auto(&(0x7f0000000040)='./file0\x00', 0x2)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x8000, 0x70)
mknodat$auto(r0, &(0x7f00000003c0)='./file0\x00', 0xfff, 0xfffffff8)
renameat2$auto(r0, &(0x7f0000000200)='./file0\x00', r0, &(0x7f0000000240)='./file1\x00', 0x1)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x8000, 0x70)
mkdir$auto(&(0x7f0000000000)='./file0/file0\x00', 0x3)
renameat2$auto(r1, &(0x7f0000000200)='./file0\x00', r1, &(0x7f0000000240)='./file1\x00', 0x2)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8000, 0x0)
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}})
io_uring_enter$auto(r2, 0x9, 0x820e, 0x29, 0x0, 0x18)
executing program 1:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffa, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000d40), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[], 0x14}}, 0x4000000)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer\x00', 0xc8c02, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000)
madvise$auto(0x9, 0xdd, 0x17)
prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0)
r1 = prctl$auto(0x43, 0x0, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[@ANYRES32=r0, @ANYBLOB="712b738fa1868b61828c4edf70835ba590a23c42b164ed528cc9775a3bb89199f0b13cf225fa2a3a283f28371dd6bf97a0577c6c917409ac137621de47b61a1edd3654a8cd230deef92baec70515ef96aa714c66e670694dc010c3abf539ed7d78b6dd764235d81a0f1ef6dd0651536df9a95ca5452a11c348a3f0419fb9b1a4ac3f1847ccafd5e62bb96377c84adda4a5cf58d6cf0c12e2b3", @ANYRES16=r1], 0x30}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800)
sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="db002cbd7000fbdbdf250af4"], 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810)
r2 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0)
write$auto_fuse_dev_operations_fuse_i(r2, &(0x7f0000000440)="110000000700000000000000000000f400", 0x11)
close_range$auto(0x2, 0xa, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0)
r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0)
mmap$auto(0x0, 0x2020009, 0x2, 0x8000000000000011, 0xfffffffffffffffa, 0x1000000000008000)
read$auto(r3, 0x0, 0xb4d3)
write$auto(0x3, 0x0, 0x2)
write$auto(0x3, 0x0, 0xffd8)
timer_create$auto(0x3, 0x0, &(0x7f0000000140)=0x6)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @private=0xa010100}, 0x6a)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
socket(0x2, 0x5, 0x0)
executing program 6:
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x5, 0x0)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x8000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000300)={{0x0, 0x17, &(0x7f0000000040)={&(0x7f00000003c0), 0x1}, 0xcf, 0x0, 0x1, 0x100}, 0x9}, 0x900000, 0x8, 0x0)
getrandom$auto(0x0, 0x6000000, 0x3)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
r0 = io_uring_setup$auto(0x6, 0x0)
close_range$auto(0x2, 0x8, 0x0)
close_range$auto(0x2, 0xa, 0x0)
r1 = socket(0xa, 0x2, 0x0)
r2 = socket(0xa, 0x3, 0xff)
connect$auto(r2, &(0x7f00000018c0)=@generic={0xa}, 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x1ffff000, 0x7, 0x100000000)
mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2)
shmget$auto(0x8, 0x10563, 0x568d1af2)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
r3 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000040), r1)
getpgid$auto(0x0)
getpgid$auto(0x0)
sendmsg$auto_IPVS_CMD_SET_CONFIG(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="200025bd7000fddbdf250c0000000800060005000000c90203800ae556ea96b6aac20a2df353bb08ecd46a7f933d1b2db8ce9af498e5ff3a90bfe88cc0b1e2e58b0f02ef589c88720e1e867e4da84e9bd27e4e7c2e138ed9b259006d0495ac1d03abe76afce408df49a9a4d2c79e8416718b6ea62d96bfe4d485b5898da01e69d213069313429fe114911f46d2480f5c0057801400cf00fc0200000000000000000000000000011400a30020010000000000000000000000000002040053800baa9962d832bfc7a1598f73f290676159d5d963f0ef3f3694e8c4769e09a76a5681c9ac27bac987157191375b4616330f58eec7166fdb5686acea5e1073d07a6eb7b91e3eb3ad97fb23c2aa1e37e9c9253c0115d7c961fed3edb90a3043132ec20bdf79be7ae10344c3f520acf5783d0eb3c0e11c56c454f6919da28e35da492fd3bd376918d0d1db7541fe3db6ce2b222834198cbee80a7b8b144af6a3fea938b06a01046b00b17c01cfd1230a8c25de9c6f31e39a6bcfad2f409551b2465a4c1003d3a46dc8740e9d4e1794644249f256fb7ba7b4475e04825ebcdadeb3d0824157cddbcb471d53880652048b58569b6e4c33ce64cb48ab36673752d6980118e2b398045597a158fb9fcc22e5ba4cdb205e8980f4ca5620bc9270655998e15fd4623e70d35bb1c3c2d4386f44f98217d65dc1b99d0995bb4e2f1eecf67e42a1d61f4e23ea7292fa8f0b334f8861a5905219476eac17430e2a6298df7834dd39fea33d5140246b3c8cede37cc5d84006fce1b686f9aa64fbd490f5bdb6e8810fecef991664c54e804cd59dc1e3ce75bb3e4f7e12a5b3c9a7022868b3de8ec536b30525e4728d360702f8d5b0e5ddfdaefc630b8e9dcec51b6492186a79401903db258e75a34ca1c0f85639b3bdb06d35b5d22055894e299d6260a47e11406008a472f6a9725b9fef7c39d86f448a815b8fe22729001580dc641df00c5037ab80751ccffa98cf32a2937c8ff7aa7c751f859c9c5dba646cfa7737c23e000000000000a400028097009280d4ad4d603c22496113937a8eaa783c1c540b4fee3e91dd97e7e7c707d5c6824da6f81cd4ccfaa1e0192047d92a084580d8d3dcec9e0e1f05aaec27e0061c3bc62f4e2956b774100f323c35da387294d9002cdfc7442311ac9be9543f563477c79fa349fab57e1367f10dbcd33bf486e3e1c04b1bec3231ac4c345e364b8096f1b0b51235e4aa6a8610394439291a753b17c79a0008000f00ac1414bb"], 0x38c}}, 0x4c0a4)
shmctl$auto(0x0, 0x0, 0xfffffffffffffffd)
lsm_set_self_attr$auto(0x1, 0x0, 0x80, 0x0)
io_setup$auto(0x1, 0x0)
close_range$auto(0x2, 0x8000, 0x0)
executing program 2:
ioperm$auto(0xefdd, 0x4, 0xfffffffa)
fsconfig$auto(0xffffffffffffffff, 0x4, 0x0, 0x0, 0x0)
r0 = openat$auto_ctl_device_fops_user(0xffffffffffffff9c, &(0x7f0000000100), 0x20082, 0x0)
mmap$auto(0x0, 0x8, 0xdc, 0x9b72, 0x2, 0x8000)
r1 = socket(0x15, 0x5, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
close_range$auto(0x2, 0x8, 0x0)
r2 = socket(0x10, 0x2, 0x4)
sendmsg$auto_SEG6_CMD_SETHMAC(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="0181"], 0x1c}, 0x1, 0x0, 0x0, 0x40012}, 0x24000090)
r3 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='Z'], 0x1ac}}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
setsockopt$auto(r1, 0x114, 0x8, 0x0, 0x4)
close_range$auto(0x2, 0x8, 0x0)
write$auto_ctl_device_fops_user(r0, &(0x7f0000000000)="a504ff4c280e43904055ceb3bc98cf2af453126b06d1f8b678ad4700b35e33bf24e0c6269dd4fcfeafaacd781a02e63a0f9cf51e53fd5433203e1a4531a69c151e3714d2418d3a55d79a114e8309e48778a229eef16577bd021ce7b48a29a4e1c32f5f0c3393287d", 0x68)
executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd7000f9dbdf250100000006000200000000000500070004000011080009000100000008000a002b00006014001f0000000000000000000000ffff7f00000114002000"], 0x64}, 0x1, 0x0, 0x0, 0x40000}, 0x400c004)
executing program 2:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000)
unshare$auto(0x40000080)
r0 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154)
r1 = fcntl$auto(r0, 0x400, 0x1)
execve$auto(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x6, 0xfdb, 0xfffffffffffffffa, 0x8000)
socketpair$auto(0x1, 0x5, 0x4, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket(0x2b, 0x1, 0x1)
listen$auto(r3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
setsockopt$auto(0x3, 0x6, 0x1, 0x0, 0x4)
r4 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$auto_TIPC_NL_MEDIA_GET(r2, &(0x7f0000001c00)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r4, @ANYBLOB="60883ebed100879e9dd1cca41069c7eb2906fb1a5f223173662e657f277be7cfa3d012c2ed81402ea0edd2ca0c", @ANYRESOCT=r1, @ANYRES32=r4], 0x20}}, 0x2000c880)
ioctl$auto(0x3, 0x89e0, 0x38)
close_range$auto(0x2, 0x8, 0x0)
truncate$auto(&(0x7f0000000000)='./file0\x00', 0x3f2ec021)
socket(0xa, 0x3, 0x3a)
openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0xb00, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_vhost_net_fops_net(0xffffffffffffff9c, 0x0, 0x214102, 0x0)
msgrcv$auto(0x1ff, 0xfffffffffffffffd, 0x1fffffffffffffc, 0x10, 0xdf66)
mmap$auto(0x0, 0x4020008, 0xdf, 0xeb1, 0x401, 0x8000)
set_mempolicy$auto(0x4005, &(0x7f0000000000)=0x1, 0x4)
r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0)
read$auto(r5, 0x0, 0x20)
r6 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
kexec_load$auto(0x880b, 0x2, 0x0, 0x4)
writev$auto(r6, &(0x7f0000000200)={0x0, 0x7}, 0x3)
select$auto(0x804, 0x0, &(0x7f0000000100)={[0x9, 0x0, 0x0, 0x80000300, 0x1, 0x4, 0x9, 0x3, 0x81, 0x10000005e58296b, 0x1e, 0x9, 0x7ff, 0x200, 0x20000000008, 0x4000000000006]}, 0x0, 0x0)
executing program 1:
semctl$auto(0x0, 0x9, 0x0, 0x2)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)
executing program 0:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, 0x0, 0x2, 0x0)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x4c440, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000002500), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/dynamic_debug/control\x00', 0x80040, 0x0)
r3 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff)
r4 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/scsi/sg/version\x00', 0x280, 0x0)
read$auto_proc_single_file_operations_base(r4, &(0x7f0000000080)=""/162, 0xa2)
sendmsg$auto_OVS_DP_CMD_NEW(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010026bd7020f8dbdf250100000008000200", @ANYRES32=0x4, @ANYBLOB="080001004866520100001e00", @ANYRES32=0x9, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x80)
syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_OVS_DP_CMD_DEL(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x20040011}, 0x20000000)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000500)={'gretap0\x00', <r7=>0x0})
socket(0xa, 0x23af690fef30229, 0x9)
r8 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f00000000c0), r0)
sendmsg$auto_IPVS_CMD_SET_DEST(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f0000000540)={0x2a8, r8, 0x4, 0x70bd25, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x294, 0x1, 0x0, 0x1, [@typed={0xc, 0x7a, 0x0, 0x0, @u64=0x2}, @typed={0x7, 0x13b, 0x0, 0x0, @str='!\\\x00'}, @nested={0x24, 0x13c, 0x0, 0x1, [@typed={0x14, 0x2a, 0x0, 0x0, @ipv6=@private0}, @typed={0x8, 0x53, 0x0, 0x0, @ipv4=@multicast2}, @typed={0x4, 0x11e}]}, @nested={0x8f, 0x14a, 0x0, 0x1, [@generic="c7f56f4a18a893f672bbfedceb336607cb6d05b577868e28c3489445cceba01fbf0fd99f7b947a041419e6bd79d8a20c3f45203a9b5376dc395e4c33f6427566c5876b5b23842788b76056086192391eaaf7e9016477189e5e80ebfbd6663c16a41fe40f7fc32f5291e20e99a24db43924ac127e", @nested={0x4, 0xf4}, @generic="d0ae637828845a", @typed={0x8, 0x56, 0x0, 0x0, @ipv4=@local}, @nested={0x4, 0x3adf}]}, @generic="b45032ae25a12d7f18fe71e556d472443d66eefeac11565013408c7da1c7fb44e16a63ff63842fbe427cbe018f8515a7a229f8c2b1a188156385f8c2a59c270b50d651f4e57213187d67b8e23eefafdbadaa7434", @typed={0x8, 0x64, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x21}}, @typed={0x14, 0x10d, 0x0, 0x0, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}}, @typed={0x14, 0x7d, 0x0, 0x0, @ipv6=@local}, @nested={0x30, 0xb6, 0x0, 0x1, [@nested={0x4, 0x11d}, @typed={0x5, 0xe0, 0x0, 0x0, @str='\x00'}, @nested={0x4, 0x12c}, @typed={0x8, 0x64, 0x0, 0x0, @u32=0x8cb5}, @nested={0x4, 0xbe}, @typed={0xc, 0xa9, 0x0, 0x0, @str='gretap0\x00'}, @nested={0x4, 0x31}]}, @nested={0x112, 0x34, 0x0, 0x1, [@generic="e00fdc88255e98ea2db1d78b84c6632ebbf6330216eabb0f4b298d65f8004ad3ee36a8101a6b2db3f40e74517ea7f504c16c0e4525936bac2c2e8f2b530ae929afd46d10f69e85b88322b1dd2676beb147363c3aa1f2057cd85037ce1a2d", @typed={0xc, 0x7c, 0x0, 0x0, @u64=0x8}, @generic="b370076313997f5c7e2abf12e9c7e235a40136f105faf5e073c3924772b54dc11a63", @nested={0x4, 0xaa}, @generic="d25cbdbb692329cbaf711e65a9eb240f0d239273c16660a6ce7ae0431ea6641c5a5c66fb66855aeb6eb2ad9996976739d43d05749cd6d5acdab03263c659c19fa3bb3b6db4c3a781a90d9f8b15c48ab3d68db4ccd87a4fa2ee2574f7a8b8", @generic="d3eb3b90551508cd87f774852ec097a521c83cbf94e62526141767e0a345809e"]}]}]}, 0x2a8}, 0x1, 0x0, 0x0, 0x8000}, 0x40044015)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x2e01, 0x0)
sendmsg$auto_BATADV_CMD_SET_MESH(0xffffffffffffffff, 0x0, 0x140080e4)
ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0)
r9 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, 0x0, 0x2802, 0x0)
ioctl$auto__ctl_fops_dm_ioctl(r9, 0xfffffff7effffd05, &(0x7f00000001c0))
sendmsg$auto_OVS_DP_CMD_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x28, r1, 0x5, 0x70bd29, 0x25dfdbfc, {}, [@OVS_DP_ATTR_IFINDEX={0x8, 0x9, r7}, @OVS_DP_ATTR_NAME={0xb, 0x1, '.\x02:\xb6-$\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000c000}, 0x4000024)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
write$auto(0x3, 0x0, 0x100082)
executing program 1:
statmount$auto(0x0, &(0x7f0000000380)={0x8, 0xa, 0x1ff, 0xcc, 0x8, 0x4909b6f8, 0x1ffdf, 0x9, 0x9, 0x7, 0xa121, 0x3, 0x0, 0x8004, 0x3, 0xa, 0x2, 0x10001, 0x2, 0x100000000, 0xe, 0x7, 0x2100, 0x200, 0x0, 0x84, [0x4000000000, 0x8, 0x0, 0x50100000000000, 0x9, 0x4000002000, 0x0, 0x6, 0x70624ce7, 0xff, 0x4, 0xffffffffffffffff, 0x0, 0x80004, 0xb, 0x801, 0xffffffffffffbfff, 0xf31, 0xf7fffffffffffffe, 0x0, 0xffffffffffffffff, 0x0, 0x10000000004, 0x2000000000000000, 0x0, 0x4, 0x400000000005b8, 0xc, 0x0, 0x0, 0x8000000000000001, 0x6, 0xfffffffbfffffffc, 0x88e, 0x8000000000008, 0xfffffffffffffffb, 0x9, 0xa38, 0x6, 0x3, 0xffffffffffffffed, 0x8, 0x4000000000, 0x7]}, 0x1fe, 0xe)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x20081, 0x0)
write$auto(r0, &(0x7f0000000000)='/\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x01', 0x7fe)

program crashed: WARNING: ODEBUG bug in hci_release_dev
bisect: bisecting 45 programs
bisect: split chunks (needed=false): <44>
bisect: split chunk #0 of len 44 into 3 parts
bisect: testing without sub-chunk 1/3
testing program (duration=1m47s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [27, 2, 15, 30, 17, 17, 6, 29, 26, 27, 3, 8, 13, 6, 9, 15, 13, 2, 3, 30, 17, 30, 30, 16, 3, 30, 1, 30, 30, 3]
detailed listing:
executing program 5:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async)
unshare$auto(0x40000080) (async)
timer_settime$auto(0xd, 0x8, &(0x7f0000000640)={{0x344, 0x80000000}, {0xc4c5, 0x8}}, 0x0) (async)
r0 = openat$dir(0xffffffffffffff9c, 0x0, 0xc40a41, 0x78)
dup2$auto(r0, r0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
getpeername$auto(0x3, 0x0, 0x0) (async)
mmap$auto(0x2, 0x9, 0xb0e, 0x14, r0, 0xfff) (async, rerun: 64)
unshare$auto(0x40000080) (async, rerun: 64)
ioctl$auto(0x3, 0x80084d17, 0x38) (async)
r1 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x460f, 0x0) (async)
recvmmsg$auto(r0, 0x0, 0x1, 0xffffffff, &(0x7f0000000380)={0xa, 0x4}) (async, rerun: 64)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="17000000", @ANYBLOB='v\x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) (async, rerun: 64)
r2 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8) (async)
r3 = openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/ieee80211/phy0/aql_txq_limit\x00', 0x121c01, 0x0)
write$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(r3, 0x0, 0x0) (async)
r4 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x20081, 0x0) (async)
r5 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000000), 0xc0040, 0x0)
ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f00000000c0)={0x1, "e6c26c22ab89af11056b0001ac097e0a0728d9300000c500"}) (async)
ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000000)={0xdc, "bbb5ce66e24cce7eea982cab480b47beebef0d74884dc693a7ad9cbdbda6070f", @inferred=r3})
write$auto(r4, &(0x7f0000000140)='/dt0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00+0q;\xbb\xea5.\xadX\xb9QW\x04\xcd\xef\xaf\xad \x90\x8f\xee\xb4\x8c\x1c;\xf0TL\x1a\x1f\xb5\x93\xb9P\x06\xae\xb8\xc1s\x88\x1c\xb1o\x04\x00\x00\x00\x8dW\xf9\xef\xdf\xc78\xb1\x1f\x19Y\x8fi}\x1d#\x16*\xd0\x85e\x05D\xd1w\x1b\xe5g\xf4\x92^[2\x971N\xf8\x97d@\x13\x8eE{\xa5\xda\x160\xc9\x94|I\xb7\x91 dS\xeec\xda\xa2V\x1e\x1aN\xf6\xac/\xb8\xbc\fO\xaa\xc8\xa7\xa5\xd5\xa7I\xf9\xaau\xb5\xfa\x94\xec\xb5\x81\xf6\xdc\x1aN\x89\xe5\x11\x880\xef\x14N\x95HZD|\xfc\t\x8d,u(\x16g\x88\xc6\xd3\xb4ZR\x1c\x15\x95g[\xd3\xe8 \xa1\x92\x92\xff\x1b\xf8&\xf4\xfd3\xe9\xa3\xc9\xb3%\xb7\'\xear\xfbS\xf9\x81\xcd\xb0\xd2)\xd6\xf62\xe5\x8e\x9a7k\x9d>0\x06\xeeS\x8a\xe9\xfe\x88\xa2Z\xb8#\x87\xda\x19]F\xec?\xce\xb1\x17%\x86\xbbV3M\xba\xb1P\xbd?\x1e\x12`\"\x82\x1b\x16\xde\xe7\x17A1^c6\xdd\xff\x84=\x00`\xe0\xf2\x85\xc8}\xe3\xa9\xe1\x1b\xe1\xcc\xae<O\x8c\xfd\xa1%\xbf\xe6\xf4', 0x7fe) (async)
acct$auto(&(0x7f0000000080)='/dev/input/event2\x00') (async, rerun: 64)
r6 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/002/001\x00', 0xa901, 0x0) (rerun: 64)
ioctl$auto(r6, 0x41045508, r6)
executing program 5:
r0 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0)
write$auto_fuse_dev_operations_fuse_i(r0, &(0x7f0000000440)="11000000030000000000000000000000f4", 0x11)
executing program 5:
mmap$auto(0xac, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mlockall$auto(0x7)
set_mempolicy$auto(0x2005, &(0x7f0000000080)=0x87e, 0x4)
mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000)
open(0x0, 0x22240, 0x55)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/module/rcutree/parameters/rcu_resched_ns\x00', 0x88282, 0x0)
connect$auto(0x3, 0x0, 0x55)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
openat$auto_severities_coverage_fops_severity(0xffffffffffffff9c, 0x0, 0x189041, 0x0)
select$auto(0x804, 0x0, 0x0, 0x0, 0x0)
r0 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/numa_maps\x00', 0x20000, 0x0)
read$auto_proc_sessionid_operations_base(r0, &(0x7f00000000c0)=""/4096, 0x1000)
executing program 5:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r1, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, 0x0, 0x20004000)
close_range$auto(r1, r1, 0xd95)
connect$auto(0x3, &(0x7f0000000080)=@nl=@unspec, 0x20000054)
getsockopt$auto_SO_TXTIME(r1, 0x809, 0x3d, 0x0, 0x0)
syz_clone(0x80022000, &(0x7f0000000300)="2ef8cdcd3c2f291d04", 0x9, &(0x7f0000000380), 0x0, 0x0)
syz_genetlink_get_family_id$auto_ovs_meter(0x0, r1)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x155)
socket(0x10, 0x2, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, 0x0, 0x4)
tkill$auto(0x1, 0x7)
keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x0, 0x0, 0x0, 0x48eafc79)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES16=r1], 0x1ac}}, 0x40000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd14/queue/nomerges\x00', 0x80000, 0x0)
sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x4000023}, 0x4008098)
read$auto(r3, 0x0, 0x9)
executing program 5:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
socket(0x29, 0x5, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/v4l-subdev2\x00', 0x80000, 0x0)
r1 = socket(0xa, 0x2, 0x3a)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x2, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/bdi/43:320/uevent\x00', 0x0, 0x0)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
socket(0x11, 0x80003, 0x300)
socket(0xa, 0x801, 0x106)
setsockopt$auto(r1, 0x29, 0x4b, 0x0, 0x10000110)
ioctl$auto_SG_GET_RESERVED_SIZE(r0, 0x2272, &(0x7f0000000000)="fa3b12811e1ad7a84755ece9710dbb767aec3a0870ae90f8292fbd8dd451126ff4cfdb7488f7722f39157b8b8cc0df74bcdb20895381a2b6dfe0eab3f77e6742e278ac1e6b5e2090e04f365b40c02b07a564c99d0b35c9a2f1266bf209dd8f1043ec727d66f59e7a9b3f78eba00a92bc25c33752b59ec714abc941670bfb46ea7b65858f3f809a0b653f399b3c49285331a626e76dd7886905c2ceee664246dc15d9261732490887a3eacd6b818b613b76c3d80826fbf34822c9b8ccf3d5cea0fd2b3ebd84a4c317b032e797b036255d55eb901a451c70911168f2d9381db2d446ab14")
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
setitimer$auto(0x200, 0x0, 0x0)
executing program 34:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
socket(0x29, 0x5, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/v4l-subdev2\x00', 0x80000, 0x0)
r1 = socket(0xa, 0x2, 0x3a)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x2, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/bdi/43:320/uevent\x00', 0x0, 0x0)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
socket(0x11, 0x80003, 0x300)
socket(0xa, 0x801, 0x106)
setsockopt$auto(r1, 0x29, 0x4b, 0x0, 0x10000110)
ioctl$auto_SG_GET_RESERVED_SIZE(r0, 0x2272, &(0x7f0000000000)="fa3b12811e1ad7a84755ece9710dbb767aec3a0870ae90f8292fbd8dd451126ff4cfdb7488f7722f39157b8b8cc0df74bcdb20895381a2b6dfe0eab3f77e6742e278ac1e6b5e2090e04f365b40c02b07a564c99d0b35c9a2f1266bf209dd8f1043ec727d66f59e7a9b3f78eba00a92bc25c33752b59ec714abc941670bfb46ea7b65858f3f809a0b653f399b3c49285331a626e76dd7886905c2ceee664246dc15d9261732490887a3eacd6b818b613b76c3d80826fbf34822c9b8ccf3d5cea0fd2b3ebd84a4c317b032e797b036255d55eb901a451c70911168f2d9381db2d446ab14")
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
setitimer$auto(0x200, 0x0, 0x0)
executing program 0:
mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000)
r0 = io_uring_setup$auto(0x6, 0x0)
r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0xa101, 0x0)
r2 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000080), r0)
sendmsg$auto_OVS_VPORT_CMD_NEW(r0, &(0x7f0000001300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000012c0)={&(0x7f00000000c0)={0x1200, r2, 0x100, 0x70bd25, 0x25dfdbfb, {}, [@OVS_VPORT_ATTR_PORT_NO={0x8, 0x1, 0x5}, @OVS_VPORT_ATTR_UPCALL_STATS={0x11dc, 0xa, 0x0, 0x1, [@nested={0x101, 0x65, 0x0, 0x1, [@generic="c0e38807e656e8311d36ca01f4c5ac33", @generic="2ce8e17a97deb7a02b81dab5b682d386bd394b8be1e174a441b9c95071e2d889b30765354242e598a89065f24ba1c0b81fdbc61453d1e767295064886c109d16ea8849a0ede4158d3ce5e76c56b10e82957d2284a5406007d4e5a1fefe9faf6aaa0d8131bdc9cfc91d2fedbf72f9e0247d5eaadab6fe41b1c69345e98e4319b15da72b0b9ac554a018e708beb4686d510187b30c5b50f7ebda146533d06aedb3e61d6c8492c8346e0fe5750f453a3b82675ebb5fbbf881721d6f56dfa554fa32689bc8f3e5b320b6b1ab76b76170a15c35ca98b07ae59d79a62dfade40e253209c6e56478258e5d58eae516457"]}, @generic="fd509107789b61f62816407ddd1e622c3f60f7e9c97187901862cd20e1825cf978e33190328a125f970f6861373e6258ad74cce461930f133d1d89720d78c8e2a0aba764ccfe418c204043ac203f38ce0c9340679f72d0360fdadbdd45abbe66314e36c2a2dc1fc80c9e62da269235d09368c3f92a8d263d34a4db3e6925c87d9639ebd64107139fd90d25c16b239de742a38537542e3c79c25ca76f950ef3b7a2fa9aae23786929efca0d19584c7a57bbed7efc77bba5b01baa15b25a853578621fa2ab00343191d0c76c6d1f2a9672797ba2253a682069f3f998b183a8779c53914dce9378e5f412da96a11ea81d9bddb4a31e6104b02d2aae3061e931cc9c7265523e98310abc1bc68a345139dd6e1f87ff5f9ef2d1808ddbceba6d13a204be16c1dee92c118e2d66cb13ec4fcdb866f061e10c1ce8911a95df9b96ff135ab5813e322043685b5e6d9dc8f4991dcf3f9bb6aad3d46afb9ce123cbb40696210029ca0b6894387c6a8cabc8092e8d38fd0f05d7ee24b7d47e8f72e89860dec1b275dc673be35677ae167d64f1718bfdc0d91f837fd16d05ea7acddee047eab23a148aec61a493c4e5d3f9be591e5794a4870f27ea0960d580a1d88fafd66ffefcfb4e85d15d5da3afba59805c680766362cee6cc82f22f004caa790eb7dd4712878bc53eccead0af73712490e2bd3833719e6ede67a81a4a97b48e7a2a65b29f62dab8ef8766ae4fe959ce348079d502f3b99c14d7ea71a0256010c9cb0f53d2a1708717d0d48b126e2d6012309db96ea7236778f95a3c8ef9d082849b6e87e334b8eda883a17c7d1fce9ff3804565bdc0e6713c1cf95ccb331541d00f92e1a20d1a22f4634cb9211dd5e00ea1632d581f713937cf02450de37ad8d4b6628051b2fa0386200834ee4e6f1a927fbb88b357e593efb4bf7949537898addba532ca9673eeb81c15e8e452e26ee1e1916f6467b7b2a5f31dba29fc1b13f6a188488e2db4ab2040ad16d74e27cff22e5a70267bff47813f79b91488af9c3a625e59ea021022f74dbcffcfe298b13b389641715adaf1082284770669fa6a85702e2767dd2c70a664fa3706eb694a1341cfd16177429234a9e26858e1348f6697d7f0070d1e79af67f0f77e16ec4213632226eb8cc3d43da9d763baabe9359aa9ba52f283740c9f07589b5a3853e26d16651c532d66aefdf39684276015dd33004a1c9c12f4cff44cb8cb0923d66a556de684da21f30402117b5596ee097cc138d1bf1ec42d5fcc08d7e51b7aa4b9add181f8ef67d11ac554a919de3c38287a93a556e0d73b17a8263a6550133ff7e24fa8992c7601211c0ecbcfb6f69f9daf5b43a16201086e4bf98ad452f4a89bb6df7508297e8b338d6bbde4ffce7cb155f00a6597743272f5b696f49a8c5eeea353223a577bfa58101e1e1ba76cc086c5b9d3b9f2b9f9a11b515ec2d435f5d00c6af9687fe8cf9b213c725241247454377a31bfa1265fafb81a741d540e794a45e71e4b52c5f3eafca1970134289feaf9e0ba34ae77420291187a76e73bd08a2857d1edd480e252744711a3231ec6de1cc2c8f48f2dd6462664a1d67d712e5a6dace55d0055bf19a7debe58e07944a02564c1b9264ab91ad4d69c8db3b44e1bad5ef23056322b9659164566defbfd29451c59752da84589ae76c126299ccc2ba8c0096327c75877249172f5987565000775215a9646a8f58468c7fced8ce6ae4f1288abb0d33a402d4e4e88c7ddcd8d52195fd6bb1372115385909c236ed90f210188cdcd7d182227b53fd05803250cca4895ecc0db5ab2643606f27e89dba26857194811ba7caf94291b78beff59fc8184b377963483efebce5349a068e4668291ea582b906dd0df31c39896039ab3bca430f85d72f8eb28b99156f3dcd9db2380322b8f89785a25158f70e0d19665fa467f49baf10198b76e8e288e9c58da1fdca43a7bd1c01ae018dd0ab7a1f094f2459cfc5a2ecf5e71a8d63c7fdcbb5803578bbd45ea1ee6b4bc4a5739ace9e8c557b1e4b3ca3ecaadb1b1afaf32ee6a3fba38ac928447438d350af8864f79ff3bf2ec95861c974cc3ed6c7c297eefca7dfe09fb7c894aab070fce5edae709b7e720c1976fee33065905335a036c876b6ed4124f3e9c3e47760caf7ed86b8753a2d65869a4f884b048521a8ff3880b074c72e1c262d1fc76b12ff5bdf90e278b0dbc087b592a18c8992f0d7e6d678b00dbf68cdcf62168015b99b353081d1a3a669cf771dc6e13639766265e14f4e24e06dede986447cb190946d548b3b453af84f74a34e5892a83bb73e863b6e6b192d0e3aeff228a9c22d529c0cf4cf2f09044519c4560cb7178255426210930fc467c0080ffb24e19cbf008ba0a550fc7b548bd8c2a2497fcafff2f3321831a271230a7458675a61ca301bf54e4be6610fb3d08aeb7da78ca7da82f1b7869b4a9e7ac114ffceb35263f2b72465cf57e1f052f3fb7204625942f81a39d72032902b716d95127d99b849c2c9e7c1255f095dc87b8593ff78415dcce4722d90ba4973013ac398030fd7fb951bb57b3056898028c6ddd88090bc780df791cd34adfac76ad8667c95e837a4606d7b7d54c3af4dd2a3bdd47f07832cb96fc25e6b1e12c4b3bef5ab4fee4803b18c7468e614a01bc969ccbaf63cf0a3f4f003943c29f66cbf69e4f5bef5238ceacc6fca75300d33327846b4523b67a77f128637138215973223eb9b7e5ceac50a9f8eccc24a3e4a8fabcf8de72bb393285915fadd73edaeb458ae91bb39ce211c58ea013f329802168bfe10077773ed4119fe7d371074030d7d1432a89aa83ba867529d32a6a499c2d390daa1bba93a7e7f1beb629b0d6225caaecfd1a550c58dbcc0ac72efd01c81ec8ce14f21856224dde3e2b45445ad586b064ebb44ec79311c93fb9188593c3230041bfacc84a3396be377121e523060086694a1143b6de909dd7f7ca449783977f2dd7a79199c35b4a31bb41d3a653b13c7b0bd42ecfb8c8366b0e423934cf119458ffbd83a4c89d33573a066c414e2f785f2e716035bb5f44ce3241fa2a64880f199886081ad1edba356a0eee01af39a45161669bc7c601a47b7b8e526bc00029a08625f93233c6d04701b116f1fb87c9555d263dd442795aea13523aee6fe28fcfce94de109d95ade256faa4cc511517af138b03aa13fde25f24d671a794827426a3e60b22b91ebca6330426a0c59cbe38cff8257693a0920c13c5e1662edfe8d5118507050b881eed9de1461f426f545f33cb0ebb67e192c2ec91664f87ee35684f648ebc7fb22d41996dc26d4fe472fd3cf4c30765b5dd0b3cff30fa5235b7b6af7fb57338722e1fdb10ccfbae6cf896f7632c2db661c75c97abd7a02e1c0a6c728fea0b8dfffb0f76a2d969587b5b2489fd3d3cf683e4f66c929e7ecdbbfd00582a38f105347c180911fe60c7faefc8782bf04e21b9958f719503cb2bdb06fc41e9a9575ec2378b3d5caa9da7af6adeaf7ab6345b0b0d5eb84bb2d388884378b91c206d1352b29ebcb2c906d50e21ebaf20ddaccd6492454567dde7e3d5805cc2ca058b9b3c615387563fe4d9c33c3c0c72825bdca1fb78dae6f8cf9b82959cab8b3167fc25003fd352a0dcbba9c8f488ae7728da8a2822e0b7617777f25054d6bb09e2dcf7c97643f3d1971769215ff1e9f84942f4ebf06c03a75e9a78f21d18e7887aef67749324edc553570d22a4c1048c0e5ef48cf53ed822950a772b0d890fc95e7b949ff2a1dc06bd26de80f620b1578d2d572fa4280c46ac9c58bd1ac1523760c3a4bb661841c5a47f54254711abd11781a30c73d24da971f84728c77009b5c3a96beb40c1554b677c585602c070a9521f952d35cd668179bf3c086a9c232f7ed19e524765149d010300d761ea2951ebcc6810e4d0a6dd3d8ee417ca61b73baf8a8799fc5423698d119826e1b35e81db8d4fb7dce1e9b1fff4f373c25205b4c612acf90d39f1d8e45764d7f2c2e95f73e1571f23921e3100cf3b69879966cf04be787c8f2d9573b28c8f9163efea551dd0bf56fe4cb5ab66199b8fd535fd0ca157ff9b2f0482a47cfb58b1c2153e6e2c2b816388691653e4333fd24429d81987866de21ad684f775046ed65ec897cb31300e678c84081b8e9b6c46c05abf7dc73f4a98c901ea7986910f45ea1f84599d26a0aff855594c17ea270ac4c6c71f1999bfb2e794af4957dee0de202aac377c3570c882fca8f5697386c4d892ba8c27421a94a3d8a6dfe9e50a508257c9501602b684beea03936acd00013f9c231a571048701a06df17a5387ebc9fe662056d5920071b9157fe9568188478cb5ca5e09dc4cae5398c77599f5fd2134d084a1fd1200ba158fcc5617c9add910ee35672d693e5cbd66b15160ef11718b867039c7940cdb1e70b7d67980cdc643de565f04a4212ee547caa753955c79c47c858d953537876060d524fff80e56d4d46a66a412bb146db09f30f9e0c346af290f0e401be80d2d247fc6f6754b3ad09d27aa8290984ab80559f32f7bcbc38ba42f8b0bc2b4b04ccb949040f831c5ed197ff39049b43d4d61abc93150ccbdbd942c56e0e16a4f1cfb73443cf09fe673ff40ab310c5636a6ef3562c48047ce589ea37a98e61becca02f537c32a22511d48f3a23bace2cad00afa802bee24722db7d3aabfa2cbc5267a0410fec51462ca9ac35aed94470d860dccf6aedce2b44f974bec575cafa985bcb062695a7ca6e366c871bae236770c5e60dd872540cc7ba60df22dae788c662b398a3fa26bb78dfe4069e24034d11e550888effbefe9fb2cfb0f330022ef4c8067caf68ad2819a20c9e6b865c50b267eee1a9b4c773a846acca87b1505f53651c1ab23b0793cdd1c1a5af6c7e3dbe68560a88ef08c8a3976ee05b678007c1612bcbb8ce8791f235b6f440b0574a5f977126345cb155219d3fb42aba7813aceb29feffc2f740f5a3f2ca5bcbf0317b76b72c38b29558c70efb254ac17851e7728a81e1888ec4d7a507a176f4173ac0a719a5e47b889c34a63e2c50d46ab671f64cc79239c9b71de9fa86c45bbd0440f1a0f82ff0ca7170d8e1286b1f91c76d71664632f1b296bdff759bf0e01a6ed34f3ba4fb30f62a1227968289d222e241845940cad88383a8eac4b7ff6b5b019f957a68c122a6b6a1dad5516fce2b2ede79d3e5f0a78437b9fc68a05eb80ae758814f600c0f3ac07521fc1c6f8b920db9af3d406e449258829bad1f912b972c35be8a2219a342104c34e55e1ef02a3024b9e5bd9285cb6cf698fd5f3a9d7a7e5c4e0b90f51e9613e9ca8e9047a438dd505ce9c125b5421ea278339a05467bbefea6ee399cfc0762339694d6dc0a5cc303c37316938d6642629979a35e444623d24d11bd89ae44c78f1aadc86d924f2bf779e02da57797e77ddca57730ec183f8c9cb2efec9f05958050bf5894daf0aed40835e4c729ff31a164d3944930730c2660c7928e476ea82098372f2a629ed70f0292a7e79d66180ea151ba4d57fecff2f13c6c0fbd2fa66f161560b21c27ad693fe68a552268d3605e10742aa43ef39fbb394ed3bec2c9313eab3e1619b2934313877605a3c9a8f6d1a907ba92f302c39fbd15b2b2515a12e36acffa88a46d8ef9572e2c406ecaf0304b7372223d3c25754274bd51745b2fb659f09f3cbc7f4662babb09a246afc5e658fa26a3f4eb453f4e9375ed38fa654f32cb4b65a5df141ab19074948fc544054c34334a481b3b59ce0c059c5619d9d189c50aee4c1784fe08da8c013046fd460", @nested={0x8, 0x12b, 0x0, 0x1, [@typed={0x4, 0x93}]}, @typed={0xcb, 0x12a, 0x0, 0x0, @binary="c258b346ea75c82b630ac9a1e55c1825a7ea0f2a92b0d0c464d3849ae13419d5f8e28a887137039aace3cddb28ea80e70c64fb8ce95c9643d9059ace9cc6f20689f0a38068b2fa3d9ac41867b83cc6bac74f5f17c30865570c8a6caac1e207895e27ec882a70bddebd09d6432d9ed8534972ce077ee3645fa34d7ab6a3b458a33f309522850d30710a5c581ab41ad510bb5f95b431c31993e479856a8a89a2414f085c2c6ba4462bbd1b1f2c885b8a1ae8a828fbce80845cb86126ed3e6e281db9d9e3cdb43b6b"}]}, @OVS_VPORT_ATTR_PORT_NO={0x8, 0x1, 0x6}]}, 0x1200}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000001)
ioctl$auto(r1, 0x802c550a, 0x1)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000001f00), 0xffffffffffffffff)
sendmsg$auto_TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000003a80)={0x0, 0x0, &(0x7f0000003a40)={&(0x7f0000001f80)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002abd7000fbdbdf2503000100"/30], 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x24040004)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/netfilter/nfnetlink_queue\x00', 0x101000, 0x0)
socket(0x10, 0x2, 0x0)
r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vbi30\x00', 0x0, 0x0)
read$auto_v4l2_fops_v4l2_dev(r2, &(0x7f0000000080)=""/27, 0x1b)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0xa, 0x0)
io_uring_setup$auto(0x8, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x300, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/swradio4\x00', 0xa82, 0x0)
process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x2000)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
socketpair$auto(0x1, 0x0, 0x1, 0x0)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x301100, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0)
r5 = socket(0x10, 0x2, 0x0)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
sendmmsg$auto(r5, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
ioctl$auto(0x3, 0xae41, r4)
ioctl$auto_KVM_CREATE_VM(r3, 0x9000aecf, 0x0)
r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r0)
sendmsg$auto_NL80211_CMD_GET_KEY(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, r6, 0x200, 0x70bd2a, 0x25dfdbff, {}, [@NL80211_ATTR_COLOR_CHANGE_COUNT={0x5, 0x12f, 0x3}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6}, @NL80211_ATTR_USE_RRM={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x4004}, 0x400c045)
executing program 0:
connect$auto(0x3, 0x0, 0x55)
r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/smaps_rollup\x00', 0x8000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
ioctl$auto_XFS_IOC_FREESP(0xffffffffffffffff, 0x4030580b, &(0x7f0000000080)={0x9, 0x6, 0x6, 0x2, 0x8})
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x2, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000007a80), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_MODULE_FW_FLASH_ACT(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2], 0x14}, 0x1, 0x0, 0x0, 0x90}, 0x40)
recvfrom$auto(r1, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket(0x2, 0x5, 0x0)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
read$auto_proc_pid_maps_operations_internal(r0, &(0x7f00000010c0)=""/4096, 0x1000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x200802, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_XFS_IOC_ALLOCSP64(0xffffffffffffffff, 0x40305824, &(0x7f0000000040)={0x8001, 0x7, 0x56ee, 0x7, 0x10001, <r4=>0x0})
fcntl$auto_F_GETOWNER_UIDS(r3, 0x11, r4)
msgget$auto(0xa, 0x0)
socket(0x1d, 0x2, 0x6)
getpeername$auto(0x3, 0xfffffffffffffffc, 0xfffffffffffffffe)
r5 = openat$auto_state_fops_(0xffffffffffffff9c, &(0x7f0000000900), 0x101002, 0x0)
read$auto_state_fops_(r5, &(0x7f0000000940)=""/19, 0x13)
socket(0x3, 0x3, 0x500000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0xff, 0x0, 0x1, 0x3}, 0xed7138c}, 0xb, 0x0)
r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8002, 0x0)
write$auto(r6, &(0x7f0000000100)='\t\nD\\\'\x02\x00\x0f;\xd1\t\xbe\b\xe8P\xd2#\xcb\x98p\x81\xe7\x82k\xde|P\xfc\xcb%\xd4\xc2\xe8\x16A\xed \xec7\xa7\x9f\x969\x92t\xc9\xe9J\x1d-X_\xa1\xff@\x88\xbfP\xe9\x91\x82R+N\xe5\x10\x87\x92j\x953\x94\x13\xc4`\xbf\xa0\'\xd5F\x1a\xa0lSQ\x00\x99\xcf\xea\x86\xc3J\x8aE\f*T\x9dn5w}\x17\x97\x92*,\xddn6\xc3\xa4\xbc_\x9a\x9c\xc8\x80\xa3\xb9\x9aQL\x1d\xae\x14Ycd\xc0\xcf,\xb5Z\xab\xac_\xd5e3P\x97\x10X\x7fB\x88\xe63\xca\x00\xcf\xd1\xe3\xce*6\x11\xcbmv\x86\x0eM\xe7\x90\xbb]\xf5\x0f\x00\xee\x8e\x00\x00\x00\x00\x00\x00\x008\x1f\x9a\xe3\xa0\x14\xac\xf2{\x94E;\xef\xd0\x80\x8an\v\x9b\xf4M\xf8\x02\xd2\xe9\xb1\x81\x8d@\r\xc7\x11/\xaa9\xbbl\xb7\x90__[r\\\x9e\xcc\xbe2nw\xac\x02(\xf9\x9ajI\x1c\x91\xd7\xc7\xbc\x15\x8d\x03q\xb9\xd5\xe1\xb2\xc6\x89\x93M\x7f\xaf\xa1\xb9g\f\xe4\xfcfA\x8b\xd0\xd7\x8f\xd8R\x90*\xa6\x8d\xf7\xe5\xb1`E\xb8J[\xa9N\xac\x9bg\xe4\xeegb\xcab\xd1\x10\xfe\xac\xca1XH\xde\xc4\x10l\xaa\x012\x80\xac', 0xce)
executing program 0:
open(&(0x7f0000000100)='./file0\x00', 0x440, 0x0) (async)
prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x80001)
lstat$auto(0x0, 0x0) (async)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x181400, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)=""/114, 0x72) (async)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0)
socket(0x29, 0x6, 0x5) (async)
socket(0x28, 0xa, 0x0) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYRES16=0x0, @ANYBLOB="2f212abd7800fddbdf25210000"], 0x14}}, 0x4000000) (async)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) (async)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D1\x00', 0x1, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/fs/pipe-max-size\x00', 0x382, 0x0) (async)
write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) (async)
r3 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, 0x0, 0x200000, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x2, 0x15f4da0a, 0x1, 0x3, 0x300000000000000, 0x80000001, 0x7, 0x6d3c, 0x5, 0x2]}, 0x0)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f00000000c0), 0x100000, 0x0)
unshare$auto(0x40000080) (async)
mmap$auto(0x0, 0x20409, 0xdf, 0xeb1, r3, 0x8000000000008000)
close_range$auto(0x0, 0xfffffffffffff000, 0x0) (async)
mmap$auto(0x0, 0x2020009, 0x3b, 0xebf, 0xfffffffffffffffa, 0x3) (async)
r4 = socket(0xa, 0x801, 0x84)
setsockopt$auto(r4, 0x10000000084, 0x76, 0x0, 0x9c) (async)
setreuid$auto(0x0, 0x7) (async)
setreuid$auto(0x0, 0x0) (async)
open(&(0x7f0000000040)='./file0\x00', 0x6a640, 0x20) (async)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
executing program 0:
statmount$auto(0x0, &(0x7f0000000380)={0x8, 0xa, 0x1ff, 0xcc, 0x8, 0x4909b6f8, 0x1ffdf, 0x9, 0x9, 0x7, 0xa121, 0x3, 0x0, 0x8004, 0x3, 0xa, 0x2, 0x10001, 0x2, 0x100000000, 0xe, 0x7, 0x2100, 0x200, 0x0, 0x84, [0x4000000000, 0x8, 0x0, 0x50100000000000, 0xa, 0x4000002000, 0x0, 0x6, 0x70624ce7, 0xff, 0x4, 0xffffffffffffffff, 0x0, 0x80001, 0xb, 0x801, 0xffffffffffffbfff, 0xf31, 0xf7fffffffffffffe, 0x0, 0xffffffffffffffff, 0x800000000000007, 0x10000000004, 0x2000000000000000, 0x0, 0x4, 0x400000000005b8, 0xc, 0x0, 0x0, 0x8000000000000001, 0x6, 0xfffffffbfffffffc, 0x88e, 0x8000000000008, 0xfffffffffffffffb, 0x9, 0xa38, 0x6, 0x3, 0xffffffffffffffed, 0x8, 0x4000000000, 0x7]}, 0x1fe, 0xe)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x20081, 0x0)
write$auto(r0, &(0x7f0000000000)='/\x00'/18, 0x7fe)
executing program 6:
r0 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000002c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL802154_CMD_SET_CCA_MODE(r1, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000000)={0x28, r0, 0x101, 0x70bd2b, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x60040440}, 0x800)
r2 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_SET_TID_TO_LINK_MAPPING(r2, &(0x7f0000000a40)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000a00)={&(0x7f00000000c0)={0x914, r3, 0x100, 0x70bd29, 0x25dfdbfb, {}, [@NL80211_ATTR_STA_EXT_CAPABILITY={0xea, 0xac, "f2a5c38b2e7df35d998fb1f614d9b83b2afbaf264ebe4dbad834a5ebc898d1ba27182384f0578fbe677968d7195fd4810cd0100803a20581d4a6b1356d825782c1a5875e8524083e51022f6a1bf70def04333a032d4cf2da3d0968f156af721d2808a204f9afd4016ea62679a4384f3061e27a3d29042b2f1bfcd90d6ee749cb0c1811a7442094f6a95a1b4f1b48c712f13b01c3e506a55e5e919cc334fbe92287f6f63b8d7b68dd5a7465eb5aa4f2f74e6864b07a2cb0787e7bcd83e8f095b2ff85c72b7c6243a7102c47c73cf72f1895a38b11482dd8cbaac8e2f3d5203a5453202566c969"}, @NL80211_ATTR_4ADDR={0x5, 0x53, 0x3}, @NL80211_ATTR_IE_ASSOC_RESP={0x73e, 0x80, "5e856c603ecfcffc560bdc37f136b7317f8459065b82f3a5797fb951311cde4c48f6520f2064310e448ec769b50ef6e28bbf325272aff20ff1dbf1b49062a4efedf71b6a3f169b4c608a8399a657784f057ddbafc7f9b340813b2ba03d6ab617433b21c1f3251c72677fb9dc176347eadd3a559f39a0b9aa88f49438996a106b87c5ab8e40cde110edd0707d73e025d83ede9e77e97f4cbd0d3e9be1691c9c31c046640d35bc2701b6308ab9913ee87ffa40b4cb1b05c0a3844af97a7389323ba3ac27874acd2e2d0918e4b3cffb3abe5303f8e9ee5fc133856b15c9389b132b430e593080856cc7e610f63777b722355319a1bdfe3d4f3960465b4ef41cb29e8197ac202846126ad510cbb707b2070441398376effc0b464c950990357f41b60eb70e82d6415d6c0dd97fc15ddd6a84761f30d034552fc556219c6d1f8de3167533ef0cf9043d1a1b6f5386f561688e76fdf19f71bf9d7ad5b0c1dfc1034fb8ea2efda052bbd996f1682dd163c899330ba1d5b173ea3af52aa2a9b58b3db10638971389442569517c421bac5c1e5a68fa452d24f617e740e46edd418d7be4c8ddbfb345281eecce158fff4068c7a2c03aff98663ca0d71f0fa535bdf4956c3471d47dbd330c5c6f16a173021c7883e20fa41aceadc472667d3979c62e0d243ee9831ff4c3fccda87d51782ddbe0df33bf3ab8b34bd0a0b48ef90131383b9d29dab2783359c1724b2282cd514430a92d075ff1218514a1b75ccc5f341cb82d33b5b9b8ff4472e5fcdbfe948e5760fca4f9b5c73aca9e7d549b266f224d6f26975c42caf8b3272a5000ab74bd9386564cf8751ea83089f84a534341812ce1d1c613e35d306f41bcf386b1e7b3157935ce3c4334592345615215abba5fed4215e1295eb0f516a4f97e84f20c5fc3821f3cc56bea853936345a2c6df6ac0e000e476016af6d3a926448cb6808839905cbe945b86e7a3edc5e6e0a41303dab1edfe6fc5cc18c8b58123f9ec8824c203c7f496fc774b75eecb7e463aad90c6c2de30aa7bb325b9c8ed45f37eeb6eda754e6631d88fa08740fbadbe71832e14a7712a07a2348ee6f73d156e518b3937021ba97698e7d93381965f6961cfc41db776c4dda2ee63ceeb442aacf417f2f2f56768036ada3a65e05a66a68f0c8cd296a8b40b253e548bf37666465915de6da6fa479b1feffc83503618a965bfa69da4525d7e4a59547ef43f3cd5b1ffb493433e6120097594d2c7a87088990421c32572f43864bc60b9a80b16e2c956d173d57c78c015a2fe54a45694fa0215f2beca6989570b577e38a765050ca80f4ec0e778e844551b5212dd80d3af88d47ca86e8beb6174359c036187250d7371294064452eb87d10d3476c64e3ce1477e0e89d243b8e18251b8ddc73e33277f56362bc796de4fd5df297383cfb8ce142f44698c1cc322d0cd232761ddd06be7599ba9ed384c9f128a848e4792e0fc1bd6a728dc552c6ce74cb19f95897b98091e19b95e597cf1f5fd9300601abfe44908ae3c5494600456a266a22bae23bbe01ea3ad099e4b7b6b07311860ebf45d66c2962177987e2b2931598aa84e840d63ad3e9984732c36d5c61b5b90fa5099ba53170161669bccb8979dbf117762071d1e9a7d2efb29f84e8691aa18d54d959bb7ba8763ef24cfcb53e20d759569fb14def3b242f3910b8f5da86c82c1a4930b0220cedf3da268a3812562e9cc93ecdf405d43bbb7fbf94c9d7c06976b88fb9197ffd61c267c4a38c723d96f45d22eeea74290a90e0923cb088aef11216ba01d2b6536390ef6f4ff431abbd7cc9b20d798c84a3475627c914b0cff85cfe7119b2404ba89d334a8619e16dda08630a97f67f6e4a826c4f3e09faa9e567aed2672168a479d69013723509921d4c052ad9b36b00222b7b1e8ff5f16765d07953ceec1691bbfa9186fc35977a4eab7d10d11f933b7dc0f020da9bc6a73f09ee5a00aa588b506d14e5a1c11b5cf9e3aca9119e9836d77e29d49705ff6a3657cdf53cfea4805096eae7cde9646c8107d3adef382912a2bdca022cf9488e56eff2cc5f57eb838d71ad736a0d64ceb60501cc48f543754b4f23e3ac1f0ae9fe9f155232ffc72b472ff3e47bf5738fdb806971d68a9d4569da928d6791d116943bfe5f48e1a93e8293e7fbe9baf93004062ebec950a3addc5be5447aa2070f3c812c52868a11fb108ea8da6d551822472d5a61f232f2a490c745b06b69515dc2cdc6877278df1c82860074744997c71dd89a16c7da84151dd7cb8d6174dc31df18d8f67dddf9f3c1fe6da82b6228678532d727c95896b56530c492bf947e7bf36cbb4ece3b9210f0d087be9595a5bfffd6b36eebf245fe70f82c24358af1216ea5d1e1399c826d802d7e6f4ebd70221528937bf71739851a355e9198410afa7b404dba1a189a409c3aa08c953281e3134f20d907233183dac0350adfcbc32dde6b0ead718a65598ba50bef7d15fb0c0164cf87342c97aa0af9cf78ccd510151d3059c33d423303746c178f4295c2a86ffadbafad281ccd6dcba490e1b431c16c2e5f5f7efb5d8191a6726f7c9cf835abf5cffa568c5e4db6804e4d9435258198ffad138b6"}, @NL80211_ATTR_STA_SUPPORTED_CHANNELS={0xc2, 0xbd, "93cdda6f8421fe0b561f691e9ad73184d34fce888e93482abf98e3de7b60d370b81a32089bea8cae6600a62ad4b181626bcdc2220c473b3e0da19a43f42a88b4aaca0f25884567753354d99dc935d1fc5b8804f9b179ea92a8054a6bfc5010b9e694f1d1e6d73d0bb94949ca4990b4c0e653024d5f28e7c52581da8e57fbbcc4ac73fbb5995e8512ec9ad4418118c5b7b185bd9c0ecf19931735fbe91e0efa5e6dbfb28cd117b04204c19b14cd7b579a2e56c702163cf6a0c85e8bce840f"}, @NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x3}]}, 0x914}, 0x1, 0x0, 0x0, 0x4000000}, 0x24000000)
sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x18, r3, 0x300, 0x70bd27, 0x25dfdbfd, {}, [@NL80211_ATTR_MLO_SUPPORT={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x14}, 0x4000c40)
executing program 6:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xc, 0x800008000)
close_range$auto(0x2, 0x8, 0x0) (async)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x2, 0x88) (async)
r0 = socket(0xa, 0x2, 0x88)
fanotify_init$auto(0x5, 0x0)
fanotify_mark$auto(r0, 0x205, 0xa, 0x4, 0x0)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) (async)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0)
ioctl$auto(0x3, 0x541b, 0x10000000000402)
executing program 2:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/lapb0/carrier_changes\x00', 0xc2481, 0x0)
write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop5\x00', 0x208080, 0x0)
getxattrat$auto(0xffffffffffffffff, 0x0, 0x4000001, 0x0, 0x0, 0xbb1)
r1 = openat$auto_bsg_fops_bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg/1:0:0:0\x00', 0x208002, 0x0)
ioctl$auto_SG_GET_RESERVED_SIZE(r1, 0x401870cb, 0x0)
executing program 1:
r0 = socket(0x1a, 0x80000, 0x8005)
socket(0x2, 0x6, 0x0) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000) (async)
shutdown$auto(0x200000003, 0x2)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x300, 0x0) (async)
mmap$auto(0x0, 0x400008, 0xff09, 0x9b72, 0xffffffffffffffff, 0x8000) (async)
read$auto(0x3, 0x0, 0x80)
setsockopt$auto(r0, 0x1, 0x9, &(0x7f0000000000)='\'-+\x00\x10\xa4#\x92`\xdb\xafL\x0f\xfbUV\xa6KH]Cv\xbf\xf2a\v', 0xeb66) (async)
bind$auto(0x3, &(0x7f0000000140), 0x6c)
executing program 6:
r0 = socket(0x10, 0x2, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x14, 0x0, 0x200, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4c894}, 0x24008000)
sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x4000804)
lstat$auto(0x0, &(0x7f0000000180)={0x12, 0x94, 0x3, 0xfffffffe, <r1=>0x0, 0x0, 0x0, 0x1000000006, 0x7, 0x7fffffffffffffff, 0x4, 0x7fefffff, 0x42, 0x7, 0x1, 0x64, 0x40000104})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x89fc, &(0x7f0000000040)={'bridge0\x00'})
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB='\rV'], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x200000c4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0xc000}, 0xc814)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0)
r4 = socket(0xa, 0x2, 0x3a)
setsockopt$auto(r4, 0x29, 0x4e, 0x0, 0x7)
ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYRESOCT=r0, @ANYRES32=r1], 0x1ac}, 0x1, 0x0, 0x0, 0x4001854}, 0x98014)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
executing program 2:
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0)
r0 = socket(0xa, 0x2, 0x3a)
setsockopt$auto(r0, 0x29, 0x11, &(0x7f0000000080)='\x15\x00\x00\x00\xf3\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\x8a\xfbM\xf6\xf8,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"tH%\x01\x17\r\x92\xf4\xf0\x01\rNK\xfd\xf3\r\xa7\x17\xa0\xa7M\xdb\xcc\xe1W\xb5(3\xa9D\n\xbf\xceRs\x1e', 0x400)
socket(0xa, 0x1, 0x84)
mremap$auto(0x110c230000, 0x4, 0x4, 0x7, 0x100000000)
mmap$auto(0x0, 0x6, 0xdb, 0x9b72, 0x5, 0x8000)
setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0xc)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0x200007, 0x19)
ioctl$auto(0x3, 0x5453, 0xffffffffffffffff)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/ip_vs_app\x00', 0xc80, 0x0)
lseek$auto(0x3, 0x7fffffffffffffff, 0x1)
write$auto(0x3, 0x0, 0xfdef)
executing program 1:
r0 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0)
write$auto_fuse_dev_operations_fuse_i(r0, &(0x7f0000000440)="110000000300"/17, 0x11)
executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd7000f9dbdf250100000006000200000000000500070004000011080009000100000008000a002b0000fc14001f0000000000000000000000ffff7f00000114002000"], 0x64}, 0x1, 0x0, 0x0, 0x40000}, 0x400c004)
executing program 1:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
prctl$auto(0x10000000024, 0x2, 0x2008, 0x4000000c, 0x7fffd)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x0)
r0 = prctl$auto(0x10000000024, 0x2, 0x2008, 0x4000000c, 0x80001)
openat$auto_short_retry_limit_ops_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy0/short_retry_limit\x00', 0x8200, 0x0)
openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/mountinfo\x00', 0x42100, 0x0)
read$auto_vmwgfx_driver_fops_vmwgfx_drv(r0, &(0x7f00000000c0)=""/184, 0xb8)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket(0xa, 0x3, 0x100)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
io_uring_setup$auto(0x1, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
fcntl$auto(0x8000000000000001, 0x26, 0x8)
fcntl$auto(r1, 0x7, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x3, 0xa)
eventfd$auto(0x3)
pipe$auto(0x0)
sched_get_priority_max$auto(0x9)
r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyd9\x00', 0x0, 0x0)
ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0)
ioctl$auto_TCFLSH2(r2, 0x800455cc, 0x0)
executing program 2:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x2020009, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000)
name_to_handle_at$auto(0xffffffffffffffff, &(0x7f0000000700)='/proc/thread-self/cmdline\x00', 0x0, 0x0, 0x200)
getrandom$auto(0x0, 0x6000000, 0x3)
madvise$auto(0x0, 0xf663, 0x15)
close_range$auto(0x2, 0x8000, 0x0)
mkdir$auto(&(0x7f0000000040)='./file0\x00', 0x2)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x8000, 0x70)
mknodat$auto(r0, &(0x7f00000003c0)='./file0\x00', 0xfff, 0xfffffff8)
renameat2$auto(r0, &(0x7f0000000200)='./file0\x00', r0, &(0x7f0000000240)='./file1\x00', 0x1)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x8000, 0x70)
mkdir$auto(&(0x7f0000000000)='./file0/file0\x00', 0x3)
renameat2$auto(r1, &(0x7f0000000200)='./file0\x00', r1, &(0x7f0000000240)='./file1\x00', 0x2)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8000, 0x0)
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}})
io_uring_enter$auto(r2, 0x9, 0x820e, 0x29, 0x0, 0x18)
executing program 1:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffa, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000d40), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[], 0x14}}, 0x4000000)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer\x00', 0xc8c02, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000)
madvise$auto(0x9, 0xdd, 0x17)
prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0)
r1 = prctl$auto(0x43, 0x0, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[@ANYRES32=r0, @ANYBLOB="712b738fa1868b61828c4edf70835ba590a23c42b164ed528cc9775a3bb89199f0b13cf225fa2a3a283f28371dd6bf97a0577c6c917409ac137621de47b61a1edd3654a8cd230deef92baec70515ef96aa714c66e670694dc010c3abf539ed7d78b6dd764235d81a0f1ef6dd0651536df9a95ca5452a11c348a3f0419fb9b1a4ac3f1847ccafd5e62bb96377c84adda4a5cf58d6cf0c12e2b3", @ANYRES16=r1], 0x30}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800)
sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="db002cbd7000fbdbdf250af4"], 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810)
r2 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0)
write$auto_fuse_dev_operations_fuse_i(r2, &(0x7f0000000440)="110000000700000000000000000000f400", 0x11)
close_range$auto(0x2, 0xa, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0)
r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0)
mmap$auto(0x0, 0x2020009, 0x2, 0x8000000000000011, 0xfffffffffffffffa, 0x1000000000008000)
read$auto(r3, 0x0, 0xb4d3)
write$auto(0x3, 0x0, 0x2)
write$auto(0x3, 0x0, 0xffd8)
timer_create$auto(0x3, 0x0, &(0x7f0000000140)=0x6)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @private=0xa010100}, 0x6a)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
socket(0x2, 0x5, 0x0)
executing program 6:
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x5, 0x0)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x8000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000300)={{0x0, 0x17, &(0x7f0000000040)={&(0x7f00000003c0), 0x1}, 0xcf, 0x0, 0x1, 0x100}, 0x9}, 0x900000, 0x8, 0x0)
getrandom$auto(0x0, 0x6000000, 0x3)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
r0 = io_uring_setup$auto(0x6, 0x0)
close_range$auto(0x2, 0x8, 0x0)
close_range$auto(0x2, 0xa, 0x0)
r1 = socket(0xa, 0x2, 0x0)
r2 = socket(0xa, 0x3, 0xff)
connect$auto(r2, &(0x7f00000018c0)=@generic={0xa}, 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x1ffff000, 0x7, 0x100000000)
mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2)
shmget$auto(0x8, 0x10563, 0x568d1af2)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
r3 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000040), r1)
getpgid$auto(0x0)
getpgid$auto(0x0)
sendmsg$auto_IPVS_CMD_SET_CONFIG(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="200025bd7000fddbdf250c0000000800060005000000c90203800ae556ea96b6aac20a2df353bb08ecd46a7f933d1b2db8ce9af498e5ff3a90bfe88cc0b1e2e58b0f02ef589c88720e1e867e4da84e9bd27e4e7c2e138ed9b259006d0495ac1d03abe76afce408df49a9a4d2c79e8416718b6ea62d96bfe4d485b5898da01e69d213069313429fe114911f46d2480f5c0057801400cf00fc0200000000000000000000000000011400a30020010000000000000000000000000002040053800baa9962d832bfc7a1598f73f290676159d5d963f0ef3f3694e8c4769e09a76a5681c9ac27bac987157191375b4616330f58eec7166fdb5686acea5e1073d07a6eb7b91e3eb3ad97fb23c2aa1e37e9c9253c0115d7c961fed3edb90a3043132ec20bdf79be7ae10344c3f520acf5783d0eb3c0e11c56c454f6919da28e35da492fd3bd376918d0d1db7541fe3db6ce2b222834198cbee80a7b8b144af6a3fea938b06a01046b00b17c01cfd1230a8c25de9c6f31e39a6bcfad2f409551b2465a4c1003d3a46dc8740e9d4e1794644249f256fb7ba7b4475e04825ebcdadeb3d0824157cddbcb471d53880652048b58569b6e4c33ce64cb48ab36673752d6980118e2b398045597a158fb9fcc22e5ba4cdb205e8980f4ca5620bc9270655998e15fd4623e70d35bb1c3c2d4386f44f98217d65dc1b99d0995bb4e2f1eecf67e42a1d61f4e23ea7292fa8f0b334f8861a5905219476eac17430e2a6298df7834dd39fea33d5140246b3c8cede37cc5d84006fce1b686f9aa64fbd490f5bdb6e8810fecef991664c54e804cd59dc1e3ce75bb3e4f7e12a5b3c9a7022868b3de8ec536b30525e4728d360702f8d5b0e5ddfdaefc630b8e9dcec51b6492186a79401903db258e75a34ca1c0f85639b3bdb06d35b5d22055894e299d6260a47e11406008a472f6a9725b9fef7c39d86f448a815b8fe22729001580dc641df00c5037ab80751ccffa98cf32a2937c8ff7aa7c751f859c9c5dba646cfa7737c23e000000000000a400028097009280d4ad4d603c22496113937a8eaa783c1c540b4fee3e91dd97e7e7c707d5c6824da6f81cd4ccfaa1e0192047d92a084580d8d3dcec9e0e1f05aaec27e0061c3bc62f4e2956b774100f323c35da387294d9002cdfc7442311ac9be9543f563477c79fa349fab57e1367f10dbcd33bf486e3e1c04b1bec3231ac4c345e364b8096f1b0b51235e4aa6a8610394439291a753b17c79a0008000f00ac1414bb"], 0x38c}}, 0x4c0a4)
shmctl$auto(0x0, 0x0, 0xfffffffffffffffd)
lsm_set_self_attr$auto(0x1, 0x0, 0x80, 0x0)
io_setup$auto(0x1, 0x0)
close_range$auto(0x2, 0x8000, 0x0)
executing program 2:
ioperm$auto(0xefdd, 0x4, 0xfffffffa)
fsconfig$auto(0xffffffffffffffff, 0x4, 0x0, 0x0, 0x0)
r0 = openat$auto_ctl_device_fops_user(0xffffffffffffff9c, &(0x7f0000000100), 0x20082, 0x0)
mmap$auto(0x0, 0x8, 0xdc, 0x9b72, 0x2, 0x8000)
r1 = socket(0x15, 0x5, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
close_range$auto(0x2, 0x8, 0x0)
r2 = socket(0x10, 0x2, 0x4)
sendmsg$auto_SEG6_CMD_SETHMAC(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="0181"], 0x1c}, 0x1, 0x0, 0x0, 0x40012}, 0x24000090)
r3 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='Z'], 0x1ac}}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
setsockopt$auto(r1, 0x114, 0x8, 0x0, 0x4)
close_range$auto(0x2, 0x8, 0x0)
write$auto_ctl_device_fops_user(r0, &(0x7f0000000000)="a504ff4c280e43904055ceb3bc98cf2af453126b06d1f8b678ad4700b35e33bf24e0c6269dd4fcfeafaacd781a02e63a0f9cf51e53fd5433203e1a4531a69c151e3714d2418d3a55d79a114e8309e48778a229eef16577bd021ce7b48a29a4e1c32f5f0c3393287d", 0x68)
executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd7000f9dbdf250100000006000200000000000500070004000011080009000100000008000a002b00006014001f0000000000000000000000ffff7f00000114002000"], 0x64}, 0x1, 0x0, 0x0, 0x40000}, 0x400c004)
executing program 2:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000)
unshare$auto(0x40000080)
r0 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154)
r1 = fcntl$auto(r0, 0x400, 0x1)
execve$auto(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x6, 0xfdb, 0xfffffffffffffffa, 0x8000)
socketpair$auto(0x1, 0x5, 0x4, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket(0x2b, 0x1, 0x1)
listen$auto(r3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
setsockopt$auto(0x3, 0x6, 0x1, 0x0, 0x4)
r4 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$auto_TIPC_NL_MEDIA_GET(r2, &(0x7f0000001c00)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r4, @ANYBLOB="60883ebed100879e9dd1cca41069c7eb2906fb1a5f223173662e657f277be7cfa3d012c2ed81402ea0edd2ca0c", @ANYRESOCT=r1, @ANYRES32=r4], 0x20}}, 0x2000c880)
ioctl$auto(0x3, 0x89e0, 0x38)
close_range$auto(0x2, 0x8, 0x0)
truncate$auto(&(0x7f0000000000)='./file0\x00', 0x3f2ec021)
socket(0xa, 0x3, 0x3a)
openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0xb00, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_vhost_net_fops_net(0xffffffffffffff9c, 0x0, 0x214102, 0x0)
msgrcv$auto(0x1ff, 0xfffffffffffffffd, 0x1fffffffffffffc, 0x10, 0xdf66)
mmap$auto(0x0, 0x4020008, 0xdf, 0xeb1, 0x401, 0x8000)
set_mempolicy$auto(0x4005, &(0x7f0000000000)=0x1, 0x4)
r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0)
read$auto(r5, 0x0, 0x20)
r6 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
kexec_load$auto(0x880b, 0x2, 0x0, 0x4)
writev$auto(r6, &(0x7f0000000200)={0x0, 0x7}, 0x3)
select$auto(0x804, 0x0, &(0x7f0000000100)={[0x9, 0x0, 0x0, 0x80000300, 0x1, 0x4, 0x9, 0x3, 0x81, 0x10000005e58296b, 0x1e, 0x9, 0x7ff, 0x200, 0x20000000008, 0x4000000000006]}, 0x0, 0x0)
executing program 1:
semctl$auto(0x0, 0x9, 0x0, 0x2)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)
executing program 0:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, 0x0, 0x2, 0x0)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x4c440, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000002500), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/dynamic_debug/control\x00', 0x80040, 0x0)
r3 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff)
r4 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/scsi/sg/version\x00', 0x280, 0x0)
read$auto_proc_single_file_operations_base(r4, &(0x7f0000000080)=""/162, 0xa2)
sendmsg$auto_OVS_DP_CMD_NEW(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010026bd7020f8dbdf250100000008000200", @ANYRES32=0x4, @ANYBLOB="080001004866520100001e00", @ANYRES32=0x9, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x80)
syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_OVS_DP_CMD_DEL(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x20040011}, 0x20000000)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000500)={'gretap0\x00', <r7=>0x0})
socket(0xa, 0x23af690fef30229, 0x9)
r8 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f00000000c0), r0)
sendmsg$auto_IPVS_CMD_SET_DEST(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f0000000540)={0x2a8, r8, 0x4, 0x70bd25, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x294, 0x1, 0x0, 0x1, [@typed={0xc, 0x7a, 0x0, 0x0, @u64=0x2}, @typed={0x7, 0x13b, 0x0, 0x0, @str='!\\\x00'}, @nested={0x24, 0x13c, 0x0, 0x1, [@typed={0x14, 0x2a, 0x0, 0x0, @ipv6=@private0}, @typed={0x8, 0x53, 0x0, 0x0, @ipv4=@multicast2}, @typed={0x4, 0x11e}]}, @nested={0x8f, 0x14a, 0x0, 0x1, [@generic="c7f56f4a18a893f672bbfedceb336607cb6d05b577868e28c3489445cceba01fbf0fd99f7b947a041419e6bd79d8a20c3f45203a9b5376dc395e4c33f6427566c5876b5b23842788b76056086192391eaaf7e9016477189e5e80ebfbd6663c16a41fe40f7fc32f5291e20e99a24db43924ac127e", @nested={0x4, 0xf4}, @generic="d0ae637828845a", @typed={0x8, 0x56, 0x0, 0x0, @ipv4=@local}, @nested={0x4, 0x3adf}]}, @generic="b45032ae25a12d7f18fe71e556d472443d66eefeac11565013408c7da1c7fb44e16a63ff63842fbe427cbe018f8515a7a229f8c2b1a188156385f8c2a59c270b50d651f4e57213187d67b8e23eefafdbadaa7434", @typed={0x8, 0x64, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x21}}, @typed={0x14, 0x10d, 0x0, 0x0, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}}, @typed={0x14, 0x7d, 0x0, 0x0, @ipv6=@local}, @nested={0x30, 0xb6, 0x0, 0x1, [@nested={0x4, 0x11d}, @typed={0x5, 0xe0, 0x0, 0x0, @str='\x00'}, @nested={0x4, 0x12c}, @typed={0x8, 0x64, 0x0, 0x0, @u32=0x8cb5}, @nested={0x4, 0xbe}, @typed={0xc, 0xa9, 0x0, 0x0, @str='gretap0\x00'}, @nested={0x4, 0x31}]}, @nested={0x112, 0x34, 0x0, 0x1, [@generic="e00fdc88255e98ea2db1d78b84c6632ebbf6330216eabb0f4b298d65f8004ad3ee36a8101a6b2db3f40e74517ea7f504c16c0e4525936bac2c2e8f2b530ae929afd46d10f69e85b88322b1dd2676beb147363c3aa1f2057cd85037ce1a2d", @typed={0xc, 0x7c, 0x0, 0x0, @u64=0x8}, @generic="b370076313997f5c7e2abf12e9c7e235a40136f105faf5e073c3924772b54dc11a63", @nested={0x4, 0xaa}, @generic="d25cbdbb692329cbaf711e65a9eb240f0d239273c16660a6ce7ae0431ea6641c5a5c66fb66855aeb6eb2ad9996976739d43d05749cd6d5acdab03263c659c19fa3bb3b6db4c3a781a90d9f8b15c48ab3d68db4ccd87a4fa2ee2574f7a8b8", @generic="d3eb3b90551508cd87f774852ec097a521c83cbf94e62526141767e0a345809e"]}]}]}, 0x2a8}, 0x1, 0x0, 0x0, 0x8000}, 0x40044015)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x2e01, 0x0)
sendmsg$auto_BATADV_CMD_SET_MESH(0xffffffffffffffff, 0x0, 0x140080e4)
ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0)
r9 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, 0x0, 0x2802, 0x0)
ioctl$auto__ctl_fops_dm_ioctl(r9, 0xfffffff7effffd05, &(0x7f00000001c0))
sendmsg$auto_OVS_DP_CMD_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x28, r1, 0x5, 0x70bd29, 0x25dfdbfc, {}, [@OVS_DP_ATTR_IFINDEX={0x8, 0x9, r7}, @OVS_DP_ATTR_NAME={0xb, 0x1, '.\x02:\xb6-$\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000c000}, 0x4000024)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
write$auto(0x3, 0x0, 0x100082)
executing program 1:
statmount$auto(0x0, &(0x7f0000000380)={0x8, 0xa, 0x1ff, 0xcc, 0x8, 0x4909b6f8, 0x1ffdf, 0x9, 0x9, 0x7, 0xa121, 0x3, 0x0, 0x8004, 0x3, 0xa, 0x2, 0x10001, 0x2, 0x100000000, 0xe, 0x7, 0x2100, 0x200, 0x0, 0x84, [0x4000000000, 0x8, 0x0, 0x50100000000000, 0x9, 0x4000002000, 0x0, 0x6, 0x70624ce7, 0xff, 0x4, 0xffffffffffffffff, 0x0, 0x80004, 0xb, 0x801, 0xffffffffffffbfff, 0xf31, 0xf7fffffffffffffe, 0x0, 0xffffffffffffffff, 0x0, 0x10000000004, 0x2000000000000000, 0x0, 0x4, 0x400000000005b8, 0xc, 0x0, 0x0, 0x8000000000000001, 0x6, 0xfffffffbfffffffc, 0x88e, 0x8000000000008, 0xfffffffffffffffb, 0x9, 0xa38, 0x6, 0x3, 0xffffffffffffffed, 0x8, 0x4000000000, 0x7]}, 0x1fe, 0xe)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x20081, 0x0)
write$auto(r0, &(0x7f0000000000)='/\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x01', 0x7fe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/3
testing program (duration=1m43s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [15, 13, 2, 3, 30, 17, 30, 30, 16, 3, 30, 1, 30, 30, 3]
detailed listing:
executing program 6:
r0 = socket(0x10, 0x2, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x14, 0x0, 0x200, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4c894}, 0x24008000)
sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x4000804)
lstat$auto(0x0, &(0x7f0000000180)={0x12, 0x94, 0x3, 0xfffffffe, <r1=>0x0, 0x0, 0x0, 0x1000000006, 0x7, 0x7fffffffffffffff, 0x4, 0x7fefffff, 0x42, 0x7, 0x1, 0x64, 0x40000104})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x89fc, &(0x7f0000000040)={'bridge0\x00'})
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB='\rV'], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x200000c4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0xc000}, 0xc814)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0)
r4 = socket(0xa, 0x2, 0x3a)
setsockopt$auto(r4, 0x29, 0x4e, 0x0, 0x7)
ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYRESOCT=r0, @ANYRES32=r1], 0x1ac}, 0x1, 0x0, 0x0, 0x4001854}, 0x98014)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
executing program 2:
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0)
r0 = socket(0xa, 0x2, 0x3a)
setsockopt$auto(r0, 0x29, 0x11, &(0x7f0000000080)='\x15\x00\x00\x00\xf3\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\x8a\xfbM\xf6\xf8,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"tH%\x01\x17\r\x92\xf4\xf0\x01\rNK\xfd\xf3\r\xa7\x17\xa0\xa7M\xdb\xcc\xe1W\xb5(3\xa9D\n\xbf\xceRs\x1e', 0x400)
socket(0xa, 0x1, 0x84)
mremap$auto(0x110c230000, 0x4, 0x4, 0x7, 0x100000000)
mmap$auto(0x0, 0x6, 0xdb, 0x9b72, 0x5, 0x8000)
setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0xc)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0x200007, 0x19)
ioctl$auto(0x3, 0x5453, 0xffffffffffffffff)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/ip_vs_app\x00', 0xc80, 0x0)
lseek$auto(0x3, 0x7fffffffffffffff, 0x1)
write$auto(0x3, 0x0, 0xfdef)
executing program 1:
r0 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0)
write$auto_fuse_dev_operations_fuse_i(r0, &(0x7f0000000440)="110000000300"/17, 0x11)
executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd7000f9dbdf250100000006000200000000000500070004000011080009000100000008000a002b0000fc14001f0000000000000000000000ffff7f00000114002000"], 0x64}, 0x1, 0x0, 0x0, 0x40000}, 0x400c004)
executing program 1:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
prctl$auto(0x10000000024, 0x2, 0x2008, 0x4000000c, 0x7fffd)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x0)
r0 = prctl$auto(0x10000000024, 0x2, 0x2008, 0x4000000c, 0x80001)
openat$auto_short_retry_limit_ops_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy0/short_retry_limit\x00', 0x8200, 0x0)
openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/mountinfo\x00', 0x42100, 0x0)
read$auto_vmwgfx_driver_fops_vmwgfx_drv(r0, &(0x7f00000000c0)=""/184, 0xb8)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket(0xa, 0x3, 0x100)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
io_uring_setup$auto(0x1, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
fcntl$auto(0x8000000000000001, 0x26, 0x8)
fcntl$auto(r1, 0x7, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x3, 0xa)
eventfd$auto(0x3)
pipe$auto(0x0)
sched_get_priority_max$auto(0x9)
r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyd9\x00', 0x0, 0x0)
ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0)
ioctl$auto_TCFLSH2(r2, 0x800455cc, 0x0)
executing program 2:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x2020009, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000)
name_to_handle_at$auto(0xffffffffffffffff, &(0x7f0000000700)='/proc/thread-self/cmdline\x00', 0x0, 0x0, 0x200)
getrandom$auto(0x0, 0x6000000, 0x3)
madvise$auto(0x0, 0xf663, 0x15)
close_range$auto(0x2, 0x8000, 0x0)
mkdir$auto(&(0x7f0000000040)='./file0\x00', 0x2)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x8000, 0x70)
mknodat$auto(r0, &(0x7f00000003c0)='./file0\x00', 0xfff, 0xfffffff8)
renameat2$auto(r0, &(0x7f0000000200)='./file0\x00', r0, &(0x7f0000000240)='./file1\x00', 0x1)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x8000, 0x70)
mkdir$auto(&(0x7f0000000000)='./file0/file0\x00', 0x3)
renameat2$auto(r1, &(0x7f0000000200)='./file0\x00', r1, &(0x7f0000000240)='./file1\x00', 0x2)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8000, 0x0)
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}})
io_uring_enter$auto(r2, 0x9, 0x820e, 0x29, 0x0, 0x18)
executing program 1:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffa, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000d40), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[], 0x14}}, 0x4000000)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer\x00', 0xc8c02, 0x0)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000)
madvise$auto(0x9, 0xdd, 0x17)
prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0)
r1 = prctl$auto(0x43, 0x0, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[@ANYRES32=r0, @ANYBLOB="712b738fa1868b61828c4edf70835ba590a23c42b164ed528cc9775a3bb89199f0b13cf225fa2a3a283f28371dd6bf97a0577c6c917409ac137621de47b61a1edd3654a8cd230deef92baec70515ef96aa714c66e670694dc010c3abf539ed7d78b6dd764235d81a0f1ef6dd0651536df9a95ca5452a11c348a3f0419fb9b1a4ac3f1847ccafd5e62bb96377c84adda4a5cf58d6cf0c12e2b3", @ANYRES16=r1], 0x30}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800)
sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="db002cbd7000fbdbdf250af4"], 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810)
r2 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0)
write$auto_fuse_dev_operations_fuse_i(r2, &(0x7f0000000440)="110000000700000000000000000000f400", 0x11)
close_range$auto(0x2, 0xa, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0)
r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0)
mmap$auto(0x0, 0x2020009, 0x2, 0x8000000000000011, 0xfffffffffffffffa, 0x1000000000008000)
read$auto(r3, 0x0, 0xb4d3)
write$auto(0x3, 0x0, 0x2)
write$auto(0x3, 0x0, 0xffd8)
timer_create$auto(0x3, 0x0, &(0x7f0000000140)=0x6)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @private=0xa010100}, 0x6a)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
socket(0x2, 0x5, 0x0)
executing program 6:
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x5, 0x0)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x8000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000300)={{0x0, 0x17, &(0x7f0000000040)={&(0x7f00000003c0), 0x1}, 0xcf, 0x0, 0x1, 0x100}, 0x9}, 0x900000, 0x8, 0x0)
getrandom$auto(0x0, 0x6000000, 0x3)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
r0 = io_uring_setup$auto(0x6, 0x0)
close_range$auto(0x2, 0x8, 0x0)
close_range$auto(0x2, 0xa, 0x0)
r1 = socket(0xa, 0x2, 0x0)
r2 = socket(0xa, 0x3, 0xff)
connect$auto(r2, &(0x7f00000018c0)=@generic={0xa}, 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x1ffff000, 0x7, 0x100000000)
mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2)
shmget$auto(0x8, 0x10563, 0x568d1af2)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
r3 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000040), r1)
getpgid$auto(0x0)
getpgid$auto(0x0)
sendmsg$auto_IPVS_CMD_SET_CONFIG(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="200025bd7000fddbdf250c0000000800060005000000c90203800ae556ea96b6aac20a2df353bb08ecd46a7f933d1b2db8ce9af498e5ff3a90bfe88cc0b1e2e58b0f02ef589c88720e1e867e4da84e9bd27e4e7c2e138ed9b259006d0495ac1d03abe76afce408df49a9a4d2c79e8416718b6ea62d96bfe4d485b5898da01e69d213069313429fe114911f46d2480f5c0057801400cf00fc0200000000000000000000000000011400a30020010000000000000000000000000002040053800baa9962d832bfc7a1598f73f290676159d5d963f0ef3f3694e8c4769e09a76a5681c9ac27bac987157191375b4616330f58eec7166fdb5686acea5e1073d07a6eb7b91e3eb3ad97fb23c2aa1e37e9c9253c0115d7c961fed3edb90a3043132ec20bdf79be7ae10344c3f520acf5783d0eb3c0e11c56c454f6919da28e35da492fd3bd376918d0d1db7541fe3db6ce2b222834198cbee80a7b8b144af6a3fea938b06a01046b00b17c01cfd1230a8c25de9c6f31e39a6bcfad2f409551b2465a4c1003d3a46dc8740e9d4e1794644249f256fb7ba7b4475e04825ebcdadeb3d0824157cddbcb471d53880652048b58569b6e4c33ce64cb48ab36673752d6980118e2b398045597a158fb9fcc22e5ba4cdb205e8980f4ca5620bc9270655998e15fd4623e70d35bb1c3c2d4386f44f98217d65dc1b99d0995bb4e2f1eecf67e42a1d61f4e23ea7292fa8f0b334f8861a5905219476eac17430e2a6298df7834dd39fea33d5140246b3c8cede37cc5d84006fce1b686f9aa64fbd490f5bdb6e8810fecef991664c54e804cd59dc1e3ce75bb3e4f7e12a5b3c9a7022868b3de8ec536b30525e4728d360702f8d5b0e5ddfdaefc630b8e9dcec51b6492186a79401903db258e75a34ca1c0f85639b3bdb06d35b5d22055894e299d6260a47e11406008a472f6a9725b9fef7c39d86f448a815b8fe22729001580dc641df00c5037ab80751ccffa98cf32a2937c8ff7aa7c751f859c9c5dba646cfa7737c23e000000000000a400028097009280d4ad4d603c22496113937a8eaa783c1c540b4fee3e91dd97e7e7c707d5c6824da6f81cd4ccfaa1e0192047d92a084580d8d3dcec9e0e1f05aaec27e0061c3bc62f4e2956b774100f323c35da387294d9002cdfc7442311ac9be9543f563477c79fa349fab57e1367f10dbcd33bf486e3e1c04b1bec3231ac4c345e364b8096f1b0b51235e4aa6a8610394439291a753b17c79a0008000f00ac1414bb"], 0x38c}}, 0x4c0a4)
shmctl$auto(0x0, 0x0, 0xfffffffffffffffd)
lsm_set_self_attr$auto(0x1, 0x0, 0x80, 0x0)
io_setup$auto(0x1, 0x0)
close_range$auto(0x2, 0x8000, 0x0)
executing program 2:
ioperm$auto(0xefdd, 0x4, 0xfffffffa)
fsconfig$auto(0xffffffffffffffff, 0x4, 0x0, 0x0, 0x0)
r0 = openat$auto_ctl_device_fops_user(0xffffffffffffff9c, &(0x7f0000000100), 0x20082, 0x0)
mmap$auto(0x0, 0x8, 0xdc, 0x9b72, 0x2, 0x8000)
r1 = socket(0x15, 0x5, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
close_range$auto(0x2, 0x8, 0x0)
r2 = socket(0x10, 0x2, 0x4)
sendmsg$auto_SEG6_CMD_SETHMAC(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="0181"], 0x1c}, 0x1, 0x0, 0x0, 0x40012}, 0x24000090)
r3 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='Z'], 0x1ac}}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
setsockopt$auto(r1, 0x114, 0x8, 0x0, 0x4)
close_range$auto(0x2, 0x8, 0x0)
write$auto_ctl_device_fops_user(r0, &(0x7f0000000000)="a504ff4c280e43904055ceb3bc98cf2af453126b06d1f8b678ad4700b35e33bf24e0c6269dd4fcfeafaacd781a02e63a0f9cf51e53fd5433203e1a4531a69c151e3714d2418d3a55d79a114e8309e48778a229eef16577bd021ce7b48a29a4e1c32f5f0c3393287d", 0x68)
executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd7000f9dbdf250100000006000200000000000500070004000011080009000100000008000a002b00006014001f0000000000000000000000ffff7f00000114002000"], 0x64}, 0x1, 0x0, 0x0, 0x40000}, 0x400c004)
executing program 2:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000)
unshare$auto(0x40000080)
r0 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154)
r1 = fcntl$auto(r0, 0x400, 0x1)
execve$auto(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x6, 0xfdb, 0xfffffffffffffffa, 0x8000)
socketpair$auto(0x1, 0x5, 0x4, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket(0x2b, 0x1, 0x1)
listen$auto(r3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
setsockopt$auto(0x3, 0x6, 0x1, 0x0, 0x4)
r4 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$auto_TIPC_NL_MEDIA_GET(r2, &(0x7f0000001c00)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r4, @ANYBLOB="60883ebed100879e9dd1cca41069c7eb2906fb1a5f223173662e657f277be7cfa3d012c2ed81402ea0edd2ca0c", @ANYRESOCT=r1, @ANYRES32=r4], 0x20}}, 0x2000c880)
ioctl$auto(0x3, 0x89e0, 0x38)
close_range$auto(0x2, 0x8, 0x0)
truncate$auto(&(0x7f0000000000)='./file0\x00', 0x3f2ec021)
socket(0xa, 0x3, 0x3a)
openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0xb00, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_vhost_net_fops_net(0xffffffffffffff9c, 0x0, 0x214102, 0x0)
msgrcv$auto(0x1ff, 0xfffffffffffffffd, 0x1fffffffffffffc, 0x10, 0xdf66)
mmap$auto(0x0, 0x4020008, 0xdf, 0xeb1, 0x401, 0x8000)
set_mempolicy$auto(0x4005, &(0x7f0000000000)=0x1, 0x4)
r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0)
read$auto(r5, 0x0, 0x20)
r6 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
kexec_load$auto(0x880b, 0x2, 0x0, 0x4)
writev$auto(r6, &(0x7f0000000200)={0x0, 0x7}, 0x3)
select$auto(0x804, 0x0, &(0x7f0000000100)={[0x9, 0x0, 0x0, 0x80000300, 0x1, 0x4, 0x9, 0x3, 0x81, 0x10000005e58296b, 0x1e, 0x9, 0x7ff, 0x200, 0x20000000008, 0x4000000000006]}, 0x0, 0x0)
executing program 1:
semctl$auto(0x0, 0x9, 0x0, 0x2)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)
executing program 0:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, 0x0, 0x2, 0x0)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x4c440, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000002500), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/dynamic_debug/control\x00', 0x80040, 0x0)
r3 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff)
r4 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/scsi/sg/version\x00', 0x280, 0x0)
read$auto_proc_single_file_operations_base(r4, &(0x7f0000000080)=""/162, 0xa2)
sendmsg$auto_OVS_DP_CMD_NEW(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010026bd7020f8dbdf250100000008000200", @ANYRES32=0x4, @ANYBLOB="080001004866520100001e00", @ANYRES32=0x9, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x80)
syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_OVS_DP_CMD_DEL(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x20040011}, 0x20000000)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000500)={'gretap0\x00', <r7=>0x0})
socket(0xa, 0x23af690fef30229, 0x9)
r8 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f00000000c0), r0)
sendmsg$auto_IPVS_CMD_SET_DEST(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f0000000540)={0x2a8, r8, 0x4, 0x70bd25, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x294, 0x1, 0x0, 0x1, [@typed={0xc, 0x7a, 0x0, 0x0, @u64=0x2}, @typed={0x7, 0x13b, 0x0, 0x0, @str='!\\\x00'}, @nested={0x24, 0x13c, 0x0, 0x1, [@typed={0x14, 0x2a, 0x0, 0x0, @ipv6=@private0}, @typed={0x8, 0x53, 0x0, 0x0, @ipv4=@multicast2}, @typed={0x4, 0x11e}]}, @nested={0x8f, 0x14a, 0x0, 0x1, [@generic="c7f56f4a18a893f672bbfedceb336607cb6d05b577868e28c3489445cceba01fbf0fd99f7b947a041419e6bd79d8a20c3f45203a9b5376dc395e4c33f6427566c5876b5b23842788b76056086192391eaaf7e9016477189e5e80ebfbd6663c16a41fe40f7fc32f5291e20e99a24db43924ac127e", @nested={0x4, 0xf4}, @generic="d0ae637828845a", @typed={0x8, 0x56, 0x0, 0x0, @ipv4=@local}, @nested={0x4, 0x3adf}]}, @generic="b45032ae25a12d7f18fe71e556d472443d66eefeac11565013408c7da1c7fb44e16a63ff63842fbe427cbe018f8515a7a229f8c2b1a188156385f8c2a59c270b50d651f4e57213187d67b8e23eefafdbadaa7434", @typed={0x8, 0x64, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x21}}, @typed={0x14, 0x10d, 0x0, 0x0, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}}, @typed={0x14, 0x7d, 0x0, 0x0, @ipv6=@local}, @nested={0x30, 0xb6, 0x0, 0x1, [@nested={0x4, 0x11d}, @typed={0x5, 0xe0, 0x0, 0x0, @str='\x00'}, @nested={0x4, 0x12c}, @typed={0x8, 0x64, 0x0, 0x0, @u32=0x8cb5}, @nested={0x4, 0xbe}, @typed={0xc, 0xa9, 0x0, 0x0, @str='gretap0\x00'}, @nested={0x4, 0x31}]}, @nested={0x112, 0x34, 0x0, 0x1, [@generic="e00fdc88255e98ea2db1d78b84c6632ebbf6330216eabb0f4b298d65f8004ad3ee36a8101a6b2db3f40e74517ea7f504c16c0e4525936bac2c2e8f2b530ae929afd46d10f69e85b88322b1dd2676beb147363c3aa1f2057cd85037ce1a2d", @typed={0xc, 0x7c, 0x0, 0x0, @u64=0x8}, @generic="b370076313997f5c7e2abf12e9c7e235a40136f105faf5e073c3924772b54dc11a63", @nested={0x4, 0xaa}, @generic="d25cbdbb692329cbaf711e65a9eb240f0d239273c16660a6ce7ae0431ea6641c5a5c66fb66855aeb6eb2ad9996976739d43d05749cd6d5acdab03263c659c19fa3bb3b6db4c3a781a90d9f8b15c48ab3d68db4ccd87a4fa2ee2574f7a8b8", @generic="d3eb3b90551508cd87f774852ec097a521c83cbf94e62526141767e0a345809e"]}]}]}, 0x2a8}, 0x1, 0x0, 0x0, 0x8000}, 0x40044015)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x2e01, 0x0)
sendmsg$auto_BATADV_CMD_SET_MESH(0xffffffffffffffff, 0x0, 0x140080e4)
ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0)
r9 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, 0x0, 0x2802, 0x0)
ioctl$auto__ctl_fops_dm_ioctl(r9, 0xfffffff7effffd05, &(0x7f00000001c0))
sendmsg$auto_OVS_DP_CMD_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x28, r1, 0x5, 0x70bd29, 0x25dfdbfc, {}, [@OVS_DP_ATTR_IFINDEX={0x8, 0x9, r7}, @OVS_DP_ATTR_NAME={0xb, 0x1, '.\x02:\xb6-$\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000c000}, 0x4000024)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
write$auto(0x3, 0x0, 0x100082)
executing program 1:
statmount$auto(0x0, &(0x7f0000000380)={0x8, 0xa, 0x1ff, 0xcc, 0x8, 0x4909b6f8, 0x1ffdf, 0x9, 0x9, 0x7, 0xa121, 0x3, 0x0, 0x8004, 0x3, 0xa, 0x2, 0x10001, 0x2, 0x100000000, 0xe, 0x7, 0x2100, 0x200, 0x0, 0x84, [0x4000000000, 0x8, 0x0, 0x50100000000000, 0x9, 0x4000002000, 0x0, 0x6, 0x70624ce7, 0xff, 0x4, 0xffffffffffffffff, 0x0, 0x80004, 0xb, 0x801, 0xffffffffffffbfff, 0xf31, 0xf7fffffffffffffe, 0x0, 0xffffffffffffffff, 0x0, 0x10000000004, 0x2000000000000000, 0x0, 0x4, 0x400000000005b8, 0xc, 0x0, 0x0, 0x8000000000000001, 0x6, 0xfffffffbfffffffc, 0x88e, 0x8000000000008, 0xfffffffffffffffb, 0x9, 0xa38, 0x6, 0x3, 0xffffffffffffffed, 0x8, 0x4000000000, 0x7]}, 0x1fe, 0xe)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x20081, 0x0)
write$auto(r0, &(0x7f0000000000)='/\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x01', 0x7fe)

program did not crash
bisect: testing without sub-chunk 3/3
testing program (duration=1m44s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [27, 2, 15, 30, 17, 17, 6, 29, 26, 27, 3, 8, 13, 6, 9, 30]
detailed listing:
executing program 5:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async)
unshare$auto(0x40000080) (async)
timer_settime$auto(0xd, 0x8, &(0x7f0000000640)={{0x344, 0x80000000}, {0xc4c5, 0x8}}, 0x0) (async)
r0 = openat$dir(0xffffffffffffff9c, 0x0, 0xc40a41, 0x78)
dup2$auto(r0, r0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
getpeername$auto(0x3, 0x0, 0x0) (async)
mmap$auto(0x2, 0x9, 0xb0e, 0x14, r0, 0xfff) (async, rerun: 64)
unshare$auto(0x40000080) (async, rerun: 64)
ioctl$auto(0x3, 0x80084d17, 0x38) (async)
r1 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x460f, 0x0) (async)
recvmmsg$auto(r0, 0x0, 0x1, 0xffffffff, &(0x7f0000000380)={0xa, 0x4}) (async, rerun: 64)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="17000000", @ANYBLOB='v\x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) (async, rerun: 64)
r2 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8) (async)
r3 = openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/ieee80211/phy0/aql_txq_limit\x00', 0x121c01, 0x0)
write$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(r3, 0x0, 0x0) (async)
r4 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x20081, 0x0) (async)
r5 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000000), 0xc0040, 0x0)
ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f00000000c0)={0x1, "e6c26c22ab89af11056b0001ac097e0a0728d9300000c500"}) (async)
ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000000)={0xdc, "bbb5ce66e24cce7eea982cab480b47beebef0d74884dc693a7ad9cbdbda6070f", @inferred=r3})
write$auto(r4, &(0x7f0000000140)='/dt0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00+0q;\xbb\xea5.\xadX\xb9QW\x04\xcd\xef\xaf\xad \x90\x8f\xee\xb4\x8c\x1c;\xf0TL\x1a\x1f\xb5\x93\xb9P\x06\xae\xb8\xc1s\x88\x1c\xb1o\x04\x00\x00\x00\x8dW\xf9\xef\xdf\xc78\xb1\x1f\x19Y\x8fi}\x1d#\x16*\xd0\x85e\x05D\xd1w\x1b\xe5g\xf4\x92^[2\x971N\xf8\x97d@\x13\x8eE{\xa5\xda\x160\xc9\x94|I\xb7\x91 dS\xeec\xda\xa2V\x1e\x1aN\xf6\xac/\xb8\xbc\fO\xaa\xc8\xa7\xa5\xd5\xa7I\xf9\xaau\xb5\xfa\x94\xec\xb5\x81\xf6\xdc\x1aN\x89\xe5\x11\x880\xef\x14N\x95HZD|\xfc\t\x8d,u(\x16g\x88\xc6\xd3\xb4ZR\x1c\x15\x95g[\xd3\xe8 \xa1\x92\x92\xff\x1b\xf8&\xf4\xfd3\xe9\xa3\xc9\xb3%\xb7\'\xear\xfbS\xf9\x81\xcd\xb0\xd2)\xd6\xf62\xe5\x8e\x9a7k\x9d>0\x06\xeeS\x8a\xe9\xfe\x88\xa2Z\xb8#\x87\xda\x19]F\xec?\xce\xb1\x17%\x86\xbbV3M\xba\xb1P\xbd?\x1e\x12`\"\x82\x1b\x16\xde\xe7\x17A1^c6\xdd\xff\x84=\x00`\xe0\xf2\x85\xc8}\xe3\xa9\xe1\x1b\xe1\xcc\xae<O\x8c\xfd\xa1%\xbf\xe6\xf4', 0x7fe) (async)
acct$auto(&(0x7f0000000080)='/dev/input/event2\x00') (async, rerun: 64)
r6 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/002/001\x00', 0xa901, 0x0) (rerun: 64)
ioctl$auto(r6, 0x41045508, r6)
executing program 5:
r0 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0)
write$auto_fuse_dev_operations_fuse_i(r0, &(0x7f0000000440)="11000000030000000000000000000000f4", 0x11)
executing program 5:
mmap$auto(0xac, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mlockall$auto(0x7)
set_mempolicy$auto(0x2005, &(0x7f0000000080)=0x87e, 0x4)
mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000)
open(0x0, 0x22240, 0x55)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/module/rcutree/parameters/rcu_resched_ns\x00', 0x88282, 0x0)
connect$auto(0x3, 0x0, 0x55)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
openat$auto_severities_coverage_fops_severity(0xffffffffffffff9c, 0x0, 0x189041, 0x0)
select$auto(0x804, 0x0, 0x0, 0x0, 0x0)
r0 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/numa_maps\x00', 0x20000, 0x0)
read$auto_proc_sessionid_operations_base(r0, &(0x7f00000000c0)=""/4096, 0x1000)
executing program 5:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r1, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, 0x0, 0x20004000)
close_range$auto(r1, r1, 0xd95)
connect$auto(0x3, &(0x7f0000000080)=@nl=@unspec, 0x20000054)
getsockopt$auto_SO_TXTIME(r1, 0x809, 0x3d, 0x0, 0x0)
syz_clone(0x80022000, &(0x7f0000000300)="2ef8cdcd3c2f291d04", 0x9, &(0x7f0000000380), 0x0, 0x0)
syz_genetlink_get_family_id$auto_ovs_meter(0x0, r1)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x155)
socket(0x10, 0x2, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, 0x0, 0x4)
tkill$auto(0x1, 0x7)
keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x0, 0x0, 0x0, 0x48eafc79)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES16=r1], 0x1ac}}, 0x40000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd14/queue/nomerges\x00', 0x80000, 0x0)
sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x4000023}, 0x4008098)
read$auto(r3, 0x0, 0x9)
executing program 5:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
socket(0x29, 0x5, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/v4l-subdev2\x00', 0x80000, 0x0)
r1 = socket(0xa, 0x2, 0x3a)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x2, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/bdi/43:320/uevent\x00', 0x0, 0x0)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
socket(0x11, 0x80003, 0x300)
socket(0xa, 0x801, 0x106)
setsockopt$auto(r1, 0x29, 0x4b, 0x0, 0x10000110)
ioctl$auto_SG_GET_RESERVED_SIZE(r0, 0x2272, &(0x7f0000000000)="fa3b12811e1ad7a84755ece9710dbb767aec3a0870ae90f8292fbd8dd451126ff4cfdb7488f7722f39157b8b8cc0df74bcdb20895381a2b6dfe0eab3f77e6742e278ac1e6b5e2090e04f365b40c02b07a564c99d0b35c9a2f1266bf209dd8f1043ec727d66f59e7a9b3f78eba00a92bc25c33752b59ec714abc941670bfb46ea7b65858f3f809a0b653f399b3c49285331a626e76dd7886905c2ceee664246dc15d9261732490887a3eacd6b818b613b76c3d80826fbf34822c9b8ccf3d5cea0fd2b3ebd84a4c317b032e797b036255d55eb901a451c70911168f2d9381db2d446ab14")
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
setitimer$auto(0x200, 0x0, 0x0)
executing program 34:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
socket(0x29, 0x5, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/v4l-subdev2\x00', 0x80000, 0x0)
r1 = socket(0xa, 0x2, 0x3a)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x2, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/bdi/43:320/uevent\x00', 0x0, 0x0)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
socket(0x11, 0x80003, 0x300)
socket(0xa, 0x801, 0x106)
setsockopt$auto(r1, 0x29, 0x4b, 0x0, 0x10000110)
ioctl$auto_SG_GET_RESERVED_SIZE(r0, 0x2272, &(0x7f0000000000)="fa3b12811e1ad7a84755ece9710dbb767aec3a0870ae90f8292fbd8dd451126ff4cfdb7488f7722f39157b8b8cc0df74bcdb20895381a2b6dfe0eab3f77e6742e278ac1e6b5e2090e04f365b40c02b07a564c99d0b35c9a2f1266bf209dd8f1043ec727d66f59e7a9b3f78eba00a92bc25c33752b59ec714abc941670bfb46ea7b65858f3f809a0b653f399b3c49285331a626e76dd7886905c2ceee664246dc15d9261732490887a3eacd6b818b613b76c3d80826fbf34822c9b8ccf3d5cea0fd2b3ebd84a4c317b032e797b036255d55eb901a451c70911168f2d9381db2d446ab14")
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
setitimer$auto(0x200, 0x0, 0x0)
executing program 0:
mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000)
r0 = io_uring_setup$auto(0x6, 0x0)
r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0xa101, 0x0)
r2 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000080), r0)
sendmsg$auto_OVS_VPORT_CMD_NEW(r0, &(0x7f0000001300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000012c0)={&(0x7f00000000c0)={0x1200, r2, 0x100, 0x70bd25, 0x25dfdbfb, {}, [@OVS_VPORT_ATTR_PORT_NO={0x8, 0x1, 0x5}, @OVS_VPORT_ATTR_UPCALL_STATS={0x11dc, 0xa, 0x0, 0x1, [@nested={0x101, 0x65, 0x0, 0x1, [@generic="c0e38807e656e8311d36ca01f4c5ac33", @generic="2ce8e17a97deb7a02b81dab5b682d386bd394b8be1e174a441b9c95071e2d889b30765354242e598a89065f24ba1c0b81fdbc61453d1e767295064886c109d16ea8849a0ede4158d3ce5e76c56b10e82957d2284a5406007d4e5a1fefe9faf6aaa0d8131bdc9cfc91d2fedbf72f9e0247d5eaadab6fe41b1c69345e98e4319b15da72b0b9ac554a018e708beb4686d510187b30c5b50f7ebda146533d06aedb3e61d6c8492c8346e0fe5750f453a3b82675ebb5fbbf881721d6f56dfa554fa32689bc8f3e5b320b6b1ab76b76170a15c35ca98b07ae59d79a62dfade40e253209c6e56478258e5d58eae516457"]}, @generic="fd509107789b61f62816407ddd1e622c3f60f7e9c97187901862cd20e1825cf978e33190328a125f970f6861373e6258ad74cce461930f133d1d89720d78c8e2a0aba764ccfe418c204043ac203f38ce0c9340679f72d0360fdadbdd45abbe66314e36c2a2dc1fc80c9e62da269235d09368c3f92a8d263d34a4db3e6925c87d9639ebd64107139fd90d25c16b239de742a38537542e3c79c25ca76f950ef3b7a2fa9aae23786929efca0d19584c7a57bbed7efc77bba5b01baa15b25a853578621fa2ab00343191d0c76c6d1f2a9672797ba2253a682069f3f998b183a8779c53914dce9378e5f412da96a11ea81d9bddb4a31e6104b02d2aae3061e931cc9c7265523e98310abc1bc68a345139dd6e1f87ff5f9ef2d1808ddbceba6d13a204be16c1dee92c118e2d66cb13ec4fcdb866f061e10c1ce8911a95df9b96ff135ab5813e322043685b5e6d9dc8f4991dcf3f9bb6aad3d46afb9ce123cbb40696210029ca0b6894387c6a8cabc8092e8d38fd0f05d7ee24b7d47e8f72e89860dec1b275dc673be35677ae167d64f1718bfdc0d91f837fd16d05ea7acddee047eab23a148aec61a493c4e5d3f9be591e5794a4870f27ea0960d580a1d88fafd66ffefcfb4e85d15d5da3afba59805c680766362cee6cc82f22f004caa790eb7dd4712878bc53eccead0af73712490e2bd3833719e6ede67a81a4a97b48e7a2a65b29f62dab8ef8766ae4fe959ce348079d502f3b99c14d7ea71a0256010c9cb0f53d2a1708717d0d48b126e2d6012309db96ea7236778f95a3c8ef9d082849b6e87e334b8eda883a17c7d1fce9ff3804565bdc0e6713c1cf95ccb331541d00f92e1a20d1a22f4634cb9211dd5e00ea1632d581f713937cf02450de37ad8d4b6628051b2fa0386200834ee4e6f1a927fbb88b357e593efb4bf7949537898addba532ca9673eeb81c15e8e452e26ee1e1916f6467b7b2a5f31dba29fc1b13f6a188488e2db4ab2040ad16d74e27cff22e5a70267bff47813f79b91488af9c3a625e59ea021022f74dbcffcfe298b13b389641715adaf1082284770669fa6a85702e2767dd2c70a664fa3706eb694a1341cfd16177429234a9e26858e1348f6697d7f0070d1e79af67f0f77e16ec4213632226eb8cc3d43da9d763baabe9359aa9ba52f283740c9f07589b5a3853e26d16651c532d66aefdf39684276015dd33004a1c9c12f4cff44cb8cb0923d66a556de684da21f30402117b5596ee097cc138d1bf1ec42d5fcc08d7e51b7aa4b9add181f8ef67d11ac554a919de3c38287a93a556e0d73b17a8263a6550133ff7e24fa8992c7601211c0ecbcfb6f69f9daf5b43a16201086e4bf98ad452f4a89bb6df7508297e8b338d6bbde4ffce7cb155f00a6597743272f5b696f49a8c5eeea353223a577bfa58101e1e1ba76cc086c5b9d3b9f2b9f9a11b515ec2d435f5d00c6af9687fe8cf9b213c725241247454377a31bfa1265fafb81a741d540e794a45e71e4b52c5f3eafca1970134289feaf9e0ba34ae77420291187a76e73bd08a2857d1edd480e252744711a3231ec6de1cc2c8f48f2dd6462664a1d67d712e5a6dace55d0055bf19a7debe58e07944a02564c1b9264ab91ad4d69c8db3b44e1bad5ef23056322b9659164566defbfd29451c59752da84589ae76c126299ccc2ba8c0096327c75877249172f5987565000775215a9646a8f58468c7fced8ce6ae4f1288abb0d33a402d4e4e88c7ddcd8d52195fd6bb1372115385909c236ed90f210188cdcd7d182227b53fd05803250cca4895ecc0db5ab2643606f27e89dba26857194811ba7caf94291b78beff59fc8184b377963483efebce5349a068e4668291ea582b906dd0df31c39896039ab3bca430f85d72f8eb28b99156f3dcd9db2380322b8f89785a25158f70e0d19665fa467f49baf10198b76e8e288e9c58da1fdca43a7bd1c01ae018dd0ab7a1f094f2459cfc5a2ecf5e71a8d63c7fdcbb5803578bbd45ea1ee6b4bc4a5739ace9e8c557b1e4b3ca3ecaadb1b1afaf32ee6a3fba38ac928447438d350af8864f79ff3bf2ec95861c974cc3ed6c7c297eefca7dfe09fb7c894aab070fce5edae709b7e720c1976fee33065905335a036c876b6ed4124f3e9c3e47760caf7ed86b8753a2d65869a4f884b048521a8ff3880b074c72e1c262d1fc76b12ff5bdf90e278b0dbc087b592a18c8992f0d7e6d678b00dbf68cdcf62168015b99b353081d1a3a669cf771dc6e13639766265e14f4e24e06dede986447cb190946d548b3b453af84f74a34e5892a83bb73e863b6e6b192d0e3aeff228a9c22d529c0cf4cf2f09044519c4560cb7178255426210930fc467c0080ffb24e19cbf008ba0a550fc7b548bd8c2a2497fcafff2f3321831a271230a7458675a61ca301bf54e4be6610fb3d08aeb7da78ca7da82f1b7869b4a9e7ac114ffceb35263f2b72465cf57e1f052f3fb7204625942f81a39d72032902b716d95127d99b849c2c9e7c1255f095dc87b8593ff78415dcce4722d90ba4973013ac398030fd7fb951bb57b3056898028c6ddd88090bc780df791cd34adfac76ad8667c95e837a4606d7b7d54c3af4dd2a3bdd47f07832cb96fc25e6b1e12c4b3bef5ab4fee4803b18c7468e614a01bc969ccbaf63cf0a3f4f003943c29f66cbf69e4f5bef5238ceacc6fca75300d33327846b4523b67a77f128637138215973223eb9b7e5ceac50a9f8eccc24a3e4a8fabcf8de72bb393285915fadd73edaeb458ae91bb39ce211c58ea013f329802168bfe10077773ed4119fe7d371074030d7d1432a89aa83ba867529d32a6a499c2d390daa1bba93a7e7f1beb629b0d6225caaecfd1a550c58dbcc0ac72efd01c81ec8ce14f21856224dde3e2b45445ad586b064ebb44ec79311c93fb9188593c3230041bfacc84a3396be377121e523060086694a1143b6de909dd7f7ca449783977f2dd7a79199c35b4a31bb41d3a653b13c7b0bd42ecfb8c8366b0e423934cf119458ffbd83a4c89d33573a066c414e2f785f2e716035bb5f44ce3241fa2a64880f199886081ad1edba356a0eee01af39a45161669bc7c601a47b7b8e526bc00029a08625f93233c6d04701b116f1fb87c9555d263dd442795aea13523aee6fe28fcfce94de109d95ade256faa4cc511517af138b03aa13fde25f24d671a794827426a3e60b22b91ebca6330426a0c59cbe38cff8257693a0920c13c5e1662edfe8d5118507050b881eed9de1461f426f545f33cb0ebb67e192c2ec91664f87ee35684f648ebc7fb22d41996dc26d4fe472fd3cf4c30765b5dd0b3cff30fa5235b7b6af7fb57338722e1fdb10ccfbae6cf896f7632c2db661c75c97abd7a02e1c0a6c728fea0b8dfffb0f76a2d969587b5b2489fd3d3cf683e4f66c929e7ecdbbfd00582a38f105347c180911fe60c7faefc8782bf04e21b9958f719503cb2bdb06fc41e9a9575ec2378b3d5caa9da7af6adeaf7ab6345b0b0d5eb84bb2d388884378b91c206d1352b29ebcb2c906d50e21ebaf20ddaccd6492454567dde7e3d5805cc2ca058b9b3c615387563fe4d9c33c3c0c72825bdca1fb78dae6f8cf9b82959cab8b3167fc25003fd352a0dcbba9c8f488ae7728da8a2822e0b7617777f25054d6bb09e2dcf7c97643f3d1971769215ff1e9f84942f4ebf06c03a75e9a78f21d18e7887aef67749324edc553570d22a4c1048c0e5ef48cf53ed822950a772b0d890fc95e7b949ff2a1dc06bd26de80f620b1578d2d572fa4280c46ac9c58bd1ac1523760c3a4bb661841c5a47f54254711abd11781a30c73d24da971f84728c77009b5c3a96beb40c1554b677c585602c070a9521f952d35cd668179bf3c086a9c232f7ed19e524765149d010300d761ea2951ebcc6810e4d0a6dd3d8ee417ca61b73baf8a8799fc5423698d119826e1b35e81db8d4fb7dce1e9b1fff4f373c25205b4c612acf90d39f1d8e45764d7f2c2e95f73e1571f23921e3100cf3b69879966cf04be787c8f2d9573b28c8f9163efea551dd0bf56fe4cb5ab66199b8fd535fd0ca157ff9b2f0482a47cfb58b1c2153e6e2c2b816388691653e4333fd24429d81987866de21ad684f775046ed65ec897cb31300e678c84081b8e9b6c46c05abf7dc73f4a98c901ea7986910f45ea1f84599d26a0aff855594c17ea270ac4c6c71f1999bfb2e794af4957dee0de202aac377c3570c882fca8f5697386c4d892ba8c27421a94a3d8a6dfe9e50a508257c9501602b684beea03936acd00013f9c231a571048701a06df17a5387ebc9fe662056d5920071b9157fe9568188478cb5ca5e09dc4cae5398c77599f5fd2134d084a1fd1200ba158fcc5617c9add910ee35672d693e5cbd66b15160ef11718b867039c7940cdb1e70b7d67980cdc643de565f04a4212ee547caa753955c79c47c858d953537876060d524fff80e56d4d46a66a412bb146db09f30f9e0c346af290f0e401be80d2d247fc6f6754b3ad09d27aa8290984ab80559f32f7bcbc38ba42f8b0bc2b4b04ccb949040f831c5ed197ff39049b43d4d61abc93150ccbdbd942c56e0e16a4f1cfb73443cf09fe673ff40ab310c5636a6ef3562c48047ce589ea37a98e61becca02f537c32a22511d48f3a23bace2cad00afa802bee24722db7d3aabfa2cbc5267a0410fec51462ca9ac35aed94470d860dccf6aedce2b44f974bec575cafa985bcb062695a7ca6e366c871bae236770c5e60dd872540cc7ba60df22dae788c662b398a3fa26bb78dfe4069e24034d11e550888effbefe9fb2cfb0f330022ef4c8067caf68ad2819a20c9e6b865c50b267eee1a9b4c773a846acca87b1505f53651c1ab23b0793cdd1c1a5af6c7e3dbe68560a88ef08c8a3976ee05b678007c1612bcbb8ce8791f235b6f440b0574a5f977126345cb155219d3fb42aba7813aceb29feffc2f740f5a3f2ca5bcbf0317b76b72c38b29558c70efb254ac17851e7728a81e1888ec4d7a507a176f4173ac0a719a5e47b889c34a63e2c50d46ab671f64cc79239c9b71de9fa86c45bbd0440f1a0f82ff0ca7170d8e1286b1f91c76d71664632f1b296bdff759bf0e01a6ed34f3ba4fb30f62a1227968289d222e241845940cad88383a8eac4b7ff6b5b019f957a68c122a6b6a1dad5516fce2b2ede79d3e5f0a78437b9fc68a05eb80ae758814f600c0f3ac07521fc1c6f8b920db9af3d406e449258829bad1f912b972c35be8a2219a342104c34e55e1ef02a3024b9e5bd9285cb6cf698fd5f3a9d7a7e5c4e0b90f51e9613e9ca8e9047a438dd505ce9c125b5421ea278339a05467bbefea6ee399cfc0762339694d6dc0a5cc303c37316938d6642629979a35e444623d24d11bd89ae44c78f1aadc86d924f2bf779e02da57797e77ddca57730ec183f8c9cb2efec9f05958050bf5894daf0aed40835e4c729ff31a164d3944930730c2660c7928e476ea82098372f2a629ed70f0292a7e79d66180ea151ba4d57fecff2f13c6c0fbd2fa66f161560b21c27ad693fe68a552268d3605e10742aa43ef39fbb394ed3bec2c9313eab3e1619b2934313877605a3c9a8f6d1a907ba92f302c39fbd15b2b2515a12e36acffa88a46d8ef9572e2c406ecaf0304b7372223d3c25754274bd51745b2fb659f09f3cbc7f4662babb09a246afc5e658fa26a3f4eb453f4e9375ed38fa654f32cb4b65a5df141ab19074948fc544054c34334a481b3b59ce0c059c5619d9d189c50aee4c1784fe08da8c013046fd460", @nested={0x8, 0x12b, 0x0, 0x1, [@typed={0x4, 0x93}]}, @typed={0xcb, 0x12a, 0x0, 0x0, @binary="c258b346ea75c82b630ac9a1e55c1825a7ea0f2a92b0d0c464d3849ae13419d5f8e28a887137039aace3cddb28ea80e70c64fb8ce95c9643d9059ace9cc6f20689f0a38068b2fa3d9ac41867b83cc6bac74f5f17c30865570c8a6caac1e207895e27ec882a70bddebd09d6432d9ed8534972ce077ee3645fa34d7ab6a3b458a33f309522850d30710a5c581ab41ad510bb5f95b431c31993e479856a8a89a2414f085c2c6ba4462bbd1b1f2c885b8a1ae8a828fbce80845cb86126ed3e6e281db9d9e3cdb43b6b"}]}, @OVS_VPORT_ATTR_PORT_NO={0x8, 0x1, 0x6}]}, 0x1200}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000001)
ioctl$auto(r1, 0x802c550a, 0x1)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000001f00), 0xffffffffffffffff)
sendmsg$auto_TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000003a80)={0x0, 0x0, &(0x7f0000003a40)={&(0x7f0000001f80)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002abd7000fbdbdf2503000100"/30], 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x24040004)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/netfilter/nfnetlink_queue\x00', 0x101000, 0x0)
socket(0x10, 0x2, 0x0)
r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vbi30\x00', 0x0, 0x0)
read$auto_v4l2_fops_v4l2_dev(r2, &(0x7f0000000080)=""/27, 0x1b)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0xa, 0x0)
io_uring_setup$auto(0x8, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x300, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/swradio4\x00', 0xa82, 0x0)
process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x2000)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
socketpair$auto(0x1, 0x0, 0x1, 0x0)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x301100, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0)
r5 = socket(0x10, 0x2, 0x0)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
sendmmsg$auto(r5, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
ioctl$auto(0x3, 0xae41, r4)
ioctl$auto_KVM_CREATE_VM(r3, 0x9000aecf, 0x0)
r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r0)
sendmsg$auto_NL80211_CMD_GET_KEY(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, r6, 0x200, 0x70bd2a, 0x25dfdbff, {}, [@NL80211_ATTR_COLOR_CHANGE_COUNT={0x5, 0x12f, 0x3}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6}, @NL80211_ATTR_USE_RRM={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x4004}, 0x400c045)
executing program 0:
connect$auto(0x3, 0x0, 0x55)
r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/smaps_rollup\x00', 0x8000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
ioctl$auto_XFS_IOC_FREESP(0xffffffffffffffff, 0x4030580b, &(0x7f0000000080)={0x9, 0x6, 0x6, 0x2, 0x8})
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x2, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000007a80), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_MODULE_FW_FLASH_ACT(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2], 0x14}, 0x1, 0x0, 0x0, 0x90}, 0x40)
recvfrom$auto(r1, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket(0x2, 0x5, 0x0)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
read$auto_proc_pid_maps_operations_internal(r0, &(0x7f00000010c0)=""/4096, 0x1000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x200802, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_XFS_IOC_ALLOCSP64(0xffffffffffffffff, 0x40305824, &(0x7f0000000040)={0x8001, 0x7, 0x56ee, 0x7, 0x10001, <r4=>0x0})
fcntl$auto_F_GETOWNER_UIDS(r3, 0x11, r4)
msgget$auto(0xa, 0x0)
socket(0x1d, 0x2, 0x6)
getpeername$auto(0x3, 0xfffffffffffffffc, 0xfffffffffffffffe)
r5 = openat$auto_state_fops_(0xffffffffffffff9c, &(0x7f0000000900), 0x101002, 0x0)
read$auto_state_fops_(r5, &(0x7f0000000940)=""/19, 0x13)
socket(0x3, 0x3, 0x500000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0xff, 0x0, 0x1, 0x3}, 0xed7138c}, 0xb, 0x0)
r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8002, 0x0)
write$auto(r6, &(0x7f0000000100)='\t\nD\\\'\x02\x00\x0f;\xd1\t\xbe\b\xe8P\xd2#\xcb\x98p\x81\xe7\x82k\xde|P\xfc\xcb%\xd4\xc2\xe8\x16A\xed \xec7\xa7\x9f\x969\x92t\xc9\xe9J\x1d-X_\xa1\xff@\x88\xbfP\xe9\x91\x82R+N\xe5\x10\x87\x92j\x953\x94\x13\xc4`\xbf\xa0\'\xd5F\x1a\xa0lSQ\x00\x99\xcf\xea\x86\xc3J\x8aE\f*T\x9dn5w}\x17\x97\x92*,\xddn6\xc3\xa4\xbc_\x9a\x9c\xc8\x80\xa3\xb9\x9aQL\x1d\xae\x14Ycd\xc0\xcf,\xb5Z\xab\xac_\xd5e3P\x97\x10X\x7fB\x88\xe63\xca\x00\xcf\xd1\xe3\xce*6\x11\xcbmv\x86\x0eM\xe7\x90\xbb]\xf5\x0f\x00\xee\x8e\x00\x00\x00\x00\x00\x00\x008\x1f\x9a\xe3\xa0\x14\xac\xf2{\x94E;\xef\xd0\x80\x8an\v\x9b\xf4M\xf8\x02\xd2\xe9\xb1\x81\x8d@\r\xc7\x11/\xaa9\xbbl\xb7\x90__[r\\\x9e\xcc\xbe2nw\xac\x02(\xf9\x9ajI\x1c\x91\xd7\xc7\xbc\x15\x8d\x03q\xb9\xd5\xe1\xb2\xc6\x89\x93M\x7f\xaf\xa1\xb9g\f\xe4\xfcfA\x8b\xd0\xd7\x8f\xd8R\x90*\xa6\x8d\xf7\xe5\xb1`E\xb8J[\xa9N\xac\x9bg\xe4\xeegb\xcab\xd1\x10\xfe\xac\xca1XH\xde\xc4\x10l\xaa\x012\x80\xac', 0xce)
executing program 0:
open(&(0x7f0000000100)='./file0\x00', 0x440, 0x0) (async)
prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x80001)
lstat$auto(0x0, 0x0) (async)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x181400, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)=""/114, 0x72) (async)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0)
socket(0x29, 0x6, 0x5) (async)
socket(0x28, 0xa, 0x0) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYRES16=0x0, @ANYBLOB="2f212abd7800fddbdf25210000"], 0x14}}, 0x4000000) (async)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) (async)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D1\x00', 0x1, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/fs/pipe-max-size\x00', 0x382, 0x0) (async)
write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) (async)
r3 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, 0x0, 0x200000, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x2, 0x15f4da0a, 0x1, 0x3, 0x300000000000000, 0x80000001, 0x7, 0x6d3c, 0x5, 0x2]}, 0x0)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f00000000c0), 0x100000, 0x0)
unshare$auto(0x40000080) (async)
mmap$auto(0x0, 0x20409, 0xdf, 0xeb1, r3, 0x8000000000008000)
close_range$auto(0x0, 0xfffffffffffff000, 0x0) (async)
mmap$auto(0x0, 0x2020009, 0x3b, 0xebf, 0xfffffffffffffffa, 0x3) (async)
r4 = socket(0xa, 0x801, 0x84)
setsockopt$auto(r4, 0x10000000084, 0x76, 0x0, 0x9c) (async)
setreuid$auto(0x0, 0x7) (async)
setreuid$auto(0x0, 0x0) (async)
open(&(0x7f0000000040)='./file0\x00', 0x6a640, 0x20) (async)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
executing program 0:
statmount$auto(0x0, &(0x7f0000000380)={0x8, 0xa, 0x1ff, 0xcc, 0x8, 0x4909b6f8, 0x1ffdf, 0x9, 0x9, 0x7, 0xa121, 0x3, 0x0, 0x8004, 0x3, 0xa, 0x2, 0x10001, 0x2, 0x100000000, 0xe, 0x7, 0x2100, 0x200, 0x0, 0x84, [0x4000000000, 0x8, 0x0, 0x50100000000000, 0xa, 0x4000002000, 0x0, 0x6, 0x70624ce7, 0xff, 0x4, 0xffffffffffffffff, 0x0, 0x80001, 0xb, 0x801, 0xffffffffffffbfff, 0xf31, 0xf7fffffffffffffe, 0x0, 0xffffffffffffffff, 0x800000000000007, 0x10000000004, 0x2000000000000000, 0x0, 0x4, 0x400000000005b8, 0xc, 0x0, 0x0, 0x8000000000000001, 0x6, 0xfffffffbfffffffc, 0x88e, 0x8000000000008, 0xfffffffffffffffb, 0x9, 0xa38, 0x6, 0x3, 0xffffffffffffffed, 0x8, 0x4000000000, 0x7]}, 0x1fe, 0xe)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x20081, 0x0)
write$auto(r0, &(0x7f0000000000)='/\x00'/18, 0x7fe)
executing program 6:
r0 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000002c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL802154_CMD_SET_CCA_MODE(r1, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000000)={0x28, r0, 0x101, 0x70bd2b, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x60040440}, 0x800)
r2 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_SET_TID_TO_LINK_MAPPING(r2, &(0x7f0000000a40)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000a00)={&(0x7f00000000c0)={0x914, r3, 0x100, 0x70bd29, 0x25dfdbfb, {}, [@NL80211_ATTR_STA_EXT_CAPABILITY={0xea, 0xac, "f2a5c38b2e7df35d998fb1f614d9b83b2afbaf264ebe4dbad834a5ebc898d1ba27182384f0578fbe677968d7195fd4810cd0100803a20581d4a6b1356d825782c1a5875e8524083e51022f6a1bf70def04333a032d4cf2da3d0968f156af721d2808a204f9afd4016ea62679a4384f3061e27a3d29042b2f1bfcd90d6ee749cb0c1811a7442094f6a95a1b4f1b48c712f13b01c3e506a55e5e919cc334fbe92287f6f63b8d7b68dd5a7465eb5aa4f2f74e6864b07a2cb0787e7bcd83e8f095b2ff85c72b7c6243a7102c47c73cf72f1895a38b11482dd8cbaac8e2f3d5203a5453202566c969"}, @NL80211_ATTR_4ADDR={0x5, 0x53, 0x3}, @NL80211_ATTR_IE_ASSOC_RESP={0x73e, 0x80, "5e856c603ecfcffc560bdc37f136b7317f8459065b82f3a5797fb951311cde4c48f6520f2064310e448ec769b50ef6e28bbf325272aff20ff1dbf1b49062a4efedf71b6a3f169b4c608a8399a657784f057ddbafc7f9b340813b2ba03d6ab617433b21c1f3251c72677fb9dc176347eadd3a559f39a0b9aa88f49438996a106b87c5ab8e40cde110edd0707d73e025d83ede9e77e97f4cbd0d3e9be1691c9c31c046640d35bc2701b6308ab9913ee87ffa40b4cb1b05c0a3844af97a7389323ba3ac27874acd2e2d0918e4b3cffb3abe5303f8e9ee5fc133856b15c9389b132b430e593080856cc7e610f63777b722355319a1bdfe3d4f3960465b4ef41cb29e8197ac202846126ad510cbb707b2070441398376effc0b464c950990357f41b60eb70e82d6415d6c0dd97fc15ddd6a84761f30d034552fc556219c6d1f8de3167533ef0cf9043d1a1b6f5386f561688e76fdf19f71bf9d7ad5b0c1dfc1034fb8ea2efda052bbd996f1682dd163c899330ba1d5b173ea3af52aa2a9b58b3db10638971389442569517c421bac5c1e5a68fa452d24f617e740e46edd418d7be4c8ddbfb345281eecce158fff4068c7a2c03aff98663ca0d71f0fa535bdf4956c3471d47dbd330c5c6f16a173021c7883e20fa41aceadc472667d3979c62e0d243ee9831ff4c3fccda87d51782ddbe0df33bf3ab8b34bd0a0b48ef90131383b9d29dab2783359c1724b2282cd514430a92d075ff1218514a1b75ccc5f341cb82d33b5b9b8ff4472e5fcdbfe948e5760fca4f9b5c73aca9e7d549b266f224d6f26975c42caf8b3272a5000ab74bd9386564cf8751ea83089f84a534341812ce1d1c613e35d306f41bcf386b1e7b3157935ce3c4334592345615215abba5fed4215e1295eb0f516a4f97e84f20c5fc3821f3cc56bea853936345a2c6df6ac0e000e476016af6d3a926448cb6808839905cbe945b86e7a3edc5e6e0a41303dab1edfe6fc5cc18c8b58123f9ec8824c203c7f496fc774b75eecb7e463aad90c6c2de30aa7bb325b9c8ed45f37eeb6eda754e6631d88fa08740fbadbe71832e14a7712a07a2348ee6f73d156e518b3937021ba97698e7d93381965f6961cfc41db776c4dda2ee63ceeb442aacf417f2f2f56768036ada3a65e05a66a68f0c8cd296a8b40b253e548bf37666465915de6da6fa479b1feffc83503618a965bfa69da4525d7e4a59547ef43f3cd5b1ffb493433e6120097594d2c7a87088990421c32572f43864bc60b9a80b16e2c956d173d57c78c015a2fe54a45694fa0215f2beca6989570b577e38a765050ca80f4ec0e778e844551b5212dd80d3af88d47ca86e8beb6174359c036187250d7371294064452eb87d10d3476c64e3ce1477e0e89d243b8e18251b8ddc73e33277f56362bc796de4fd5df297383cfb8ce142f44698c1cc322d0cd232761ddd06be7599ba9ed384c9f128a848e4792e0fc1bd6a728dc552c6ce74cb19f95897b98091e19b95e597cf1f5fd9300601abfe44908ae3c5494600456a266a22bae23bbe01ea3ad099e4b7b6b07311860ebf45d66c2962177987e2b2931598aa84e840d63ad3e9984732c36d5c61b5b90fa5099ba53170161669bccb8979dbf117762071d1e9a7d2efb29f84e8691aa18d54d959bb7ba8763ef24cfcb53e20d759569fb14def3b242f3910b8f5da86c82c1a4930b0220cedf3da268a3812562e9cc93ecdf405d43bbb7fbf94c9d7c06976b88fb9197ffd61c267c4a38c723d96f45d22eeea74290a90e0923cb088aef11216ba01d2b6536390ef6f4ff431abbd7cc9b20d798c84a3475627c914b0cff85cfe7119b2404ba89d334a8619e16dda08630a97f67f6e4a826c4f3e09faa9e567aed2672168a479d69013723509921d4c052ad9b36b00222b7b1e8ff5f16765d07953ceec1691bbfa9186fc35977a4eab7d10d11f933b7dc0f020da9bc6a73f09ee5a00aa588b506d14e5a1c11b5cf9e3aca9119e9836d77e29d49705ff6a3657cdf53cfea4805096eae7cde9646c8107d3adef382912a2bdca022cf9488e56eff2cc5f57eb838d71ad736a0d64ceb60501cc48f543754b4f23e3ac1f0ae9fe9f155232ffc72b472ff3e47bf5738fdb806971d68a9d4569da928d6791d116943bfe5f48e1a93e8293e7fbe9baf93004062ebec950a3addc5be5447aa2070f3c812c52868a11fb108ea8da6d551822472d5a61f232f2a490c745b06b69515dc2cdc6877278df1c82860074744997c71dd89a16c7da84151dd7cb8d6174dc31df18d8f67dddf9f3c1fe6da82b6228678532d727c95896b56530c492bf947e7bf36cbb4ece3b9210f0d087be9595a5bfffd6b36eebf245fe70f82c24358af1216ea5d1e1399c826d802d7e6f4ebd70221528937bf71739851a355e9198410afa7b404dba1a189a409c3aa08c953281e3134f20d907233183dac0350adfcbc32dde6b0ead718a65598ba50bef7d15fb0c0164cf87342c97aa0af9cf78ccd510151d3059c33d423303746c178f4295c2a86ffadbafad281ccd6dcba490e1b431c16c2e5f5f7efb5d8191a6726f7c9cf835abf5cffa568c5e4db6804e4d9435258198ffad138b6"}, @NL80211_ATTR_STA_SUPPORTED_CHANNELS={0xc2, 0xbd, "93cdda6f8421fe0b561f691e9ad73184d34fce888e93482abf98e3de7b60d370b81a32089bea8cae6600a62ad4b181626bcdc2220c473b3e0da19a43f42a88b4aaca0f25884567753354d99dc935d1fc5b8804f9b179ea92a8054a6bfc5010b9e694f1d1e6d73d0bb94949ca4990b4c0e653024d5f28e7c52581da8e57fbbcc4ac73fbb5995e8512ec9ad4418118c5b7b185bd9c0ecf19931735fbe91e0efa5e6dbfb28cd117b04204c19b14cd7b579a2e56c702163cf6a0c85e8bce840f"}, @NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x3}]}, 0x914}, 0x1, 0x0, 0x0, 0x4000000}, 0x24000000)
sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x18, r3, 0x300, 0x70bd27, 0x25dfdbfd, {}, [@NL80211_ATTR_MLO_SUPPORT={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x14}, 0x4000c40)
executing program 6:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xc, 0x800008000)
close_range$auto(0x2, 0x8, 0x0) (async)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x2, 0x88) (async)
r0 = socket(0xa, 0x2, 0x88)
fanotify_init$auto(0x5, 0x0)
fanotify_mark$auto(r0, 0x205, 0xa, 0x4, 0x0)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) (async)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0)
ioctl$auto(0x3, 0x541b, 0x10000000000402)
executing program 2:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/lapb0/carrier_changes\x00', 0xc2481, 0x0)
write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop5\x00', 0x208080, 0x0)
getxattrat$auto(0xffffffffffffffff, 0x0, 0x4000001, 0x0, 0x0, 0xbb1)
r1 = openat$auto_bsg_fops_bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg/1:0:0:0\x00', 0x208002, 0x0)
ioctl$auto_SG_GET_RESERVED_SIZE(r1, 0x401870cb, 0x0)
executing program 1:
r0 = socket(0x1a, 0x80000, 0x8005)
socket(0x2, 0x6, 0x0) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000) (async)
shutdown$auto(0x200000003, 0x2)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x300, 0x0) (async)
mmap$auto(0x0, 0x400008, 0xff09, 0x9b72, 0xffffffffffffffff, 0x8000) (async)
read$auto(0x3, 0x0, 0x80)
setsockopt$auto(r0, 0x1, 0x9, &(0x7f0000000000)='\'-+\x00\x10\xa4#\x92`\xdb\xafL\x0f\xfbUV\xa6KH]Cv\xbf\xf2a\v', 0xeb66) (async)
bind$auto(0x3, &(0x7f0000000140), 0x6c)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <15>
bisect: split chunk #0 of len 15 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m42s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [26, 27, 3, 8, 13, 6, 9, 30]
detailed listing:
executing program 0:
connect$auto(0x3, 0x0, 0x55)
r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/smaps_rollup\x00', 0x8000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
ioctl$auto_XFS_IOC_FREESP(0xffffffffffffffff, 0x4030580b, &(0x7f0000000080)={0x9, 0x6, 0x6, 0x2, 0x8})
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x2, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000007a80), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_MODULE_FW_FLASH_ACT(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2], 0x14}, 0x1, 0x0, 0x0, 0x90}, 0x40)
recvfrom$auto(r1, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = socket(0x2, 0x5, 0x0)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
read$auto_proc_pid_maps_operations_internal(r0, &(0x7f00000010c0)=""/4096, 0x1000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x200802, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_XFS_IOC_ALLOCSP64(0xffffffffffffffff, 0x40305824, &(0x7f0000000040)={0x8001, 0x7, 0x56ee, 0x7, 0x10001, <r4=>0x0})
fcntl$auto_F_GETOWNER_UIDS(r3, 0x11, r4)
msgget$auto(0xa, 0x0)
socket(0x1d, 0x2, 0x6)
getpeername$auto(0x3, 0xfffffffffffffffc, 0xfffffffffffffffe)
r5 = openat$auto_state_fops_(0xffffffffffffff9c, &(0x7f0000000900), 0x101002, 0x0)
read$auto_state_fops_(r5, &(0x7f0000000940)=""/19, 0x13)
socket(0x3, 0x3, 0x500000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0xff, 0x0, 0x1, 0x3}, 0xed7138c}, 0xb, 0x0)
r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8002, 0x0)
write$auto(r6, &(0x7f0000000100)='\t\nD\\\'\x02\x00\x0f;\xd1\t\xbe\b\xe8P\xd2#\xcb\x98p\x81\xe7\x82k\xde|P\xfc\xcb%\xd4\xc2\xe8\x16A\xed \xec7\xa7\x9f\x969\x92t\xc9\xe9J\x1d-X_\xa1\xff@\x88\xbfP\xe9\x91\x82R+N\xe5\x10\x87\x92j\x953\x94\x13\xc4`\xbf\xa0\'\xd5F\x1a\xa0lSQ\x00\x99\xcf\xea\x86\xc3J\x8aE\f*T\x9dn5w}\x17\x97\x92*,\xddn6\xc3\xa4\xbc_\x9a\x9c\xc8\x80\xa3\xb9\x9aQL\x1d\xae\x14Ycd\xc0\xcf,\xb5Z\xab\xac_\xd5e3P\x97\x10X\x7fB\x88\xe63\xca\x00\xcf\xd1\xe3\xce*6\x11\xcbmv\x86\x0eM\xe7\x90\xbb]\xf5\x0f\x00\xee\x8e\x00\x00\x00\x00\x00\x00\x008\x1f\x9a\xe3\xa0\x14\xac\xf2{\x94E;\xef\xd0\x80\x8an\v\x9b\xf4M\xf8\x02\xd2\xe9\xb1\x81\x8d@\r\xc7\x11/\xaa9\xbbl\xb7\x90__[r\\\x9e\xcc\xbe2nw\xac\x02(\xf9\x9ajI\x1c\x91\xd7\xc7\xbc\x15\x8d\x03q\xb9\xd5\xe1\xb2\xc6\x89\x93M\x7f\xaf\xa1\xb9g\f\xe4\xfcfA\x8b\xd0\xd7\x8f\xd8R\x90*\xa6\x8d\xf7\xe5\xb1`E\xb8J[\xa9N\xac\x9bg\xe4\xeegb\xcab\xd1\x10\xfe\xac\xca1XH\xde\xc4\x10l\xaa\x012\x80\xac', 0xce)
executing program 0:
open(&(0x7f0000000100)='./file0\x00', 0x440, 0x0) (async)
prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x80001)
lstat$auto(0x0, 0x0) (async)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x181400, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)=""/114, 0x72) (async)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x80102, 0x0)
socket(0x29, 0x6, 0x5) (async)
socket(0x28, 0xa, 0x0) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYRES16=0x0, @ANYBLOB="2f212abd7800fddbdf25210000"], 0x14}}, 0x4000000) (async)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) (async)
r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D1\x00', 0x1, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/fs/pipe-max-size\x00', 0x382, 0x0) (async)
write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) (async)
r3 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, 0x0, 0x200000, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x2, 0x15f4da0a, 0x1, 0x3, 0x300000000000000, 0x80000001, 0x7, 0x6d3c, 0x5, 0x2]}, 0x0)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f00000000c0), 0x100000, 0x0)
unshare$auto(0x40000080) (async)
mmap$auto(0x0, 0x20409, 0xdf, 0xeb1, r3, 0x8000000000008000)
close_range$auto(0x0, 0xfffffffffffff000, 0x0) (async)
mmap$auto(0x0, 0x2020009, 0x3b, 0xebf, 0xfffffffffffffffa, 0x3) (async)
r4 = socket(0xa, 0x801, 0x84)
setsockopt$auto(r4, 0x10000000084, 0x76, 0x0, 0x9c) (async)
setreuid$auto(0x0, 0x7) (async)
setreuid$auto(0x0, 0x0) (async)
open(&(0x7f0000000040)='./file0\x00', 0x6a640, 0x20) (async)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
executing program 0:
statmount$auto(0x0, &(0x7f0000000380)={0x8, 0xa, 0x1ff, 0xcc, 0x8, 0x4909b6f8, 0x1ffdf, 0x9, 0x9, 0x7, 0xa121, 0x3, 0x0, 0x8004, 0x3, 0xa, 0x2, 0x10001, 0x2, 0x100000000, 0xe, 0x7, 0x2100, 0x200, 0x0, 0x84, [0x4000000000, 0x8, 0x0, 0x50100000000000, 0xa, 0x4000002000, 0x0, 0x6, 0x70624ce7, 0xff, 0x4, 0xffffffffffffffff, 0x0, 0x80001, 0xb, 0x801, 0xffffffffffffbfff, 0xf31, 0xf7fffffffffffffe, 0x0, 0xffffffffffffffff, 0x800000000000007, 0x10000000004, 0x2000000000000000, 0x0, 0x4, 0x400000000005b8, 0xc, 0x0, 0x0, 0x8000000000000001, 0x6, 0xfffffffbfffffffc, 0x88e, 0x8000000000008, 0xfffffffffffffffb, 0x9, 0xa38, 0x6, 0x3, 0xffffffffffffffed, 0x8, 0x4000000000, 0x7]}, 0x1fe, 0xe)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x20081, 0x0)
write$auto(r0, &(0x7f0000000000)='/\x00'/18, 0x7fe)
executing program 6:
r0 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000002c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL802154_CMD_SET_CCA_MODE(r1, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000000)={0x28, r0, 0x101, 0x70bd2b, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x60040440}, 0x800)
r2 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_SET_TID_TO_LINK_MAPPING(r2, &(0x7f0000000a40)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000a00)={&(0x7f00000000c0)={0x914, r3, 0x100, 0x70bd29, 0x25dfdbfb, {}, [@NL80211_ATTR_STA_EXT_CAPABILITY={0xea, 0xac, "f2a5c38b2e7df35d998fb1f614d9b83b2afbaf264ebe4dbad834a5ebc898d1ba27182384f0578fbe677968d7195fd4810cd0100803a20581d4a6b1356d825782c1a5875e8524083e51022f6a1bf70def04333a032d4cf2da3d0968f156af721d2808a204f9afd4016ea62679a4384f3061e27a3d29042b2f1bfcd90d6ee749cb0c1811a7442094f6a95a1b4f1b48c712f13b01c3e506a55e5e919cc334fbe92287f6f63b8d7b68dd5a7465eb5aa4f2f74e6864b07a2cb0787e7bcd83e8f095b2ff85c72b7c6243a7102c47c73cf72f1895a38b11482dd8cbaac8e2f3d5203a5453202566c969"}, @NL80211_ATTR_4ADDR={0x5, 0x53, 0x3}, @NL80211_ATTR_IE_ASSOC_RESP={0x73e, 0x80, "5e856c603ecfcffc560bdc37f136b7317f8459065b82f3a5797fb951311cde4c48f6520f2064310e448ec769b50ef6e28bbf325272aff20ff1dbf1b49062a4efedf71b6a3f169b4c608a8399a657784f057ddbafc7f9b340813b2ba03d6ab617433b21c1f3251c72677fb9dc176347eadd3a559f39a0b9aa88f49438996a106b87c5ab8e40cde110edd0707d73e025d83ede9e77e97f4cbd0d3e9be1691c9c31c046640d35bc2701b6308ab9913ee87ffa40b4cb1b05c0a3844af97a7389323ba3ac27874acd2e2d0918e4b3cffb3abe5303f8e9ee5fc133856b15c9389b132b430e593080856cc7e610f63777b722355319a1bdfe3d4f3960465b4ef41cb29e8197ac202846126ad510cbb707b2070441398376effc0b464c950990357f41b60eb70e82d6415d6c0dd97fc15ddd6a84761f30d034552fc556219c6d1f8de3167533ef0cf9043d1a1b6f5386f561688e76fdf19f71bf9d7ad5b0c1dfc1034fb8ea2efda052bbd996f1682dd163c899330ba1d5b173ea3af52aa2a9b58b3db10638971389442569517c421bac5c1e5a68fa452d24f617e740e46edd418d7be4c8ddbfb345281eecce158fff4068c7a2c03aff98663ca0d71f0fa535bdf4956c3471d47dbd330c5c6f16a173021c7883e20fa41aceadc472667d3979c62e0d243ee9831ff4c3fccda87d51782ddbe0df33bf3ab8b34bd0a0b48ef90131383b9d29dab2783359c1724b2282cd514430a92d075ff1218514a1b75ccc5f341cb82d33b5b9b8ff4472e5fcdbfe948e5760fca4f9b5c73aca9e7d549b266f224d6f26975c42caf8b3272a5000ab74bd9386564cf8751ea83089f84a534341812ce1d1c613e35d306f41bcf386b1e7b3157935ce3c4334592345615215abba5fed4215e1295eb0f516a4f97e84f20c5fc3821f3cc56bea853936345a2c6df6ac0e000e476016af6d3a926448cb6808839905cbe945b86e7a3edc5e6e0a41303dab1edfe6fc5cc18c8b58123f9ec8824c203c7f496fc774b75eecb7e463aad90c6c2de30aa7bb325b9c8ed45f37eeb6eda754e6631d88fa08740fbadbe71832e14a7712a07a2348ee6f73d156e518b3937021ba97698e7d93381965f6961cfc41db776c4dda2ee63ceeb442aacf417f2f2f56768036ada3a65e05a66a68f0c8cd296a8b40b253e548bf37666465915de6da6fa479b1feffc83503618a965bfa69da4525d7e4a59547ef43f3cd5b1ffb493433e6120097594d2c7a87088990421c32572f43864bc60b9a80b16e2c956d173d57c78c015a2fe54a45694fa0215f2beca6989570b577e38a765050ca80f4ec0e778e844551b5212dd80d3af88d47ca86e8beb6174359c036187250d7371294064452eb87d10d3476c64e3ce1477e0e89d243b8e18251b8ddc73e33277f56362bc796de4fd5df297383cfb8ce142f44698c1cc322d0cd232761ddd06be7599ba9ed384c9f128a848e4792e0fc1bd6a728dc552c6ce74cb19f95897b98091e19b95e597cf1f5fd9300601abfe44908ae3c5494600456a266a22bae23bbe01ea3ad099e4b7b6b07311860ebf45d66c2962177987e2b2931598aa84e840d63ad3e9984732c36d5c61b5b90fa5099ba53170161669bccb8979dbf117762071d1e9a7d2efb29f84e8691aa18d54d959bb7ba8763ef24cfcb53e20d759569fb14def3b242f3910b8f5da86c82c1a4930b0220cedf3da268a3812562e9cc93ecdf405d43bbb7fbf94c9d7c06976b88fb9197ffd61c267c4a38c723d96f45d22eeea74290a90e0923cb088aef11216ba01d2b6536390ef6f4ff431abbd7cc9b20d798c84a3475627c914b0cff85cfe7119b2404ba89d334a8619e16dda08630a97f67f6e4a826c4f3e09faa9e567aed2672168a479d69013723509921d4c052ad9b36b00222b7b1e8ff5f16765d07953ceec1691bbfa9186fc35977a4eab7d10d11f933b7dc0f020da9bc6a73f09ee5a00aa588b506d14e5a1c11b5cf9e3aca9119e9836d77e29d49705ff6a3657cdf53cfea4805096eae7cde9646c8107d3adef382912a2bdca022cf9488e56eff2cc5f57eb838d71ad736a0d64ceb60501cc48f543754b4f23e3ac1f0ae9fe9f155232ffc72b472ff3e47bf5738fdb806971d68a9d4569da928d6791d116943bfe5f48e1a93e8293e7fbe9baf93004062ebec950a3addc5be5447aa2070f3c812c52868a11fb108ea8da6d551822472d5a61f232f2a490c745b06b69515dc2cdc6877278df1c82860074744997c71dd89a16c7da84151dd7cb8d6174dc31df18d8f67dddf9f3c1fe6da82b6228678532d727c95896b56530c492bf947e7bf36cbb4ece3b9210f0d087be9595a5bfffd6b36eebf245fe70f82c24358af1216ea5d1e1399c826d802d7e6f4ebd70221528937bf71739851a355e9198410afa7b404dba1a189a409c3aa08c953281e3134f20d907233183dac0350adfcbc32dde6b0ead718a65598ba50bef7d15fb0c0164cf87342c97aa0af9cf78ccd510151d3059c33d423303746c178f4295c2a86ffadbafad281ccd6dcba490e1b431c16c2e5f5f7efb5d8191a6726f7c9cf835abf5cffa568c5e4db6804e4d9435258198ffad138b6"}, @NL80211_ATTR_STA_SUPPORTED_CHANNELS={0xc2, 0xbd, "93cdda6f8421fe0b561f691e9ad73184d34fce888e93482abf98e3de7b60d370b81a32089bea8cae6600a62ad4b181626bcdc2220c473b3e0da19a43f42a88b4aaca0f25884567753354d99dc935d1fc5b8804f9b179ea92a8054a6bfc5010b9e694f1d1e6d73d0bb94949ca4990b4c0e653024d5f28e7c52581da8e57fbbcc4ac73fbb5995e8512ec9ad4418118c5b7b185bd9c0ecf19931735fbe91e0efa5e6dbfb28cd117b04204c19b14cd7b579a2e56c702163cf6a0c85e8bce840f"}, @NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x3}]}, 0x914}, 0x1, 0x0, 0x0, 0x4000000}, 0x24000000)
sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x18, r3, 0x300, 0x70bd27, 0x25dfdbfd, {}, [@NL80211_ATTR_MLO_SUPPORT={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x14}, 0x4000c40)
executing program 6:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xc, 0x800008000)
close_range$auto(0x2, 0x8, 0x0) (async)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x2, 0x88) (async)
r0 = socket(0xa, 0x2, 0x88)
fanotify_init$auto(0x5, 0x0)
fanotify_mark$auto(r0, 0x205, 0xa, 0x4, 0x0)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) (async)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0)
ioctl$auto(0x3, 0x541b, 0x10000000000402)
executing program 2:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/lapb0/carrier_changes\x00', 0xc2481, 0x0)
write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop5\x00', 0x208080, 0x0)
getxattrat$auto(0xffffffffffffffff, 0x0, 0x4000001, 0x0, 0x0, 0xbb1)
r1 = openat$auto_bsg_fops_bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg/1:0:0:0\x00', 0x208002, 0x0)
ioctl$auto_SG_GET_RESERVED_SIZE(r1, 0x401870cb, 0x0)
executing program 1:
r0 = socket(0x1a, 0x80000, 0x8005)
socket(0x2, 0x6, 0x0) (async)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000) (async)
shutdown$auto(0x200000003, 0x2)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x300, 0x0) (async)
mmap$auto(0x0, 0x400008, 0xff09, 0x9b72, 0xffffffffffffffff, 0x8000) (async)
read$auto(0x3, 0x0, 0x80)
setsockopt$auto(r0, 0x1, 0x9, &(0x7f0000000000)='\'-+\x00\x10\xa4#\x92`\xdb\xafL\x0f\xfbUV\xa6KH]Cv\xbf\xf2a\v', 0xeb66) (async)
bind$auto(0x3, &(0x7f0000000140), 0x6c)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=1m42s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [27, 2, 15, 30, 17, 17, 6, 29, 30]
detailed listing:
executing program 5:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async)
unshare$auto(0x40000080) (async)
timer_settime$auto(0xd, 0x8, &(0x7f0000000640)={{0x344, 0x80000000}, {0xc4c5, 0x8}}, 0x0) (async)
r0 = openat$dir(0xffffffffffffff9c, 0x0, 0xc40a41, 0x78)
dup2$auto(r0, r0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
getpeername$auto(0x3, 0x0, 0x0) (async)
mmap$auto(0x2, 0x9, 0xb0e, 0x14, r0, 0xfff) (async, rerun: 64)
unshare$auto(0x40000080) (async, rerun: 64)
ioctl$auto(0x3, 0x80084d17, 0x38) (async)
r1 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x460f, 0x0) (async)
recvmmsg$auto(r0, 0x0, 0x1, 0xffffffff, &(0x7f0000000380)={0xa, 0x4}) (async, rerun: 64)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="17000000", @ANYBLOB='v\x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) (async, rerun: 64)
r2 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8) (async)
r3 = openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/ieee80211/phy0/aql_txq_limit\x00', 0x121c01, 0x0)
write$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(r3, 0x0, 0x0) (async)
r4 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x20081, 0x0) (async)
r5 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000000), 0xc0040, 0x0)
ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f00000000c0)={0x1, "e6c26c22ab89af11056b0001ac097e0a0728d9300000c500"}) (async)
ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000000)={0xdc, "bbb5ce66e24cce7eea982cab480b47beebef0d74884dc693a7ad9cbdbda6070f", @inferred=r3})
write$auto(r4, &(0x7f0000000140)='/dt0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00+0q;\xbb\xea5.\xadX\xb9QW\x04\xcd\xef\xaf\xad \x90\x8f\xee\xb4\x8c\x1c;\xf0TL\x1a\x1f\xb5\x93\xb9P\x06\xae\xb8\xc1s\x88\x1c\xb1o\x04\x00\x00\x00\x8dW\xf9\xef\xdf\xc78\xb1\x1f\x19Y\x8fi}\x1d#\x16*\xd0\x85e\x05D\xd1w\x1b\xe5g\xf4\x92^[2\x971N\xf8\x97d@\x13\x8eE{\xa5\xda\x160\xc9\x94|I\xb7\x91 dS\xeec\xda\xa2V\x1e\x1aN\xf6\xac/\xb8\xbc\fO\xaa\xc8\xa7\xa5\xd5\xa7I\xf9\xaau\xb5\xfa\x94\xec\xb5\x81\xf6\xdc\x1aN\x89\xe5\x11\x880\xef\x14N\x95HZD|\xfc\t\x8d,u(\x16g\x88\xc6\xd3\xb4ZR\x1c\x15\x95g[\xd3\xe8 \xa1\x92\x92\xff\x1b\xf8&\xf4\xfd3\xe9\xa3\xc9\xb3%\xb7\'\xear\xfbS\xf9\x81\xcd\xb0\xd2)\xd6\xf62\xe5\x8e\x9a7k\x9d>0\x06\xeeS\x8a\xe9\xfe\x88\xa2Z\xb8#\x87\xda\x19]F\xec?\xce\xb1\x17%\x86\xbbV3M\xba\xb1P\xbd?\x1e\x12`\"\x82\x1b\x16\xde\xe7\x17A1^c6\xdd\xff\x84=\x00`\xe0\xf2\x85\xc8}\xe3\xa9\xe1\x1b\xe1\xcc\xae<O\x8c\xfd\xa1%\xbf\xe6\xf4', 0x7fe) (async)
acct$auto(&(0x7f0000000080)='/dev/input/event2\x00') (async, rerun: 64)
r6 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/002/001\x00', 0xa901, 0x0) (rerun: 64)
ioctl$auto(r6, 0x41045508, r6)
executing program 5:
r0 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0)
write$auto_fuse_dev_operations_fuse_i(r0, &(0x7f0000000440)="11000000030000000000000000000000f4", 0x11)
executing program 5:
mmap$auto(0xac, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mlockall$auto(0x7)
set_mempolicy$auto(0x2005, &(0x7f0000000080)=0x87e, 0x4)
mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000)
open(0x0, 0x22240, 0x55)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/module/rcutree/parameters/rcu_resched_ns\x00', 0x88282, 0x0)
connect$auto(0x3, 0x0, 0x55)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
openat$auto_severities_coverage_fops_severity(0xffffffffffffff9c, 0x0, 0x189041, 0x0)
select$auto(0x804, 0x0, 0x0, 0x0, 0x0)
r0 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/numa_maps\x00', 0x20000, 0x0)
read$auto_proc_sessionid_operations_base(r0, &(0x7f00000000c0)=""/4096, 0x1000)
executing program 5:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r1, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, 0x0, 0x20004000)
close_range$auto(r1, r1, 0xd95)
connect$auto(0x3, &(0x7f0000000080)=@nl=@unspec, 0x20000054)
getsockopt$auto_SO_TXTIME(r1, 0x809, 0x3d, 0x0, 0x0)
syz_clone(0x80022000, &(0x7f0000000300)="2ef8cdcd3c2f291d04", 0x9, &(0x7f0000000380), 0x0, 0x0)
syz_genetlink_get_family_id$auto_ovs_meter(0x0, r1)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x155)
socket(0x10, 0x2, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, 0x0, 0x4)
tkill$auto(0x1, 0x7)
keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x0, 0x0, 0x0, 0x48eafc79)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES16=r1], 0x1ac}}, 0x40000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd14/queue/nomerges\x00', 0x80000, 0x0)
sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x4000023}, 0x4008098)
read$auto(r3, 0x0, 0x9)
executing program 5:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
socket(0x29, 0x5, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/v4l-subdev2\x00', 0x80000, 0x0)
r1 = socket(0xa, 0x2, 0x3a)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x2, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/bdi/43:320/uevent\x00', 0x0, 0x0)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
socket(0x11, 0x80003, 0x300)
socket(0xa, 0x801, 0x106)
setsockopt$auto(r1, 0x29, 0x4b, 0x0, 0x10000110)
ioctl$auto_SG_GET_RESERVED_SIZE(r0, 0x2272, &(0x7f0000000000)="fa3b12811e1ad7a84755ece9710dbb767aec3a0870ae90f8292fbd8dd451126ff4cfdb7488f7722f39157b8b8cc0df74bcdb20895381a2b6dfe0eab3f77e6742e278ac1e6b5e2090e04f365b40c02b07a564c99d0b35c9a2f1266bf209dd8f1043ec727d66f59e7a9b3f78eba00a92bc25c33752b59ec714abc941670bfb46ea7b65858f3f809a0b653f399b3c49285331a626e76dd7886905c2ceee664246dc15d9261732490887a3eacd6b818b613b76c3d80826fbf34822c9b8ccf3d5cea0fd2b3ebd84a4c317b032e797b036255d55eb901a451c70911168f2d9381db2d446ab14")
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
setitimer$auto(0x200, 0x0, 0x0)
executing program 34:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
socket(0x29, 0x5, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/v4l-subdev2\x00', 0x80000, 0x0)
r1 = socket(0xa, 0x2, 0x3a)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x2, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/bdi/43:320/uevent\x00', 0x0, 0x0)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
socket(0x11, 0x80003, 0x300)
socket(0xa, 0x801, 0x106)
setsockopt$auto(r1, 0x29, 0x4b, 0x0, 0x10000110)
ioctl$auto_SG_GET_RESERVED_SIZE(r0, 0x2272, &(0x7f0000000000)="fa3b12811e1ad7a84755ece9710dbb767aec3a0870ae90f8292fbd8dd451126ff4cfdb7488f7722f39157b8b8cc0df74bcdb20895381a2b6dfe0eab3f77e6742e278ac1e6b5e2090e04f365b40c02b07a564c99d0b35c9a2f1266bf209dd8f1043ec727d66f59e7a9b3f78eba00a92bc25c33752b59ec714abc941670bfb46ea7b65858f3f809a0b653f399b3c49285331a626e76dd7886905c2ceee664246dc15d9261732490887a3eacd6b818b613b76c3d80826fbf34822c9b8ccf3d5cea0fd2b3ebd84a4c317b032e797b036255d55eb901a451c70911168f2d9381db2d446ab14")
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
setitimer$auto(0x200, 0x0, 0x0)
executing program 0:
mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000)
r0 = io_uring_setup$auto(0x6, 0x0)
r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0xa101, 0x0)
r2 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000080), r0)
sendmsg$auto_OVS_VPORT_CMD_NEW(r0, &(0x7f0000001300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000012c0)={&(0x7f00000000c0)={0x1200, r2, 0x100, 0x70bd25, 0x25dfdbfb, {}, [@OVS_VPORT_ATTR_PORT_NO={0x8, 0x1, 0x5}, @OVS_VPORT_ATTR_UPCALL_STATS={0x11dc, 0xa, 0x0, 0x1, [@nested={0x101, 0x65, 0x0, 0x1, [@generic="c0e38807e656e8311d36ca01f4c5ac33", @generic="2ce8e17a97deb7a02b81dab5b682d386bd394b8be1e174a441b9c95071e2d889b30765354242e598a89065f24ba1c0b81fdbc61453d1e767295064886c109d16ea8849a0ede4158d3ce5e76c56b10e82957d2284a5406007d4e5a1fefe9faf6aaa0d8131bdc9cfc91d2fedbf72f9e0247d5eaadab6fe41b1c69345e98e4319b15da72b0b9ac554a018e708beb4686d510187b30c5b50f7ebda146533d06aedb3e61d6c8492c8346e0fe5750f453a3b82675ebb5fbbf881721d6f56dfa554fa32689bc8f3e5b320b6b1ab76b76170a15c35ca98b07ae59d79a62dfade40e253209c6e56478258e5d58eae516457"]}, @generic="fd509107789b61f62816407ddd1e622c3f60f7e9c97187901862cd20e1825cf978e33190328a125f970f6861373e6258ad74cce461930f133d1d89720d78c8e2a0aba764ccfe418c204043ac203f38ce0c9340679f72d0360fdadbdd45abbe66314e36c2a2dc1fc80c9e62da269235d09368c3f92a8d263d34a4db3e6925c87d9639ebd64107139fd90d25c16b239de742a38537542e3c79c25ca76f950ef3b7a2fa9aae23786929efca0d19584c7a57bbed7efc77bba5b01baa15b25a853578621fa2ab00343191d0c76c6d1f2a9672797ba2253a682069f3f998b183a8779c53914dce9378e5f412da96a11ea81d9bddb4a31e6104b02d2aae3061e931cc9c7265523e98310abc1bc68a345139dd6e1f87ff5f9ef2d1808ddbceba6d13a204be16c1dee92c118e2d66cb13ec4fcdb866f061e10c1ce8911a95df9b96ff135ab5813e322043685b5e6d9dc8f4991dcf3f9bb6aad3d46afb9ce123cbb40696210029ca0b6894387c6a8cabc8092e8d38fd0f05d7ee24b7d47e8f72e89860dec1b275dc673be35677ae167d64f1718bfdc0d91f837fd16d05ea7acddee047eab23a148aec61a493c4e5d3f9be591e5794a4870f27ea0960d580a1d88fafd66ffefcfb4e85d15d5da3afba59805c680766362cee6cc82f22f004caa790eb7dd4712878bc53eccead0af73712490e2bd3833719e6ede67a81a4a97b48e7a2a65b29f62dab8ef8766ae4fe959ce348079d502f3b99c14d7ea71a0256010c9cb0f53d2a1708717d0d48b126e2d6012309db96ea7236778f95a3c8ef9d082849b6e87e334b8eda883a17c7d1fce9ff3804565bdc0e6713c1cf95ccb331541d00f92e1a20d1a22f4634cb9211dd5e00ea1632d581f713937cf02450de37ad8d4b6628051b2fa0386200834ee4e6f1a927fbb88b357e593efb4bf7949537898addba532ca9673eeb81c15e8e452e26ee1e1916f6467b7b2a5f31dba29fc1b13f6a188488e2db4ab2040ad16d74e27cff22e5a70267bff47813f79b91488af9c3a625e59ea021022f74dbcffcfe298b13b389641715adaf1082284770669fa6a85702e2767dd2c70a664fa3706eb694a1341cfd16177429234a9e26858e1348f6697d7f0070d1e79af67f0f77e16ec4213632226eb8cc3d43da9d763baabe9359aa9ba52f283740c9f07589b5a3853e26d16651c532d66aefdf39684276015dd33004a1c9c12f4cff44cb8cb0923d66a556de684da21f30402117b5596ee097cc138d1bf1ec42d5fcc08d7e51b7aa4b9add181f8ef67d11ac554a919de3c38287a93a556e0d73b17a8263a6550133ff7e24fa8992c7601211c0ecbcfb6f69f9daf5b43a16201086e4bf98ad452f4a89bb6df7508297e8b338d6bbde4ffce7cb155f00a6597743272f5b696f49a8c5eeea353223a577bfa58101e1e1ba76cc086c5b9d3b9f2b9f9a11b515ec2d435f5d00c6af9687fe8cf9b213c725241247454377a31bfa1265fafb81a741d540e794a45e71e4b52c5f3eafca1970134289feaf9e0ba34ae77420291187a76e73bd08a2857d1edd480e252744711a3231ec6de1cc2c8f48f2dd6462664a1d67d712e5a6dace55d0055bf19a7debe58e07944a02564c1b9264ab91ad4d69c8db3b44e1bad5ef23056322b9659164566defbfd29451c59752da84589ae76c126299ccc2ba8c0096327c75877249172f5987565000775215a9646a8f58468c7fced8ce6ae4f1288abb0d33a402d4e4e88c7ddcd8d52195fd6bb1372115385909c236ed90f210188cdcd7d182227b53fd05803250cca4895ecc0db5ab2643606f27e89dba26857194811ba7caf94291b78beff59fc8184b377963483efebce5349a068e4668291ea582b906dd0df31c39896039ab3bca430f85d72f8eb28b99156f3dcd9db2380322b8f89785a25158f70e0d19665fa467f49baf10198b76e8e288e9c58da1fdca43a7bd1c01ae018dd0ab7a1f094f2459cfc5a2ecf5e71a8d63c7fdcbb5803578bbd45ea1ee6b4bc4a5739ace9e8c557b1e4b3ca3ecaadb1b1afaf32ee6a3fba38ac928447438d350af8864f79ff3bf2ec95861c974cc3ed6c7c297eefca7dfe09fb7c894aab070fce5edae709b7e720c1976fee33065905335a036c876b6ed4124f3e9c3e47760caf7ed86b8753a2d65869a4f884b048521a8ff3880b074c72e1c262d1fc76b12ff5bdf90e278b0dbc087b592a18c8992f0d7e6d678b00dbf68cdcf62168015b99b353081d1a3a669cf771dc6e13639766265e14f4e24e06dede986447cb190946d548b3b453af84f74a34e5892a83bb73e863b6e6b192d0e3aeff228a9c22d529c0cf4cf2f09044519c4560cb7178255426210930fc467c0080ffb24e19cbf008ba0a550fc7b548bd8c2a2497fcafff2f3321831a271230a7458675a61ca301bf54e4be6610fb3d08aeb7da78ca7da82f1b7869b4a9e7ac114ffceb35263f2b72465cf57e1f052f3fb7204625942f81a39d72032902b716d95127d99b849c2c9e7c1255f095dc87b8593ff78415dcce4722d90ba4973013ac398030fd7fb951bb57b3056898028c6ddd88090bc780df791cd34adfac76ad8667c95e837a4606d7b7d54c3af4dd2a3bdd47f07832cb96fc25e6b1e12c4b3bef5ab4fee4803b18c7468e614a01bc969ccbaf63cf0a3f4f003943c29f66cbf69e4f5bef5238ceacc6fca75300d33327846b4523b67a77f128637138215973223eb9b7e5ceac50a9f8eccc24a3e4a8fabcf8de72bb393285915fadd73edaeb458ae91bb39ce211c58ea013f329802168bfe10077773ed4119fe7d371074030d7d1432a89aa83ba867529d32a6a499c2d390daa1bba93a7e7f1beb629b0d6225caaecfd1a550c58dbcc0ac72efd01c81ec8ce14f21856224dde3e2b45445ad586b064ebb44ec79311c93fb9188593c3230041bfacc84a3396be377121e523060086694a1143b6de909dd7f7ca449783977f2dd7a79199c35b4a31bb41d3a653b13c7b0bd42ecfb8c8366b0e423934cf119458ffbd83a4c89d33573a066c414e2f785f2e716035bb5f44ce3241fa2a64880f199886081ad1edba356a0eee01af39a45161669bc7c601a47b7b8e526bc00029a08625f93233c6d04701b116f1fb87c9555d263dd442795aea13523aee6fe28fcfce94de109d95ade256faa4cc511517af138b03aa13fde25f24d671a794827426a3e60b22b91ebca6330426a0c59cbe38cff8257693a0920c13c5e1662edfe8d5118507050b881eed9de1461f426f545f33cb0ebb67e192c2ec91664f87ee35684f648ebc7fb22d41996dc26d4fe472fd3cf4c30765b5dd0b3cff30fa5235b7b6af7fb57338722e1fdb10ccfbae6cf896f7632c2db661c75c97abd7a02e1c0a6c728fea0b8dfffb0f76a2d969587b5b2489fd3d3cf683e4f66c929e7ecdbbfd00582a38f105347c180911fe60c7faefc8782bf04e21b9958f719503cb2bdb06fc41e9a9575ec2378b3d5caa9da7af6adeaf7ab6345b0b0d5eb84bb2d388884378b91c206d1352b29ebcb2c906d50e21ebaf20ddaccd6492454567dde7e3d5805cc2ca058b9b3c615387563fe4d9c33c3c0c72825bdca1fb78dae6f8cf9b82959cab8b3167fc25003fd352a0dcbba9c8f488ae7728da8a2822e0b7617777f25054d6bb09e2dcf7c97643f3d1971769215ff1e9f84942f4ebf06c03a75e9a78f21d18e7887aef67749324edc553570d22a4c1048c0e5ef48cf53ed822950a772b0d890fc95e7b949ff2a1dc06bd26de80f620b1578d2d572fa4280c46ac9c58bd1ac1523760c3a4bb661841c5a47f54254711abd11781a30c73d24da971f84728c77009b5c3a96beb40c1554b677c585602c070a9521f952d35cd668179bf3c086a9c232f7ed19e524765149d010300d761ea2951ebcc6810e4d0a6dd3d8ee417ca61b73baf8a8799fc5423698d119826e1b35e81db8d4fb7dce1e9b1fff4f373c25205b4c612acf90d39f1d8e45764d7f2c2e95f73e1571f23921e3100cf3b69879966cf04be787c8f2d9573b28c8f9163efea551dd0bf56fe4cb5ab66199b8fd535fd0ca157ff9b2f0482a47cfb58b1c2153e6e2c2b816388691653e4333fd24429d81987866de21ad684f775046ed65ec897cb31300e678c84081b8e9b6c46c05abf7dc73f4a98c901ea7986910f45ea1f84599d26a0aff855594c17ea270ac4c6c71f1999bfb2e794af4957dee0de202aac377c3570c882fca8f5697386c4d892ba8c27421a94a3d8a6dfe9e50a508257c9501602b684beea03936acd00013f9c231a571048701a06df17a5387ebc9fe662056d5920071b9157fe9568188478cb5ca5e09dc4cae5398c77599f5fd2134d084a1fd1200ba158fcc5617c9add910ee35672d693e5cbd66b15160ef11718b867039c7940cdb1e70b7d67980cdc643de565f04a4212ee547caa753955c79c47c858d953537876060d524fff80e56d4d46a66a412bb146db09f30f9e0c346af290f0e401be80d2d247fc6f6754b3ad09d27aa8290984ab80559f32f7bcbc38ba42f8b0bc2b4b04ccb949040f831c5ed197ff39049b43d4d61abc93150ccbdbd942c56e0e16a4f1cfb73443cf09fe673ff40ab310c5636a6ef3562c48047ce589ea37a98e61becca02f537c32a22511d48f3a23bace2cad00afa802bee24722db7d3aabfa2cbc5267a0410fec51462ca9ac35aed94470d860dccf6aedce2b44f974bec575cafa985bcb062695a7ca6e366c871bae236770c5e60dd872540cc7ba60df22dae788c662b398a3fa26bb78dfe4069e24034d11e550888effbefe9fb2cfb0f330022ef4c8067caf68ad2819a20c9e6b865c50b267eee1a9b4c773a846acca87b1505f53651c1ab23b0793cdd1c1a5af6c7e3dbe68560a88ef08c8a3976ee05b678007c1612bcbb8ce8791f235b6f440b0574a5f977126345cb155219d3fb42aba7813aceb29feffc2f740f5a3f2ca5bcbf0317b76b72c38b29558c70efb254ac17851e7728a81e1888ec4d7a507a176f4173ac0a719a5e47b889c34a63e2c50d46ab671f64cc79239c9b71de9fa86c45bbd0440f1a0f82ff0ca7170d8e1286b1f91c76d71664632f1b296bdff759bf0e01a6ed34f3ba4fb30f62a1227968289d222e241845940cad88383a8eac4b7ff6b5b019f957a68c122a6b6a1dad5516fce2b2ede79d3e5f0a78437b9fc68a05eb80ae758814f600c0f3ac07521fc1c6f8b920db9af3d406e449258829bad1f912b972c35be8a2219a342104c34e55e1ef02a3024b9e5bd9285cb6cf698fd5f3a9d7a7e5c4e0b90f51e9613e9ca8e9047a438dd505ce9c125b5421ea278339a05467bbefea6ee399cfc0762339694d6dc0a5cc303c37316938d6642629979a35e444623d24d11bd89ae44c78f1aadc86d924f2bf779e02da57797e77ddca57730ec183f8c9cb2efec9f05958050bf5894daf0aed40835e4c729ff31a164d3944930730c2660c7928e476ea82098372f2a629ed70f0292a7e79d66180ea151ba4d57fecff2f13c6c0fbd2fa66f161560b21c27ad693fe68a552268d3605e10742aa43ef39fbb394ed3bec2c9313eab3e1619b2934313877605a3c9a8f6d1a907ba92f302c39fbd15b2b2515a12e36acffa88a46d8ef9572e2c406ecaf0304b7372223d3c25754274bd51745b2fb659f09f3cbc7f4662babb09a246afc5e658fa26a3f4eb453f4e9375ed38fa654f32cb4b65a5df141ab19074948fc544054c34334a481b3b59ce0c059c5619d9d189c50aee4c1784fe08da8c013046fd460", @nested={0x8, 0x12b, 0x0, 0x1, [@typed={0x4, 0x93}]}, @typed={0xcb, 0x12a, 0x0, 0x0, @binary="c258b346ea75c82b630ac9a1e55c1825a7ea0f2a92b0d0c464d3849ae13419d5f8e28a887137039aace3cddb28ea80e70c64fb8ce95c9643d9059ace9cc6f20689f0a38068b2fa3d9ac41867b83cc6bac74f5f17c30865570c8a6caac1e207895e27ec882a70bddebd09d6432d9ed8534972ce077ee3645fa34d7ab6a3b458a33f309522850d30710a5c581ab41ad510bb5f95b431c31993e479856a8a89a2414f085c2c6ba4462bbd1b1f2c885b8a1ae8a828fbce80845cb86126ed3e6e281db9d9e3cdb43b6b"}]}, @OVS_VPORT_ATTR_PORT_NO={0x8, 0x1, 0x6}]}, 0x1200}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000001)
ioctl$auto(r1, 0x802c550a, 0x1)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000001f00), 0xffffffffffffffff)
sendmsg$auto_TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000003a80)={0x0, 0x0, &(0x7f0000003a40)={&(0x7f0000001f80)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002abd7000fbdbdf2503000100"/30], 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x24040004)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/netfilter/nfnetlink_queue\x00', 0x101000, 0x0)
socket(0x10, 0x2, 0x0)
r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vbi30\x00', 0x0, 0x0)
read$auto_v4l2_fops_v4l2_dev(r2, &(0x7f0000000080)=""/27, 0x1b)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0xa, 0x0)
io_uring_setup$auto(0x8, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x300, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/swradio4\x00', 0xa82, 0x0)
process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x2000)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
socketpair$auto(0x1, 0x0, 0x1, 0x0)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x301100, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0)
r5 = socket(0x10, 0x2, 0x0)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
sendmmsg$auto(r5, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
ioctl$auto(0x3, 0xae41, r4)
ioctl$auto_KVM_CREATE_VM(r3, 0x9000aecf, 0x0)
r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r0)
sendmsg$auto_NL80211_CMD_GET_KEY(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, r6, 0x200, 0x70bd2a, 0x25dfdbff, {}, [@NL80211_ATTR_COLOR_CHANGE_COUNT={0x5, 0x12f, 0x3}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6}, @NL80211_ATTR_USE_RRM={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x4004}, 0x400c045)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program crashed: WARNING: ODEBUG bug in hci_release_dev
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <8>
bisect: split chunk #0 of len 8 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m41s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [17, 17, 6, 29, 30]
detailed listing:
executing program 5:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
socket(0x29, 0x5, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/v4l-subdev2\x00', 0x80000, 0x0)
r1 = socket(0xa, 0x2, 0x3a)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x2, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/bdi/43:320/uevent\x00', 0x0, 0x0)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
socket(0x11, 0x80003, 0x300)
socket(0xa, 0x801, 0x106)
setsockopt$auto(r1, 0x29, 0x4b, 0x0, 0x10000110)
ioctl$auto_SG_GET_RESERVED_SIZE(r0, 0x2272, &(0x7f0000000000)="fa3b12811e1ad7a84755ece9710dbb767aec3a0870ae90f8292fbd8dd451126ff4cfdb7488f7722f39157b8b8cc0df74bcdb20895381a2b6dfe0eab3f77e6742e278ac1e6b5e2090e04f365b40c02b07a564c99d0b35c9a2f1266bf209dd8f1043ec727d66f59e7a9b3f78eba00a92bc25c33752b59ec714abc941670bfb46ea7b65858f3f809a0b653f399b3c49285331a626e76dd7886905c2ceee664246dc15d9261732490887a3eacd6b818b613b76c3d80826fbf34822c9b8ccf3d5cea0fd2b3ebd84a4c317b032e797b036255d55eb901a451c70911168f2d9381db2d446ab14")
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
setitimer$auto(0x200, 0x0, 0x0)
executing program 34:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
socket(0x29, 0x5, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/v4l-subdev2\x00', 0x80000, 0x0)
r1 = socket(0xa, 0x2, 0x3a)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x2, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/bdi/43:320/uevent\x00', 0x0, 0x0)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
socket(0x11, 0x80003, 0x300)
socket(0xa, 0x801, 0x106)
setsockopt$auto(r1, 0x29, 0x4b, 0x0, 0x10000110)
ioctl$auto_SG_GET_RESERVED_SIZE(r0, 0x2272, &(0x7f0000000000)="fa3b12811e1ad7a84755ece9710dbb767aec3a0870ae90f8292fbd8dd451126ff4cfdb7488f7722f39157b8b8cc0df74bcdb20895381a2b6dfe0eab3f77e6742e278ac1e6b5e2090e04f365b40c02b07a564c99d0b35c9a2f1266bf209dd8f1043ec727d66f59e7a9b3f78eba00a92bc25c33752b59ec714abc941670bfb46ea7b65858f3f809a0b653f399b3c49285331a626e76dd7886905c2ceee664246dc15d9261732490887a3eacd6b818b613b76c3d80826fbf34822c9b8ccf3d5cea0fd2b3ebd84a4c317b032e797b036255d55eb901a451c70911168f2d9381db2d446ab14")
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
setitimer$auto(0x200, 0x0, 0x0)
executing program 0:
mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000)
r0 = io_uring_setup$auto(0x6, 0x0)
r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0xa101, 0x0)
r2 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000080), r0)
sendmsg$auto_OVS_VPORT_CMD_NEW(r0, &(0x7f0000001300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000012c0)={&(0x7f00000000c0)={0x1200, r2, 0x100, 0x70bd25, 0x25dfdbfb, {}, [@OVS_VPORT_ATTR_PORT_NO={0x8, 0x1, 0x5}, @OVS_VPORT_ATTR_UPCALL_STATS={0x11dc, 0xa, 0x0, 0x1, [@nested={0x101, 0x65, 0x0, 0x1, [@generic="c0e38807e656e8311d36ca01f4c5ac33", @generic="2ce8e17a97deb7a02b81dab5b682d386bd394b8be1e174a441b9c95071e2d889b30765354242e598a89065f24ba1c0b81fdbc61453d1e767295064886c109d16ea8849a0ede4158d3ce5e76c56b10e82957d2284a5406007d4e5a1fefe9faf6aaa0d8131bdc9cfc91d2fedbf72f9e0247d5eaadab6fe41b1c69345e98e4319b15da72b0b9ac554a018e708beb4686d510187b30c5b50f7ebda146533d06aedb3e61d6c8492c8346e0fe5750f453a3b82675ebb5fbbf881721d6f56dfa554fa32689bc8f3e5b320b6b1ab76b76170a15c35ca98b07ae59d79a62dfade40e253209c6e56478258e5d58eae516457"]}, @generic="fd509107789b61f62816407ddd1e622c3f60f7e9c97187901862cd20e1825cf978e33190328a125f970f6861373e6258ad74cce461930f133d1d89720d78c8e2a0aba764ccfe418c204043ac203f38ce0c9340679f72d0360fdadbdd45abbe66314e36c2a2dc1fc80c9e62da269235d09368c3f92a8d263d34a4db3e6925c87d9639ebd64107139fd90d25c16b239de742a38537542e3c79c25ca76f950ef3b7a2fa9aae23786929efca0d19584c7a57bbed7efc77bba5b01baa15b25a853578621fa2ab00343191d0c76c6d1f2a9672797ba2253a682069f3f998b183a8779c53914dce9378e5f412da96a11ea81d9bddb4a31e6104b02d2aae3061e931cc9c7265523e98310abc1bc68a345139dd6e1f87ff5f9ef2d1808ddbceba6d13a204be16c1dee92c118e2d66cb13ec4fcdb866f061e10c1ce8911a95df9b96ff135ab5813e322043685b5e6d9dc8f4991dcf3f9bb6aad3d46afb9ce123cbb40696210029ca0b6894387c6a8cabc8092e8d38fd0f05d7ee24b7d47e8f72e89860dec1b275dc673be35677ae167d64f1718bfdc0d91f837fd16d05ea7acddee047eab23a148aec61a493c4e5d3f9be591e5794a4870f27ea0960d580a1d88fafd66ffefcfb4e85d15d5da3afba59805c680766362cee6cc82f22f004caa790eb7dd4712878bc53eccead0af73712490e2bd3833719e6ede67a81a4a97b48e7a2a65b29f62dab8ef8766ae4fe959ce348079d502f3b99c14d7ea71a0256010c9cb0f53d2a1708717d0d48b126e2d6012309db96ea7236778f95a3c8ef9d082849b6e87e334b8eda883a17c7d1fce9ff3804565bdc0e6713c1cf95ccb331541d00f92e1a20d1a22f4634cb9211dd5e00ea1632d581f713937cf02450de37ad8d4b6628051b2fa0386200834ee4e6f1a927fbb88b357e593efb4bf7949537898addba532ca9673eeb81c15e8e452e26ee1e1916f6467b7b2a5f31dba29fc1b13f6a188488e2db4ab2040ad16d74e27cff22e5a70267bff47813f79b91488af9c3a625e59ea021022f74dbcffcfe298b13b389641715adaf1082284770669fa6a85702e2767dd2c70a664fa3706eb694a1341cfd16177429234a9e26858e1348f6697d7f0070d1e79af67f0f77e16ec4213632226eb8cc3d43da9d763baabe9359aa9ba52f283740c9f07589b5a3853e26d16651c532d66aefdf39684276015dd33004a1c9c12f4cff44cb8cb0923d66a556de684da21f30402117b5596ee097cc138d1bf1ec42d5fcc08d7e51b7aa4b9add181f8ef67d11ac554a919de3c38287a93a556e0d73b17a8263a6550133ff7e24fa8992c7601211c0ecbcfb6f69f9daf5b43a16201086e4bf98ad452f4a89bb6df7508297e8b338d6bbde4ffce7cb155f00a6597743272f5b696f49a8c5eeea353223a577bfa58101e1e1ba76cc086c5b9d3b9f2b9f9a11b515ec2d435f5d00c6af9687fe8cf9b213c725241247454377a31bfa1265fafb81a741d540e794a45e71e4b52c5f3eafca1970134289feaf9e0ba34ae77420291187a76e73bd08a2857d1edd480e252744711a3231ec6de1cc2c8f48f2dd6462664a1d67d712e5a6dace55d0055bf19a7debe58e07944a02564c1b9264ab91ad4d69c8db3b44e1bad5ef23056322b9659164566defbfd29451c59752da84589ae76c126299ccc2ba8c0096327c75877249172f5987565000775215a9646a8f58468c7fced8ce6ae4f1288abb0d33a402d4e4e88c7ddcd8d52195fd6bb1372115385909c236ed90f210188cdcd7d182227b53fd05803250cca4895ecc0db5ab2643606f27e89dba26857194811ba7caf94291b78beff59fc8184b377963483efebce5349a068e4668291ea582b906dd0df31c39896039ab3bca430f85d72f8eb28b99156f3dcd9db2380322b8f89785a25158f70e0d19665fa467f49baf10198b76e8e288e9c58da1fdca43a7bd1c01ae018dd0ab7a1f094f2459cfc5a2ecf5e71a8d63c7fdcbb5803578bbd45ea1ee6b4bc4a5739ace9e8c557b1e4b3ca3ecaadb1b1afaf32ee6a3fba38ac928447438d350af8864f79ff3bf2ec95861c974cc3ed6c7c297eefca7dfe09fb7c894aab070fce5edae709b7e720c1976fee33065905335a036c876b6ed4124f3e9c3e47760caf7ed86b8753a2d65869a4f884b048521a8ff3880b074c72e1c262d1fc76b12ff5bdf90e278b0dbc087b592a18c8992f0d7e6d678b00dbf68cdcf62168015b99b353081d1a3a669cf771dc6e13639766265e14f4e24e06dede986447cb190946d548b3b453af84f74a34e5892a83bb73e863b6e6b192d0e3aeff228a9c22d529c0cf4cf2f09044519c4560cb7178255426210930fc467c0080ffb24e19cbf008ba0a550fc7b548bd8c2a2497fcafff2f3321831a271230a7458675a61ca301bf54e4be6610fb3d08aeb7da78ca7da82f1b7869b4a9e7ac114ffceb35263f2b72465cf57e1f052f3fb7204625942f81a39d72032902b716d95127d99b849c2c9e7c1255f095dc87b8593ff78415dcce4722d90ba4973013ac398030fd7fb951bb57b3056898028c6ddd88090bc780df791cd34adfac76ad8667c95e837a4606d7b7d54c3af4dd2a3bdd47f07832cb96fc25e6b1e12c4b3bef5ab4fee4803b18c7468e614a01bc969ccbaf63cf0a3f4f003943c29f66cbf69e4f5bef5238ceacc6fca75300d33327846b4523b67a77f128637138215973223eb9b7e5ceac50a9f8eccc24a3e4a8fabcf8de72bb393285915fadd73edaeb458ae91bb39ce211c58ea013f329802168bfe10077773ed4119fe7d371074030d7d1432a89aa83ba867529d32a6a499c2d390daa1bba93a7e7f1beb629b0d6225caaecfd1a550c58dbcc0ac72efd01c81ec8ce14f21856224dde3e2b45445ad586b064ebb44ec79311c93fb9188593c3230041bfacc84a3396be377121e523060086694a1143b6de909dd7f7ca449783977f2dd7a79199c35b4a31bb41d3a653b13c7b0bd42ecfb8c8366b0e423934cf119458ffbd83a4c89d33573a066c414e2f785f2e716035bb5f44ce3241fa2a64880f199886081ad1edba356a0eee01af39a45161669bc7c601a47b7b8e526bc00029a08625f93233c6d04701b116f1fb87c9555d263dd442795aea13523aee6fe28fcfce94de109d95ade256faa4cc511517af138b03aa13fde25f24d671a794827426a3e60b22b91ebca6330426a0c59cbe38cff8257693a0920c13c5e1662edfe8d5118507050b881eed9de1461f426f545f33cb0ebb67e192c2ec91664f87ee35684f648ebc7fb22d41996dc26d4fe472fd3cf4c30765b5dd0b3cff30fa5235b7b6af7fb57338722e1fdb10ccfbae6cf896f7632c2db661c75c97abd7a02e1c0a6c728fea0b8dfffb0f76a2d969587b5b2489fd3d3cf683e4f66c929e7ecdbbfd00582a38f105347c180911fe60c7faefc8782bf04e21b9958f719503cb2bdb06fc41e9a9575ec2378b3d5caa9da7af6adeaf7ab6345b0b0d5eb84bb2d388884378b91c206d1352b29ebcb2c906d50e21ebaf20ddaccd6492454567dde7e3d5805cc2ca058b9b3c615387563fe4d9c33c3c0c72825bdca1fb78dae6f8cf9b82959cab8b3167fc25003fd352a0dcbba9c8f488ae7728da8a2822e0b7617777f25054d6bb09e2dcf7c97643f3d1971769215ff1e9f84942f4ebf06c03a75e9a78f21d18e7887aef67749324edc553570d22a4c1048c0e5ef48cf53ed822950a772b0d890fc95e7b949ff2a1dc06bd26de80f620b1578d2d572fa4280c46ac9c58bd1ac1523760c3a4bb661841c5a47f54254711abd11781a30c73d24da971f84728c77009b5c3a96beb40c1554b677c585602c070a9521f952d35cd668179bf3c086a9c232f7ed19e524765149d010300d761ea2951ebcc6810e4d0a6dd3d8ee417ca61b73baf8a8799fc5423698d119826e1b35e81db8d4fb7dce1e9b1fff4f373c25205b4c612acf90d39f1d8e45764d7f2c2e95f73e1571f23921e3100cf3b69879966cf04be787c8f2d9573b28c8f9163efea551dd0bf56fe4cb5ab66199b8fd535fd0ca157ff9b2f0482a47cfb58b1c2153e6e2c2b816388691653e4333fd24429d81987866de21ad684f775046ed65ec897cb31300e678c84081b8e9b6c46c05abf7dc73f4a98c901ea7986910f45ea1f84599d26a0aff855594c17ea270ac4c6c71f1999bfb2e794af4957dee0de202aac377c3570c882fca8f5697386c4d892ba8c27421a94a3d8a6dfe9e50a508257c9501602b684beea03936acd00013f9c231a571048701a06df17a5387ebc9fe662056d5920071b9157fe9568188478cb5ca5e09dc4cae5398c77599f5fd2134d084a1fd1200ba158fcc5617c9add910ee35672d693e5cbd66b15160ef11718b867039c7940cdb1e70b7d67980cdc643de565f04a4212ee547caa753955c79c47c858d953537876060d524fff80e56d4d46a66a412bb146db09f30f9e0c346af290f0e401be80d2d247fc6f6754b3ad09d27aa8290984ab80559f32f7bcbc38ba42f8b0bc2b4b04ccb949040f831c5ed197ff39049b43d4d61abc93150ccbdbd942c56e0e16a4f1cfb73443cf09fe673ff40ab310c5636a6ef3562c48047ce589ea37a98e61becca02f537c32a22511d48f3a23bace2cad00afa802bee24722db7d3aabfa2cbc5267a0410fec51462ca9ac35aed94470d860dccf6aedce2b44f974bec575cafa985bcb062695a7ca6e366c871bae236770c5e60dd872540cc7ba60df22dae788c662b398a3fa26bb78dfe4069e24034d11e550888effbefe9fb2cfb0f330022ef4c8067caf68ad2819a20c9e6b865c50b267eee1a9b4c773a846acca87b1505f53651c1ab23b0793cdd1c1a5af6c7e3dbe68560a88ef08c8a3976ee05b678007c1612bcbb8ce8791f235b6f440b0574a5f977126345cb155219d3fb42aba7813aceb29feffc2f740f5a3f2ca5bcbf0317b76b72c38b29558c70efb254ac17851e7728a81e1888ec4d7a507a176f4173ac0a719a5e47b889c34a63e2c50d46ab671f64cc79239c9b71de9fa86c45bbd0440f1a0f82ff0ca7170d8e1286b1f91c76d71664632f1b296bdff759bf0e01a6ed34f3ba4fb30f62a1227968289d222e241845940cad88383a8eac4b7ff6b5b019f957a68c122a6b6a1dad5516fce2b2ede79d3e5f0a78437b9fc68a05eb80ae758814f600c0f3ac07521fc1c6f8b920db9af3d406e449258829bad1f912b972c35be8a2219a342104c34e55e1ef02a3024b9e5bd9285cb6cf698fd5f3a9d7a7e5c4e0b90f51e9613e9ca8e9047a438dd505ce9c125b5421ea278339a05467bbefea6ee399cfc0762339694d6dc0a5cc303c37316938d6642629979a35e444623d24d11bd89ae44c78f1aadc86d924f2bf779e02da57797e77ddca57730ec183f8c9cb2efec9f05958050bf5894daf0aed40835e4c729ff31a164d3944930730c2660c7928e476ea82098372f2a629ed70f0292a7e79d66180ea151ba4d57fecff2f13c6c0fbd2fa66f161560b21c27ad693fe68a552268d3605e10742aa43ef39fbb394ed3bec2c9313eab3e1619b2934313877605a3c9a8f6d1a907ba92f302c39fbd15b2b2515a12e36acffa88a46d8ef9572e2c406ecaf0304b7372223d3c25754274bd51745b2fb659f09f3cbc7f4662babb09a246afc5e658fa26a3f4eb453f4e9375ed38fa654f32cb4b65a5df141ab19074948fc544054c34334a481b3b59ce0c059c5619d9d189c50aee4c1784fe08da8c013046fd460", @nested={0x8, 0x12b, 0x0, 0x1, [@typed={0x4, 0x93}]}, @typed={0xcb, 0x12a, 0x0, 0x0, @binary="c258b346ea75c82b630ac9a1e55c1825a7ea0f2a92b0d0c464d3849ae13419d5f8e28a887137039aace3cddb28ea80e70c64fb8ce95c9643d9059ace9cc6f20689f0a38068b2fa3d9ac41867b83cc6bac74f5f17c30865570c8a6caac1e207895e27ec882a70bddebd09d6432d9ed8534972ce077ee3645fa34d7ab6a3b458a33f309522850d30710a5c581ab41ad510bb5f95b431c31993e479856a8a89a2414f085c2c6ba4462bbd1b1f2c885b8a1ae8a828fbce80845cb86126ed3e6e281db9d9e3cdb43b6b"}]}, @OVS_VPORT_ATTR_PORT_NO={0x8, 0x1, 0x6}]}, 0x1200}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000001)
ioctl$auto(r1, 0x802c550a, 0x1)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000001f00), 0xffffffffffffffff)
sendmsg$auto_TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000003a80)={0x0, 0x0, &(0x7f0000003a40)={&(0x7f0000001f80)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002abd7000fbdbdf2503000100"/30], 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x24040004)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/netfilter/nfnetlink_queue\x00', 0x101000, 0x0)
socket(0x10, 0x2, 0x0)
r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vbi30\x00', 0x0, 0x0)
read$auto_v4l2_fops_v4l2_dev(r2, &(0x7f0000000080)=""/27, 0x1b)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0xa, 0x0)
io_uring_setup$auto(0x8, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x300, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/swradio4\x00', 0xa82, 0x0)
process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x2000)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
socketpair$auto(0x1, 0x0, 0x1, 0x0)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x301100, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0)
r5 = socket(0x10, 0x2, 0x0)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
sendmmsg$auto(r5, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
ioctl$auto(0x3, 0xae41, r4)
ioctl$auto_KVM_CREATE_VM(r3, 0x9000aecf, 0x0)
r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r0)
sendmsg$auto_NL80211_CMD_GET_KEY(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, r6, 0x200, 0x70bd2a, 0x25dfdbff, {}, [@NL80211_ATTR_COLOR_CHANGE_COUNT={0x5, 0x12f, 0x3}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6}, @NL80211_ATTR_USE_RRM={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x4004}, 0x400c045)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=1m41s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [27, 2, 15, 30, 30]
detailed listing:
executing program 5:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async)
unshare$auto(0x40000080) (async)
timer_settime$auto(0xd, 0x8, &(0x7f0000000640)={{0x344, 0x80000000}, {0xc4c5, 0x8}}, 0x0) (async)
r0 = openat$dir(0xffffffffffffff9c, 0x0, 0xc40a41, 0x78)
dup2$auto(r0, r0)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
getpeername$auto(0x3, 0x0, 0x0) (async)
mmap$auto(0x2, 0x9, 0xb0e, 0x14, r0, 0xfff) (async, rerun: 64)
unshare$auto(0x40000080) (async, rerun: 64)
ioctl$auto(0x3, 0x80084d17, 0x38) (async)
r1 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x460f, 0x0) (async)
recvmmsg$auto(r0, 0x0, 0x1, 0xffffffff, &(0x7f0000000380)={0xa, 0x4}) (async, rerun: 64)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="17000000", @ANYBLOB='v\x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) (async, rerun: 64)
r2 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8) (async)
r3 = openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/ieee80211/phy0/aql_txq_limit\x00', 0x121c01, 0x0)
write$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(r3, 0x0, 0x0) (async)
r4 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x20081, 0x0) (async)
r5 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000000), 0xc0040, 0x0)
ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f00000000c0)={0x1, "e6c26c22ab89af11056b0001ac097e0a0728d9300000c500"}) (async)
ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000000)={0xdc, "bbb5ce66e24cce7eea982cab480b47beebef0d74884dc693a7ad9cbdbda6070f", @inferred=r3})
write$auto(r4, &(0x7f0000000140)='/dt0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00+0q;\xbb\xea5.\xadX\xb9QW\x04\xcd\xef\xaf\xad \x90\x8f\xee\xb4\x8c\x1c;\xf0TL\x1a\x1f\xb5\x93\xb9P\x06\xae\xb8\xc1s\x88\x1c\xb1o\x04\x00\x00\x00\x8dW\xf9\xef\xdf\xc78\xb1\x1f\x19Y\x8fi}\x1d#\x16*\xd0\x85e\x05D\xd1w\x1b\xe5g\xf4\x92^[2\x971N\xf8\x97d@\x13\x8eE{\xa5\xda\x160\xc9\x94|I\xb7\x91 dS\xeec\xda\xa2V\x1e\x1aN\xf6\xac/\xb8\xbc\fO\xaa\xc8\xa7\xa5\xd5\xa7I\xf9\xaau\xb5\xfa\x94\xec\xb5\x81\xf6\xdc\x1aN\x89\xe5\x11\x880\xef\x14N\x95HZD|\xfc\t\x8d,u(\x16g\x88\xc6\xd3\xb4ZR\x1c\x15\x95g[\xd3\xe8 \xa1\x92\x92\xff\x1b\xf8&\xf4\xfd3\xe9\xa3\xc9\xb3%\xb7\'\xear\xfbS\xf9\x81\xcd\xb0\xd2)\xd6\xf62\xe5\x8e\x9a7k\x9d>0\x06\xeeS\x8a\xe9\xfe\x88\xa2Z\xb8#\x87\xda\x19]F\xec?\xce\xb1\x17%\x86\xbbV3M\xba\xb1P\xbd?\x1e\x12`\"\x82\x1b\x16\xde\xe7\x17A1^c6\xdd\xff\x84=\x00`\xe0\xf2\x85\xc8}\xe3\xa9\xe1\x1b\xe1\xcc\xae<O\x8c\xfd\xa1%\xbf\xe6\xf4', 0x7fe) (async)
acct$auto(&(0x7f0000000080)='/dev/input/event2\x00') (async, rerun: 64)
r6 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/002/001\x00', 0xa901, 0x0) (rerun: 64)
ioctl$auto(r6, 0x41045508, r6)
executing program 5:
r0 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0)
write$auto_fuse_dev_operations_fuse_i(r0, &(0x7f0000000440)="11000000030000000000000000000000f4", 0x11)
executing program 5:
mmap$auto(0xac, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mlockall$auto(0x7)
set_mempolicy$auto(0x2005, &(0x7f0000000080)=0x87e, 0x4)
mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000)
open(0x0, 0x22240, 0x55)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/module/rcutree/parameters/rcu_resched_ns\x00', 0x88282, 0x0)
connect$auto(0x3, 0x0, 0x55)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
openat$auto_severities_coverage_fops_severity(0xffffffffffffff9c, 0x0, 0x189041, 0x0)
select$auto(0x804, 0x0, 0x0, 0x0, 0x0)
r0 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/numa_maps\x00', 0x20000, 0x0)
read$auto_proc_sessionid_operations_base(r0, &(0x7f00000000c0)=""/4096, 0x1000)
executing program 5:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r1, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, 0x0, 0x20004000)
close_range$auto(r1, r1, 0xd95)
connect$auto(0x3, &(0x7f0000000080)=@nl=@unspec, 0x20000054)
getsockopt$auto_SO_TXTIME(r1, 0x809, 0x3d, 0x0, 0x0)
syz_clone(0x80022000, &(0x7f0000000300)="2ef8cdcd3c2f291d04", 0x9, &(0x7f0000000380), 0x0, 0x0)
syz_genetlink_get_family_id$auto_ovs_meter(0x0, r1)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x155)
socket(0x10, 0x2, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, 0x0, 0x4)
tkill$auto(0x1, 0x7)
keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x0, 0x0, 0x0, 0x48eafc79)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES16=r1], 0x1ac}}, 0x40000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd14/queue/nomerges\x00', 0x80000, 0x0)
sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x4000023}, 0x4008098)
read$auto(r3, 0x0, 0x9)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program crashed: general protection fault in hci_devcd_register
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <4>
bisect: split chunk #0 of len 4 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [15, 30, 30]
detailed listing:
executing program 5:
mmap$auto(0xac, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mlockall$auto(0x7)
set_mempolicy$auto(0x2005, &(0x7f0000000080)=0x87e, 0x4)
mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000)
open(0x0, 0x22240, 0x55)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/module/rcutree/parameters/rcu_resched_ns\x00', 0x88282, 0x0)
connect$auto(0x3, 0x0, 0x55)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
openat$auto_severities_coverage_fops_severity(0xffffffffffffff9c, 0x0, 0x189041, 0x0)
select$auto(0x804, 0x0, 0x0, 0x0, 0x0)
r0 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/numa_maps\x00', 0x20000, 0x0)
read$auto_proc_sessionid_operations_base(r0, &(0x7f00000000c0)=""/4096, 0x1000)
executing program 5:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r1, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, 0x0, 0x20004000)
close_range$auto(r1, r1, 0xd95)
connect$auto(0x3, &(0x7f0000000080)=@nl=@unspec, 0x20000054)
getsockopt$auto_SO_TXTIME(r1, 0x809, 0x3d, 0x0, 0x0)
syz_clone(0x80022000, &(0x7f0000000300)="2ef8cdcd3c2f291d04", 0x9, &(0x7f0000000380), 0x0, 0x0)
syz_genetlink_get_family_id$auto_ovs_meter(0x0, r1)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x155)
socket(0x10, 0x2, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, 0x0, 0x4)
tkill$auto(0x1, 0x7)
keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x0, 0x0, 0x0, 0x48eafc79)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES16=r1], 0x1ac}}, 0x40000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd14/queue/nomerges\x00', 0x80000, 0x0)
sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x4000023}, 0x4008098)
read$auto(r3, 0x0, 0x9)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <2>
bisect: split chunk #0 of len 2 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [30, 30]
detailed listing:
executing program 5:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r1, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, 0x0, 0x20004000)
close_range$auto(r1, r1, 0xd95)
connect$auto(0x3, &(0x7f0000000080)=@nl=@unspec, 0x20000054)
getsockopt$auto_SO_TXTIME(r1, 0x809, 0x3d, 0x0, 0x0)
syz_clone(0x80022000, &(0x7f0000000300)="2ef8cdcd3c2f291d04", 0x9, &(0x7f0000000380), 0x0, 0x0)
syz_genetlink_get_family_id$auto_ovs_meter(0x0, r1)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x155)
socket(0x10, 0x2, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, 0x0, 0x4)
tkill$auto(0x1, 0x7)
keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x0, 0x0, 0x0, 0x48eafc79)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES16=r1], 0x1ac}}, 0x40000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd14/queue/nomerges\x00', 0x80000, 0x0)
sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x4000023}, 0x4008098)
read$auto(r3, 0x0, 0x9)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program crashed: WARNING: ODEBUG bug in hci_release_dev
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <1>
bisect: split chunk #0 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: 2 programs left: 

executing program 5:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r1, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, 0x0, 0x20004000)
close_range$auto(r1, r1, 0xd95)
connect$auto(0x3, &(0x7f0000000080)=@nl=@unspec, 0x20000054)
getsockopt$auto_SO_TXTIME(r1, 0x809, 0x3d, 0x0, 0x0)
syz_clone(0x80022000, &(0x7f0000000300)="2ef8cdcd3c2f291d04", 0x9, &(0x7f0000000380), 0x0, 0x0)
syz_genetlink_get_family_id$auto_ovs_meter(0x0, r1)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x155)
socket(0x10, 0x2, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, 0x0, 0x4)
tkill$auto(0x1, 0x7)
keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x0, 0x0, 0x0, 0x48eafc79)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES16=r1], 0x1ac}}, 0x40000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd14/queue/nomerges\x00', 0x80000, 0x0)
sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x4000023}, 0x4008098)
read$auto(r3, 0x0, 0x9)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)


bisect: trying to concatenate
bisect: concatenate 2 entries
minimizing program #0 before concatenation
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [29, 30]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r1, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, 0x0, 0x20004000)
close_range$auto(r1, r1, 0xd95)
connect$auto(0x3, &(0x7f0000000080)=@nl=@unspec, 0x20000054)
getsockopt$auto_SO_TXTIME(r1, 0x809, 0x3d, 0x0, 0x0)
syz_clone(0x80022000, &(0x7f0000000300)="2ef8cdcd3c2f291d04", 0x9, &(0x7f0000000380), 0x0, 0x0)
syz_genetlink_get_family_id$auto_ovs_meter(0x0, r1)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x155)
socket(0x10, 0x2, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, 0x0, 0x4)
tkill$auto(0x1, 0x7)
keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x0, 0x0, 0x0, 0x48eafc79)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES16=r1], 0x1ac}}, 0x40000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd14/queue/nomerges\x00', 0x80000, 0x0)
sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x4000023}, 0x4008098)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program crashed: WARNING: ODEBUG bug in hci_release_dev
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [28, 30]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r1, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, 0x0, 0x20004000)
close_range$auto(r1, r1, 0xd95)
connect$auto(0x3, &(0x7f0000000080)=@nl=@unspec, 0x20000054)
getsockopt$auto_SO_TXTIME(r1, 0x809, 0x3d, 0x0, 0x0)
syz_clone(0x80022000, &(0x7f0000000300)="2ef8cdcd3c2f291d04", 0x9, &(0x7f0000000380), 0x0, 0x0)
syz_genetlink_get_family_id$auto_ovs_meter(0x0, r1)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x155)
socket(0x10, 0x2, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, 0x0, 0x4)
tkill$auto(0x1, 0x7)
keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x0, 0x0, 0x0, 0x48eafc79)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES16=r1], 0x1ac}}, 0x40000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd14/queue/nomerges\x00', 0x80000, 0x0)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [27, 30]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r1, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, 0x0, 0x20004000)
close_range$auto(r1, r1, 0xd95)
connect$auto(0x3, &(0x7f0000000080)=@nl=@unspec, 0x20000054)
getsockopt$auto_SO_TXTIME(r1, 0x809, 0x3d, 0x0, 0x0)
syz_clone(0x80022000, &(0x7f0000000300)="2ef8cdcd3c2f291d04", 0x9, &(0x7f0000000380), 0x0, 0x0)
syz_genetlink_get_family_id$auto_ovs_meter(0x0, r1)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x155)
socket(0x10, 0x2, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, 0x0, 0x4)
tkill$auto(0x1, 0x7)
keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x0, 0x0, 0x0, 0x48eafc79)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES16=r1], 0x1ac}}, 0x40000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [26, 30]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r1, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, 0x0, 0x20004000)
close_range$auto(r1, r1, 0xd95)
connect$auto(0x3, &(0x7f0000000080)=@nl=@unspec, 0x20000054)
getsockopt$auto_SO_TXTIME(r1, 0x809, 0x3d, 0x0, 0x0)
syz_clone(0x80022000, &(0x7f0000000300)="2ef8cdcd3c2f291d04", 0x9, &(0x7f0000000380), 0x0, 0x0)
syz_genetlink_get_family_id$auto_ovs_meter(0x0, r1)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x155)
socket(0x10, 0x2, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, 0x0, 0x4)
tkill$auto(0x1, 0x7)
keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x0, 0x0, 0x0, 0x48eafc79)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES16=r1], 0x1ac}}, 0x40000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program crashed: WARNING: ODEBUG bug in corrupted
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [25, 30]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r1, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, 0x0, 0x20004000)
close_range$auto(r1, r1, 0xd95)
connect$auto(0x3, &(0x7f0000000080)=@nl=@unspec, 0x20000054)
getsockopt$auto_SO_TXTIME(r1, 0x809, 0x3d, 0x0, 0x0)
syz_clone(0x80022000, &(0x7f0000000300)="2ef8cdcd3c2f291d04", 0x9, &(0x7f0000000380), 0x0, 0x0)
syz_genetlink_get_family_id$auto_ovs_meter(0x0, r1)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x155)
socket(0x10, 0x2, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, 0x0, 0x4)
tkill$auto(0x1, 0x7)
keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x0, 0x0, 0x0, 0x48eafc79)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES16=r1], 0x1ac}}, 0x40000)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program crashed: WARNING: ODEBUG bug in hci_release_dev
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [24, 30]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r1, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, 0x0, 0x20004000)
close_range$auto(r1, r1, 0xd95)
connect$auto(0x3, &(0x7f0000000080)=@nl=@unspec, 0x20000054)
getsockopt$auto_SO_TXTIME(r1, 0x809, 0x3d, 0x0, 0x0)
syz_clone(0x80022000, &(0x7f0000000300)="2ef8cdcd3c2f291d04", 0x9, &(0x7f0000000380), 0x0, 0x0)
syz_genetlink_get_family_id$auto_ovs_meter(0x0, r1)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x155)
socket(0x10, 0x2, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, 0x0, 0x4)
tkill$auto(0x1, 0x7)
keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x0, 0x0, 0x0, 0x48eafc79)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program crashed: general protection fault in hci_devcd_register
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [23, 30]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r1, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, 0x0, 0x20004000)
close_range$auto(r1, r1, 0xd95)
connect$auto(0x3, &(0x7f0000000080)=@nl=@unspec, 0x20000054)
getsockopt$auto_SO_TXTIME(r1, 0x809, 0x3d, 0x0, 0x0)
syz_clone(0x80022000, &(0x7f0000000300)="2ef8cdcd3c2f291d04", 0x9, &(0x7f0000000380), 0x0, 0x0)
syz_genetlink_get_family_id$auto_ovs_meter(0x0, r1)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x155)
socket(0x10, 0x2, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, 0x0, 0x4)
tkill$auto(0x1, 0x7)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program crashed: WARNING: ODEBUG bug in hci_release_dev
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [22, 30]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r1, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, 0x0, 0x20004000)
close_range$auto(r1, r1, 0xd95)
connect$auto(0x3, &(0x7f0000000080)=@nl=@unspec, 0x20000054)
getsockopt$auto_SO_TXTIME(r1, 0x809, 0x3d, 0x0, 0x0)
syz_clone(0x80022000, &(0x7f0000000300)="2ef8cdcd3c2f291d04", 0x9, &(0x7f0000000380), 0x0, 0x0)
syz_genetlink_get_family_id$auto_ovs_meter(0x0, r1)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x155)
socket(0x10, 0x2, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, 0x0, 0x4)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [21, 30]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r1, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, 0x0, 0x20004000)
close_range$auto(r1, r1, 0xd95)
connect$auto(0x3, &(0x7f0000000080)=@nl=@unspec, 0x20000054)
getsockopt$auto_SO_TXTIME(r1, 0x809, 0x3d, 0x0, 0x0)
syz_clone(0x80022000, &(0x7f0000000300)="2ef8cdcd3c2f291d04", 0x9, &(0x7f0000000380), 0x0, 0x0)
syz_genetlink_get_family_id$auto_ovs_meter(0x0, r1)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x155)
socket(0x10, 0x2, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program crashed: general protection fault in hci_devcd_register
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [20, 30]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r1, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, 0x0, 0x20004000)
close_range$auto(r1, r1, 0xd95)
connect$auto(0x3, &(0x7f0000000080)=@nl=@unspec, 0x20000054)
getsockopt$auto_SO_TXTIME(r1, 0x809, 0x3d, 0x0, 0x0)
syz_clone(0x80022000, &(0x7f0000000300)="2ef8cdcd3c2f291d04", 0x9, &(0x7f0000000380), 0x0, 0x0)
syz_genetlink_get_family_id$auto_ovs_meter(0x0, r1)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x155)
socket(0x10, 0x2, 0x0)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [20, 30]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r1, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, 0x0, 0x20004000)
close_range$auto(r1, r1, 0xd95)
connect$auto(0x3, &(0x7f0000000080)=@nl=@unspec, 0x20000054)
getsockopt$auto_SO_TXTIME(r1, 0x809, 0x3d, 0x0, 0x0)
syz_clone(0x80022000, &(0x7f0000000300)="2ef8cdcd3c2f291d04", 0x9, &(0x7f0000000380), 0x0, 0x0)
syz_genetlink_get_family_id$auto_ovs_meter(0x0, r1)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x155)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [19, 30]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r1, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, 0x0, 0x20004000)
close_range$auto(r1, r1, 0xd95)
connect$auto(0x3, &(0x7f0000000080)=@nl=@unspec, 0x20000054)
getsockopt$auto_SO_TXTIME(r1, 0x809, 0x3d, 0x0, 0x0)
syz_clone(0x80022000, &(0x7f0000000300)="2ef8cdcd3c2f291d04", 0x9, &(0x7f0000000380), 0x0, 0x0)
syz_genetlink_get_family_id$auto_ovs_meter(0x0, r1)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [18, 30]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r1, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, 0x0, 0x20004000)
close_range$auto(r1, r1, 0xd95)
connect$auto(0x3, &(0x7f0000000080)=@nl=@unspec, 0x20000054)
getsockopt$auto_SO_TXTIME(r1, 0x809, 0x3d, 0x0, 0x0)
syz_clone(0x80022000, &(0x7f0000000300)="2ef8cdcd3c2f291d04", 0x9, &(0x7f0000000380), 0x0, 0x0)
syz_genetlink_get_family_id$auto_ovs_meter(0x0, r1)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [18, 30]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r1, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, 0x0, 0x20004000)
close_range$auto(r1, r1, 0xd95)
connect$auto(0x3, &(0x7f0000000080)=@nl=@unspec, 0x20000054)
getsockopt$auto_SO_TXTIME(r1, 0x809, 0x3d, 0x0, 0x0)
syz_clone(0x80022000, &(0x7f0000000300)="2ef8cdcd3c2f291d04", 0x9, &(0x7f0000000380), 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [17, 30]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r1, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, 0x0, 0x20004000)
close_range$auto(r1, r1, 0xd95)
connect$auto(0x3, &(0x7f0000000080)=@nl=@unspec, 0x20000054)
getsockopt$auto_SO_TXTIME(r1, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [16, 30]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r1, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, 0x0, 0x20004000)
close_range$auto(r1, r1, 0xd95)
connect$auto(0x3, &(0x7f0000000080)=@nl=@unspec, 0x20000054)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [16, 30]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r1, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, 0x0, 0x20004000)
close_range$auto(r1, r1, 0xd95)
getsockopt$auto_SO_TXTIME(r1, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [15, 30]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r1, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(r1, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [14, 30]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r1, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
getsockopt$auto_SO_TXTIME(r1, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [14, 30]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r1, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r2, 0x8000)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(r1, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [13, 30]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r1, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(r1, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [12, 30]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r1, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(r1, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [11, 30]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2, 0x1, 0x106)
setsockopt$auto(r1, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(r1, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [10, 30]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0x2, 0x1, 0x106)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r1, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(r1, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 30]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [8, 30]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r0, 0x40047438, 0x0)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [7, 30]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [6, 30]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 30]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 30]
detailed listing:
executing program 0:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 6:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)
ioctl$auto(r7, 0x560a, 0x7)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
minimized 30 calls -> 4 calls
minimizing program #1 before concatenation
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 29]
detailed listing:
executing program 5:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 28]
detailed listing:
executing program 5:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
close_range$auto(0x2, 0x8, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 28]
detailed listing:
executing program 5:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
read$auto_v4l2_fops_v4l2_dev(0xffffffffffffffff, &(0x7f0000000080)=""/27, 0x1b)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 27]
detailed listing:
executing program 5:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 26]
detailed listing:
executing program 5:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = socket(0xa, 0x1, 0x84)
r6 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r6, 0x0, 0xe)
getsockopt$auto(r5, 0x84, 0x1, 0x0, &(0x7f0000000000)=0x9d)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 25]
detailed listing:
executing program 5:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket(0xa, 0x1, 0x84)
r5 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
write$auto(r5, 0x0, 0xe)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 24]
detailed listing:
executing program 5:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket(0xa, 0x1, 0x84)
openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x2000, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 24]
detailed listing:
executing program 5:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket(0xa, 0x1, 0x84)
r5 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r5, 0x0, 0xe)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 23]
detailed listing:
executing program 5:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket(0xa, 0x1, 0x84)
write$auto(0xffffffffffffffff, 0x0, 0xe)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 23]
detailed listing:
executing program 5:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r5 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r5, 0x0, 0xe)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 22]
detailed listing:
executing program 5:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
socket(0x10, 0x3, 0x6)
r5 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r5, 0x0, 0xe)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 21]
detailed listing:
executing program 5:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1)
r5 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r5, 0x0, 0xe)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 20]
detailed listing:
executing program 5:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
r5 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r5, 0x0, 0xe)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 19]
detailed listing:
executing program 5:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r5 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r5, 0x0, 0xe)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 18]
detailed listing:
executing program 5:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0)
r5 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r5, 0x0, 0xe)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 18]
detailed listing:
executing program 5:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2504000087abd57ebaff9c806a5a4d97146600000000"], 0x1c}}, 0x4044820)
close_range$auto(0x2, 0x8, 0x0)
r5 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r5, 0x0, 0xe)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 17]
detailed listing:
executing program 5:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r1, 0x29, 0xb, 0x0, 0xca6)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r2, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0)
close_range$auto(0x2, 0x8, 0x0)
r3 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r3, 0x0, 0xe)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 16]
detailed listing:
executing program 5:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r0 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r0, 0x29, 0xb, 0x0, 0xca6)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r1, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000200), 0x40080, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r2, 0x0, 0xe)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 15]
detailed listing:
executing program 5:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r0 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r0, 0x29, 0xb, 0x0, 0xca6)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r1, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8, 0x0)
r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r2, 0x0, 0xe)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 14]
detailed listing:
executing program 5:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r0 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r0, 0x29, 0xb, 0x0, 0xca6)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
write$auto(r1, &(0x7f0000000440)='Y\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7)
close_range$auto(0x2, 0x8, 0x0)
r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r2, 0x0, 0xe)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 13]
detailed listing:
executing program 5:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r0 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r0, 0x29, 0xb, 0x0, 0xca6)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu1/online\x00', 0x62, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r1 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r1, 0x0, 0xe)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 12]
detailed listing:
executing program 5:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
r0 = socket(0xa, 0x2, 0x0)
setsockopt$auto(r0, 0x29, 0xb, 0x0, 0xca6)
close_range$auto(0x2, 0x8, 0x0)
r1 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r1, 0x0, 0xe)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 11]
detailed listing:
executing program 5:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
socket(0xa, 0x2, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 10]
detailed listing:
executing program 5:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x6082, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 9]
detailed listing:
executing program 5:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 8]
detailed listing:
executing program 5:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 8]
detailed listing:
executing program 5:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 7]
detailed listing:
executing program 5:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 6]
detailed listing:
executing program 5:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 5]
detailed listing:
executing program 5:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
executing program 0:
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
minimized 30 calls -> 5 calls
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG-getsockopt$auto_SO_TXTIME-close_range$auto-sendmsg$auto_TIPC_NL_BEARER_DISABLE-mmap$auto-close_range$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto-openat$auto_tty_fops_tty_io
detailed listing:
executing program 0:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/tty54\x00', 0x40a40, 0x0)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
bisect: concatenation succeeded
found reproducer with 9 syscalls
minimizing guilty program
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG-getsockopt$auto_SO_TXTIME-close_range$auto-sendmsg$auto_TIPC_NL_BEARER_DISABLE-mmap$auto-close_range$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG-getsockopt$auto_SO_TXTIME-close_range$auto-sendmsg$auto_TIPC_NL_BEARER_DISABLE-mmap$auto-close_range$auto-openat$auto_force_devcoredump_fops_hci_vhci
detailed listing:
executing program 0:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG-getsockopt$auto_SO_TXTIME-close_range$auto-sendmsg$auto_TIPC_NL_BEARER_DISABLE-mmap$auto-close_range$auto-write$auto
detailed listing:
executing program 0:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
write$auto(0xffffffffffffffff, 0x0, 0xe)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG-getsockopt$auto_SO_TXTIME-close_range$auto-sendmsg$auto_TIPC_NL_BEARER_DISABLE-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG-getsockopt$auto_SO_TXTIME-close_range$auto-sendmsg$auto_TIPC_NL_BEARER_DISABLE-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG-getsockopt$auto_SO_TXTIME-close_range$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG-getsockopt$auto_SO_TXTIME-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
getsockopt$auto_SO_TXTIME(0xffffffffffffffff, 0x809, 0x3d, 0x0, 0x0)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, 0x0, 0x20004000)
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
extracting C reproducer
testing compiled C program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program did not crash
simplifying guilty program options
testing program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
extracting C reproducer
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program did not crash
testing program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x20009, 0x7ff, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
extracting C reproducer
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program did not crash
reproducing took 3h51m16.035911287s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in force_devcd_write+0x31f/0x350 drivers/bluetooth/hci_vhci.c:327
Read of size 8 at addr ffff888061c56800 by task syz.0.616/6686

CPU: 1 UID: 0 PID: 6686 Comm: syz.0.616 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0xc3/0x620 mm/kasan/report.c:489
 kasan_report+0xd9/0x110 mm/kasan/report.c:602
 force_devcd_write+0x31f/0x350 drivers/bluetooth/hci_vhci.c:327
 full_proxy_write+0x13c/0x200 fs/debugfs/file.c:398
 vfs_write+0x24c/0x1150 fs/read_write.c:677
 ksys_write+0x12b/0x250 fs/read_write.c:731
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fe70a58cde9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc07f29ca8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fe70a7a5fa0 RCX: 00007fe70a58cde9
RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007fe70a60e2a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fe70a7a5fa0 R14: 00007fe70a7a5fa0 R15: 0000000000000003
 </TASK>

Allocated by task 5954:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
 __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394
 kmalloc_noprof include/linux/slab.h:901 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 vhci_open+0x4c/0x430 drivers/bluetooth/hci_vhci.c:634
 misc_open+0x35a/0x420 drivers/char/misc.c:179
 chrdev_open+0x237/0x6a0 fs/char_dev.c:414
 do_dentry_open+0x735/0x1c40 fs/open.c:956
 vfs_open+0x82/0x3f0 fs/open.c:1086
 do_open fs/namei.c:3830 [inline]
 path_openat+0x1e88/0x2d80 fs/namei.c:3989
 do_filp_open+0x20c/0x470 fs/namei.c:4016
 do_sys_openat2+0x17a/0x1e0 fs/open.c:1428
 do_sys_open fs/open.c:1443 [inline]
 __do_sys_openat fs/open.c:1459 [inline]
 __se_sys_openat fs/open.c:1454 [inline]
 __x64_sys_openat+0x175/0x210 fs/open.c:1454
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Freed by task 5954:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:576
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x51/0x70 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:233 [inline]
 slab_free_hook mm/slub.c:2353 [inline]
 slab_free mm/slub.c:4609 [inline]
 kfree+0x2c4/0x4d0 mm/slub.c:4757
 vhci_release+0xbb/0xf0 drivers/bluetooth/hci_vhci.c:670
 __fput+0x3ff/0xb70 fs/file_table.c:464
 task_work_run+0x14e/0x250 kernel/task_work.c:227
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0xad8/0x2d70 kernel/exit.c:938
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1087
 get_signal+0x2576/0x2610 kernel/signal.c:3036
 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

The buggy address belongs to the object at ffff888061c56800
 which belongs to the cache kmalloc-1k of size 1024
The buggy address is located 0 bytes inside of
 freed 1024-byte region [ffff888061c56800, ffff888061c56c00)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x61c50
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000040 ffff88801b041dc0 ffffea0000cd0200 dead000000000002
raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
head: 00fff00000000040 ffff88801b041dc0 ffffea0000cd0200 dead000000000002
head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
head: 00fff00000000003 ffffea0001871401 ffffffffffffffff 0000000000000000
head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5949, tgid 5949 (syz-executor), ts 132845120078, free_ts 131726157358
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x181/0x1b0 mm/page_alloc.c:1551
 prep_new_page mm/page_alloc.c:1559 [inline]
 get_page_from_freelist+0xfce/0x2f80 mm/page_alloc.c:3477
 __alloc_frozen_pages_noprof+0x221/0x2470 mm/page_alloc.c:4739
 alloc_pages_mpol+0x1fc/0x540 mm/mempolicy.c:2270
 alloc_slab_page mm/slub.c:2423 [inline]
 allocate_slab mm/slub.c:2587 [inline]
 new_slab+0x23d/0x330 mm/slub.c:2640
 ___slab_alloc+0xbfa/0x1600 mm/slub.c:3826
 __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3916
 __slab_alloc_node mm/slub.c:3991 [inline]
 slab_alloc_node mm/slub.c:4152 [inline]
 __kmalloc_cache_noprof+0xf6/0x420 mm/slub.c:4320
 kmalloc_noprof include/linux/slab.h:901 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 afs_alloc_call+0x51/0x640 fs/afs/rxrpc.c:144
 afs_charge_preallocation+0xff/0x330 fs/afs/rxrpc.c:728
 afs_open_socket+0x298/0x350 fs/afs/rxrpc.c:95
 afs_net_init+0x95d/0xc60 fs/afs/main.c:123
 ops_init+0x1df/0x5f0 net/core/net_namespace.c:138
 setup_net+0x21f/0x860 net/core/net_namespace.c:362
 copy_net_ns+0x2b4/0x6c0 net/core/net_namespace.c:516
 create_new_namespaces+0x3ea/0xad0 kernel/nsproxy.c:110
page last free pid 5925 tgid 5925 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1127 [inline]
 free_frozen_pages+0x6db/0xfb0 mm/page_alloc.c:2660
 vfree+0x174/0x950 mm/vmalloc.c:3383
 kcov_put kernel/kcov.c:439 [inline]
 kcov_put+0x2a/0x40 kernel/kcov.c:435
 kcov_close+0xd/0x20 kernel/kcov.c:535
 __fput+0x3ff/0xb70 fs/file_table.c:464
 task_work_run+0x14e/0x250 kernel/task_work.c:227
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0xad8/0x2d70 kernel/exit.c:938
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1087
 get_signal+0x2576/0x2610 kernel/signal.c:3036
 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Memory state around the buggy address:
 ffff888061c56700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff888061c56780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff888061c56800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                   ^
 ffff888061c56880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888061c56900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in force_devcd_write+0x31f/0x350 drivers/bluetooth/hci_vhci.c:327
Read of size 8 at addr ffff888061c56800 by task syz.0.616/6686

CPU: 1 UID: 0 PID: 6686 Comm: syz.0.616 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0xc3/0x620 mm/kasan/report.c:489
 kasan_report+0xd9/0x110 mm/kasan/report.c:602
 force_devcd_write+0x31f/0x350 drivers/bluetooth/hci_vhci.c:327
 full_proxy_write+0x13c/0x200 fs/debugfs/file.c:398
 vfs_write+0x24c/0x1150 fs/read_write.c:677
 ksys_write+0x12b/0x250 fs/read_write.c:731
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fe70a58cde9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc07f29ca8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fe70a7a5fa0 RCX: 00007fe70a58cde9
RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007fe70a60e2a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fe70a7a5fa0 R14: 00007fe70a7a5fa0 R15: 0000000000000003
 </TASK>

Allocated by task 5954:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
 __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394
 kmalloc_noprof include/linux/slab.h:901 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 vhci_open+0x4c/0x430 drivers/bluetooth/hci_vhci.c:634
 misc_open+0x35a/0x420 drivers/char/misc.c:179
 chrdev_open+0x237/0x6a0 fs/char_dev.c:414
 do_dentry_open+0x735/0x1c40 fs/open.c:956
 vfs_open+0x82/0x3f0 fs/open.c:1086
 do_open fs/namei.c:3830 [inline]
 path_openat+0x1e88/0x2d80 fs/namei.c:3989
 do_filp_open+0x20c/0x470 fs/namei.c:4016
 do_sys_openat2+0x17a/0x1e0 fs/open.c:1428
 do_sys_open fs/open.c:1443 [inline]
 __do_sys_openat fs/open.c:1459 [inline]
 __se_sys_openat fs/open.c:1454 [inline]
 __x64_sys_openat+0x175/0x210 fs/open.c:1454
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Freed by task 5954:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:576
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x51/0x70 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:233 [inline]
 slab_free_hook mm/slub.c:2353 [inline]
 slab_free mm/slub.c:4609 [inline]
 kfree+0x2c4/0x4d0 mm/slub.c:4757
 vhci_release+0xbb/0xf0 drivers/bluetooth/hci_vhci.c:670
 __fput+0x3ff/0xb70 fs/file_table.c:464
 task_work_run+0x14e/0x250 kernel/task_work.c:227
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0xad8/0x2d70 kernel/exit.c:938
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1087
 get_signal+0x2576/0x2610 kernel/signal.c:3036
 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

The buggy address belongs to the object at ffff888061c56800
 which belongs to the cache kmalloc-1k of size 1024
The buggy address is located 0 bytes inside of
 freed 1024-byte region [ffff888061c56800, ffff888061c56c00)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x61c50
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000040 ffff88801b041dc0 ffffea0000cd0200 dead000000000002
raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
head: 00fff00000000040 ffff88801b041dc0 ffffea0000cd0200 dead000000000002
head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
head: 00fff00000000003 ffffea0001871401 ffffffffffffffff 0000000000000000
head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5949, tgid 5949 (syz-executor), ts 132845120078, free_ts 131726157358
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x181/0x1b0 mm/page_alloc.c:1551
 prep_new_page mm/page_alloc.c:1559 [inline]
 get_page_from_freelist+0xfce/0x2f80 mm/page_alloc.c:3477
 __alloc_frozen_pages_noprof+0x221/0x2470 mm/page_alloc.c:4739
 alloc_pages_mpol+0x1fc/0x540 mm/mempolicy.c:2270
 alloc_slab_page mm/slub.c:2423 [inline]
 allocate_slab mm/slub.c:2587 [inline]
 new_slab+0x23d/0x330 mm/slub.c:2640
 ___slab_alloc+0xbfa/0x1600 mm/slub.c:3826
 __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3916
 __slab_alloc_node mm/slub.c:3991 [inline]
 slab_alloc_node mm/slub.c:4152 [inline]
 __kmalloc_cache_noprof+0xf6/0x420 mm/slub.c:4320
 kmalloc_noprof include/linux/slab.h:901 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 afs_alloc_call+0x51/0x640 fs/afs/rxrpc.c:144
 afs_charge_preallocation+0xff/0x330 fs/afs/rxrpc.c:728
 afs_open_socket+0x298/0x350 fs/afs/rxrpc.c:95
 afs_net_init+0x95d/0xc60 fs/afs/main.c:123
 ops_init+0x1df/0x5f0 net/core/net_namespace.c:138
 setup_net+0x21f/0x860 net/core/net_namespace.c:362
 copy_net_ns+0x2b4/0x6c0 net/core/net_namespace.c:516
 create_new_namespaces+0x3ea/0xad0 kernel/nsproxy.c:110
page last free pid 5925 tgid 5925 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1127 [inline]
 free_frozen_pages+0x6db/0xfb0 mm/page_alloc.c:2660
 vfree+0x174/0x950 mm/vmalloc.c:3383
 kcov_put kernel/kcov.c:439 [inline]
 kcov_put+0x2a/0x40 kernel/kcov.c:435
 kcov_close+0xd/0x20 kernel/kcov.c:535
 __fput+0x3ff/0xb70 fs/file_table.c:464
 task_work_run+0x14e/0x250 kernel/task_work.c:227
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0xad8/0x2d70 kernel/exit.c:938
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1087
 get_signal+0x2576/0x2610 kernel/signal.c:3036
 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Memory state around the buggy address:
 ffff888061c56700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff888061c56780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff888061c56800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                   ^
 ffff888061c56880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888061c56900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================