Extracting prog: 54m0.490154608s
Minimizing prog: 11m11.714021848s
Simplifying prog options: 0s
Extracting C: 35.845044322s
Simplifying C: 25m40.632797186s


extracting reproducer from 38 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-close_range$auto-pipe2$auto-socketpair$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
pipe2$auto(0x0, 0x80)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
single: failed to extract reproducer
bisect: bisecting 38 programs with base timeout 30s
testing program (duration=39s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6]
detailed listing:
executing program 1:
statmount$auto(0x0, 0x0, 0x1fe, 0xd)
ioctl$auto_BTRFS_IOC_ADD_DEV(0xffffffffffffffff, 0x5000940a, &(0x7f00000013c0)={@inferred, "3763e45bf736e7a788ff30f1e71ca705d63325182a1e9eaf029ee051ed398ee7279068dfbbb11f7c9ca53bd2f4cea9c6145e94cfd6af686072b200e2dab1695e5ec9486f2f2c8644e38215c3ff22bad25c245d5c3909f1d1a056b45db4936aa3de5c2bf54b963239c0c0a54112011f0b29f22a8464e122cd32e81173250546fe52826ecce72a4f239ceff607292e473ef3d8fbe9b27e460f36bf820dab0fad8d6d2c90e601a4782263a09fff1b8da9b29a3c3e27f596b85685b87689dd75d81a352421c072915e9ca3a17d995886a9c1a4aa47cd7a8243e72c3ca2fe84d9fcfb62969373ba75a4cf4cb12e79aee2bef4493cf9ee2625922ac92a90e303ffe05018abc01dcf02fd5df34d39e8ff5a69f1c5132572dab40a4cdf4682bd5b251e9673e4653fbf519b7f48953d1686e261d1ecb058be6de590f481e59ef2f3d2a080bc6dc76896cd9a778312bb14ff8432dd8434e78dd7d7d6edddcaefdd77187ceff52c68b3219264a72a4e667c6d92619b48b1f6153d0228de03296d77e859a7a212c75ea9b25b599bb1da825054f4ee8d5bcec1c30f836454340c5027c27c32df5b2840882e24e523519ed70dcfe3b3ca2a4229d1da49555ca35d738886d60a5090e3a71b2e28c409c36adb92e0ea293d731ef2563d33c5171d900bb1bb2ccf54bcfb0433f7269b14590cde5d9f33c78e047dcdf5925e20ae8119bfecedac3970b8a22e14bce0e3078c557f3bca8318b7c2dc12fc85866f8f3ba25cf9798262cad2f989f8d285e7618b8092d10ce700f5d7e4dd1fa94b5a1d84b95415c545e68cbd689d5f27265bbb614409f509a1f4e8b9c9fb6535520a70eb459c8696d9f26a41688fdfc3bf7e5eed0ebcd6fa1f1d52231a4492d1c04266450aa054b6fb79892cb190b1c75c7fc5833efc6245921fbc01a79634591abccb4eb2bd5c01be534c56a43df0ef95c848d749cf4f497d4f8e03b985799220f6857a06fb8ba039879227553775670d83161c499e858aa5e23442ba670bfd51f6f7f2d5dd009826e97bc0e1ebda818c566106149835e0036bc32cb8e4b6b13e36d2d3dc1a896c4cc134ba9563cf9a0b80844e2019da7a975ed4adf7c923aa753769bf02de5cb0a29d4edce49c848ee3221331b93cb5802343067519c6047a166c139e2e7e17aa08e3628b6b5898944d1aa7ceb33303f7833930c9b757c384b95025e6f2280cf5eaf20c9379e6cb6833b0fdbe252e9ce000cab77d67db6993ce0b5ea470cb18fc18b59137885903e46c3f8afc8221263618cd65398470fd96575101ab2231ef34e612dc29c9102c02f4913fdd0ac6bde1339cd7813e3114c8c583a512c6274667c56c44bb6c6ca60cf7c720d4e083691d02d5cf431d6b747790ec863f8ac087df3248f5fba164196756eca7d1752532f587b3454982a5fa5ee5e08b6d573b5ab112e2c6eb6d4113da97618770aaeae96d2016eb76e3663e19ef6824e1c2a99fb185e7efb75413f84b6f7efbd39b95be47d9e0106cce3bdab853fa40a43c6bf7e150770002794cbe2a162ac6207d8c1e4a7296e7e05861eaf6b5fc9bc18e9f20b031f4f2d2f7cb13a368c1dd7a652df28f0da1b5e8a6766c51d8c2eba01a1ea81f43cb9cb1075faeef7a2f97de3742d8fffc0d8d7514a7024e3f89c4445198e66c1da58aced6e39724f212b345b4183b9128cecba5252f467f0c657d857a905d96d39ddd40101df4d4472471b4cf9c216585188f5effff3d674e5e0d2a74353965978c0181d4ce32d0f65570c53cec061afeee4a9d92d5bd3424223b5a8ed227f048d40ae986739490262db7d53ca685d800a1e67f71e7d334d01ddc8d6c368b23f4b23d40ae59ce4c9c05846d8048334594b92aa91e601149426670d0b09b2de53055a1f257a9bc660fb401553c724bfb4d13a4b8e72ffefc60e8fda33a06f86a0ba7517d4327fbf677394abcda691ab80f05a1ea9b1a7689dbd181e059c2de952d5b7e99852b045073ebf3a4dcd09ecb634a40b6770bdac45c8ecec65d4eece0e25f98f9cdac3b5068e758777754906aa64d6e42259a68517517f9a56ec10d25833562458cf097792f0923a2b317715e618a1b451c7ab1c2e0a5c8e17fe7993a1b165018b803e4a9a6d95a904c9b6b5232fcc586f1d2648a22f70092f72c20ec2cdb1813adbed7b1c5640045204cb35b8d2055481a9b3b5a14cc407efd830e4b44445d53ec18f3cbfbf1f2bd10d5548df8c4f55aac22d05e3822450f2e0827668d89b4cb0e37c86736ea37e5f6e390b498769e23975207a2479b21589097235edd14ff12f9fb09965ee759a88d23741881f61e35e48140eb5e9b1b0d657a1b9fa0febcf6fd9466e507d6a41c75180ab7763dc74cd55fe4574bb490300fd4b2ee43634cb9033635f0ee22ae4b527b995f77ca3ff15ab8a3f04c04a9e6169805c15e9820660d393ed01252915ed361511bc7381e08bbf9416f3c1ba93ec15b36b429fe3b23a4ca692bf27784ff2357e79547a98c64bfbb5124326b1dac28320789f7bdcb9c6988f6579cd53db5ab32bd49bbf8813d42f33ee41643e97ad57ee286f86b6166650f6f837e8580101b1fe99463d4a35c52297f4229091c66f24a3aeb1afa45c929def3c7b3a8e881fb35222555d82646a1cb6cec897244c6b71dd3d989a25f25962ce32dd0ff715eff156f2400c39370f9cd2fdab33a75c5de194768cabe37cc8eb2ceddf0e3099c5599bfaf58caa8da560fdea94b78a755b8a3fd3b0c17301ff592c6f30c4d09cda25bcfff02e71b34e8013295d9ecc6e8524ae6a406c948821956ae1a2a97c0844f305014c70082bc8184c219a19332eb21b1f67e7645d2a334c049b55b30bf850e602799ff69b4b32e7f8ec5bac13ee14e1038c9f4dfa25911fb0bba0b8ae29501b89daed766fff036d1da6b6e967bab76b958407f1d3e0d2dd96d6eed3ae59c9247dc441114b07de016d25028466600f7b45904abb3ec5b5f37d2261c849a68025d9c6ce8df80379b8e6915beb43bdfad1c214f016debd405797d325089b765126b7861f9deeb79c0d286f7f9117d6ee20e60b4695d168088ed982bcca5f7869b32a7402cbf19e3ee5f11060036f237a57c004d390d96b6121e761493835d9d38485896b1ab3bc772fd340d8f2da59a65c6baac1301f9152ff298907d3394540cc763679b24fe2c045a410cb645a426fe6bd0f11283f68050e769caf046afa8032c696dbb3e92a70318179569ec61cf59c04f6afc4b23b8e9646f7de8680d905de76faf9433d1fd12b5eb57bfb571f82d067afb46f7cc0d2a74a2ecbd00f44f0cc7d51f789d25f9076e49a9899778a7f8c8fb05424d3755474a42c4c7ad468a58de49a1ae3718ac16b15b05913a30c29b0ae79329b37ceac091e506ebfc69e7116a66dc4882ab2dc8435d937539048de3f5f171cc5a4450893055047c7a21988ecba2c4890dba69a90730c134e80ce9d0d51ec13a728942c2e226c5afe8b8ed6cc7a25525605337827f0a0086d74915bb0c22e13910d1d1f3552b050c008ca5b0d5ebba70a772f3e25fcd4bcbf3f8726d532f2e26d3f08ddfd23732efc0e2f9c0be1a28bbba5e4c8f2e91b442979b674b01677685eb5e8839c90c23e273b9042a29bf515218800cb91cfa4969af515fdb438c7678ddb6ea54c0cf15ef8039c1297e1a41fbc9b34d91ec8e447ff0eb160103454b644a415aba5123a5da491c87071f62fa6ff70166d4d610fc86068e949a90a83e8151912aa7226c679073cf327b38b8bef929a4b3bc9afc539c67a8e0a169abe5f98690d80735b24bce5bd696d4bf3903857cd825675b807d4be27a194ce7d04e7876681aa17c2e4c45ce510e476c4206a0bba924d02bf8e579ebc8660a8e17a3c2113459b0ffb15b8a3e3d5c80336d1bbf248a92a47a4c25178a6e6eb3108955188727fae17a8a99f1c27993a514935cee40b7dfecf0d93769e2f78775c00b54365271716a06432437a035d4b0a3971922c0b3d0856ed79b51880e1fcae4d5d2534c2db0fe52ad777cfd035e273eaa289a7709bb4496cd865b93a6372cfa6f2dc5f14a0435fab67e8a2f98ef426a70018af6f14572d2e68d913b18764756895f4692afebca4453f9659396eb7c0a403d72524ea3df93792b1c016cfc38f634ffb5c636ce275e86ba5390b6b4a8768923821f80974751de3be24602cf5fd0c57c50bdd11f6fa920482b926dd2f896887e8590227fcbfc81bf877691ec182e006cba1da669b6b531e3e1e3d2d9d1706b60256e3efc9d0e9326948fcb205272a53a76047513c2f97fc89f3922fc3956d51362d2f1d002113bbf82fdac4969c3d6cecf77827ac112b6882021d0644e181631b48989f3f07507cafc81b6f0e0d285d029f392a726b074e49bde2dbef4b69f467ac53f0f0fcc9d786b757071b2566cd0fb8b04e98d7cc9bd463d8d67f546232be8243eda33c6aff9162696e3f0a9e1f5ede97e2b0e7ef5c8014b3f439f07a7db77c79e6907c48dbda8b7f3712f0880b91a283ca364afa969ab55c2957a53382fc86913c7bbb6a205aa3fa7b8b8edc1ed6ec3793ae86bf6b885ffcd09eec1cb34735223a6f680a6a64eb9270762a0d409cf17bbcaa13764123256a80d25d1ecfa955ed06203b309cd4b89c373437c5565e6b64646324f5961826b26a0e08c752bb64e29dc6f4377caab19526fe409a44d89cbec924c305e818ed30cf4b6abca778a799c53a6b9f82f73e888daf366bbd942e9e23af2a2d0910839de36244eee44f4b485362272d58b6e0a4ce0cf7d0bb8cea1bf208a99658f3be409168646b35a11b36af1da67b4329f3ec40228019a597d5996a8e076eae7994bfb468787c203b6a1ba0499e61a47500f6a092875dafa27a4779dbbb43c0abbac151aafd9301b3024e48139313504fc528def90ea80fd21126d48c272352d34432fe92229ef4ce46008ec0ccff987f49e76155f782012c7223dedea4a790c39e5a5a312a3de475c1ebb9a5e1b6280149e53e10359d0a2c0cc2cf8c18a6e5d5e013e6ce9cca0d785674d8e98118b3ca8843a8570a508c6e8886e99868f8ca25d18ec4b056d882adeac4bb88eceefe5f71fbf2523b618849430e25309d89dda1346c2594a5fc6e14781e6804985c86521d45a30a9c98865496ac8482fa13b75c491078637a4906d8abf71c231c558e88de82d72d95c1483d2932d2c0490efd4546fa3131b3e324fe2064c871ee740e7694f3bdc190d58ecf64848e0b40dcab5267dcd5ec0c8bc54c067b4876a592da7802c1ec7711caa2ca6350d72fd02ee7c4189ba8335b31568225feca00e726b4b54cb271f93041fdd36638b176a0298fad233e2151d075498d9668b44b2780822c32d56d4ac925cf87099c11f4a07840ed6d734ce343b88980bd494e7ae648f199d06b9f659abba0e9bffa236f98eca103c758e29473bda7b180c2e65192d35db5c84204fecda7757419977eceff3e1223ca02de4f610b1ade26493e60613a6e963d7ba06d5a0c5ad978ec718cfa3e74ad047743abc1ef53fb37346378ca76ce68e1700eb90dbf21a387751bef29047e6bb99dde31ea3d39efc6ee7d4e6fcc063bddc49977ad6177438c5413e29ee79492147865f2a08524ca17b7f6a528a9938c0735e9cdccb808af57f873e20d0e8688b8942a40e2577bbe01026e8d9b2358eba068ce284d00c92c1b908cd17f95a05964f12afa65607d57ef06825fd854ae80a3c3d0a8bf7027c3d510346f9ee83c3cfd94706aeddae8d1c541afb517f0b816064c6"})
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0)
write$auto_tty_fops_tty_io(r0, &(0x7f0000000580)="7fd0a917413f68eb6b28d5eea7d1553f6595c094f1f855eb8d8776e6bd8f81c440da3fe3433f8243402fc2752caac5da7a03bbb5adf685740635a6bc231c6cf093b7cf0e4dd07f10b2dc12791aa3ebded3cfe2e4befc0e02d2e064b1db3adc8b2ec1c0378efff268086d6cb998b8dedfb7f20d06b7b091e974de1c1a4ce3d378d91b7639d914ba86b1f18337bb06e3619af99e68dfac380ab153fc75a2159d8efbbf7436752c964490346cf1558249979fc61ee71509560d14bdd0922e50904f3a4b2ae1bfc4f6bb9e08f16afd6baa53cf87077be5bcca2829dd4133da071a6fd072ed5568670a5d171e3deee5576bf571a016c162ca369182f202dbe49839df8d4c438dacdd6cdd67c21e2ed9be20baeff5e5019313d5e6e5a0e93eab61be5dec2c7e144cf9d73fd945c25ff11d5d5aa26bf8ab2e06098b8aeb05c1f29c1a30d268d82768b3350c3efcdac39334de0f6406a1aed635e0c55412ff73b0222d67be6bdd185478d502b492c41696ce6f88609795409aa0841dbc7cb222f0cb239b19d9499fdc45988f0290af0666c37b93f047d45b17cbe7c9332c63ad46c6aa871e4b351efa4fbfb88cfa0281f465d1a970939c2d6c45c50ade06f0bb98ed66623b887de325c0f42ab530b649ea29757af9464c18dea186a0bbc62ce209a3be8e86e8f710323cb899d806caf575cb73a419c0804afd4c8a329a2afaebb87291e9fdfd2ca0edebfc4fb7b1e281fa3e6ac387aebfc92107f4251aa8c96a4c6d7599933c2c489a7696e8e42d88b572fa46bead2c96f619030ab70026f14f91bbf0a4c1b3ed74c564d6ae3eefeef94d37e19701513ff7713a52ebfd8f251dc303455de00d1ee3ed3e204bed2901a644056193fc7e00ce10aa6463892a7881a51893af629f7bd8801ce4c44c7ff2decdb6a69d9ed48ff79661ba9ec4a84dd222d3b40e4abf56222b97db9aa646a67e5031a57d570030f41b09529298f1acddbcd1f0ff6a30cb2a2d5eaecd774bbf897477cc1e55488f3493b6aa6908d24b032cbda24f956f7f262d992838923efde7e8ed0558872451d7bd6a4769ecd47c6d0a125a6e638df6f67793901a67071c506d010930b01ce541aa43f9110d874311d18a8ea50fb1907e8d17c3932e0c12c7d6f7c145209ab81105649fc0c5266063bd8c6a16319a82ff5d236122d53e15d6a7fcb16245d7754f3ffbf659a141cbd29286176fe445deebd5dd18baae1bbdfedbe4bd3453c50fb2f6c22505ecd768ad0703624ebf7b924dc7e8e93ea94c8a6a9f0372351b5a4aaadf89a86faf5241e47be7e6790676fbf8abcc6ef89b9f6ce10600e21815ec6d2c580b5c30ada6b956a07d9964e93419856df00b06245d0743ac2b595097007165cbb17c6a492a6eb0559712e5f89ee86b7a2c46acf9b8d8b2c7a85092966aca97f114635c64f6eb44ad927423a3bc434b267c23d364ee5671d3dcbcca02ffbb633b3c9e6f", 0xfdef)
executing program 1:
close_range$auto(0x2, 0x8, 0x0)
r0 = socket(0x11, 0x3, 0x2)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptyrc\x00', 0x101000, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x40045431, 0x0)
executing program 1:
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/usb/usbmon/0u\x00', 0x22202, 0x0)
pread64$auto(r0, 0x0, 0x3fffffd, 0x9)
read$auto_mon_fops_text_t_mon_text(r0, 0x0, 0x60)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0x0, 0x0)
executing program 1:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x0, 0x3, 0x2a)
mlockall$auto(0x7)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
fanotify_init$auto(0xd2, 0x5)
executing program 1:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x1, 0x0)
futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
tkill$auto(0x1, 0x7)
executing program 1:
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/slab/kmalloc-64/cpu_partial\x00', 0x109101, 0x0)
r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0)
mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
read$auto(r0, 0x0, 0x1ff)
pwritev$auto(0x3, &(0x7f0000001000)={0x0, 0x8}, 0x5, 0x3, 0x9)
executing program 32:
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/slab/kmalloc-64/cpu_partial\x00', 0x109101, 0x0)
r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0)
mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
read$auto(r0, 0x0, 0x1ff)
pwritev$auto(0x3, &(0x7f0000001000)={0x0, 0x8}, 0x5, 0x3, 0x9)
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_hsr(&(0x7f0000000240), r0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'ip6_vti0\x00', <r3=>0x0})
sendmsg$auto_HSR_C_GET_NODE_STATUS(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x28, r2, 0x1, 0x70bd29, 0x25dfdbff, {}, [@HSR_A_IFINDEX={0x8, 0x2, r3}, @HSR_A_NODE_ADDR={0xa, 0x1, @local}]}, 0x28}, 0x1, 0x0, 0x0, 0x40800}, 0x20000010)
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000080), 0x48180, 0x0)
ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000280)={{0x3, 0x1000, 0x1, 0x1, 0x2}, "654c6dbc7a4d30983899a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"})
ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f00000000c0)={0x4, 0x7, 0x0, 0x400, 0x9a, "077c1315ff06c9cc9ff4956913870ef95ebcd43e985b110210346f7f05f8bd5d8b4458e71254da2aab17208e518d2a9b3c20bd53a710ce119b1b61b0"})
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0xa}, 0x1)
executing program 0:
socket$nl_generic(0x11, 0x3, 0x10)
mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000)
r0 = socket(0xa, 0x3, 0x3b)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'geneve1\x00', <r1=>0x0})
sendto$auto(0x3, 0x0, 0x13, 0xfffffff9, &(0x7f0000000440)=@xdp={0x2c, 0xdd86, r1, 0x10, 0x1000000}, 0x22)
executing program 0:
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000)
connect$auto(0x4, 0x0, 0x10)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x1, 0x0)
futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
tkill$auto(0x1, 0x7)
executing program 0:
mremap$auto(0x200000000000, 0x4, 0x4, 0x3, 0x100000000)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x7fffffff, 0x300000000000)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x1c, &(0x7f0000000240), 0x1)
executing program 33:
mremap$auto(0x200000000000, 0x4, 0x4, 0x3, 0x100000000)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x7fffffff, 0x300000000000)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x1c, &(0x7f0000000240), 0x1)
executing program 2:
socket(0xa, 0x801, 0x84)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2, 0x80002, 0x73)
socket(0x2, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
setsockopt$auto(0x3, 0x10000000084, 0x24, 0x0, 0x8)
executing program 3:
socket(0xa, 0x801, 0x84)
mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x1, 0x0)
setsockopt$auto(0x3, 0x1, 0xf, 0x0, 0x9)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a)
listen$auto(0x3, 0x81)
executing program 4:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
kcmp$auto(0x0, 0x0, 0x6, 0xffffffffffffffff, 0xffffffffffffffff)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2201, 0x0)
r0 = epoll_create$auto(0x3e)
epoll_ctl$auto(r0, 0x1, 0x8000000000000000, 0x0)
executing program 2:
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket(0x2, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x23, 0x80805, 0x0)
socket(0x25, 0x1, 0x3)
accept$auto(0x3, 0xffffffffffffffff, 0xfffffffffffffffd)
executing program 3:
socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
mmap$auto(0x0, 0x400008, 0xb, 0x9b72, 0x2, 0x8000)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf2502cff3291849be3657003c80080019"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
executing program 2:
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
fanotify_init$auto(0x200, 0x1)
r0 = open(&(0x7f0000001bc0)='./file0\x00', 0x4140, 0x0)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
write$auto(r1, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
fanotify_mark$auto(0x0, 0x105, 0x8009, r0, 0x0)
executing program 5:
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_FS_IOC_GETFSUUID(0xffffffffffffffff, 0x80111500, 0xffffffffffffffff)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
memfd_create$auto(0x0, 0x2)
r0 = fcntl$auto(0xff80000000000000, 0x409, 0x3f)
fallocate$auto(r0, 0x1, 0xd, 0x5)
executing program 4:
mmap$auto(0x0, 0x7f, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0)
r0 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408)
getdents$auto(r0, 0x0, 0x400018)
ioctl$auto(0x3, 0x4020565a, 0x38)
close_range$auto(0x2, 0x8, 0x0)
executing program 5:
mmap$auto(0x0, 0x9, 0x400000072, 0x8b72, 0x1000000002, 0x8000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000680), r0)
sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="110b27f27200fbdbdf250c"], 0x24}, 0x1, 0x0, 0x0, 0x4001}, 0x9800)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
executing program 4:
socket(0x1d, 0x3, 0x1)
execveat$auto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000)
r0 = socket(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r1=>0x0})
bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r1, 0xfd}, 0x6a)
bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, 0x0, 0xfd}, 0x6a)
executing program 2:
socket(0x10, 0x2, 0x0)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmsg$auto_NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="010027bd7000fddbdf250a0005000700000000000000080001"], 0x24}, 0x1, 0x0, 0x0, 0x4088}, 0x20000010)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1c00"], 0x1ac}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff)
r2 = setfsuid$auto(0xee00)
r3 = setfsuid$auto(0xee01)
setresuid$auto(r2, r3, r2)
sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000000)={0x14, r1, 0x1, 0x70bd25, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x8880)
executing program 3:
syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x801, 0x100)
socket(0x11, 0x3, 0x2)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
getsockopt$auto(0x6, 0x107, 0x15, 0x0, 0x0)
executing program 4:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(r0, 0x0, 0x1f40)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000240)={0x0, 0x7}, 0x3)
openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
executing program 5:
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
socketpair$auto(0xf, 0x7, 0x8, 0x0)
r0 = socket(0x2000000000000021, 0x2, 0x10000000000002)
setsockopt$auto(r0, 0x110, 0x7, 0x0, 0x4)
executing program 2:
open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2, 0x3, 0xa)
socket(0xa, 0x2, 0x3a)
getsockopt$auto(0x6, 0x0, 0x50, 0xfffffffffffffffe, 0x0)
executing program 3:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000)
sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='V'], 0x1ac}}, 0x40000)
r0 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0xfffffffc, &(0x7f0000000100)={0x0, 0xfbe}, 0x8, 0x0, 0x7}, 0x880}, 0x7, 0x4008)
executing program 5:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x54)
shutdown$auto(0x200000003, 0x2)
setsockopt$auto(0x3, 0x10000000084, 0x14, 0x0, 0x4)
executing program 2:
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
io_uring_setup$auto(0x1, 0x0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000007480)='/dev/cec12\x00', 0x400, 0x0)
ioctl$auto_CEC_RECEIVE(r0, 0xc0386106, 0x0)
executing program 4:
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
process_vm_writev$auto(0x0, &(0x7f00000011c0)={&(0x7f00000001c0)="42777dd1330b458d0b5c44ca32e94fc00cfbce962ee7d8f31c0f90c327830f55adfdceafcc0f7b5a21ea23bdf5344d47d49d60218e57bb33118d04fdd37f5fd17f96a318132a5dd282784244bd58b9a0c8adc60d2f8535b3", 0x8}, 0x7, 0x0, 0x7, 0xb5)
sendmsg$auto_TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000002a80)={&(0x7f0000000200)=ANY=[@ANYBLOB="18000000", @ANYRES16=0x0, @ANYBLOB="01000200000000006bbc9d65365cbf8013"], 0x18}, 0x1, 0x0, 0x0, 0x4000094}, 0x8080)
r0 = socket(0x11, 0x3, 0x9)
capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48})
sendmmsg$auto(r0, &(0x7f00000006c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200)="4c0300000000000000a3677337f9eca9075f6bba4416", 0x49}, 0x5, 0x0, 0x5, 0x1}, 0x5}, 0x2, 0x100)
executing program 3:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
sendto$auto(0x3, 0x0, 0x18, 0x7, &(0x7f0000000180)=@hci={0x1f, 0xdd86, 0x7}, 0x22)
prctl$auto(0x0, 0xffff, 0x0, 0xffffffffffffffff, 0x6)
close_range$auto(0x2, 0x8000, 0x0)
io_uring_setup$auto(0x1, 0x0)
io_uring_register$auto(0x2, 0x6, 0x0, 0x86)
executing program 5:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
fstat$auto(0x2, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$auto(r0, 0x10e, 0x1, 0x0, 0xe)
r1 = socket(0xa, 0x801, 0x106)
listen$auto(r1, 0x5)
executing program 4:
mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
pipe2$auto(0x0, 0x80)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
executing program 3:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_ima_ascii_measurements_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000300), 0x410180, 0x0)
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x1208}, 0x1, 0x0, 0x0, 0x4004080}, 0x40)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200"], 0x1ac}}, 0x40000)
recvmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-close_range$auto-pipe2$auto-socketpair$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
pipe2$auto(0x0, 0x80)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
single: failed to extract reproducer
bisect: bisecting 38 programs with base timeout 1m40s
testing program (duration=1m49s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6]
detailed listing:
executing program 1:
statmount$auto(0x0, 0x0, 0x1fe, 0xd)
ioctl$auto_BTRFS_IOC_ADD_DEV(0xffffffffffffffff, 0x5000940a, &(0x7f00000013c0)={@inferred, "3763e45bf736e7a788ff30f1e71ca705d63325182a1e9eaf029ee051ed398ee7279068dfbbb11f7c9ca53bd2f4cea9c6145e94cfd6af686072b200e2dab1695e5ec9486f2f2c8644e38215c3ff22bad25c245d5c3909f1d1a056b45db4936aa3de5c2bf54b963239c0c0a54112011f0b29f22a8464e122cd32e81173250546fe52826ecce72a4f239ceff607292e473ef3d8fbe9b27e460f36bf820dab0fad8d6d2c90e601a4782263a09fff1b8da9b29a3c3e27f596b85685b87689dd75d81a352421c072915e9ca3a17d995886a9c1a4aa47cd7a8243e72c3ca2fe84d9fcfb62969373ba75a4cf4cb12e79aee2bef4493cf9ee2625922ac92a90e303ffe05018abc01dcf02fd5df34d39e8ff5a69f1c5132572dab40a4cdf4682bd5b251e9673e4653fbf519b7f48953d1686e261d1ecb058be6de590f481e59ef2f3d2a080bc6dc76896cd9a778312bb14ff8432dd8434e78dd7d7d6edddcaefdd77187ceff52c68b3219264a72a4e667c6d92619b48b1f6153d0228de03296d77e859a7a212c75ea9b25b599bb1da825054f4ee8d5bcec1c30f836454340c5027c27c32df5b2840882e24e523519ed70dcfe3b3ca2a4229d1da49555ca35d738886d60a5090e3a71b2e28c409c36adb92e0ea293d731ef2563d33c5171d900bb1bb2ccf54bcfb0433f7269b14590cde5d9f33c78e047dcdf5925e20ae8119bfecedac3970b8a22e14bce0e3078c557f3bca8318b7c2dc12fc85866f8f3ba25cf9798262cad2f989f8d285e7618b8092d10ce700f5d7e4dd1fa94b5a1d84b95415c545e68cbd689d5f27265bbb614409f509a1f4e8b9c9fb6535520a70eb459c8696d9f26a41688fdfc3bf7e5eed0ebcd6fa1f1d52231a4492d1c04266450aa054b6fb79892cb190b1c75c7fc5833efc6245921fbc01a79634591abccb4eb2bd5c01be534c56a43df0ef95c848d749cf4f497d4f8e03b985799220f6857a06fb8ba039879227553775670d83161c499e858aa5e23442ba670bfd51f6f7f2d5dd009826e97bc0e1ebda818c566106149835e0036bc32cb8e4b6b13e36d2d3dc1a896c4cc134ba9563cf9a0b80844e2019da7a975ed4adf7c923aa753769bf02de5cb0a29d4edce49c848ee3221331b93cb5802343067519c6047a166c139e2e7e17aa08e3628b6b5898944d1aa7ceb33303f7833930c9b757c384b95025e6f2280cf5eaf20c9379e6cb6833b0fdbe252e9ce000cab77d67db6993ce0b5ea470cb18fc18b59137885903e46c3f8afc8221263618cd65398470fd96575101ab2231ef34e612dc29c9102c02f4913fdd0ac6bde1339cd7813e3114c8c583a512c6274667c56c44bb6c6ca60cf7c720d4e083691d02d5cf431d6b747790ec863f8ac087df3248f5fba164196756eca7d1752532f587b3454982a5fa5ee5e08b6d573b5ab112e2c6eb6d4113da97618770aaeae96d2016eb76e3663e19ef6824e1c2a99fb185e7efb75413f84b6f7efbd39b95be47d9e0106cce3bdab853fa40a43c6bf7e150770002794cbe2a162ac6207d8c1e4a7296e7e05861eaf6b5fc9bc18e9f20b031f4f2d2f7cb13a368c1dd7a652df28f0da1b5e8a6766c51d8c2eba01a1ea81f43cb9cb1075faeef7a2f97de3742d8fffc0d8d7514a7024e3f89c4445198e66c1da58aced6e39724f212b345b4183b9128cecba5252f467f0c657d857a905d96d39ddd40101df4d4472471b4cf9c216585188f5effff3d674e5e0d2a74353965978c0181d4ce32d0f65570c53cec061afeee4a9d92d5bd3424223b5a8ed227f048d40ae986739490262db7d53ca685d800a1e67f71e7d334d01ddc8d6c368b23f4b23d40ae59ce4c9c05846d8048334594b92aa91e601149426670d0b09b2de53055a1f257a9bc660fb401553c724bfb4d13a4b8e72ffefc60e8fda33a06f86a0ba7517d4327fbf677394abcda691ab80f05a1ea9b1a7689dbd181e059c2de952d5b7e99852b045073ebf3a4dcd09ecb634a40b6770bdac45c8ecec65d4eece0e25f98f9cdac3b5068e758777754906aa64d6e42259a68517517f9a56ec10d25833562458cf097792f0923a2b317715e618a1b451c7ab1c2e0a5c8e17fe7993a1b165018b803e4a9a6d95a904c9b6b5232fcc586f1d2648a22f70092f72c20ec2cdb1813adbed7b1c5640045204cb35b8d2055481a9b3b5a14cc407efd830e4b44445d53ec18f3cbfbf1f2bd10d5548df8c4f55aac22d05e3822450f2e0827668d89b4cb0e37c86736ea37e5f6e390b498769e23975207a2479b21589097235edd14ff12f9fb09965ee759a88d23741881f61e35e48140eb5e9b1b0d657a1b9fa0febcf6fd9466e507d6a41c75180ab7763dc74cd55fe4574bb490300fd4b2ee43634cb9033635f0ee22ae4b527b995f77ca3ff15ab8a3f04c04a9e6169805c15e9820660d393ed01252915ed361511bc7381e08bbf9416f3c1ba93ec15b36b429fe3b23a4ca692bf27784ff2357e79547a98c64bfbb5124326b1dac28320789f7bdcb9c6988f6579cd53db5ab32bd49bbf8813d42f33ee41643e97ad57ee286f86b6166650f6f837e8580101b1fe99463d4a35c52297f4229091c66f24a3aeb1afa45c929def3c7b3a8e881fb35222555d82646a1cb6cec897244c6b71dd3d989a25f25962ce32dd0ff715eff156f2400c39370f9cd2fdab33a75c5de194768cabe37cc8eb2ceddf0e3099c5599bfaf58caa8da560fdea94b78a755b8a3fd3b0c17301ff592c6f30c4d09cda25bcfff02e71b34e8013295d9ecc6e8524ae6a406c948821956ae1a2a97c0844f305014c70082bc8184c219a19332eb21b1f67e7645d2a334c049b55b30bf850e602799ff69b4b32e7f8ec5bac13ee14e1038c9f4dfa25911fb0bba0b8ae29501b89daed766fff036d1da6b6e967bab76b958407f1d3e0d2dd96d6eed3ae59c9247dc441114b07de016d25028466600f7b45904abb3ec5b5f37d2261c849a68025d9c6ce8df80379b8e6915beb43bdfad1c214f016debd405797d325089b765126b7861f9deeb79c0d286f7f9117d6ee20e60b4695d168088ed982bcca5f7869b32a7402cbf19e3ee5f11060036f237a57c004d390d96b6121e761493835d9d38485896b1ab3bc772fd340d8f2da59a65c6baac1301f9152ff298907d3394540cc763679b24fe2c045a410cb645a426fe6bd0f11283f68050e769caf046afa8032c696dbb3e92a70318179569ec61cf59c04f6afc4b23b8e9646f7de8680d905de76faf9433d1fd12b5eb57bfb571f82d067afb46f7cc0d2a74a2ecbd00f44f0cc7d51f789d25f9076e49a9899778a7f8c8fb05424d3755474a42c4c7ad468a58de49a1ae3718ac16b15b05913a30c29b0ae79329b37ceac091e506ebfc69e7116a66dc4882ab2dc8435d937539048de3f5f171cc5a4450893055047c7a21988ecba2c4890dba69a90730c134e80ce9d0d51ec13a728942c2e226c5afe8b8ed6cc7a25525605337827f0a0086d74915bb0c22e13910d1d1f3552b050c008ca5b0d5ebba70a772f3e25fcd4bcbf3f8726d532f2e26d3f08ddfd23732efc0e2f9c0be1a28bbba5e4c8f2e91b442979b674b01677685eb5e8839c90c23e273b9042a29bf515218800cb91cfa4969af515fdb438c7678ddb6ea54c0cf15ef8039c1297e1a41fbc9b34d91ec8e447ff0eb160103454b644a415aba5123a5da491c87071f62fa6ff70166d4d610fc86068e949a90a83e8151912aa7226c679073cf327b38b8bef929a4b3bc9afc539c67a8e0a169abe5f98690d80735b24bce5bd696d4bf3903857cd825675b807d4be27a194ce7d04e7876681aa17c2e4c45ce510e476c4206a0bba924d02bf8e579ebc8660a8e17a3c2113459b0ffb15b8a3e3d5c80336d1bbf248a92a47a4c25178a6e6eb3108955188727fae17a8a99f1c27993a514935cee40b7dfecf0d93769e2f78775c00b54365271716a06432437a035d4b0a3971922c0b3d0856ed79b51880e1fcae4d5d2534c2db0fe52ad777cfd035e273eaa289a7709bb4496cd865b93a6372cfa6f2dc5f14a0435fab67e8a2f98ef426a70018af6f14572d2e68d913b18764756895f4692afebca4453f9659396eb7c0a403d72524ea3df93792b1c016cfc38f634ffb5c636ce275e86ba5390b6b4a8768923821f80974751de3be24602cf5fd0c57c50bdd11f6fa920482b926dd2f896887e8590227fcbfc81bf877691ec182e006cba1da669b6b531e3e1e3d2d9d1706b60256e3efc9d0e9326948fcb205272a53a76047513c2f97fc89f3922fc3956d51362d2f1d002113bbf82fdac4969c3d6cecf77827ac112b6882021d0644e181631b48989f3f07507cafc81b6f0e0d285d029f392a726b074e49bde2dbef4b69f467ac53f0f0fcc9d786b757071b2566cd0fb8b04e98d7cc9bd463d8d67f546232be8243eda33c6aff9162696e3f0a9e1f5ede97e2b0e7ef5c8014b3f439f07a7db77c79e6907c48dbda8b7f3712f0880b91a283ca364afa969ab55c2957a53382fc86913c7bbb6a205aa3fa7b8b8edc1ed6ec3793ae86bf6b885ffcd09eec1cb34735223a6f680a6a64eb9270762a0d409cf17bbcaa13764123256a80d25d1ecfa955ed06203b309cd4b89c373437c5565e6b64646324f5961826b26a0e08c752bb64e29dc6f4377caab19526fe409a44d89cbec924c305e818ed30cf4b6abca778a799c53a6b9f82f73e888daf366bbd942e9e23af2a2d0910839de36244eee44f4b485362272d58b6e0a4ce0cf7d0bb8cea1bf208a99658f3be409168646b35a11b36af1da67b4329f3ec40228019a597d5996a8e076eae7994bfb468787c203b6a1ba0499e61a47500f6a092875dafa27a4779dbbb43c0abbac151aafd9301b3024e48139313504fc528def90ea80fd21126d48c272352d34432fe92229ef4ce46008ec0ccff987f49e76155f782012c7223dedea4a790c39e5a5a312a3de475c1ebb9a5e1b6280149e53e10359d0a2c0cc2cf8c18a6e5d5e013e6ce9cca0d785674d8e98118b3ca8843a8570a508c6e8886e99868f8ca25d18ec4b056d882adeac4bb88eceefe5f71fbf2523b618849430e25309d89dda1346c2594a5fc6e14781e6804985c86521d45a30a9c98865496ac8482fa13b75c491078637a4906d8abf71c231c558e88de82d72d95c1483d2932d2c0490efd4546fa3131b3e324fe2064c871ee740e7694f3bdc190d58ecf64848e0b40dcab5267dcd5ec0c8bc54c067b4876a592da7802c1ec7711caa2ca6350d72fd02ee7c4189ba8335b31568225feca00e726b4b54cb271f93041fdd36638b176a0298fad233e2151d075498d9668b44b2780822c32d56d4ac925cf87099c11f4a07840ed6d734ce343b88980bd494e7ae648f199d06b9f659abba0e9bffa236f98eca103c758e29473bda7b180c2e65192d35db5c84204fecda7757419977eceff3e1223ca02de4f610b1ade26493e60613a6e963d7ba06d5a0c5ad978ec718cfa3e74ad047743abc1ef53fb37346378ca76ce68e1700eb90dbf21a387751bef29047e6bb99dde31ea3d39efc6ee7d4e6fcc063bddc49977ad6177438c5413e29ee79492147865f2a08524ca17b7f6a528a9938c0735e9cdccb808af57f873e20d0e8688b8942a40e2577bbe01026e8d9b2358eba068ce284d00c92c1b908cd17f95a05964f12afa65607d57ef06825fd854ae80a3c3d0a8bf7027c3d510346f9ee83c3cfd94706aeddae8d1c541afb517f0b816064c6"})
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0)
write$auto_tty_fops_tty_io(r0, &(0x7f0000000580)="7fd0a917413f68eb6b28d5eea7d1553f6595c094f1f855eb8d8776e6bd8f81c440da3fe3433f8243402fc2752caac5da7a03bbb5adf685740635a6bc231c6cf093b7cf0e4dd07f10b2dc12791aa3ebded3cfe2e4befc0e02d2e064b1db3adc8b2ec1c0378efff268086d6cb998b8dedfb7f20d06b7b091e974de1c1a4ce3d378d91b7639d914ba86b1f18337bb06e3619af99e68dfac380ab153fc75a2159d8efbbf7436752c964490346cf1558249979fc61ee71509560d14bdd0922e50904f3a4b2ae1bfc4f6bb9e08f16afd6baa53cf87077be5bcca2829dd4133da071a6fd072ed5568670a5d171e3deee5576bf571a016c162ca369182f202dbe49839df8d4c438dacdd6cdd67c21e2ed9be20baeff5e5019313d5e6e5a0e93eab61be5dec2c7e144cf9d73fd945c25ff11d5d5aa26bf8ab2e06098b8aeb05c1f29c1a30d268d82768b3350c3efcdac39334de0f6406a1aed635e0c55412ff73b0222d67be6bdd185478d502b492c41696ce6f88609795409aa0841dbc7cb222f0cb239b19d9499fdc45988f0290af0666c37b93f047d45b17cbe7c9332c63ad46c6aa871e4b351efa4fbfb88cfa0281f465d1a970939c2d6c45c50ade06f0bb98ed66623b887de325c0f42ab530b649ea29757af9464c18dea186a0bbc62ce209a3be8e86e8f710323cb899d806caf575cb73a419c0804afd4c8a329a2afaebb87291e9fdfd2ca0edebfc4fb7b1e281fa3e6ac387aebfc92107f4251aa8c96a4c6d7599933c2c489a7696e8e42d88b572fa46bead2c96f619030ab70026f14f91bbf0a4c1b3ed74c564d6ae3eefeef94d37e19701513ff7713a52ebfd8f251dc303455de00d1ee3ed3e204bed2901a644056193fc7e00ce10aa6463892a7881a51893af629f7bd8801ce4c44c7ff2decdb6a69d9ed48ff79661ba9ec4a84dd222d3b40e4abf56222b97db9aa646a67e5031a57d570030f41b09529298f1acddbcd1f0ff6a30cb2a2d5eaecd774bbf897477cc1e55488f3493b6aa6908d24b032cbda24f956f7f262d992838923efde7e8ed0558872451d7bd6a4769ecd47c6d0a125a6e638df6f67793901a67071c506d010930b01ce541aa43f9110d874311d18a8ea50fb1907e8d17c3932e0c12c7d6f7c145209ab81105649fc0c5266063bd8c6a16319a82ff5d236122d53e15d6a7fcb16245d7754f3ffbf659a141cbd29286176fe445deebd5dd18baae1bbdfedbe4bd3453c50fb2f6c22505ecd768ad0703624ebf7b924dc7e8e93ea94c8a6a9f0372351b5a4aaadf89a86faf5241e47be7e6790676fbf8abcc6ef89b9f6ce10600e21815ec6d2c580b5c30ada6b956a07d9964e93419856df00b06245d0743ac2b595097007165cbb17c6a492a6eb0559712e5f89ee86b7a2c46acf9b8d8b2c7a85092966aca97f114635c64f6eb44ad927423a3bc434b267c23d364ee5671d3dcbcca02ffbb633b3c9e6f", 0xfdef)
executing program 1:
close_range$auto(0x2, 0x8, 0x0)
r0 = socket(0x11, 0x3, 0x2)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptyrc\x00', 0x101000, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x40045431, 0x0)
executing program 1:
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/usb/usbmon/0u\x00', 0x22202, 0x0)
pread64$auto(r0, 0x0, 0x3fffffd, 0x9)
read$auto_mon_fops_text_t_mon_text(r0, 0x0, 0x60)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0x0, 0x0)
executing program 1:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x0, 0x3, 0x2a)
mlockall$auto(0x7)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
fanotify_init$auto(0xd2, 0x5)
executing program 1:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x1, 0x0)
futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
tkill$auto(0x1, 0x7)
executing program 1:
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/slab/kmalloc-64/cpu_partial\x00', 0x109101, 0x0)
r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0)
mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
read$auto(r0, 0x0, 0x1ff)
pwritev$auto(0x3, &(0x7f0000001000)={0x0, 0x8}, 0x5, 0x3, 0x9)
executing program 32:
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/slab/kmalloc-64/cpu_partial\x00', 0x109101, 0x0)
r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0)
mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
read$auto(r0, 0x0, 0x1ff)
pwritev$auto(0x3, &(0x7f0000001000)={0x0, 0x8}, 0x5, 0x3, 0x9)
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_hsr(&(0x7f0000000240), r0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'ip6_vti0\x00', <r3=>0x0})
sendmsg$auto_HSR_C_GET_NODE_STATUS(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x28, r2, 0x1, 0x70bd29, 0x25dfdbff, {}, [@HSR_A_IFINDEX={0x8, 0x2, r3}, @HSR_A_NODE_ADDR={0xa, 0x1, @local}]}, 0x28}, 0x1, 0x0, 0x0, 0x40800}, 0x20000010)
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000080), 0x48180, 0x0)
ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000280)={{0x3, 0x1000, 0x1, 0x1, 0x2}, "654c6dbc7a4d30983899a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"})
ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f00000000c0)={0x4, 0x7, 0x0, 0x400, 0x9a, "077c1315ff06c9cc9ff4956913870ef95ebcd43e985b110210346f7f05f8bd5d8b4458e71254da2aab17208e518d2a9b3c20bd53a710ce119b1b61b0"})
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0xa}, 0x1)
executing program 0:
socket$nl_generic(0x11, 0x3, 0x10)
mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000)
r0 = socket(0xa, 0x3, 0x3b)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'geneve1\x00', <r1=>0x0})
sendto$auto(0x3, 0x0, 0x13, 0xfffffff9, &(0x7f0000000440)=@xdp={0x2c, 0xdd86, r1, 0x10, 0x1000000}, 0x22)
executing program 0:
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000)
connect$auto(0x4, 0x0, 0x10)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x1, 0x0)
futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
tkill$auto(0x1, 0x7)
executing program 0:
mremap$auto(0x200000000000, 0x4, 0x4, 0x3, 0x100000000)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x7fffffff, 0x300000000000)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x1c, &(0x7f0000000240), 0x1)
executing program 33:
mremap$auto(0x200000000000, 0x4, 0x4, 0x3, 0x100000000)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x7fffffff, 0x300000000000)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x1c, &(0x7f0000000240), 0x1)
executing program 2:
socket(0xa, 0x801, 0x84)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2, 0x80002, 0x73)
socket(0x2, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
setsockopt$auto(0x3, 0x10000000084, 0x24, 0x0, 0x8)
executing program 3:
socket(0xa, 0x801, 0x84)
mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x1, 0x0)
setsockopt$auto(0x3, 0x1, 0xf, 0x0, 0x9)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a)
listen$auto(0x3, 0x81)
executing program 4:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
kcmp$auto(0x0, 0x0, 0x6, 0xffffffffffffffff, 0xffffffffffffffff)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2201, 0x0)
r0 = epoll_create$auto(0x3e)
epoll_ctl$auto(r0, 0x1, 0x8000000000000000, 0x0)
executing program 2:
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket(0x2, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x23, 0x80805, 0x0)
socket(0x25, 0x1, 0x3)
accept$auto(0x3, 0xffffffffffffffff, 0xfffffffffffffffd)
executing program 3:
socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
mmap$auto(0x0, 0x400008, 0xb, 0x9b72, 0x2, 0x8000)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf2502cff3291849be3657003c80080019"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
executing program 2:
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
fanotify_init$auto(0x200, 0x1)
r0 = open(&(0x7f0000001bc0)='./file0\x00', 0x4140, 0x0)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
write$auto(r1, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
fanotify_mark$auto(0x0, 0x105, 0x8009, r0, 0x0)
executing program 5:
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_FS_IOC_GETFSUUID(0xffffffffffffffff, 0x80111500, 0xffffffffffffffff)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
memfd_create$auto(0x0, 0x2)
r0 = fcntl$auto(0xff80000000000000, 0x409, 0x3f)
fallocate$auto(r0, 0x1, 0xd, 0x5)
executing program 4:
mmap$auto(0x0, 0x7f, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0)
r0 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408)
getdents$auto(r0, 0x0, 0x400018)
ioctl$auto(0x3, 0x4020565a, 0x38)
close_range$auto(0x2, 0x8, 0x0)
executing program 5:
mmap$auto(0x0, 0x9, 0x400000072, 0x8b72, 0x1000000002, 0x8000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000680), r0)
sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="110b27f27200fbdbdf250c"], 0x24}, 0x1, 0x0, 0x0, 0x4001}, 0x9800)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
executing program 4:
socket(0x1d, 0x3, 0x1)
execveat$auto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000)
r0 = socket(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r1=>0x0})
bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r1, 0xfd}, 0x6a)
bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, 0x0, 0xfd}, 0x6a)
executing program 2:
socket(0x10, 0x2, 0x0)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmsg$auto_NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="010027bd7000fddbdf250a0005000700000000000000080001"], 0x24}, 0x1, 0x0, 0x0, 0x4088}, 0x20000010)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1c00"], 0x1ac}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff)
r2 = setfsuid$auto(0xee00)
r3 = setfsuid$auto(0xee01)
setresuid$auto(r2, r3, r2)
sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000000)={0x14, r1, 0x1, 0x70bd25, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x8880)
executing program 3:
syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x801, 0x100)
socket(0x11, 0x3, 0x2)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
getsockopt$auto(0x6, 0x107, 0x15, 0x0, 0x0)
executing program 4:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(r0, 0x0, 0x1f40)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000240)={0x0, 0x7}, 0x3)
openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
executing program 5:
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
socketpair$auto(0xf, 0x7, 0x8, 0x0)
r0 = socket(0x2000000000000021, 0x2, 0x10000000000002)
setsockopt$auto(r0, 0x110, 0x7, 0x0, 0x4)
executing program 2:
open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2, 0x3, 0xa)
socket(0xa, 0x2, 0x3a)
getsockopt$auto(0x6, 0x0, 0x50, 0xfffffffffffffffe, 0x0)
executing program 3:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000)
sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='V'], 0x1ac}}, 0x40000)
r0 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0xfffffffc, &(0x7f0000000100)={0x0, 0xfbe}, 0x8, 0x0, 0x7}, 0x880}, 0x7, 0x4008)
executing program 5:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x54)
shutdown$auto(0x200000003, 0x2)
setsockopt$auto(0x3, 0x10000000084, 0x14, 0x0, 0x4)
executing program 2:
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
io_uring_setup$auto(0x1, 0x0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000007480)='/dev/cec12\x00', 0x400, 0x0)
ioctl$auto_CEC_RECEIVE(r0, 0xc0386106, 0x0)
executing program 4:
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
process_vm_writev$auto(0x0, &(0x7f00000011c0)={&(0x7f00000001c0)="42777dd1330b458d0b5c44ca32e94fc00cfbce962ee7d8f31c0f90c327830f55adfdceafcc0f7b5a21ea23bdf5344d47d49d60218e57bb33118d04fdd37f5fd17f96a318132a5dd282784244bd58b9a0c8adc60d2f8535b3", 0x8}, 0x7, 0x0, 0x7, 0xb5)
sendmsg$auto_TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000002a80)={&(0x7f0000000200)=ANY=[@ANYBLOB="18000000", @ANYRES16=0x0, @ANYBLOB="01000200000000006bbc9d65365cbf8013"], 0x18}, 0x1, 0x0, 0x0, 0x4000094}, 0x8080)
r0 = socket(0x11, 0x3, 0x9)
capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48})
sendmmsg$auto(r0, &(0x7f00000006c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200)="4c0300000000000000a3677337f9eca9075f6bba4416", 0x49}, 0x5, 0x0, 0x5, 0x1}, 0x5}, 0x2, 0x100)
executing program 3:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
sendto$auto(0x3, 0x0, 0x18, 0x7, &(0x7f0000000180)=@hci={0x1f, 0xdd86, 0x7}, 0x22)
prctl$auto(0x0, 0xffff, 0x0, 0xffffffffffffffff, 0x6)
close_range$auto(0x2, 0x8000, 0x0)
io_uring_setup$auto(0x1, 0x0)
io_uring_register$auto(0x2, 0x6, 0x0, 0x86)
executing program 5:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
fstat$auto(0x2, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$auto(r0, 0x10e, 0x1, 0x0, 0xe)
r1 = socket(0xa, 0x801, 0x106)
listen$auto(r1, 0x5)
executing program 4:
mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
pipe2$auto(0x0, 0x80)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
executing program 3:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_ima_ascii_measurements_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000300), 0x410180, 0x0)
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x1208}, 0x1, 0x0, 0x0, 0x4004080}, 0x40)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200"], 0x1ac}}, 0x40000)
recvmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
bisect: bisecting 38 programs
bisect: split chunks (needed=false): <37>
bisect: split chunk #0 of len 37 into 3 parts
bisect: testing without sub-chunk 1/3
testing program (duration=1m46s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6]
detailed listing:
executing program 33:
mremap$auto(0x200000000000, 0x4, 0x4, 0x3, 0x100000000)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x7fffffff, 0x300000000000)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x1c, &(0x7f0000000240), 0x1)
executing program 2:
socket(0xa, 0x801, 0x84)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2, 0x80002, 0x73)
socket(0x2, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
setsockopt$auto(0x3, 0x10000000084, 0x24, 0x0, 0x8)
executing program 3:
socket(0xa, 0x801, 0x84)
mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x1, 0x0)
setsockopt$auto(0x3, 0x1, 0xf, 0x0, 0x9)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a)
listen$auto(0x3, 0x81)
executing program 4:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
kcmp$auto(0x0, 0x0, 0x6, 0xffffffffffffffff, 0xffffffffffffffff)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2201, 0x0)
r0 = epoll_create$auto(0x3e)
epoll_ctl$auto(r0, 0x1, 0x8000000000000000, 0x0)
executing program 2:
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket(0x2, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x23, 0x80805, 0x0)
socket(0x25, 0x1, 0x3)
accept$auto(0x3, 0xffffffffffffffff, 0xfffffffffffffffd)
executing program 3:
socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
mmap$auto(0x0, 0x400008, 0xb, 0x9b72, 0x2, 0x8000)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf2502cff3291849be3657003c80080019"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
executing program 2:
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
fanotify_init$auto(0x200, 0x1)
r0 = open(&(0x7f0000001bc0)='./file0\x00', 0x4140, 0x0)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
write$auto(r1, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81)
fanotify_mark$auto(0x0, 0x105, 0x8009, r0, 0x0)
executing program 5:
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_FS_IOC_GETFSUUID(0xffffffffffffffff, 0x80111500, 0xffffffffffffffff)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
memfd_create$auto(0x0, 0x2)
r0 = fcntl$auto(0xff80000000000000, 0x409, 0x3f)
fallocate$auto(r0, 0x1, 0xd, 0x5)
executing program 4:
mmap$auto(0x0, 0x7f, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0)
r0 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408)
getdents$auto(r0, 0x0, 0x400018)
ioctl$auto(0x3, 0x4020565a, 0x38)
close_range$auto(0x2, 0x8, 0x0)
executing program 5:
mmap$auto(0x0, 0x9, 0x400000072, 0x8b72, 0x1000000002, 0x8000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000680), r0)
sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="110b27f27200fbdbdf250c"], 0x24}, 0x1, 0x0, 0x0, 0x4001}, 0x9800)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
executing program 4:
socket(0x1d, 0x3, 0x1)
execveat$auto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000)
r0 = socket(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r1=>0x0})
bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r1, 0xfd}, 0x6a)
bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, 0x0, 0xfd}, 0x6a)
executing program 2:
socket(0x10, 0x2, 0x0)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmsg$auto_NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="010027bd7000fddbdf250a0005000700000000000000080001"], 0x24}, 0x1, 0x0, 0x0, 0x4088}, 0x20000010)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1c00"], 0x1ac}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff)
r2 = setfsuid$auto(0xee00)
r3 = setfsuid$auto(0xee01)
setresuid$auto(r2, r3, r2)
sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000000)={0x14, r1, 0x1, 0x70bd25, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x8880)
executing program 3:
syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x801, 0x100)
socket(0x11, 0x3, 0x2)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
getsockopt$auto(0x6, 0x107, 0x15, 0x0, 0x0)
executing program 4:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(r0, 0x0, 0x1f40)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000240)={0x0, 0x7}, 0x3)
openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
executing program 5:
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
socketpair$auto(0xf, 0x7, 0x8, 0x0)
r0 = socket(0x2000000000000021, 0x2, 0x10000000000002)
setsockopt$auto(r0, 0x110, 0x7, 0x0, 0x4)
executing program 2:
open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2, 0x3, 0xa)
socket(0xa, 0x2, 0x3a)
getsockopt$auto(0x6, 0x0, 0x50, 0xfffffffffffffffe, 0x0)
executing program 3:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000)
sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='V'], 0x1ac}}, 0x40000)
r0 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0xfffffffc, &(0x7f0000000100)={0x0, 0xfbe}, 0x8, 0x0, 0x7}, 0x880}, 0x7, 0x4008)
executing program 5:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x54)
shutdown$auto(0x200000003, 0x2)
setsockopt$auto(0x3, 0x10000000084, 0x14, 0x0, 0x4)
executing program 2:
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
io_uring_setup$auto(0x1, 0x0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000007480)='/dev/cec12\x00', 0x400, 0x0)
ioctl$auto_CEC_RECEIVE(r0, 0xc0386106, 0x0)
executing program 4:
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
process_vm_writev$auto(0x0, &(0x7f00000011c0)={&(0x7f00000001c0)="42777dd1330b458d0b5c44ca32e94fc00cfbce962ee7d8f31c0f90c327830f55adfdceafcc0f7b5a21ea23bdf5344d47d49d60218e57bb33118d04fdd37f5fd17f96a318132a5dd282784244bd58b9a0c8adc60d2f8535b3", 0x8}, 0x7, 0x0, 0x7, 0xb5)
sendmsg$auto_TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000002a80)={&(0x7f0000000200)=ANY=[@ANYBLOB="18000000", @ANYRES16=0x0, @ANYBLOB="01000200000000006bbc9d65365cbf8013"], 0x18}, 0x1, 0x0, 0x0, 0x4000094}, 0x8080)
r0 = socket(0x11, 0x3, 0x9)
capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48})
sendmmsg$auto(r0, &(0x7f00000006c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200)="4c0300000000000000a3677337f9eca9075f6bba4416", 0x49}, 0x5, 0x0, 0x5, 0x1}, 0x5}, 0x2, 0x100)
executing program 3:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
sendto$auto(0x3, 0x0, 0x18, 0x7, &(0x7f0000000180)=@hci={0x1f, 0xdd86, 0x7}, 0x22)
prctl$auto(0x0, 0xffff, 0x0, 0xffffffffffffffff, 0x6)
close_range$auto(0x2, 0x8000, 0x0)
io_uring_setup$auto(0x1, 0x0)
io_uring_register$auto(0x2, 0x6, 0x0, 0x86)
executing program 5:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
fstat$auto(0x2, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$auto(r0, 0x10e, 0x1, 0x0, 0xe)
r1 = socket(0xa, 0x801, 0x106)
listen$auto(r1, 0x5)
executing program 4:
mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
pipe2$auto(0x0, 0x80)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
executing program 3:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_ima_ascii_measurements_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000300), 0x410180, 0x0)
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x1208}, 0x1, 0x0, 0x0, 0x4004080}, 0x40)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200"], 0x1ac}}, 0x40000)
recvmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0)

program did not crash
bisect: testing without sub-chunk 2/3
testing program (duration=1m46s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6]
detailed listing:
executing program 1:
statmount$auto(0x0, 0x0, 0x1fe, 0xd)
ioctl$auto_BTRFS_IOC_ADD_DEV(0xffffffffffffffff, 0x5000940a, &(0x7f00000013c0)={@inferred, "3763e45bf736e7a788ff30f1e71ca705d63325182a1e9eaf029ee051ed398ee7279068dfbbb11f7c9ca53bd2f4cea9c6145e94cfd6af686072b200e2dab1695e5ec9486f2f2c8644e38215c3ff22bad25c245d5c3909f1d1a056b45db4936aa3de5c2bf54b963239c0c0a54112011f0b29f22a8464e122cd32e81173250546fe52826ecce72a4f239ceff607292e473ef3d8fbe9b27e460f36bf820dab0fad8d6d2c90e601a4782263a09fff1b8da9b29a3c3e27f596b85685b87689dd75d81a352421c072915e9ca3a17d995886a9c1a4aa47cd7a8243e72c3ca2fe84d9fcfb62969373ba75a4cf4cb12e79aee2bef4493cf9ee2625922ac92a90e303ffe05018abc01dcf02fd5df34d39e8ff5a69f1c5132572dab40a4cdf4682bd5b251e9673e4653fbf519b7f48953d1686e261d1ecb058be6de590f481e59ef2f3d2a080bc6dc76896cd9a778312bb14ff8432dd8434e78dd7d7d6edddcaefdd77187ceff52c68b3219264a72a4e667c6d92619b48b1f6153d0228de03296d77e859a7a212c75ea9b25b599bb1da825054f4ee8d5bcec1c30f836454340c5027c27c32df5b2840882e24e523519ed70dcfe3b3ca2a4229d1da49555ca35d738886d60a5090e3a71b2e28c409c36adb92e0ea293d731ef2563d33c5171d900bb1bb2ccf54bcfb0433f7269b14590cde5d9f33c78e047dcdf5925e20ae8119bfecedac3970b8a22e14bce0e3078c557f3bca8318b7c2dc12fc85866f8f3ba25cf9798262cad2f989f8d285e7618b8092d10ce700f5d7e4dd1fa94b5a1d84b95415c545e68cbd689d5f27265bbb614409f509a1f4e8b9c9fb6535520a70eb459c8696d9f26a41688fdfc3bf7e5eed0ebcd6fa1f1d52231a4492d1c04266450aa054b6fb79892cb190b1c75c7fc5833efc6245921fbc01a79634591abccb4eb2bd5c01be534c56a43df0ef95c848d749cf4f497d4f8e03b985799220f6857a06fb8ba039879227553775670d83161c499e858aa5e23442ba670bfd51f6f7f2d5dd009826e97bc0e1ebda818c566106149835e0036bc32cb8e4b6b13e36d2d3dc1a896c4cc134ba9563cf9a0b80844e2019da7a975ed4adf7c923aa753769bf02de5cb0a29d4edce49c848ee3221331b93cb5802343067519c6047a166c139e2e7e17aa08e3628b6b5898944d1aa7ceb33303f7833930c9b757c384b95025e6f2280cf5eaf20c9379e6cb6833b0fdbe252e9ce000cab77d67db6993ce0b5ea470cb18fc18b59137885903e46c3f8afc8221263618cd65398470fd96575101ab2231ef34e612dc29c9102c02f4913fdd0ac6bde1339cd7813e3114c8c583a512c6274667c56c44bb6c6ca60cf7c720d4e083691d02d5cf431d6b747790ec863f8ac087df3248f5fba164196756eca7d1752532f587b3454982a5fa5ee5e08b6d573b5ab112e2c6eb6d4113da97618770aaeae96d2016eb76e3663e19ef6824e1c2a99fb185e7efb75413f84b6f7efbd39b95be47d9e0106cce3bdab853fa40a43c6bf7e150770002794cbe2a162ac6207d8c1e4a7296e7e05861eaf6b5fc9bc18e9f20b031f4f2d2f7cb13a368c1dd7a652df28f0da1b5e8a6766c51d8c2eba01a1ea81f43cb9cb1075faeef7a2f97de3742d8fffc0d8d7514a7024e3f89c4445198e66c1da58aced6e39724f212b345b4183b9128cecba5252f467f0c657d857a905d96d39ddd40101df4d4472471b4cf9c216585188f5effff3d674e5e0d2a74353965978c0181d4ce32d0f65570c53cec061afeee4a9d92d5bd3424223b5a8ed227f048d40ae986739490262db7d53ca685d800a1e67f71e7d334d01ddc8d6c368b23f4b23d40ae59ce4c9c05846d8048334594b92aa91e601149426670d0b09b2de53055a1f257a9bc660fb401553c724bfb4d13a4b8e72ffefc60e8fda33a06f86a0ba7517d4327fbf677394abcda691ab80f05a1ea9b1a7689dbd181e059c2de952d5b7e99852b045073ebf3a4dcd09ecb634a40b6770bdac45c8ecec65d4eece0e25f98f9cdac3b5068e758777754906aa64d6e42259a68517517f9a56ec10d25833562458cf097792f0923a2b317715e618a1b451c7ab1c2e0a5c8e17fe7993a1b165018b803e4a9a6d95a904c9b6b5232fcc586f1d2648a22f70092f72c20ec2cdb1813adbed7b1c5640045204cb35b8d2055481a9b3b5a14cc407efd830e4b44445d53ec18f3cbfbf1f2bd10d5548df8c4f55aac22d05e3822450f2e0827668d89b4cb0e37c86736ea37e5f6e390b498769e23975207a2479b21589097235edd14ff12f9fb09965ee759a88d23741881f61e35e48140eb5e9b1b0d657a1b9fa0febcf6fd9466e507d6a41c75180ab7763dc74cd55fe4574bb490300fd4b2ee43634cb9033635f0ee22ae4b527b995f77ca3ff15ab8a3f04c04a9e6169805c15e9820660d393ed01252915ed361511bc7381e08bbf9416f3c1ba93ec15b36b429fe3b23a4ca692bf27784ff2357e79547a98c64bfbb5124326b1dac28320789f7bdcb9c6988f6579cd53db5ab32bd49bbf8813d42f33ee41643e97ad57ee286f86b6166650f6f837e8580101b1fe99463d4a35c52297f4229091c66f24a3aeb1afa45c929def3c7b3a8e881fb35222555d82646a1cb6cec897244c6b71dd3d989a25f25962ce32dd0ff715eff156f2400c39370f9cd2fdab33a75c5de194768cabe37cc8eb2ceddf0e3099c5599bfaf58caa8da560fdea94b78a755b8a3fd3b0c17301ff592c6f30c4d09cda25bcfff02e71b34e8013295d9ecc6e8524ae6a406c948821956ae1a2a97c0844f305014c70082bc8184c219a19332eb21b1f67e7645d2a334c049b55b30bf850e602799ff69b4b32e7f8ec5bac13ee14e1038c9f4dfa25911fb0bba0b8ae29501b89daed766fff036d1da6b6e967bab76b958407f1d3e0d2dd96d6eed3ae59c9247dc441114b07de016d25028466600f7b45904abb3ec5b5f37d2261c849a68025d9c6ce8df80379b8e6915beb43bdfad1c214f016debd405797d325089b765126b7861f9deeb79c0d286f7f9117d6ee20e60b4695d168088ed982bcca5f7869b32a7402cbf19e3ee5f11060036f237a57c004d390d96b6121e761493835d9d38485896b1ab3bc772fd340d8f2da59a65c6baac1301f9152ff298907d3394540cc763679b24fe2c045a410cb645a426fe6bd0f11283f68050e769caf046afa8032c696dbb3e92a70318179569ec61cf59c04f6afc4b23b8e9646f7de8680d905de76faf9433d1fd12b5eb57bfb571f82d067afb46f7cc0d2a74a2ecbd00f44f0cc7d51f789d25f9076e49a9899778a7f8c8fb05424d3755474a42c4c7ad468a58de49a1ae3718ac16b15b05913a30c29b0ae79329b37ceac091e506ebfc69e7116a66dc4882ab2dc8435d937539048de3f5f171cc5a4450893055047c7a21988ecba2c4890dba69a90730c134e80ce9d0d51ec13a728942c2e226c5afe8b8ed6cc7a25525605337827f0a0086d74915bb0c22e13910d1d1f3552b050c008ca5b0d5ebba70a772f3e25fcd4bcbf3f8726d532f2e26d3f08ddfd23732efc0e2f9c0be1a28bbba5e4c8f2e91b442979b674b01677685eb5e8839c90c23e273b9042a29bf515218800cb91cfa4969af515fdb438c7678ddb6ea54c0cf15ef8039c1297e1a41fbc9b34d91ec8e447ff0eb160103454b644a415aba5123a5da491c87071f62fa6ff70166d4d610fc86068e949a90a83e8151912aa7226c679073cf327b38b8bef929a4b3bc9afc539c67a8e0a169abe5f98690d80735b24bce5bd696d4bf3903857cd825675b807d4be27a194ce7d04e7876681aa17c2e4c45ce510e476c4206a0bba924d02bf8e579ebc8660a8e17a3c2113459b0ffb15b8a3e3d5c80336d1bbf248a92a47a4c25178a6e6eb3108955188727fae17a8a99f1c27993a514935cee40b7dfecf0d93769e2f78775c00b54365271716a06432437a035d4b0a3971922c0b3d0856ed79b51880e1fcae4d5d2534c2db0fe52ad777cfd035e273eaa289a7709bb4496cd865b93a6372cfa6f2dc5f14a0435fab67e8a2f98ef426a70018af6f14572d2e68d913b18764756895f4692afebca4453f9659396eb7c0a403d72524ea3df93792b1c016cfc38f634ffb5c636ce275e86ba5390b6b4a8768923821f80974751de3be24602cf5fd0c57c50bdd11f6fa920482b926dd2f896887e8590227fcbfc81bf877691ec182e006cba1da669b6b531e3e1e3d2d9d1706b60256e3efc9d0e9326948fcb205272a53a76047513c2f97fc89f3922fc3956d51362d2f1d002113bbf82fdac4969c3d6cecf77827ac112b6882021d0644e181631b48989f3f07507cafc81b6f0e0d285d029f392a726b074e49bde2dbef4b69f467ac53f0f0fcc9d786b757071b2566cd0fb8b04e98d7cc9bd463d8d67f546232be8243eda33c6aff9162696e3f0a9e1f5ede97e2b0e7ef5c8014b3f439f07a7db77c79e6907c48dbda8b7f3712f0880b91a283ca364afa969ab55c2957a53382fc86913c7bbb6a205aa3fa7b8b8edc1ed6ec3793ae86bf6b885ffcd09eec1cb34735223a6f680a6a64eb9270762a0d409cf17bbcaa13764123256a80d25d1ecfa955ed06203b309cd4b89c373437c5565e6b64646324f5961826b26a0e08c752bb64e29dc6f4377caab19526fe409a44d89cbec924c305e818ed30cf4b6abca778a799c53a6b9f82f73e888daf366bbd942e9e23af2a2d0910839de36244eee44f4b485362272d58b6e0a4ce0cf7d0bb8cea1bf208a99658f3be409168646b35a11b36af1da67b4329f3ec40228019a597d5996a8e076eae7994bfb468787c203b6a1ba0499e61a47500f6a092875dafa27a4779dbbb43c0abbac151aafd9301b3024e48139313504fc528def90ea80fd21126d48c272352d34432fe92229ef4ce46008ec0ccff987f49e76155f782012c7223dedea4a790c39e5a5a312a3de475c1ebb9a5e1b6280149e53e10359d0a2c0cc2cf8c18a6e5d5e013e6ce9cca0d785674d8e98118b3ca8843a8570a508c6e8886e99868f8ca25d18ec4b056d882adeac4bb88eceefe5f71fbf2523b618849430e25309d89dda1346c2594a5fc6e14781e6804985c86521d45a30a9c98865496ac8482fa13b75c491078637a4906d8abf71c231c558e88de82d72d95c1483d2932d2c0490efd4546fa3131b3e324fe2064c871ee740e7694f3bdc190d58ecf64848e0b40dcab5267dcd5ec0c8bc54c067b4876a592da7802c1ec7711caa2ca6350d72fd02ee7c4189ba8335b31568225feca00e726b4b54cb271f93041fdd36638b176a0298fad233e2151d075498d9668b44b2780822c32d56d4ac925cf87099c11f4a07840ed6d734ce343b88980bd494e7ae648f199d06b9f659abba0e9bffa236f98eca103c758e29473bda7b180c2e65192d35db5c84204fecda7757419977eceff3e1223ca02de4f610b1ade26493e60613a6e963d7ba06d5a0c5ad978ec718cfa3e74ad047743abc1ef53fb37346378ca76ce68e1700eb90dbf21a387751bef29047e6bb99dde31ea3d39efc6ee7d4e6fcc063bddc49977ad6177438c5413e29ee79492147865f2a08524ca17b7f6a528a9938c0735e9cdccb808af57f873e20d0e8688b8942a40e2577bbe01026e8d9b2358eba068ce284d00c92c1b908cd17f95a05964f12afa65607d57ef06825fd854ae80a3c3d0a8bf7027c3d510346f9ee83c3cfd94706aeddae8d1c541afb517f0b816064c6"})
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0)
write$auto_tty_fops_tty_io(r0, &(0x7f0000000580)="7fd0a917413f68eb6b28d5eea7d1553f6595c094f1f855eb8d8776e6bd8f81c440da3fe3433f8243402fc2752caac5da7a03bbb5adf685740635a6bc231c6cf093b7cf0e4dd07f10b2dc12791aa3ebded3cfe2e4befc0e02d2e064b1db3adc8b2ec1c0378efff268086d6cb998b8dedfb7f20d06b7b091e974de1c1a4ce3d378d91b7639d914ba86b1f18337bb06e3619af99e68dfac380ab153fc75a2159d8efbbf7436752c964490346cf1558249979fc61ee71509560d14bdd0922e50904f3a4b2ae1bfc4f6bb9e08f16afd6baa53cf87077be5bcca2829dd4133da071a6fd072ed5568670a5d171e3deee5576bf571a016c162ca369182f202dbe49839df8d4c438dacdd6cdd67c21e2ed9be20baeff5e5019313d5e6e5a0e93eab61be5dec2c7e144cf9d73fd945c25ff11d5d5aa26bf8ab2e06098b8aeb05c1f29c1a30d268d82768b3350c3efcdac39334de0f6406a1aed635e0c55412ff73b0222d67be6bdd185478d502b492c41696ce6f88609795409aa0841dbc7cb222f0cb239b19d9499fdc45988f0290af0666c37b93f047d45b17cbe7c9332c63ad46c6aa871e4b351efa4fbfb88cfa0281f465d1a970939c2d6c45c50ade06f0bb98ed66623b887de325c0f42ab530b649ea29757af9464c18dea186a0bbc62ce209a3be8e86e8f710323cb899d806caf575cb73a419c0804afd4c8a329a2afaebb87291e9fdfd2ca0edebfc4fb7b1e281fa3e6ac387aebfc92107f4251aa8c96a4c6d7599933c2c489a7696e8e42d88b572fa46bead2c96f619030ab70026f14f91bbf0a4c1b3ed74c564d6ae3eefeef94d37e19701513ff7713a52ebfd8f251dc303455de00d1ee3ed3e204bed2901a644056193fc7e00ce10aa6463892a7881a51893af629f7bd8801ce4c44c7ff2decdb6a69d9ed48ff79661ba9ec4a84dd222d3b40e4abf56222b97db9aa646a67e5031a57d570030f41b09529298f1acddbcd1f0ff6a30cb2a2d5eaecd774bbf897477cc1e55488f3493b6aa6908d24b032cbda24f956f7f262d992838923efde7e8ed0558872451d7bd6a4769ecd47c6d0a125a6e638df6f67793901a67071c506d010930b01ce541aa43f9110d874311d18a8ea50fb1907e8d17c3932e0c12c7d6f7c145209ab81105649fc0c5266063bd8c6a16319a82ff5d236122d53e15d6a7fcb16245d7754f3ffbf659a141cbd29286176fe445deebd5dd18baae1bbdfedbe4bd3453c50fb2f6c22505ecd768ad0703624ebf7b924dc7e8e93ea94c8a6a9f0372351b5a4aaadf89a86faf5241e47be7e6790676fbf8abcc6ef89b9f6ce10600e21815ec6d2c580b5c30ada6b956a07d9964e93419856df00b06245d0743ac2b595097007165cbb17c6a492a6eb0559712e5f89ee86b7a2c46acf9b8d8b2c7a85092966aca97f114635c64f6eb44ad927423a3bc434b267c23d364ee5671d3dcbcca02ffbb633b3c9e6f", 0xfdef)
executing program 1:
close_range$auto(0x2, 0x8, 0x0)
r0 = socket(0x11, 0x3, 0x2)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptyrc\x00', 0x101000, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x40045431, 0x0)
executing program 1:
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/usb/usbmon/0u\x00', 0x22202, 0x0)
pread64$auto(r0, 0x0, 0x3fffffd, 0x9)
read$auto_mon_fops_text_t_mon_text(r0, 0x0, 0x60)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0x0, 0x0)
executing program 1:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x0, 0x3, 0x2a)
mlockall$auto(0x7)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
fanotify_init$auto(0xd2, 0x5)
executing program 1:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x1, 0x0)
futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
tkill$auto(0x1, 0x7)
executing program 1:
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/slab/kmalloc-64/cpu_partial\x00', 0x109101, 0x0)
r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0)
mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
read$auto(r0, 0x0, 0x1ff)
pwritev$auto(0x3, &(0x7f0000001000)={0x0, 0x8}, 0x5, 0x3, 0x9)
executing program 32:
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/slab/kmalloc-64/cpu_partial\x00', 0x109101, 0x0)
r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0)
mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
read$auto(r0, 0x0, 0x1ff)
pwritev$auto(0x3, &(0x7f0000001000)={0x0, 0x8}, 0x5, 0x3, 0x9)
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_hsr(&(0x7f0000000240), r0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'ip6_vti0\x00', <r3=>0x0})
sendmsg$auto_HSR_C_GET_NODE_STATUS(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x28, r2, 0x1, 0x70bd29, 0x25dfdbff, {}, [@HSR_A_IFINDEX={0x8, 0x2, r3}, @HSR_A_NODE_ADDR={0xa, 0x1, @local}]}, 0x28}, 0x1, 0x0, 0x0, 0x40800}, 0x20000010)
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000080), 0x48180, 0x0)
ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000280)={{0x3, 0x1000, 0x1, 0x1, 0x2}, "654c6dbc7a4d30983899a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"})
ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f00000000c0)={0x4, 0x7, 0x0, 0x400, 0x9a, "077c1315ff06c9cc9ff4956913870ef95ebcd43e985b110210346f7f05f8bd5d8b4458e71254da2aab17208e518d2a9b3c20bd53a710ce119b1b61b0"})
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0xa}, 0x1)
executing program 0:
socket$nl_generic(0x11, 0x3, 0x10)
mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000)
r0 = socket(0xa, 0x3, 0x3b)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'geneve1\x00', <r1=>0x0})
sendto$auto(0x3, 0x0, 0x13, 0xfffffff9, &(0x7f0000000440)=@xdp={0x2c, 0xdd86, r1, 0x10, 0x1000000}, 0x22)
executing program 0:
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000)
connect$auto(0x4, 0x0, 0x10)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x1, 0x0)
futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
tkill$auto(0x1, 0x7)
executing program 0:
mremap$auto(0x200000000000, 0x4, 0x4, 0x3, 0x100000000)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x7fffffff, 0x300000000000)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x1c, &(0x7f0000000240), 0x1)
executing program 3:
syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x801, 0x100)
socket(0x11, 0x3, 0x2)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
getsockopt$auto(0x6, 0x107, 0x15, 0x0, 0x0)
executing program 4:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(r0, 0x0, 0x1f40)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000240)={0x0, 0x7}, 0x3)
openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
executing program 5:
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
socketpair$auto(0xf, 0x7, 0x8, 0x0)
r0 = socket(0x2000000000000021, 0x2, 0x10000000000002)
setsockopt$auto(r0, 0x110, 0x7, 0x0, 0x4)
executing program 2:
open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2, 0x3, 0xa)
socket(0xa, 0x2, 0x3a)
getsockopt$auto(0x6, 0x0, 0x50, 0xfffffffffffffffe, 0x0)
executing program 3:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000)
sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='V'], 0x1ac}}, 0x40000)
r0 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0xfffffffc, &(0x7f0000000100)={0x0, 0xfbe}, 0x8, 0x0, 0x7}, 0x880}, 0x7, 0x4008)
executing program 5:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x54)
shutdown$auto(0x200000003, 0x2)
setsockopt$auto(0x3, 0x10000000084, 0x14, 0x0, 0x4)
executing program 2:
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
io_uring_setup$auto(0x1, 0x0)
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000007480)='/dev/cec12\x00', 0x400, 0x0)
ioctl$auto_CEC_RECEIVE(r0, 0xc0386106, 0x0)
executing program 4:
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
process_vm_writev$auto(0x0, &(0x7f00000011c0)={&(0x7f00000001c0)="42777dd1330b458d0b5c44ca32e94fc00cfbce962ee7d8f31c0f90c327830f55adfdceafcc0f7b5a21ea23bdf5344d47d49d60218e57bb33118d04fdd37f5fd17f96a318132a5dd282784244bd58b9a0c8adc60d2f8535b3", 0x8}, 0x7, 0x0, 0x7, 0xb5)
sendmsg$auto_TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000002a80)={&(0x7f0000000200)=ANY=[@ANYBLOB="18000000", @ANYRES16=0x0, @ANYBLOB="01000200000000006bbc9d65365cbf8013"], 0x18}, 0x1, 0x0, 0x0, 0x4000094}, 0x8080)
r0 = socket(0x11, 0x3, 0x9)
capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48})
sendmmsg$auto(r0, &(0x7f00000006c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200)="4c0300000000000000a3677337f9eca9075f6bba4416", 0x49}, 0x5, 0x0, 0x5, 0x1}, 0x5}, 0x2, 0x100)
executing program 3:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
sendto$auto(0x3, 0x0, 0x18, 0x7, &(0x7f0000000180)=@hci={0x1f, 0xdd86, 0x7}, 0x22)
prctl$auto(0x0, 0xffff, 0x0, 0xffffffffffffffff, 0x6)
close_range$auto(0x2, 0x8000, 0x0)
io_uring_setup$auto(0x1, 0x0)
io_uring_register$auto(0x2, 0x6, 0x0, 0x86)
executing program 5:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
fstat$auto(0x2, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$auto(r0, 0x10e, 0x1, 0x0, 0xe)
r1 = socket(0xa, 0x801, 0x106)
listen$auto(r1, 0x5)
executing program 4:
mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
pipe2$auto(0x0, 0x80)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
executing program 3:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_ima_ascii_measurements_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000300), 0x410180, 0x0)
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x1208}, 0x1, 0x0, 0x0, 0x4004080}, 0x40)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200"], 0x1ac}}, 0x40000)
recvmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0)

program crashed: general protection fault in hci_devcd_register
bisect: the chunk can be dropped
bisect: testing without sub-chunk 3/3
testing program (duration=1m43s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 6]
detailed listing:
executing program 1:
statmount$auto(0x0, 0x0, 0x1fe, 0xd)
ioctl$auto_BTRFS_IOC_ADD_DEV(0xffffffffffffffff, 0x5000940a, &(0x7f00000013c0)={@inferred, "3763e45bf736e7a788ff30f1e71ca705d63325182a1e9eaf029ee051ed398ee7279068dfbbb11f7c9ca53bd2f4cea9c6145e94cfd6af686072b200e2dab1695e5ec9486f2f2c8644e38215c3ff22bad25c245d5c3909f1d1a056b45db4936aa3de5c2bf54b963239c0c0a54112011f0b29f22a8464e122cd32e81173250546fe52826ecce72a4f239ceff607292e473ef3d8fbe9b27e460f36bf820dab0fad8d6d2c90e601a4782263a09fff1b8da9b29a3c3e27f596b85685b87689dd75d81a352421c072915e9ca3a17d995886a9c1a4aa47cd7a8243e72c3ca2fe84d9fcfb62969373ba75a4cf4cb12e79aee2bef4493cf9ee2625922ac92a90e303ffe05018abc01dcf02fd5df34d39e8ff5a69f1c5132572dab40a4cdf4682bd5b251e9673e4653fbf519b7f48953d1686e261d1ecb058be6de590f481e59ef2f3d2a080bc6dc76896cd9a778312bb14ff8432dd8434e78dd7d7d6edddcaefdd77187ceff52c68b3219264a72a4e667c6d92619b48b1f6153d0228de03296d77e859a7a212c75ea9b25b599bb1da825054f4ee8d5bcec1c30f836454340c5027c27c32df5b2840882e24e523519ed70dcfe3b3ca2a4229d1da49555ca35d738886d60a5090e3a71b2e28c409c36adb92e0ea293d731ef2563d33c5171d900bb1bb2ccf54bcfb0433f7269b14590cde5d9f33c78e047dcdf5925e20ae8119bfecedac3970b8a22e14bce0e3078c557f3bca8318b7c2dc12fc85866f8f3ba25cf9798262cad2f989f8d285e7618b8092d10ce700f5d7e4dd1fa94b5a1d84b95415c545e68cbd689d5f27265bbb614409f509a1f4e8b9c9fb6535520a70eb459c8696d9f26a41688fdfc3bf7e5eed0ebcd6fa1f1d52231a4492d1c04266450aa054b6fb79892cb190b1c75c7fc5833efc6245921fbc01a79634591abccb4eb2bd5c01be534c56a43df0ef95c848d749cf4f497d4f8e03b985799220f6857a06fb8ba039879227553775670d83161c499e858aa5e23442ba670bfd51f6f7f2d5dd009826e97bc0e1ebda818c566106149835e0036bc32cb8e4b6b13e36d2d3dc1a896c4cc134ba9563cf9a0b80844e2019da7a975ed4adf7c923aa753769bf02de5cb0a29d4edce49c848ee3221331b93cb5802343067519c6047a166c139e2e7e17aa08e3628b6b5898944d1aa7ceb33303f7833930c9b757c384b95025e6f2280cf5eaf20c9379e6cb6833b0fdbe252e9ce000cab77d67db6993ce0b5ea470cb18fc18b59137885903e46c3f8afc8221263618cd65398470fd96575101ab2231ef34e612dc29c9102c02f4913fdd0ac6bde1339cd7813e3114c8c583a512c6274667c56c44bb6c6ca60cf7c720d4e083691d02d5cf431d6b747790ec863f8ac087df3248f5fba164196756eca7d1752532f587b3454982a5fa5ee5e08b6d573b5ab112e2c6eb6d4113da97618770aaeae96d2016eb76e3663e19ef6824e1c2a99fb185e7efb75413f84b6f7efbd39b95be47d9e0106cce3bdab853fa40a43c6bf7e150770002794cbe2a162ac6207d8c1e4a7296e7e05861eaf6b5fc9bc18e9f20b031f4f2d2f7cb13a368c1dd7a652df28f0da1b5e8a6766c51d8c2eba01a1ea81f43cb9cb1075faeef7a2f97de3742d8fffc0d8d7514a7024e3f89c4445198e66c1da58aced6e39724f212b345b4183b9128cecba5252f467f0c657d857a905d96d39ddd40101df4d4472471b4cf9c216585188f5effff3d674e5e0d2a74353965978c0181d4ce32d0f65570c53cec061afeee4a9d92d5bd3424223b5a8ed227f048d40ae986739490262db7d53ca685d800a1e67f71e7d334d01ddc8d6c368b23f4b23d40ae59ce4c9c05846d8048334594b92aa91e601149426670d0b09b2de53055a1f257a9bc660fb401553c724bfb4d13a4b8e72ffefc60e8fda33a06f86a0ba7517d4327fbf677394abcda691ab80f05a1ea9b1a7689dbd181e059c2de952d5b7e99852b045073ebf3a4dcd09ecb634a40b6770bdac45c8ecec65d4eece0e25f98f9cdac3b5068e758777754906aa64d6e42259a68517517f9a56ec10d25833562458cf097792f0923a2b317715e618a1b451c7ab1c2e0a5c8e17fe7993a1b165018b803e4a9a6d95a904c9b6b5232fcc586f1d2648a22f70092f72c20ec2cdb1813adbed7b1c5640045204cb35b8d2055481a9b3b5a14cc407efd830e4b44445d53ec18f3cbfbf1f2bd10d5548df8c4f55aac22d05e3822450f2e0827668d89b4cb0e37c86736ea37e5f6e390b498769e23975207a2479b21589097235edd14ff12f9fb09965ee759a88d23741881f61e35e48140eb5e9b1b0d657a1b9fa0febcf6fd9466e507d6a41c75180ab7763dc74cd55fe4574bb490300fd4b2ee43634cb9033635f0ee22ae4b527b995f77ca3ff15ab8a3f04c04a9e6169805c15e9820660d393ed01252915ed361511bc7381e08bbf9416f3c1ba93ec15b36b429fe3b23a4ca692bf27784ff2357e79547a98c64bfbb5124326b1dac28320789f7bdcb9c6988f6579cd53db5ab32bd49bbf8813d42f33ee41643e97ad57ee286f86b6166650f6f837e8580101b1fe99463d4a35c52297f4229091c66f24a3aeb1afa45c929def3c7b3a8e881fb35222555d82646a1cb6cec897244c6b71dd3d989a25f25962ce32dd0ff715eff156f2400c39370f9cd2fdab33a75c5de194768cabe37cc8eb2ceddf0e3099c5599bfaf58caa8da560fdea94b78a755b8a3fd3b0c17301ff592c6f30c4d09cda25bcfff02e71b34e8013295d9ecc6e8524ae6a406c948821956ae1a2a97c0844f305014c70082bc8184c219a19332eb21b1f67e7645d2a334c049b55b30bf850e602799ff69b4b32e7f8ec5bac13ee14e1038c9f4dfa25911fb0bba0b8ae29501b89daed766fff036d1da6b6e967bab76b958407f1d3e0d2dd96d6eed3ae59c9247dc441114b07de016d25028466600f7b45904abb3ec5b5f37d2261c849a68025d9c6ce8df80379b8e6915beb43bdfad1c214f016debd405797d325089b765126b7861f9deeb79c0d286f7f9117d6ee20e60b4695d168088ed982bcca5f7869b32a7402cbf19e3ee5f11060036f237a57c004d390d96b6121e761493835d9d38485896b1ab3bc772fd340d8f2da59a65c6baac1301f9152ff298907d3394540cc763679b24fe2c045a410cb645a426fe6bd0f11283f68050e769caf046afa8032c696dbb3e92a70318179569ec61cf59c04f6afc4b23b8e9646f7de8680d905de76faf9433d1fd12b5eb57bfb571f82d067afb46f7cc0d2a74a2ecbd00f44f0cc7d51f789d25f9076e49a9899778a7f8c8fb05424d3755474a42c4c7ad468a58de49a1ae3718ac16b15b05913a30c29b0ae79329b37ceac091e506ebfc69e7116a66dc4882ab2dc8435d937539048de3f5f171cc5a4450893055047c7a21988ecba2c4890dba69a90730c134e80ce9d0d51ec13a728942c2e226c5afe8b8ed6cc7a25525605337827f0a0086d74915bb0c22e13910d1d1f3552b050c008ca5b0d5ebba70a772f3e25fcd4bcbf3f8726d532f2e26d3f08ddfd23732efc0e2f9c0be1a28bbba5e4c8f2e91b442979b674b01677685eb5e8839c90c23e273b9042a29bf515218800cb91cfa4969af515fdb438c7678ddb6ea54c0cf15ef8039c1297e1a41fbc9b34d91ec8e447ff0eb160103454b644a415aba5123a5da491c87071f62fa6ff70166d4d610fc86068e949a90a83e8151912aa7226c679073cf327b38b8bef929a4b3bc9afc539c67a8e0a169abe5f98690d80735b24bce5bd696d4bf3903857cd825675b807d4be27a194ce7d04e7876681aa17c2e4c45ce510e476c4206a0bba924d02bf8e579ebc8660a8e17a3c2113459b0ffb15b8a3e3d5c80336d1bbf248a92a47a4c25178a6e6eb3108955188727fae17a8a99f1c27993a514935cee40b7dfecf0d93769e2f78775c00b54365271716a06432437a035d4b0a3971922c0b3d0856ed79b51880e1fcae4d5d2534c2db0fe52ad777cfd035e273eaa289a7709bb4496cd865b93a6372cfa6f2dc5f14a0435fab67e8a2f98ef426a70018af6f14572d2e68d913b18764756895f4692afebca4453f9659396eb7c0a403d72524ea3df93792b1c016cfc38f634ffb5c636ce275e86ba5390b6b4a8768923821f80974751de3be24602cf5fd0c57c50bdd11f6fa920482b926dd2f896887e8590227fcbfc81bf877691ec182e006cba1da669b6b531e3e1e3d2d9d1706b60256e3efc9d0e9326948fcb205272a53a76047513c2f97fc89f3922fc3956d51362d2f1d002113bbf82fdac4969c3d6cecf77827ac112b6882021d0644e181631b48989f3f07507cafc81b6f0e0d285d029f392a726b074e49bde2dbef4b69f467ac53f0f0fcc9d786b757071b2566cd0fb8b04e98d7cc9bd463d8d67f546232be8243eda33c6aff9162696e3f0a9e1f5ede97e2b0e7ef5c8014b3f439f07a7db77c79e6907c48dbda8b7f3712f0880b91a283ca364afa969ab55c2957a53382fc86913c7bbb6a205aa3fa7b8b8edc1ed6ec3793ae86bf6b885ffcd09eec1cb34735223a6f680a6a64eb9270762a0d409cf17bbcaa13764123256a80d25d1ecfa955ed06203b309cd4b89c373437c5565e6b64646324f5961826b26a0e08c752bb64e29dc6f4377caab19526fe409a44d89cbec924c305e818ed30cf4b6abca778a799c53a6b9f82f73e888daf366bbd942e9e23af2a2d0910839de36244eee44f4b485362272d58b6e0a4ce0cf7d0bb8cea1bf208a99658f3be409168646b35a11b36af1da67b4329f3ec40228019a597d5996a8e076eae7994bfb468787c203b6a1ba0499e61a47500f6a092875dafa27a4779dbbb43c0abbac151aafd9301b3024e48139313504fc528def90ea80fd21126d48c272352d34432fe92229ef4ce46008ec0ccff987f49e76155f782012c7223dedea4a790c39e5a5a312a3de475c1ebb9a5e1b6280149e53e10359d0a2c0cc2cf8c18a6e5d5e013e6ce9cca0d785674d8e98118b3ca8843a8570a508c6e8886e99868f8ca25d18ec4b056d882adeac4bb88eceefe5f71fbf2523b618849430e25309d89dda1346c2594a5fc6e14781e6804985c86521d45a30a9c98865496ac8482fa13b75c491078637a4906d8abf71c231c558e88de82d72d95c1483d2932d2c0490efd4546fa3131b3e324fe2064c871ee740e7694f3bdc190d58ecf64848e0b40dcab5267dcd5ec0c8bc54c067b4876a592da7802c1ec7711caa2ca6350d72fd02ee7c4189ba8335b31568225feca00e726b4b54cb271f93041fdd36638b176a0298fad233e2151d075498d9668b44b2780822c32d56d4ac925cf87099c11f4a07840ed6d734ce343b88980bd494e7ae648f199d06b9f659abba0e9bffa236f98eca103c758e29473bda7b180c2e65192d35db5c84204fecda7757419977eceff3e1223ca02de4f610b1ade26493e60613a6e963d7ba06d5a0c5ad978ec718cfa3e74ad047743abc1ef53fb37346378ca76ce68e1700eb90dbf21a387751bef29047e6bb99dde31ea3d39efc6ee7d4e6fcc063bddc49977ad6177438c5413e29ee79492147865f2a08524ca17b7f6a528a9938c0735e9cdccb808af57f873e20d0e8688b8942a40e2577bbe01026e8d9b2358eba068ce284d00c92c1b908cd17f95a05964f12afa65607d57ef06825fd854ae80a3c3d0a8bf7027c3d510346f9ee83c3cfd94706aeddae8d1c541afb517f0b816064c6"})
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0)
write$auto_tty_fops_tty_io(r0, &(0x7f0000000580)="7fd0a917413f68eb6b28d5eea7d1553f6595c094f1f855eb8d8776e6bd8f81c440da3fe3433f8243402fc2752caac5da7a03bbb5adf685740635a6bc231c6cf093b7cf0e4dd07f10b2dc12791aa3ebded3cfe2e4befc0e02d2e064b1db3adc8b2ec1c0378efff268086d6cb998b8dedfb7f20d06b7b091e974de1c1a4ce3d378d91b7639d914ba86b1f18337bb06e3619af99e68dfac380ab153fc75a2159d8efbbf7436752c964490346cf1558249979fc61ee71509560d14bdd0922e50904f3a4b2ae1bfc4f6bb9e08f16afd6baa53cf87077be5bcca2829dd4133da071a6fd072ed5568670a5d171e3deee5576bf571a016c162ca369182f202dbe49839df8d4c438dacdd6cdd67c21e2ed9be20baeff5e5019313d5e6e5a0e93eab61be5dec2c7e144cf9d73fd945c25ff11d5d5aa26bf8ab2e06098b8aeb05c1f29c1a30d268d82768b3350c3efcdac39334de0f6406a1aed635e0c55412ff73b0222d67be6bdd185478d502b492c41696ce6f88609795409aa0841dbc7cb222f0cb239b19d9499fdc45988f0290af0666c37b93f047d45b17cbe7c9332c63ad46c6aa871e4b351efa4fbfb88cfa0281f465d1a970939c2d6c45c50ade06f0bb98ed66623b887de325c0f42ab530b649ea29757af9464c18dea186a0bbc62ce209a3be8e86e8f710323cb899d806caf575cb73a419c0804afd4c8a329a2afaebb87291e9fdfd2ca0edebfc4fb7b1e281fa3e6ac387aebfc92107f4251aa8c96a4c6d7599933c2c489a7696e8e42d88b572fa46bead2c96f619030ab70026f14f91bbf0a4c1b3ed74c564d6ae3eefeef94d37e19701513ff7713a52ebfd8f251dc303455de00d1ee3ed3e204bed2901a644056193fc7e00ce10aa6463892a7881a51893af629f7bd8801ce4c44c7ff2decdb6a69d9ed48ff79661ba9ec4a84dd222d3b40e4abf56222b97db9aa646a67e5031a57d570030f41b09529298f1acddbcd1f0ff6a30cb2a2d5eaecd774bbf897477cc1e55488f3493b6aa6908d24b032cbda24f956f7f262d992838923efde7e8ed0558872451d7bd6a4769ecd47c6d0a125a6e638df6f67793901a67071c506d010930b01ce541aa43f9110d874311d18a8ea50fb1907e8d17c3932e0c12c7d6f7c145209ab81105649fc0c5266063bd8c6a16319a82ff5d236122d53e15d6a7fcb16245d7754f3ffbf659a141cbd29286176fe445deebd5dd18baae1bbdfedbe4bd3453c50fb2f6c22505ecd768ad0703624ebf7b924dc7e8e93ea94c8a6a9f0372351b5a4aaadf89a86faf5241e47be7e6790676fbf8abcc6ef89b9f6ce10600e21815ec6d2c580b5c30ada6b956a07d9964e93419856df00b06245d0743ac2b595097007165cbb17c6a492a6eb0559712e5f89ee86b7a2c46acf9b8d8b2c7a85092966aca97f114635c64f6eb44ad927423a3bc434b267c23d364ee5671d3dcbcca02ffbb633b3c9e6f", 0xfdef)
executing program 1:
close_range$auto(0x2, 0x8, 0x0)
r0 = socket(0x11, 0x3, 0x2)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptyrc\x00', 0x101000, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x40045431, 0x0)
executing program 1:
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/usb/usbmon/0u\x00', 0x22202, 0x0)
pread64$auto(r0, 0x0, 0x3fffffd, 0x9)
read$auto_mon_fops_text_t_mon_text(r0, 0x0, 0x60)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0x0, 0x0)
executing program 1:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x0, 0x3, 0x2a)
mlockall$auto(0x7)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
fanotify_init$auto(0xd2, 0x5)
executing program 1:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x1, 0x0)
futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
tkill$auto(0x1, 0x7)
executing program 1:
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/slab/kmalloc-64/cpu_partial\x00', 0x109101, 0x0)
r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0)
mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
read$auto(r0, 0x0, 0x1ff)
pwritev$auto(0x3, &(0x7f0000001000)={0x0, 0x8}, 0x5, 0x3, 0x9)
executing program 32:
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/slab/kmalloc-64/cpu_partial\x00', 0x109101, 0x0)
r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0)
mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
read$auto(r0, 0x0, 0x1ff)
pwritev$auto(0x3, &(0x7f0000001000)={0x0, 0x8}, 0x5, 0x3, 0x9)
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_hsr(&(0x7f0000000240), r0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'ip6_vti0\x00', <r3=>0x0})
sendmsg$auto_HSR_C_GET_NODE_STATUS(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x28, r2, 0x1, 0x70bd29, 0x25dfdbff, {}, [@HSR_A_IFINDEX={0x8, 0x2, r3}, @HSR_A_NODE_ADDR={0xa, 0x1, @local}]}, 0x28}, 0x1, 0x0, 0x0, 0x40800}, 0x20000010)
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000080), 0x48180, 0x0)
ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000280)={{0x3, 0x1000, 0x1, 0x1, 0x2}, "654c6dbc7a4d30983899a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"})
ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f00000000c0)={0x4, 0x7, 0x0, 0x400, 0x9a, "077c1315ff06c9cc9ff4956913870ef95ebcd43e985b110210346f7f05f8bd5d8b4458e71254da2aab17208e518d2a9b3c20bd53a710ce119b1b61b0"})
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0xa}, 0x1)
executing program 0:
socket$nl_generic(0x11, 0x3, 0x10)
mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000)
r0 = socket(0xa, 0x3, 0x3b)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'geneve1\x00', <r1=>0x0})
sendto$auto(0x3, 0x0, 0x13, 0xfffffff9, &(0x7f0000000440)=@xdp={0x2c, 0xdd86, r1, 0x10, 0x1000000}, 0x22)
executing program 0:
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000)
connect$auto(0x4, 0x0, 0x10)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x1, 0x0)
futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
tkill$auto(0x1, 0x7)
executing program 0:
mremap$auto(0x200000000000, 0x4, 0x4, 0x3, 0x100000000)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x7fffffff, 0x300000000000)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x1c, &(0x7f0000000240), 0x1)
executing program 4:
mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
pipe2$auto(0x0, 0x80)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: general protection fault in hci_devcd_register
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <13>
bisect: split chunk #0 of len 13 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m41s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 5, 5, 5, 5, 5, 6]
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_hsr(&(0x7f0000000240), r0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'ip6_vti0\x00', <r3=>0x0})
sendmsg$auto_HSR_C_GET_NODE_STATUS(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x28, r2, 0x1, 0x70bd29, 0x25dfdbff, {}, [@HSR_A_IFINDEX={0x8, 0x2, r3}, @HSR_A_NODE_ADDR={0xa, 0x1, @local}]}, 0x28}, 0x1, 0x0, 0x0, 0x40800}, 0x20000010)
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000080), 0x48180, 0x0)
ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000280)={{0x3, 0x1000, 0x1, 0x1, 0x2}, "654c6dbc7a4d30983899a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"})
ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f00000000c0)={0x4, 0x7, 0x0, 0x400, 0x9a, "077c1315ff06c9cc9ff4956913870ef95ebcd43e985b110210346f7f05f8bd5d8b4458e71254da2aab17208e518d2a9b3c20bd53a710ce119b1b61b0"})
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0xa}, 0x1)
executing program 0:
socket$nl_generic(0x11, 0x3, 0x10)
mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000)
r0 = socket(0xa, 0x3, 0x3b)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'geneve1\x00', <r1=>0x0})
sendto$auto(0x3, 0x0, 0x13, 0xfffffff9, &(0x7f0000000440)=@xdp={0x2c, 0xdd86, r1, 0x10, 0x1000000}, 0x22)
executing program 0:
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000)
connect$auto(0x4, 0x0, 0x10)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x1, 0x0)
futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
tkill$auto(0x1, 0x7)
executing program 0:
mremap$auto(0x200000000000, 0x4, 0x4, 0x3, 0x100000000)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x7fffffff, 0x300000000000)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x1c, &(0x7f0000000240), 0x1)
executing program 4:
mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
pipe2$auto(0x0, 0x80)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <6>
bisect: split chunk #0 of len 6 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m41s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 5, 5, 6]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000)
connect$auto(0x4, 0x0, 0x10)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x1, 0x0)
futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
tkill$auto(0x1, 0x7)
executing program 0:
mremap$auto(0x200000000000, 0x4, 0x4, 0x3, 0x100000000)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x7fffffff, 0x300000000000)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x1c, &(0x7f0000000240), 0x1)
executing program 4:
mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
pipe2$auto(0x0, 0x80)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <3>
bisect: split chunk #0 of len 3 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 6]
detailed listing:
executing program 0:
mremap$auto(0x200000000000, 0x4, 0x4, 0x3, 0x100000000)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x7fffffff, 0x300000000000)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x1c, &(0x7f0000000240), 0x1)
executing program 4:
mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
pipe2$auto(0x0, 0x80)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 5, 6]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000)
connect$auto(0x4, 0x0, 0x10)
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x1, 0x0)
futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
tkill$auto(0x1, 0x7)
executing program 4:
mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
pipe2$auto(0x0, 0x80)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <2>
bisect: split chunk #0 of len 2 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 6]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x1, 0x0)
futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
tkill$auto(0x1, 0x7)
executing program 4:
mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
pipe2$auto(0x0, 0x80)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <1>
bisect: split chunk #0 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: 2 programs left: 

executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x1, 0x0)
futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
tkill$auto(0x1, 0x7)
executing program 4:
mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
pipe2$auto(0x0, 0x80)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)


bisect: trying to concatenate
bisect: concatenate 2 entries
minimizing program #0 before concatenation
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 6]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x1, 0x0)
futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
executing program 4:
mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
pipe2$auto(0x0, 0x80)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 6]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x1, 0x0)
futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6)
tkill$auto(0x1, 0x7)
executing program 4:
mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
pipe2$auto(0x0, 0x80)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: WARNING in hci_devcd_register
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 6]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x1, 0x0)
tkill$auto(0x1, 0x7)
executing program 4:
mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
pipe2$auto(0x0, 0x80)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 6]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
tkill$auto(0x1, 0x7)
executing program 4:
mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
pipe2$auto(0x0, 0x80)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 6]
detailed listing:
executing program 0:
tkill$auto(0x1, 0x7)
executing program 4:
mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
pipe2$auto(0x0, 0x80)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
minimized 5 calls -> 1 calls
minimizing program #1 before concatenation
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 5]
detailed listing:
executing program 0:
tkill$auto(0x1, 0x7)
executing program 0:
mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
pipe2$auto(0x0, 0x80)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 5]
detailed listing:
executing program 0:
tkill$auto(0x1, 0x7)
executing program 0:
mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
pipe2$auto(0x0, 0x80)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
write$auto(0xffffffffffffffff, 0x0, 0xe)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 5]
detailed listing:
executing program 0:
tkill$auto(0x1, 0x7)
executing program 0:
mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
pipe2$auto(0x0, 0x80)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4]
detailed listing:
executing program 0:
tkill$auto(0x1, 0x7)
executing program 0:
mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 3]
detailed listing:
executing program 0:
tkill$auto(0x1, 0x7)
executing program 0:
mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: WARNING: ODEBUG bug in hci_release_dev
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 2]
detailed listing:
executing program 0:
tkill$auto(0x1, 0x7)
executing program 0:
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
minimized 6 calls -> 3 calls
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
tkill$auto(0x1, 0x7)
mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: WARNING: ODEBUG bug in hci_release_dev
bisect: concatenation succeeded
found reproducer with 4 syscalls
minimizing guilty program
testing program (duration=1m19.435015846s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci
detailed listing:
executing program 0:
tkill$auto(0x1, 0x7)
mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000)
openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)

program did not crash
testing program (duration=1m19.435015846s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-write$auto
detailed listing:
executing program 0:
tkill$auto(0x1, 0x7)
mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000)
write$auto(0xffffffffffffffff, 0x0, 0xe)

program did not crash
testing program (duration=1m19.435015846s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
tkill$auto(0x1, 0x7)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
testing program (duration=1m19.435015846s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
testing program (duration=1m19.435015846s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
tkill$auto(0x1, 0x7)
mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
extracting C reproducer
testing compiled C program (duration=1m19.435015846s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
simplifying C reproducer
testing compiled C program (duration=1m19.435015846s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing compiled C program (duration=1m19.435015846s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing compiled C program (duration=1m19.435015846s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program did not crash
testing compiled C program (duration=1m19.435015846s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program did not crash
testing compiled C program (duration=1m19.435015846s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing compiled C program (duration=1m19.435015846s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program did not crash
testing compiled C program (duration=1m19.435015846s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:true Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing compiled C program (duration=1m19.435015846s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program did not crash
testing compiled C program (duration=1m19.435015846s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:true Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing compiled C program (duration=1m19.435015846s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:true Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program did not crash
testing compiled C program (duration=1m19.435015846s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:true Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing compiled C program (duration=1m19.435015846s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:true Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing compiled C program (duration=1m19.435015846s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:true Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing compiled C program (duration=1m19.435015846s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:true Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program did not crash
testing compiled C program (duration=1m19.435015846s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:true Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing compiled C program (duration=1m19.435015846s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:true Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing program (duration=1m19.435015846s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:true Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
tkill$auto(0x1, 0x7)
mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: WARNING: ODEBUG bug in hci_release_dev
validation run: crashed=true
testing program (duration=1m19.435015846s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:true Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
tkill$auto(0x1, 0x7)
mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: WARNING: ODEBUG bug in hci_release_dev
validation run: crashed=true
testing program (duration=1m19.435015846s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:true Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): tkill$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
tkill$auto(0x1, 0x7)
mmap$auto(0x0, 0x4, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: WARNING: ODEBUG bug in hci_release_dev
validation run: crashed=true
reproducing took 1h37m35.641002071s
repro crashed as (corrupted=false):
------------[ cut here ]------------
ODEBUG: free active (active state 0) object: ffff888029cf1360 object type: timer_list hint: hci_devcd_timeout+0x0/0x2e0 net/bluetooth/coredump.c:232
WARNING: CPU: 1 PID: 6748 at lib/debugobjects.c:612 debug_print_object+0x1a2/0x2b0 lib/debugobjects.c:612
Modules linked in:
CPU: 1 UID: 0 PID: 6748 Comm: syz.7.31 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:debug_print_object+0x1a2/0x2b0 lib/debugobjects.c:612
Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 41 56 48 8b 14 dd e0 3f 16 8c 4c 89 e6 48 c7 c7 60 34 16 8c e8 cf fc 91 fc 90 <0f> 0b 90 90 58 83 05 a6 bf c3 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d
RSP: 0018:ffffc9000475f988 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff817a02f8
RDX: ffff888028491e00 RSI: ffffffff817a0305 RDI: 0000000000000001
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8c163b00
R13: ffffffff8bafec00 R14: ffffffff8a9ac730 R15: ffffc9000475fa88
FS:  0000000000000000(0000) GS:ffff8881247c0000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd2c808a000 CR3: 000000000e380000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 __debug_check_no_obj_freed lib/debugobjects.c:1099 [inline]
 debug_check_no_obj_freed+0x4b7/0x600 lib/debugobjects.c:1129
 slab_free_hook mm/slub.c:2348 [inline]
 slab_free mm/slub.c:4680 [inline]
 kfree+0x28f/0x4d0 mm/slub.c:4879
 hci_release_dev+0x4ef/0x610 net/bluetooth/hci_core.c:2776
 bt_host_release+0x6a/0xb0 net/bluetooth/hci_sysfs.c:87
 device_release+0xa1/0x240 drivers/base/core.c:2565
 kobject_cleanup lib/kobject.c:689 [inline]
 kobject_release lib/kobject.c:720 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x1e7/0x5a0 lib/kobject.c:737
 put_device+0x1f/0x30 drivers/base/core.c:3797
 vhci_release+0x81/0xf0 drivers/bluetooth/hci_vhci.c:666
 __fput+0x3ff/0xb70 fs/file_table.c:468
 task_work_run+0x14d/0x240 kernel/task_work.c:227
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0x86f/0x2bf0 kernel/exit.c:961
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1102
 __do_sys_exit_group kernel/exit.c:1113 [inline]
 __se_sys_exit_group kernel/exit.c:1111 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1111
 x64_sys_call+0x14fa/0x1720 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x490 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f481f98ebe9
Code: Unable to access opcode bytes at 0x7f481f98ebbf.
RSP: 002b:00007ffe7b2c0bb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f481f98ebe9
RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000003 R08: 000000047b2c0caf R09: 00007f481fb91280
R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f481fb91280 R14: 0000000000000003 R15: 00007ffe7b2c0c70
 </TASK>

final repro crashed as (corrupted=false):
------------[ cut here ]------------
ODEBUG: free active (active state 0) object: ffff888029cf1360 object type: timer_list hint: hci_devcd_timeout+0x0/0x2e0 net/bluetooth/coredump.c:232
WARNING: CPU: 1 PID: 6748 at lib/debugobjects.c:612 debug_print_object+0x1a2/0x2b0 lib/debugobjects.c:612
Modules linked in:
CPU: 1 UID: 0 PID: 6748 Comm: syz.7.31 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:debug_print_object+0x1a2/0x2b0 lib/debugobjects.c:612
Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 41 56 48 8b 14 dd e0 3f 16 8c 4c 89 e6 48 c7 c7 60 34 16 8c e8 cf fc 91 fc 90 <0f> 0b 90 90 58 83 05 a6 bf c3 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d
RSP: 0018:ffffc9000475f988 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff817a02f8
RDX: ffff888028491e00 RSI: ffffffff817a0305 RDI: 0000000000000001
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8c163b00
R13: ffffffff8bafec00 R14: ffffffff8a9ac730 R15: ffffc9000475fa88
FS:  0000000000000000(0000) GS:ffff8881247c0000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd2c808a000 CR3: 000000000e380000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 __debug_check_no_obj_freed lib/debugobjects.c:1099 [inline]
 debug_check_no_obj_freed+0x4b7/0x600 lib/debugobjects.c:1129
 slab_free_hook mm/slub.c:2348 [inline]
 slab_free mm/slub.c:4680 [inline]
 kfree+0x28f/0x4d0 mm/slub.c:4879
 hci_release_dev+0x4ef/0x610 net/bluetooth/hci_core.c:2776
 bt_host_release+0x6a/0xb0 net/bluetooth/hci_sysfs.c:87
 device_release+0xa1/0x240 drivers/base/core.c:2565
 kobject_cleanup lib/kobject.c:689 [inline]
 kobject_release lib/kobject.c:720 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x1e7/0x5a0 lib/kobject.c:737
 put_device+0x1f/0x30 drivers/base/core.c:3797
 vhci_release+0x81/0xf0 drivers/bluetooth/hci_vhci.c:666
 __fput+0x3ff/0xb70 fs/file_table.c:468
 task_work_run+0x14d/0x240 kernel/task_work.c:227
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0x86f/0x2bf0 kernel/exit.c:961
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1102
 __do_sys_exit_group kernel/exit.c:1113 [inline]
 __se_sys_exit_group kernel/exit.c:1111 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1111
 x64_sys_call+0x14fa/0x1720 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x490 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f481f98ebe9
Code: Unable to access opcode bytes at 0x7f481f98ebbf.
RSP: 002b:00007ffe7b2c0bb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f481f98ebe9
RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000003 R08: 000000047b2c0caf R09: 00007f481fb91280
R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f481fb91280 R14: 0000000000000003 R15: 00007ffe7b2c0c70
 </TASK>