Extracting prog: 12m29.114739881s
Minimizing prog: 1h13m0.382926628s
Simplifying prog options: 15m31.584968045s
Extracting C: 6m41.146248146s
Simplifying C: 0s


extracting reproducer from 35 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$auto_ethtool-socket$nl_generic-ioctl$sock_SIOCGIFINDEX-sendmsg$auto_ETHTOOL_MSG_RINGS_SET-mmap$auto-close_range$auto-mmap$auto-statx$auto-close_range$auto-socket-pipe$auto-fcntl$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000001dc0)={0x0, 0xffffffffffffff1c, &(0x7f0000001d80)={&(0x7f0000001d40)={0x28, r1, 0x1, 0x70bd27, 0x25dfdbff, {}, [@ETHTOOL_A_RINGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @ETHTOOL_A_RINGS_RX_MINI={0x8, 0x7, 0x6}]}, 0x28}, 0x1, 0x0, 0x0, 0x90}, 0x80000)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0xffffffffffffffff, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket(0xa, 0x2, 0x0)
pipe$auto(0x0)
fcntl$auto(0x8000000000000001, 0x26, 0x2)
r4 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r4, 0x0, 0xe)

program did not crash
single: failed to extract reproducer
bisect: bisecting 35 programs with base timeout 30s
testing program (duration=38s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [13, 24, 19, 26, 9, 30, 30, 26, 24, 24, 7, 11, 12, 12, 6, 24, 30, 2, 8, 21, 14, 8, 4, 30, 9, 28, 6, 29, 2, 2, 11, 19, 24, 15, 30]
detailed listing:
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x44f, 0x7, 0x5, 0x7181, 0x1ffde, 0x7, 0x3, 0x8, 0x9, 0x80003, 0x4, 0x200000000001, 0x384, 0x9, 0x8, 0x10006, 0x400007f, 0x0, 0x0, 0xe, 0x22000, 0x200, 0x0, 0x84, [0x3, 0x2, 0xffffffffffffffff, 0x2, 0x0, 0x402000, 0x0, 0xe, 0x1, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x8, 0x0, 0x6, 0x0, 0x8, 0x20000, 0x8, 0x10000000000, 0xffffffffffffffff, 0x4, 0x2f, 0x0, 0x0, 0x1006, 0x400000000005b8, 0xffff, 0x0, 0x100, 0x0, 0x6, 0x2, 0x88e, 0x40, 0xfffffffffffffffc, 0x8, 0xa38, 0x4, 0x3, 0xfffffffffffffffc, 0x2, 0x8, 0x10000000007, 0xc567]}, 0x1fa, 0xd)
r0 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0)
syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x801, 0x100)
socket(0x11, 0x3, 0x2)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
getsockopt$auto(0x6, 0x107, 0x15, 0x0, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x1c8340, 0x0)
ioctl$auto(r1, 0x40085112, 0x3)
ioctl$auto__ctl_fops_dm_ioctl(r0, 0x2, &(0x7f0000000380)="dcbb5fd7054bed139fb7f9fb1dca8fe1d88f65ee057c0e6faac40d106e4f0d52edf6e31c48e8d983ae3431fa707225c2c387e1a200b38759ba8e9187200e6d044ef46a534de751b1436f20ed7071b254509700aa726ea003a1b7b9ce2313756dc84bc4556ddac694c4553d72ed13a885176712c9cff968f74bd1d14ff734ad08e60cf7e7a7dd07d2b6ca9cb21ddaae68d2969afcf6c734f6ee1c63b1c93abf32264f9ec022b64c903276298739ee8ae7ac1fe14534ad54004f39ea1b99964702554c1494e1742baeae527cf3007d50fc92e924f73b6288e5d9fd071d2fba76b2fabd3faf5229f4c3168226346e3087026d3d2c8aed398d4988971e05ff0ab9f5f2328e7f51d5061584b44581a4c83e413718d3a82f87daf87d1d5a2c32fbaa58f095fbf34ccc603b632155c27289cb5598049a7c9160dfe8a01d5a1983408082941eb39db2a09c5a34dc876dfa58a589687aa0cf6be7b5b084a8f753758332896ec3adad7a79b751908ee2b3d25131f44185a0ed8d20e9b6b8a1ed11402b02e544b67caf3177eda039e64aaf295eca7953c165fa73afca96d7750663711101c6e14e44817c6ad4b1474132dd441ca5c9d7776c871ffacbd96910496cad7010b9b526135e84")
ioctl$auto__ctl_fops_dm_ioctl(r0, 0xfffffff7effffd05, &(0x7f00000001c0))
executing program 0:
mmap$auto(0x0, 0x20009, 0x4000000000db, 0xebd, 0x3, 0xfffffffffffffffc)
io_uring_setup$auto(0x6, 0x0)
lsm_set_self_attr$auto(0x1, 0x0, 0x80, 0x0)
socket(0xa, 0x2, 0x3a)
fspick$auto(0x926, 0x0, 0x10)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket(0x10, 0x2, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x47, 0x32b, 0x1ffde, 0x7, 0x6, 0x2, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x2, 0x10000, 0x80, 0x7, 0x0, 0x7, 0x0, 0x200, 0x0, 0x84, [0x0, 0x0, 0x0, 0x50100000000000, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x5, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x1, 0x0, 0xffffffffffffffff, 0x4, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x400000000005b8, 0x0, 0x0, 0x0, 0x4000000000, 0x6, 0xffffffffffffffff, 0x0, 0x8000000000008, 0xfffffffffffffffc, 0x3, 0xa38, 0x0, 0x0, 0xfffffffffffffffc, 0x2, 0x0, 0x0, 0x0, 0x3]}, 0x1fe, 0xd)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sysfs$auto(0x2, 0x8, 0x3)
r1 = socket(0x2, 0x6, 0x0)
getsockopt$auto(r1, 0x10d, 0xc, 0x0, 0x0)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b)
r2 = getuid()
msgctl$auto(0x1, 0x5, &(0x7f0000000300)={{0x2, <r3=>0xffffffffffffffff, 0xee00, 0x80e8, 0x401, 0x0, 0xa}, 0x0, &(0x7f00000002c0)=0x7, 0x8, 0x4, 0x80000000, 0x7fff, 0x101, 0x4, 0x7ff, 0xfeff})
setresuid$auto(r2, 0x0, r3)
sendmsg$auto_NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)={0x514, 0x0, 0x4, 0x70bd2a, 0x25dfdbff, {}, [@NL80211_ATTR_FRAME={0x1a3, 0x33, "7f48b200200b70fb607288173e35e81571d7067d0b3134c5f1b7c3f3319c16e526589141816aa34f4b60f1e14ec3e194430501ce3f596fc5b3348fce862444e3513f6f029a3b983af839586ef692034a69e9700b839563d4235a2e983eb22884af9ebacb353a2ceb17a4b29dafd0c9be4e5de096441eef87c6e2d30b154c897f31e32372c7e2d08466ae39b94d3c0309aa53e150c8074bb507bc1f3c43d82c9e17e416c9cde329e62bbafecb813cf7581a5b3fe5bd104a26122ebdb9ac6cbfb641a22ae16870626a337aa93d5bcdd6f9d9dfa1d5b83afd340ea65a60c4d5e3f6b7bad3f437a099d2c6b9a2bd0d422d062188e4355fac94751b69fa36eac8d88bc6d42478532c37ff4fc986ccb4fc26cf5fc45f50481afcae2c2317b1db92444762ba629c2b5218302fa5c96c85bfa2df5810e81b883c51f8ef7822fa182d5c3a7aadfbce3ea276625b031f5c320cf8a8a8954945eeb3a39414b9fc5a78e1347bf6f8501b8d13c06c6ec957c1f45e64ca3e7687e0398e383cade8d2677af868efc0e599b0ff19ee1df3c1f4807be3a3b6e10fab42bf3b788d9735e478b567dc"}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x6}, @NL80211_ATTR_REKEY_DATA={0x34f, 0x7a, 0x0, 0x1, [@nested={0x320, 0x140, 0x0, 0x1, [@nested={0x3c, 0x137, 0x0, 0x1, [@nested={0x4, 0x73}, @nested={0x4, 0xdb}, @typed={0x8, 0xa, 0x0, 0x0, @fd=r1}, @typed={0x8, 0x131, 0x0, 0x0, @uid=r2}, @typed={0x14, 0x5a, 0x0, 0x0, @ipv6=@loopback}, @typed={0xc, 0x7a, 0x0, 0x0, @u64=0x5}]}, @nested={0x5c, 0x146, 0x0, 0x1, [@typed={0x8, 0x89, 0x0, 0x0, @ipv4=@loopback}, @nested={0x4, 0x86}, @typed={0x46, 0x127, 0x0, 0x0, @binary="a221d5c01eefc0ace62ed64bc833bd4e42015e2ed47164d91f18271d270f6b11cb077313c76a83315dc19f7a1abf9e38d0f1d5674412c25ac7d65cdc1aed31e7d0fe"}, @nested={0x4, 0xc0}]}, @nested={0x283, 0x7b, 0x0, 0x1, [@generic="e8983d49d84e4393d355dc86a4618da3f6d5ec53eefdd2f9dea00151401f436729451169b935d7003ebbbcca072ac11663e4b78507cad7031542e821c5baa7929a382b5f0244228082c1d1fc135d7b5bbca52fcee7cba3ba5691d9494be6c5b719c1482b23f67dea80176ed4dd280391637089c109fb918f66f192c9ab3ba8d5643cdbf8d0418f3660574c88ab3519292f2e1bbe364418336295304abd7c3cfb56e5504341189321d1322c1c93cf908bbc0c74d3275a634c861e154184c4e94fbd57991512744d6479f19f5d51835533e6b95e423db2e602a1af28bccb51459da12ea865d9adcae3b4be980efd19db", @nested={0x4, 0xce}, @generic="ea7045dd86acd9fa48e6f9aa3a70ddc23a6bbb8cf4b37eeef9c7b18d83170a2347eef18fc6c0958ecf9eb662a1d1acdfc7c548d07721b383e25d46e7579452784deab1f43b7c3a9befda3d91b0fbfa0520c045dcf0ebe948019af0f8cd41db5460514322eb898130b31788f35fc85d7fb069afa360b8abe06838c1432e18949d3e4e705f478d8b74cbb93cee7a295635dd46b94137c6200b728ab674963368bec2733ee6e87289d486959ed8532e76172335133a32f51f7b6acefd306acf6931f5fa72ed462e02a8697fbe27b6e47bf01edf164baa57d965c208da8fe15cff", @generic="62767ff57be15361d5f3", @generic="f11b82c4a59077be7edb9c7e7c14e79f60e61ec1314b56d9c3081d8fc575a56ea39c39b3473bb4804a5e220612d25798ec2d4b37c2ff077ae8712b25722cfe32c9c280bee2652d04a75129668dbe7eeb9a11af9647353574b25f43181ffb8b4c1526d7c4464efa03d99bbc22f3956a5139f509588226c93a2ddbd4f0cd7f72a368f756272f76d987532992b78a44a0e7a0e6daaec10c1aee83e1a6f47e0e364356b4a1"]}]}, @nested={0x4, 0x14d, 0x0, 0x1, [@generic]}, @generic="2d945dfdfc273c35ac4f6a9dd709a22d659e9dc3e602ee5217942ff5387500e368ab3f6a7bedca"]}, @NL80211_ATTR_DISABLE_EHT={0x4}]}, 0x514}}, 0x4c090)
unshare$auto(0x40000080)
close_range$auto(0x2, 0x8, 0x0)
clock_gettime$auto(0x0, &(0x7f0000000000)={0x6, 0x10001})
capget$auto(&(0x7f0000000040)={0x5, 0xffffffffffffffff}, &(0x7f0000000080)={0x3, 0x8, 0xc0000})
executing program 0:
ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0)
sendfile$auto(0x2, 0x3, &(0x7f00000004c0), 0x7)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
munmap$auto(0x3, 0x4da)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
munmap$auto(0x5, 0xa)
r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff)
sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000000c0)={0x30, r1, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [@nested={0xc, 0x1, 0x0, 0x1, [@nested={0x8, 0x1, 0x0, 0x1, [@generic='\x00\x00\x00\x00']}]}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}]}, 0x30}, 0x1, 0x0, 0x0, 0x4}, 0x8880)
capset$auto(&(0x7f0000000080)={0x3, <r2=>0x0}, &(0x7f0000000140)={0x4, 0xffffff5e})
sendmsg$auto_NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xd0, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@NL80211_ATTR_PID={0x8, 0x52, r2}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x5e}, @NL80211_ATTR_FTM_RESPONDER={0xa4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x1f, 0x2, "2ae7af43013bb408f18830ce688abd78ca9afbf97564942016b29c"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "36978ea3eadfa74caff62a998527d2990575fd741f0cff070baf4690a9079804589daa7f9a4ce3fb667e9308cfbb1939ea853c8ddec2119c6609bcbce0164e4bd569b83810e757e2e853c763f1ffc43634f81da4a7fcc0d311345a56468a7e13456289fdfb7bea3e7942164d40"}]}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x532}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000801)
read$auto_random_fops_random(0xffffffffffffffff, &(0x7f0000000400)=""/183, 0xb7)
r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_CRIT_PROTOCOL_STOP(r0, &(0x7f00000003c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r3, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_ADMITTED_TIME={0x6, 0xd4, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004)
set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21)
sendmsg$auto_NCSI_CMD_SET_PACKAGE_MASK(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0xfebf0c436aa031f1)
seccomp$auto(0x1, 0x8, &(0x7f0000000400))
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x40c01, 0x0)
r4 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f00000000c0), 0x642, 0x0)
write$auto_split_huge_pages_fops_huge_memory(r4, &(0x7f0000000100)="3173a3", 0x3)
executing program 0:
r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/hung_task_check_interval_secs\x00', 0x88542, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/vm/overcommit_memory\x00', 0xf22437c730143eb6, 0x0)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/conf/wg0/drop_gratuitous_arp\x00', 0x202, 0x0)
sendfile$auto(r2, r2, 0x0, 0x7fffe000)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x6, 0x0)
mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100)
copy_file_range$auto(r3, 0x0, r3, &(0x7f0000000180)=0x80, 0x21c1, 0x0)
mmap$auto(0x0, 0x20009, 0xe1, 0xeb1, 0x40000000000a5, 0x8000)
r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r6=>0x0})
sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010029bd7020fddbdf250700000008000300", @ANYRES32=r6], 0x24}, 0x1, 0x0, 0x0, 0x20040010}, 0x20000084)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd)
socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL80211_CMD_SET_WIPHY(r7, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8001}, 0x40080)
setrlimit$auto(0x1000000007, 0x0)
open_tree$auto(0xffffffffffffffff, 0x0, 0x1001)
pipe2$auto(0x0, 0x7d)
ioctl$sock_SIOCGIFINDEX(r1, 0x5452, 0x0)
write$auto(r0, 0x0, 0x0)
executing program 0:
userfaultfd$auto(0x1)
ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/softnet_stat\x00', 0x0, 0x0)
sendfile$auto(0x2, 0x3, &(0x7f00000004c0), 0x7)
munmap$auto(0x5, 0xa)
syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xd0, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@NL80211_ATTR_PID={0x8}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x5e}, @NL80211_ATTR_FTM_RESPONDER={0xa4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x1f, 0x2, "2ae7af43013bb408f18830ce688abd78ca9afbf97564942016b29c"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "36978ea3eadfa74caff62a998527d2990575fd741f0cff070baf4690a9079804589daa7f9a4ce3fb667e9308cfbb1939ea853c8ddec2119c6609bcbce0164e4bd569b83810e757e2e853c763f1ffc43634f81da4a7fcc0d311345a56468a7e13456289fdfb7bea3e7942164d40"}]}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x532}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000801)
r0 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f00000000c0), 0x642, 0x0)
write$auto_split_huge_pages_fops_huge_memory(r0, &(0x7f0000000100)="3173a3", 0x3)
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r1 = syz_genetlink_get_family_id$auto_gtp(&(0x7f0000000040), r0)
r2 = openat$auto_generic(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/ieee80211/phy9/netdev:wlan1/stations/08:02:11:00:00:00/flags\x00', 0x408800, 0x0)
sendmsg$auto_GTP_CMD_ECHOREQ(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2020}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012dbd7000fbdbdf250300000008000200ff7f000014000b00fc000000000000000000000000000001080004000000000014400c00fe8000000000000000000000000000bb08000200070000000c0003000000000000000000080007006f0d718abd82f12e274086eabc09f4", @ANYRES32=r2, @ANYBLOB='\b\x00\t\x00\n\x00\x00\x00'], 0x70}, 0x1, 0x0, 0x0, 0x2000800}, 0x4000)
madvise$auto(0x6, 0xffffffffffff0001, 0x702b)
munmap$auto(0x20001000, 0x4)
connect$auto(0x3, 0x0, 0x54)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mmap$auto(0x0, 0x1000000004, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
mincore$auto(0x1000, 0x8, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
sigaltstack$auto(&(0x7f0000000080)={0x0, 0x80000002}, 0x0)
sigaltstack$auto(&(0x7f0000000080)={0x0, 0x80000002}, 0x0)
sendmsg$auto_NL80211_CMD_GET_FTM_RESPONDER_STATS(r0, 0x0, 0x20000000)
socket(0x0, 0x800, 0x92d)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
pwrite64$auto(0xc8, &(0x7f0000000080)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99??\x00\x00\x00\x01\xfd\xfd\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\x00\xff\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0xfdef, 0x3)
r3 = io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x403, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
move_pages$auto(0x1, 0x3, 0x0, 0x0, 0x0, 0x8000000000000000)
socket(0x2, 0x1, 0x0)
socket(0x21, 0x3, 0x95)
ioctl$auto(0x8000000000000001, 0x89ef, 0x9)
read$auto_mon_fops_text_t_mon_text(0xffffffffffffffff, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_NL80211_CMD_START_SCHED_SCAN(r3, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002abd7000fbdbdf254b000000060066004e200000040067001c00e700b82cad0c51f2a83adcfca107dd3f5f75695d36947dbd531ecfb154d85fcfa6e1"], 0x44}, 0x1, 0x0, 0x0, 0x20040000}, 0x40810)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/workqueue/scsi_tmf_0/max_active\x00', 0x123902, 0x0)
write$auto(r4, &(0x7f00000001c0)='0\"\xfb]$|\xcb1j\xeb0B|d\x1e\xec\x99\xb9\xfd\xd3\x89O\x9f\xac+\xf6\xd7/\xc9\xe9x\xd4\xf3\xc8\xf5\x7fW\xd3\xa6\x96\xd3^\xb8\xb4gq%H\xcc\x88r\xeaO\x8e\x10\t\xc7 P\xcf\xa7H\b\x04\x87\x98\x16`\xa3S\xd46\x10Wf\xc9<7\xcf\xc9\xf1\b\x9b\x8c\x9fu;\xc48(u\xf9Bx\n\xafW%/bBT\xa9\a\xed\xd2H4\x96\xa3U\xca\xf1\xef\x14dU\x15\x16\xa7\xdd\x01\x0e\xda\xc8\xd3\x00\xc5\b\x1a\xb0mN\x01\xb1\xc8B.U\xd1\x02\'\x9a\'\xf1;\xedJ\xf6@\xac\a\xf5\xf5 |\x1ex\xb7@=\xad\xe7\xff\xd6\xc1\xcf\x11\x0f\x99+v\x873\xc4\x17]\x17!]ct\xff\t\xb2A\x0f\x91\x02\xca&\x91<x\xe6\xc3q{KWa\xc6\x7f\xc7j\xa7\xaan8\xc3\xb5%\x8d(\x85\xcc&GH\xf4\x06\xda\xc4\xcc\xb5U?\xf3a(yG\xe2\xd7<W\xa1\xa5\xf2\x12\xdb\xca\xca\xf3\xd9\x95\x1d\xe5\x11\xcb\xdf\x85\xa3vU]?M\xd4\x9d\x10\xcb\x15\x92gp%\xae\x14`da\xc0', 0x2)
executing program 32:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r1 = syz_genetlink_get_family_id$auto_gtp(&(0x7f0000000040), r0)
r2 = openat$auto_generic(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/ieee80211/phy9/netdev:wlan1/stations/08:02:11:00:00:00/flags\x00', 0x408800, 0x0)
sendmsg$auto_GTP_CMD_ECHOREQ(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2020}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012dbd7000fbdbdf250300000008000200ff7f000014000b00fc000000000000000000000000000001080004000000000014400c00fe8000000000000000000000000000bb08000200070000000c0003000000000000000000080007006f0d718abd82f12e274086eabc09f4", @ANYRES32=r2, @ANYBLOB='\b\x00\t\x00\n\x00\x00\x00'], 0x70}, 0x1, 0x0, 0x0, 0x2000800}, 0x4000)
madvise$auto(0x6, 0xffffffffffff0001, 0x702b)
munmap$auto(0x20001000, 0x4)
connect$auto(0x3, 0x0, 0x54)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mmap$auto(0x0, 0x1000000004, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
mincore$auto(0x1000, 0x8, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
sigaltstack$auto(&(0x7f0000000080)={0x0, 0x80000002}, 0x0)
sigaltstack$auto(&(0x7f0000000080)={0x0, 0x80000002}, 0x0)
sendmsg$auto_NL80211_CMD_GET_FTM_RESPONDER_STATS(r0, 0x0, 0x20000000)
socket(0x0, 0x800, 0x92d)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
pwrite64$auto(0xc8, &(0x7f0000000080)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99??\x00\x00\x00\x01\xfd\xfd\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\x00\xff\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0xfdef, 0x3)
r3 = io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x403, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
move_pages$auto(0x1, 0x3, 0x0, 0x0, 0x0, 0x8000000000000000)
socket(0x2, 0x1, 0x0)
socket(0x21, 0x3, 0x95)
ioctl$auto(0x8000000000000001, 0x89ef, 0x9)
read$auto_mon_fops_text_t_mon_text(0xffffffffffffffff, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_NL80211_CMD_START_SCHED_SCAN(r3, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002abd7000fbdbdf254b000000060066004e200000040067001c00e700b82cad0c51f2a83adcfca107dd3f5f75695d36947dbd531ecfb154d85fcfa6e1"], 0x44}, 0x1, 0x0, 0x0, 0x20040000}, 0x40810)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/workqueue/scsi_tmf_0/max_active\x00', 0x123902, 0x0)
write$auto(r4, &(0x7f00000001c0)='0\"\xfb]$|\xcb1j\xeb0B|d\x1e\xec\x99\xb9\xfd\xd3\x89O\x9f\xac+\xf6\xd7/\xc9\xe9x\xd4\xf3\xc8\xf5\x7fW\xd3\xa6\x96\xd3^\xb8\xb4gq%H\xcc\x88r\xeaO\x8e\x10\t\xc7 P\xcf\xa7H\b\x04\x87\x98\x16`\xa3S\xd46\x10Wf\xc9<7\xcf\xc9\xf1\b\x9b\x8c\x9fu;\xc48(u\xf9Bx\n\xafW%/bBT\xa9\a\xed\xd2H4\x96\xa3U\xca\xf1\xef\x14dU\x15\x16\xa7\xdd\x01\x0e\xda\xc8\xd3\x00\xc5\b\x1a\xb0mN\x01\xb1\xc8B.U\xd1\x02\'\x9a\'\xf1;\xedJ\xf6@\xac\a\xf5\xf5 |\x1ex\xb7@=\xad\xe7\xff\xd6\xc1\xcf\x11\x0f\x99+v\x873\xc4\x17]\x17!]ct\xff\t\xb2A\x0f\x91\x02\xca&\x91<x\xe6\xc3q{KWa\xc6\x7f\xc7j\xa7\xaan8\xc3\xb5%\x8d(\x85\xcc&GH\xf4\x06\xda\xc4\xcc\xb5U?\xf3a(yG\xe2\xd7<W\xa1\xa5\xf2\x12\xdb\xca\xca\xf3\xd9\x95\x1d\xe5\x11\xcb\xdf\x85\xa3vU]?M\xd4\x9d\x10\xcb\x15\x92gp%\xae\x14`da\xc0', 0x2)
executing program 1:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_fd=0x5, 0x7f, 0x9c, 0x7b2, 0x1, @relative_id=0x4, 0x80}, 0x96)
bpf$auto(0x1, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x7}, 0xc)
sendmsg$auto_SMC_NETLINK_DISABLE_SEID(0xffffffffffffffff, 0x0, 0x40000)
map_shadow_stack$auto(0xfffffffffffffffd, 0x7, 0x9)
unshare$auto(0x40000080)
msgctl$auto(0xe, 0x9, 0x0)
r0 = openat$auto_binder_ctl_fops_binderfs(0xffffffffffffff9c, &(0x7f0000000000), 0x80c00, 0x0)
socket(0x28, 0x2, 0xf)
openat$auto_random_fops_random(0xffffffffffffff9c, &(0x7f0000000200), 0x484400, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000380)='/dev/dri/card1\x00', 0x109400, 0x0)
bpf$auto(0x4, &(0x7f0000001e80)=@iter_create={r0, 0x6}, 0x5)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x40000, 0x0)
r1 = openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0)
read$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(r1, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), r2)
sendmsg$auto_TIPC_NL_MEDIA_GET(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)={0x14, r3, 0x701, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x10)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
read$auto(0x3, 0x0, 0x80)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x40802, 0x0)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd)
executing program 1:
mmap$auto(0x0, 0x20009, 0x4000000000db, 0xebd, 0x3, 0xfffffffffffffffc)
io_uring_setup$auto(0x6, 0x0)
lsm_set_self_attr$auto(0x1, 0x0, 0x80, 0x0)
socket(0xa, 0x2, 0x3a)
fspick$auto(0x926, 0x0, 0x10)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket(0x10, 0x2, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x47, 0x32b, 0x1ffde, 0x7, 0x6, 0x2, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x2, 0x10000, 0x80, 0x7, 0x0, 0x7, 0x0, 0x200, 0x0, 0x84, [0x0, 0x0, 0x0, 0x50100000000000, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x5, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x1, 0x0, 0xffffffffffffffff, 0x4, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x400000000005b8, 0x0, 0x0, 0x0, 0x4000000000, 0x6, 0xffffffffffffffff, 0x0, 0x8000000000008, 0xfffffffffffffffc, 0x3, 0xa38, 0x0, 0x0, 0xfffffffffffffffc, 0x2, 0x0, 0x0, 0x0, 0x3]}, 0x1fe, 0xd)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sysfs$auto(0x2, 0x8, 0x3)
r1 = socket(0x2, 0x6, 0x0)
getsockopt$auto(r1, 0x10d, 0xc, 0x0, 0x0)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b)
r2 = getuid()
msgctl$auto(0x1, 0x5, &(0x7f0000000300)={{0x2, <r3=>0xffffffffffffffff, 0xee00, 0x80e8, 0x401, 0x0, 0xa}, 0x0, &(0x7f00000002c0)=0x7, 0x8, 0x4, 0x80000000, 0x7fff, 0x101, 0x4, 0x7ff, 0xfeff})
setresuid$auto(r2, 0x0, r3)
sendmsg$auto_NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)={0x4e0, 0x0, 0x4, 0x70bd2a, 0x25dfdbff, {}, [@NL80211_ATTR_FRAME={0x1a3, 0x33, "7f48b200200b70fb607288173e35e81571d7067d0b3134c5f1b7c3f3319c16e526589141816aa34f4b60f1e14ec3e194430501ce3f596fc5b3348fce862444e3513f6f029a3b983af839586ef692034a69e9700b839563d4235a2e983eb22884af9ebacb353a2ceb17a4b29dafd0c9be4e5de096441eef87c6e2d30b154c897f31e32372c7e2d08466ae39b94d3c0309aa53e150c8074bb507bc1f3c43d82c9e17e416c9cde329e62bbafecb813cf7581a5b3fe5bd104a26122ebdb9ac6cbfb641a22ae16870626a337aa93d5bcdd6f9d9dfa1d5b83afd340ea65a60c4d5e3f6b7bad3f437a099d2c6b9a2bd0d422d062188e4355fac94751b69fa36eac8d88bc6d42478532c37ff4fc986ccb4fc26cf5fc45f50481afcae2c2317b1db92444762ba629c2b5218302fa5c96c85bfa2df5810e81b883c51f8ef7822fa182d5c3a7aadfbce3ea276625b031f5c320cf8a8a8954945eeb3a39414b9fc5a78e1347bf6f8501b8d13c06c6ec957c1f45e64ca3e7687e0398e383cade8d2677af868efc0e599b0ff19ee1df3c1f4807be3a3b6e10fab42bf3b788d9735e478b567dc"}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x6}, @NL80211_ATTR_REKEY_DATA={0x31b, 0x7a, 0x0, 0x1, [@nested={0x2ec, 0x140, 0x0, 0x1, [@nested={0x3c, 0x137, 0x0, 0x1, [@nested={0x4, 0x73}, @nested={0x4, 0xdb}, @typed={0x8, 0xa, 0x0, 0x0, @fd=r1}, @typed={0x8, 0x131, 0x0, 0x0, @uid=r2}, @typed={0x14, 0x5a, 0x0, 0x0, @ipv6=@loopback}, @typed={0xc, 0x7a, 0x0, 0x0, @u64=0x5}]}, @nested={0x5c, 0x146, 0x0, 0x1, [@typed={0x8, 0x89, 0x0, 0x0, @ipv4=@loopback}, @nested={0x4, 0x86}, @typed={0x46, 0x127, 0x0, 0x0, @binary="a221d5c01eefc0ace62ed64bc833bd4e42015e2ed47164d91f18271d270f6b11cb077313c76a83315dc19f7a1abf9e38d0f1d5674412c25ac7d65cdc1aed31e7d0fe"}, @nested={0x4, 0xc0}]}, @nested={0x24e, 0x7b, 0x0, 0x1, [@generic="e8983d49d84e4393d355dc86a4618da3f6d5ec53eefdd2f9dea00151401f436729451169b935d7003ebbbcca072ac11663e4b78507cad7031542e821c5baa7929a382b5f0244228082c1d1fc135d7b5bbca52fcee7cba3ba5691d9494be6c5b719c1482b23f67dea80176ed4dd280391637089c109fb918f66f192c9ab3ba8d5643cdbf8d0418f3660574c88ab3519292f2e1bbe364418336295304abd7c3cfb56e5504341189321d1322c1c93cf908bbc0c74d3275a634c861e154184c4e94fbd57991512744d6479f19f5d51835533e6b95e423db2e602a1af28bccb51459da12ea865d9adcae3b4be980efd19db", @nested={0x4, 0xce}, @generic="ea7045dd86acd9fa48e6f9aa3a70ddc23a6bbb8cf4b37eeef9c7b18d83170a2347eef18fc6c0958ecf9eb662a1d1acdfc7c548d07721b383e25d46e7579452784deab1f43b7c3a9befda3d91b0fbfa0520c045dcf0ebe948019af0f8cd41db5460514322eb898130b31788f35fc85d7fb069afa360b8abe06838c1432e18949d3e4e705f478d8b74cbb93cee7a295635dd46b94137c6200b728ab674963368bec2733ee6e87289d4", @generic="62767ff57be15361d5f3", @generic="f11b82c4a59077be7edb9c7e7c14e79f60e61ec1314b56d9c3081d8fc575a56ea39c39b3473bb4804a5e220612d25798ec2d4b37c2ff077ae8712b25722cfe32c9c280bee2652d04a75129668dbe7eeb9a11af9647353574b25f43181ffb8b4c1526d7c4464efa03d99bbc22f3956a5139f509588226c93a2ddbd4f0cd7f72a368f756272f76d987532992b78a44a0e7a0e6daaec10c1aee83e1a6f47e0e364356b4a13228"]}]}, @nested={0x4, 0x14d, 0x0, 0x1, [@generic]}, @generic="2d945dfdfc273c35ac4f6a9dd709a22d659e9dc3e602ee5217942ff5387500e368ab3f6a7bedca"]}, @NL80211_ATTR_DISABLE_EHT={0x4}]}, 0x4e0}}, 0x4c090)
unshare$auto(0x40000080)
close_range$auto(0x2, 0x8, 0x0)
clock_gettime$auto(0x0, &(0x7f0000000000)={0x6, 0x10001})
capget$auto(&(0x7f0000000040)={0x5, 0xffffffffffffffff}, &(0x7f0000000080)={0x3, 0x8, 0xc0000})
executing program 1:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_fd=0x5, 0x7f, 0x9c, 0x7b2, 0x1, @relative_id=0x4, 0x80}, 0x96)
bpf$auto(0x1, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x7}, 0xc)
sendmsg$auto_SMC_NETLINK_DISABLE_SEID(0xffffffffffffffff, 0x0, 0x40000)
map_shadow_stack$auto(0xfffffffffffffffd, 0x7, 0x9)
unshare$auto(0x40000080)
msgctl$auto(0xe, 0x9, 0x0)
r0 = openat$auto_binder_ctl_fops_binderfs(0xffffffffffffff9c, &(0x7f0000000000), 0x80c00, 0x0)
socket(0x28, 0x2, 0xf)
openat$auto_random_fops_random(0xffffffffffffff9c, &(0x7f0000000200), 0x484400, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000380)='/dev/dri/card1\x00', 0x109400, 0x0)
bpf$auto(0x4, &(0x7f0000001e80)=@iter_create={r0, 0x6}, 0x5)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x40000, 0x0)
r1 = openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0)
read$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(r1, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), r2)
sendmsg$auto_TIPC_NL_MEDIA_GET(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)={0x14, r3, 0x701, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x10)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
read$auto(0x3, 0x0, 0x80)
executing program 1:
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
socket(0x10, 0x2, 0xc)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd)
ioperm$auto(0x7, 0x6, 0xffffffffffff4064)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6)
syslog$auto(0x2, &(0x7f0000000000)='-#:\x00[\xda\xe2\xc3L\xd30{Q\xecvP\x93\x87\x1e\xdd\x95\x1b\x19qI\vv\xacO*X0V\x93\x85\xff\xb2\xdd\xd8\xd5Kh\xfa\xa3\xc7\x9b}\xec\x1e\xdc\x80\x1fR\xc30\x9a\xae\\\'\x14\x98\x98\xc3iDv\x97\xdfTMt\xe5?\xd0\xcc\xb8\xfa\a\x7f\x7f\x00\x00\x00\x00\x00\x00\x00n_\xb1\x1c\x7f\xb0y\xec\xe2\xcc\x1a/\xfa{d\xe4BN\x9c\xb9\x87.\xfe\xe7&1j\xe6]\xc3\x9anE6\x81\xe4\xec\xfa\xefE\xf7\x17h\xf4pumR\xd55Dd(\x0f(b\x1aD\xf4\x03\xc3\\\xdf\x8f\xa8\x82\xab\x102\xd1\xaf\xcaT\x86\x171\x11Q4\x94\x9d\xf5\x9c\xe3\xaa\xf3\xd26i\xf9\xb2\xd9T\xc9\xfd\xba\x91^\x19\x95\xde\xbc \xa8\x98\xc3\xed\xe9,{\xd4\xa1\xe4p\xcf\b\f\xb4\xbe_\xf2\xbe\xef\v\xf1d\xdd\x0e\xfc\xc3\xeaqt\x94\xe7\xce\xf1\xc5\x94~\xf6Cx\x0e\x98\xc7gE>*\x9c%\xa0\\\x14\t\tv.\x1c\x1a\xf1\xba\xc0>\xf4Hc\xc3\xfa\x033\x8f\xb9(\n/\xcdo\xc2', 0xcf)
executing program 1:
userfaultfd$auto(0x1)
ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/softnet_stat\x00', 0x0, 0x0)
sendfile$auto(0x2, 0x3, &(0x7f00000004c0), 0x7)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
munmap$auto(0x3, 0x4da)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
munmap$auto(0x5, 0xa)
sendmsg$auto_NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xd0, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@NL80211_ATTR_PID={0x8}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x5e}, @NL80211_ATTR_FTM_RESPONDER={0xa4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x1f, 0x2, "2ae7af43013bb408f18830ce688abd78ca9afbf97564942016b29c"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "36978ea3eadfa74caff62a998527d2990575fd741f0cff070baf4690a9079804589daa7f9a4ce3fb667e9308cfbb1939ea853c8ddec2119c6609bcbce0164e4bd569b83810e757e2e853c763f1ffc43634f81da4a7fcc0d311345a56468a7e13456289fdfb7bea3e7942164d40"}]}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x532}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000801)
r1 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f00000000c0), 0x642, 0x0)
write$auto_split_huge_pages_fops_huge_memory(r1, &(0x7f0000000100)="3173a3", 0x3)
executing program 1:
open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100)
open(&(0x7f0000000080)='./file0\x00', 0xeee00, 0x31)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x2, 0x0)
move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000)
mknod$auto(&(0x7f0000000180)=':,\x00', 0xc9, 0xfffffffa)
execve$auto(&(0x7f0000000040)=':,\x00', 0x0, 0x0)
shutdown$auto(0x200000003, 0x2)
open(0x0, 0x4242, 0xe1d2b27bdc14aabc)
socket(0x2, 0x3, 0x1)
ioctl$auto(0x1, 0x890c, 0x8)
executing program 33:
open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100)
open(&(0x7f0000000080)='./file0\x00', 0xeee00, 0x31)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x2, 0x0)
move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000)
mknod$auto(&(0x7f0000000180)=':,\x00', 0xc9, 0xfffffffa)
execve$auto(&(0x7f0000000040)=':,\x00', 0x0, 0x0)
shutdown$auto(0x200000003, 0x2)
open(0x0, 0x4242, 0xe1d2b27bdc14aabc)
socket(0x2, 0x3, 0x1)
ioctl$auto(0x1, 0x890c, 0x8)
executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/rpc/use-gss-proxy\x00', 0x0, 0x0)
read$auto_proc_reg_file_ops_compat_inode(r1, 0x0, 0x300)
openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/maps\x00', 0x200, 0x0)
r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000040), r0)
sendmsg$auto_L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="01002abd70002502000000000000"], 0x14}, 0x1, 0x0, 0x0, 0x24000000}, 0x20000000)
executing program 2:
mmap$auto(0x0, 0x20009, 0x4000000000db, 0xebd, 0x3, 0xfffffffffffffffc)
io_uring_setup$auto(0x6, 0x0)
lsm_set_self_attr$auto(0x1, 0x0, 0x80, 0x0)
socket(0xa, 0x2, 0x3a)
fspick$auto(0x926, 0x0, 0x10)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket(0x10, 0x2, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x47, 0x32b, 0x1ffde, 0x7, 0x6, 0x2, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x2, 0x10000, 0x80, 0x7, 0x0, 0x7, 0x0, 0x200, 0x0, 0x84, [0x0, 0x0, 0x0, 0x50100000000000, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x5, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x1, 0x0, 0xffffffffffffffff, 0x4, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x400000000005b8, 0x0, 0x0, 0x0, 0x4000000000, 0x6, 0xffffffffffffffff, 0x0, 0x8000000000008, 0xfffffffffffffffc, 0x3, 0xa38, 0x0, 0x0, 0xfffffffffffffffc, 0x2, 0x0, 0x0, 0x0, 0x3]}, 0x1fe, 0xd)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sysfs$auto(0x2, 0x8, 0x3)
r1 = socket(0x2, 0x6, 0x0)
getsockopt$auto(r1, 0x10d, 0xc, 0x0, 0x0)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b)
r2 = getuid()
msgctl$auto(0x1, 0x5, &(0x7f0000000300)={{0x2, <r3=>0xffffffffffffffff, 0xee00, 0x80e8, 0x401, 0x0, 0xa}, 0x0, &(0x7f00000002c0)=0x7, 0x8, 0x4, 0x80000000, 0x7fff, 0x101, 0x4, 0x7ff, 0xfeff})
setresuid$auto(r2, 0x0, r3)
sendmsg$auto_NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)={0x508, 0x0, 0x4, 0x70bd2a, 0x25dfdbff, {}, [@NL80211_ATTR_FRAME={0x1a3, 0x33, "7f48b200200b70fb607288173e35e81571d7067d0b3134c5f1b7c3f3319c16e526589141816aa34f4b60f1e14ec3e194430501ce3f596fc5b3348fce862444e3513f6f029a3b983af839586ef692034a69e9700b839563d4235a2e983eb22884af9ebacb353a2ceb17a4b29dafd0c9be4e5de096441eef87c6e2d30b154c897f31e32372c7e2d08466ae39b94d3c0309aa53e150c8074bb507bc1f3c43d82c9e17e416c9cde329e62bbafecb813cf7581a5b3fe5bd104a26122ebdb9ac6cbfb641a22ae16870626a337aa93d5bcdd6f9d9dfa1d5b83afd340ea65a60c4d5e3f6b7bad3f437a099d2c6b9a2bd0d422d062188e4355fac94751b69fa36eac8d88bc6d42478532c37ff4fc986ccb4fc26cf5fc45f50481afcae2c2317b1db92444762ba629c2b5218302fa5c96c85bfa2df5810e81b883c51f8ef7822fa182d5c3a7aadfbce3ea276625b031f5c320cf8a8a8954945eeb3a39414b9fc5a78e1347bf6f8501b8d13c06c6ec957c1f45e64ca3e7687e0398e383cade8d2677af868efc0e599b0ff19ee1df3c1f4807be3a3b6e10fab42bf3b788d9735e478b567dc"}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x6}, @NL80211_ATTR_REKEY_DATA={0x343, 0x7a, 0x0, 0x1, [@nested={0x314, 0x140, 0x0, 0x1, [@nested={0x3c, 0x137, 0x0, 0x1, [@nested={0x4, 0x73}, @nested={0x4, 0xdb}, @typed={0x8, 0xa, 0x0, 0x0, @fd=r1}, @typed={0x8, 0x131, 0x0, 0x0, @uid=r2}, @typed={0x14, 0x5a, 0x0, 0x0, @ipv6=@loopback}, @typed={0xc, 0x7a, 0x0, 0x0, @u64=0x5}]}, @nested={0x5c, 0x146, 0x0, 0x1, [@typed={0x8, 0x89, 0x0, 0x0, @ipv4=@loopback}, @nested={0x4, 0x86}, @typed={0x46, 0x127, 0x0, 0x0, @binary="a221d5c01eefc0ace62ed64bc833bd4e42015e2ed47164d91f18271d270f6b11cb077313c76a83315dc19f7a1abf9e38d0f1d5674412c25ac7d65cdc1aed31e7d0fe"}, @nested={0x4, 0xc0}]}, @nested={0x278, 0x7b, 0x0, 0x1, [@generic="e8983d49d84e4393d355dc86a4618da3f6d5ec53eefdd2f9dea00151401f436729451169b935d7003ebbbcca072ac11663e4b78507cad7031542e821c5baa7929a382b5f0244228082c1d1fc135d7b5bbca52fcee7cba3ba5691d9494be6c5b719c1482b23f67dea80176ed4dd280391637089c109fb918f66f192c9ab3ba8d5643cdbf8d0418f3660574c88ab3519292f2e1bbe364418336295304abd7c3cfb56e5504341189321d1322c1c93cf908bbc0c74d3275a634c861e154184c4e94fbd57991512744d6479f19f5d51835533e6b95e423db2e602a1af28bccb51459da12ea865d9adcae3b4be980efd19db", @nested={0x4, 0xce}, @generic="ea7045dd86acd9fa48e6f9aa3a70ddc23a6bbb8cf4b37eeef9c7b18d83170a2347eef18fc6c0958ecf9eb662a1d1acdfc7c548d07721b383e25d46e7579452784deab1f43b7c3a9befda3d91b0fbfa0520c045dcf0ebe948019af0f8cd41db5460514322eb898130b31788f35fc85d7fb069afa360b8abe06838c1432e18949d3e4e705f478d8b74cbb93cee7a295635dd46b94137c6200b728ab674963368bec2733ee6e87289d486959ed8532e76172335133a32f51f7b6acefd306acf6931f5fa72ed462e02a8697fbe27b6e47bf01edf", @generic="62767ff57be15361d5f3", @generic="f11b82c4a59077be7edb9c7e7c14e79f60e61ec1314b56d9c3081d8fc575a56ea39c39b3473bb4804a5e220612d25798ec2d4b37c2ff077ae8712b25722cfe32c9c280bee2652d04a75129668dbe7eeb9a11af9647353574b25f43181ffb8b4c1526d7c4464efa03d99bbc22f3956a5139f509588226c93a2ddbd4f0cd7f72a368f756272f76d987532992b78a44a0e7a0e6daaec10c1aee83e1a6f47e0e364356b4a13228"]}]}, @nested={0x4, 0x14d, 0x0, 0x1, [@generic]}, @generic="2d945dfdfc273c35ac4f6a9dd709a22d659e9dc3e602ee5217942ff5387500e368ab3f6a7bedca"]}, @NL80211_ATTR_DISABLE_EHT={0x4}]}, 0x508}}, 0x4c090)
unshare$auto(0x40000080)
close_range$auto(0x2, 0x8, 0x0)
clock_gettime$auto(0x0, &(0x7f0000000000)={0x6, 0x10001})
capget$auto(&(0x7f0000000040)={0x5, 0xffffffffffffffff}, &(0x7f0000000080)={0x3, 0x8, 0xc0000})
executing program 4:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x40000b, 0xde, 0x9b72, 0x2, 0x8000)
socket(0xa, 0x2, 0x88)
io_uring_setup$auto(0x6, 0x0)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
connect$auto(0x3, &(0x7f00000001c0)=@in={0x2, 0x4e24, @multicast1}, 0x55)
write$auto(0x3, 0x0, 0xfdef)
socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffdb5, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r0, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810)
syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000300), r0)
ioctl$auto_SNDRV_CTL_IOCTL_ELEM_LIST(0xffffffffffffffff, 0xc0505510, &(0x7f0000000340)={0xfffffffa, 0x3fc00, 0x4, @raw=0x5, &(0x7f0000000000)={@raw=0x6cd3dc16, 0x9, 0x10001, 0x7, "d0157f1da2e1b2c4464508046b8161ce335165000000000e04000000ccbe1a4ec13d465abb852246134abf87"}, "3e3e8bb7e73ba219b52c8a714934c55da88879fb30a0a166170c4bb1bc9cf1f6e9b3dbca453bff6195359c982cb5cb4c674a"})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x8000000008, 0xb, 0x40000009b71, 0xca7, 0x8000000000008000)
r2 = socket(0xa, 0x2, 0x88)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'wg0\x00', <r4=>0x0})
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r4, r3, 0x4, 0x1ff, r2, @relative_id=0x13, 0xe600}, 0xf)
bpf$auto(0x4, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffffffffffffffff, 0x0, 0x8000000000003}, 0x8)
read$auto(r0, &(0x7f0000000100)='nl80211\x00', 0xbe62)
sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030004020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000060007000100000008000200", @ANYRES32=0x0, @ANYBLOB="0c001a"], 0x68}, 0x1, 0x0, 0x0, 0x4044080}, 0x40090)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
mmap$auto(0x0, 0x2020008, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x22, 0x940, 0x1ffde, 0x3, 0x6, 0x8000002, 0x9, 0x5, 0x2, 0x4, 0xb0, 0x7, 0x2, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, [0x0, 0x0, 0x0, 0x243efbdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe6e]}, 0x1fe, 0x81)
executing program 3:
r0 = openat$auto_event_inject_fops_trace(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/tracing/events/vmalloc/alloc_vmap_area/inject\x00', 0x2, 0x0)
pwrite64$auto(r0, &(0x7f0000000140)='\vX_n\x91p\xe6\x1eRN8\x99C\x05s\x1cJ\x99\x00:\x00!\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x52, 0x3)
executing program 3:
userfaultfd$auto(0x1)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/softnet_stat\x00', 0x0, 0x0)
sendfile$auto(0x2, 0x3, &(0x7f00000004c0), 0x7)
munmap$auto(0x5, 0xa)
syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)={0xd0, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@NL80211_ATTR_PID={0x8}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x5e}, @NL80211_ATTR_FTM_RESPONDER={0xa4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x1f, 0x2, "2ae7af43013bb408f18830ce688abd78ca9afbf97564942016b29c"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "36978ea3eadfa74caff62a998527d2990575fd741f0cff070baf4690a9079804589daa7f9a4ce3fb667e9308cfbb1939ea853c8ddec2119c6609bcbce0164e4bd569b83810e757e2e853c763f1ffc43634f81da4a7fcc0d311345a56468a7e13456289fdfb7bea3e7942164d40"}]}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x532}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000801)
r0 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f00000000c0), 0x642, 0x0)
write$auto_split_huge_pages_fops_huge_memory(r0, &(0x7f0000000100)="3173a3", 0x3)
executing program 2:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_fd=0x5, 0x7f, 0x9c, 0x7b2, 0x1, @relative_id=0x4, 0x80}, 0x96)
bpf$auto(0x1, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x7}, 0xc)
sendmsg$auto_SMC_NETLINK_DISABLE_SEID(0xffffffffffffffff, 0x0, 0x40000)
map_shadow_stack$auto(0xfffffffffffffffd, 0x7, 0x9)
unshare$auto(0x40000080)
msgctl$auto(0xe, 0x9, 0x0)
r0 = openat$auto_binder_ctl_fops_binderfs(0xffffffffffffff9c, &(0x7f0000000000), 0x80c00, 0x0)
socket(0x28, 0x2, 0xf)
openat$auto_random_fops_random(0xffffffffffffff9c, &(0x7f0000000200), 0x484400, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000380)='/dev/dri/card1\x00', 0x109400, 0x0)
bpf$auto(0x4, &(0x7f0000001e80)=@iter_create={r0, 0x6}, 0x5)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x40000, 0x0)
r1 = openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0)
read$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(r1, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_MEDIA_GET(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)={0x14, 0x0, 0x701, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x10)
read$auto(0x3, 0x0, 0x80)
executing program 4:
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x40001, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r1 = open(&(0x7f0000000000)='./cgroup.cpu/cgroup.procs\x00', 0x2000, 0xb5d1af1605322c72)
open_by_handle_at$auto(r1, &(0x7f0000000040)={0x8, 0x2, "9700000000000000"}, 0x2)
pwritev$auto(0x3, &(0x7f0000001000)={&(0x7f0000000fc0), 0x8}, 0x5, 0x3, 0x9)
ppoll$auto(&(0x7f0000000000)={<r2=>r0, 0x202}, 0x9, 0x0, 0x0, 0x8)
r3 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_OVS_FLOW_CMD_GET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x2c, r3, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_KEY={0x14, 0x1, 0x0, 0x1, [@nested={0x8, 0x2, 0x0, 0x1, [@nested={0x4, 0x1d}]}, @typed={0x8, 0x13, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40010}, 0x800)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
socket(0xa, 0x2, 0x3a)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NBD_CMD_CONNECT(r5, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000000)={0x38, 0x0, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [@nested={0xc, 0x1, 0x0, 0x1, [@nested={0x8, 0x1, 0x0, 0x1, [@generic='\x00\x00\x00\x00']}]}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x6}, @NBD_ATTR_BACKEND_IDENTIFIER={0x6, 0xa, ',!'}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x8880)
write$auto_drm_connector_fops_drm_debugfs(r2, &(0x7f0000000100)="66958ddde5c88f39d148b0dfb04f2842b30695684c672af7cf29f9eea007e5ddfb4aef052597b69f07cc3600475a6b63b3fab7db1ec676f35a39a820a06ea908bf373b0a4c", 0x45)
executing program 4:
userfaultfd$auto(0x1)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/softnet_stat\x00', 0x0, 0x0)
sendfile$auto(0x2, 0x3, &(0x7f00000004c0), 0x7)
munmap$auto(0x5, 0xa)
syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xc8, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@NL80211_ATTR_PID={0x8}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x5e}, @NL80211_ATTR_FTM_RESPONDER={0xa4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x1f, 0x2, "2ae7af43013bb408f18830ce688abd78ca9afbf97564942016b29c"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "36978ea3eadfa74caff62a998527d2990575fd741f0cff070baf4690a9079804589daa7f9a4ce3fb667e9308cfbb1939ea853c8ddec2119c6609bcbce0164e4bd569b83810e757e2e853c763f1ffc43634f81da4a7fcc0d311345a56468a7e13456289fdfb7bea3e7942164d40"}]}]}, 0xc8}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000801)
r0 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f00000000c0), 0x642, 0x0)
write$auto_split_huge_pages_fops_huge_memory(r0, &(0x7f0000000100)="3173a3", 0x3)
executing program 3:
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x40001, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open_by_handle_at$auto(0xffffffffffffffff, &(0x7f0000000040)={0x8, 0x2, "9700000000000000"}, 0x2)
pwritev$auto(0x3, &(0x7f0000001000)={&(0x7f0000000fc0), 0x8}, 0x5, 0x3, 0x9)
executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
munmap$auto(0x20001000, 0x4)
mknod$auto(&(0x7f00000003c0)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5', 0x20e9, 0x103)
access$auto(&(0x7f0000000000)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5\x00', 0x3)
connect$auto(0x3, 0x0, 0x54)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
mincore$auto(0x1000, 0x8, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
sigaltstack$auto(&(0x7f0000000080)={0x0, 0x80000002}, 0x0)
sigaltstack$auto(&(0x7f0000000080)={0x0, 0x80000002}, 0x0)
sendmsg$auto_NL80211_CMD_GET_FTM_RESPONDER_STATS(r0, 0x0, 0x20000000)
socket(0x0, 0x800, 0x92d)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
r1 = socket(0xb, 0x801, 0x84)
getsockopt$auto(r1, 0x84, 0x6d, 0x0, &(0x7f0000000280)=0xc0)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x10001, 0x3, 0x8001)
madvise$auto(0x0, 0x80000001, 0xa)
r2 = gettid()
process_vm_writev$auto(r2, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0)
copy_file_range$auto(0x2, 0x0, 0x2, 0x0, 0x8001, 0x9)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x6, 0x0)
close_range$auto(0x2, 0x8, 0x0)
madvise$auto(0xb812, 0x89ce, 0xc)
sendmsg$auto_NBD_CMD_CONNECT(r0, 0x0, 0x8880)
socket$nl_generic(0x10, 0x3, 0x10)
executing program 4:
mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000003240), 0x20001, 0x0)
openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x28240, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x22100, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
msgctl$auto(0x0, 0xb, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000940)={'batadv0\x00'})
executing program 2:
unshare$auto(0x40000080)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
removexattr$auto(0x0, 0x0)
mmap$auto(0x4, 0xf8, 0x8, 0xeb5, 0xffffffffffffffff, 0xfffffffffffffff2)
getrandom$auto(0x0, 0x6000000, 0x3)
read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, &(0x7f0000000040)=""/88, 0x58)
read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, &(0x7f0000001080)=""/4092, 0xffc)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0)
socketpair$auto(0x4, 0x1, 0x20000, 0x0)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0)
ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x1, 0x1, 0x0)
r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)
ioctl$auto_SNDCTL_DSP_SYNC(r1, 0x5001, 0x7)
ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000000)=0x40)
connect$auto(0x3, &(0x7f00000001c0), 0x55)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2)
madvise$auto(0x0, 0x80000001, 0x8)
executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/rpc/use-gss-proxy\x00', 0x0, 0x0)
read$auto_proc_reg_file_ops_compat_inode(r1, 0x0, 0x300)
openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/maps\x00', 0x200, 0x0)
r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000040), r0)
sendmsg$auto_L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="01002abd70002502000000000000"], 0x14}, 0x1, 0x0, 0x0, 0x24000000}, 0x20000000)
executing program 2:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/i8042/serio1/rate\x00', 0x2, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000002c0), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL802154_CMD_SET_CCA_MODE(r2, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f00000001c0)=ANY=[@ANYBLOB="20000000f1da34d2b84da88d90dfcfab6bea62a418ffeaa6064f852d0b0018af8d7a8e01b94b2a450e52d18572be98698bc911a4affd1e9d42ace4ea42251a5abedb785b92ba77eb5308af21f689540d44efe490add170af0a8fa7173a4bb1d617563be192e5c24e661ff2f0bf1f55f9133fd8e3da83b3fc2cad2b0ee6fb8d6ea7005fe1f4347977", @ANYRES16=r1, @ANYBLOB="010129bd7000fddbdf250d0000000c0006000100000000000000"], 0x20}, 0x1, 0x0, 0x0, 0x60040440}, 0x800)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/usb/drivers/usbip-host/match_busid\x00', 0x0, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000001100)=""/4106, 0x100a)
read$auto(r0, 0x0, 0x2)
syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000080), r2)
r4 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000003640)='/proc/self/numa_maps\x00', 0x40080, 0x0)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
r5 = socket(0x11, 0xa, 0x1000)
setregid$auto(0x5, 0x6)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid$auto(0x0, 0x3ff, 0x0, 0x1000006, 0x0)
syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000140), 0xffffffffffffffff)
mmap$auto(0x0, 0xf4, 0xdf, 0xeb1, 0x401, 0x8000)
timer_create$auto(0x2, 0x0, 0x0)
sendmsg$auto_ETHTOOL_MSG_FEC_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000805}, 0x10)
sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="e3b727bf70ffffff7f0000000000dcb68952543a1f62c3ab33ca708b9dd70bc3000f00818d618ae358476c3f7d93d3fbef716d7dee4ab8261677bc79353ee173dd01f9b1d6c9780f1036445ee065d410dbe43ee31abd79282a16be415a258be6af56c311cca7141a0cb296186063ce996810aa94334f4564b36df31dc75bcfbb6d7721847b870d989715"], 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
timer_settime$auto(0x0, 0x7ff, &(0x7f0000000000)={{0xa6, 0x7}, {0x0, 0x3}}, 0x0)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd)
timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0xb, 0x10007}, {0x9, 0xcd21}}, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
socket$nl_generic(0x10, 0x3, 0x10)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x4)
process_mrelease$auto(0x4, 0x0)
ioctl$auto(r5, 0x2, 0x2)
read$auto_proc_pid_numa_maps_operations_internal(r4, &(0x7f0000000000)=""/110, 0x6e)
executing program 3:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000001100)=""/4106, 0x100a)
executing program 4:
r0 = openat$auto_event_inject_fops_trace(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/tracing/events/vmalloc/alloc_vmap_area/inject\x00', 0x2, 0x0)
pwrite64$auto(r0, 0x0, 0x52, 0x3)
executing program 3:
userfaultfd$auto(0x1)
ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/softnet_stat\x00', 0x0, 0x0)
sendfile$auto(0x2, 0x3, &(0x7f00000004c0), 0x7)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
munmap$auto(0x3, 0x4da)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xd0, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@NL80211_ATTR_PID={0x8}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x5e}, @NL80211_ATTR_FTM_RESPONDER={0xa4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x1f, 0x2, "2ae7af43013bb408f18830ce688abd78ca9afbf97564942016b29c"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "36978ea3eadfa74caff62a998527d2990575fd741f0cff070baf4690a9079804589daa7f9a4ce3fb667e9308cfbb1939ea853c8ddec2119c6609bcbce0164e4bd569b83810e757e2e853c763f1ffc43634f81da4a7fcc0d311345a56468a7e13456289fdfb7bea3e7942164d40"}]}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x532}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000801)
r1 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f00000000c0), 0x642, 0x0)
write$auto_split_huge_pages_fops_huge_memory(r1, &(0x7f0000000100)="3173a3", 0x3)
executing program 3:
ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0)
sendfile$auto(0x2, 0x3, &(0x7f00000004c0), 0x7)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
munmap$auto(0x3, 0x4da)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
munmap$auto(0x5, 0xa)
r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff)
sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000000c0)={0x2c, r1, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NBD_ATTR_SOCKETS={0xc, 0x7, 0x0, 0x1, [@nested={0x8, 0x1, 0x0, 0x1, [@nested={0x4, 0x1}]}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x8880)
capset$auto(&(0x7f0000000080)={0x3, <r2=>0x0}, &(0x7f0000000140)={0x4, 0xffffff5e})
sendmsg$auto_NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xd0, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@NL80211_ATTR_PID={0x8, 0x52, r2}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x5e}, @NL80211_ATTR_FTM_RESPONDER={0xa4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x1f, 0x2, "2ae7af43013bb408f18830ce688abd78ca9afbf97564942016b29c"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "36978ea3eadfa74caff62a998527d2990575fd741f0cff070baf4690a9079804589daa7f9a4ce3fb667e9308cfbb1939ea853c8ddec2119c6609bcbce0164e4bd569b83810e757e2e853c763f1ffc43634f81da4a7fcc0d311345a56468a7e13456289fdfb7bea3e7942164d40"}]}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x532}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000801)
read$auto_random_fops_random(0xffffffffffffffff, &(0x7f0000000400)=""/183, 0xb7)
r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_CRIT_PROTOCOL_STOP(r0, &(0x7f00000003c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r3, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_ADMITTED_TIME={0x6, 0xd4, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004)
set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21)
sendmsg$auto_NCSI_CMD_SET_PACKAGE_MASK(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0xfebf0c436aa031f1)
seccomp$auto(0x1, 0x8, &(0x7f0000000400))
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x40c01, 0x0)
r4 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f00000000c0), 0x642, 0x0)
write$auto_split_huge_pages_fops_huge_memory(r4, &(0x7f0000000100)="3173a3", 0x3)
executing program 5:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_fd=0x5, 0x7f, 0x9c, 0x7b2, 0x1, @relative_id=0x4, 0x80}, 0x96)
bpf$auto(0x1, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x7}, 0xc)
sendmsg$auto_SMC_NETLINK_DISABLE_SEID(0xffffffffffffffff, 0x0, 0x40000)
map_shadow_stack$auto(0xfffffffffffffffd, 0x7, 0x9)
unshare$auto(0x40000080)
msgctl$auto(0xe, 0x9, 0x0)
r0 = openat$auto_binder_ctl_fops_binderfs(0xffffffffffffff9c, &(0x7f0000000000), 0x80c00, 0x0)
socket(0x28, 0x2, 0xf)
openat$auto_random_fops_random(0xffffffffffffff9c, &(0x7f0000000200), 0x484400, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000380)='/dev/dri/card1\x00', 0x109400, 0x0)
bpf$auto(0x4, &(0x7f0000001e80)=@iter_create={r0, 0x6}, 0x5)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x40000, 0x0)
r1 = openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0)
read$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(r1, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), r2)
sendmsg$auto_TIPC_NL_MEDIA_GET(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)={0x14, r3, 0x701, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x10)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
read$auto(0x3, 0x0, 0x80)
executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000001dc0)={0x0, 0xffffffffffffff1c, &(0x7f0000001d80)={&(0x7f0000001d40)={0x28, r1, 0x1, 0x70bd27, 0x25dfdbff, {}, [@ETHTOOL_A_RINGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @ETHTOOL_A_RINGS_RX_MINI={0x8, 0x7, 0x6}]}, 0x28}, 0x1, 0x0, 0x0, 0x90}, 0x80000)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0xffffffffffffffff, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket(0xa, 0x2, 0x0)
pipe$auto(0x0)
fcntl$auto(0x8000000000000001, 0x26, 0x2)
r4 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r4, 0x0, 0xe)
executing program 2:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x40000b, 0xde, 0x9b72, 0x2, 0x8000)
socket(0xa, 0x2, 0x88)
io_uring_setup$auto(0x6, 0x0)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
connect$auto(0x3, &(0x7f00000001c0)=@in={0x2, 0x4e24, @multicast1}, 0x55)
write$auto(0x3, 0x0, 0xfdef)
socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffdb5, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r0, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810)
syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000300), r0)
ioctl$auto_SNDRV_CTL_IOCTL_ELEM_LIST(0xffffffffffffffff, 0xc0505510, &(0x7f0000000340)={0xfffffffa, 0x3fc00, 0x4, @raw=0x5, &(0x7f0000000000)={@raw=0x6cd3dc16, 0x9, 0x10001, 0x7, "d0157f1da2e1b2c4464508046b8161ce335165000000000e04000000ccbe1a4ec13d465abb852246134abf87"}, "3e3e8bb7e73ba219b52c8a714934c55da88879fb30a0a166170c4bb1bc9cf1f6e9b3dbca453bff6195359c982cb5cb4c674a"})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x8000000008, 0xb, 0x40000009b71, 0xca7, 0x8000000000008000)
r2 = socket(0xa, 0x2, 0x88)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'wg0\x00', <r4=>0x0})
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r4, r3, 0x4, 0x1ff, r2, @relative_id=0x13, 0xe600}, 0xf)
bpf$auto(0x4, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffffffffffffffff, 0x0, 0x8000000000003}, 0x8)
read$auto(r0, &(0x7f0000000100)='nl80211\x00', 0xbe62)
sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030004020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000060007000100000008000200", @ANYRES32=0x0, @ANYBLOB="0c001a"], 0x68}, 0x1, 0x0, 0x0, 0x4044080}, 0x40090)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
mmap$auto(0x0, 0x2020008, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x22, 0x940, 0x1ffde, 0x3, 0x6, 0x8000002, 0x9, 0x5, 0x2, 0x4, 0xb0, 0x7, 0x2, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, [0x0, 0x0, 0x0, 0x243efbdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe6e]}, 0x1fe, 0x81)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$auto_ethtool-socket$nl_generic-ioctl$sock_SIOCGIFINDEX-sendmsg$auto_ETHTOOL_MSG_RINGS_SET-mmap$auto-close_range$auto-mmap$auto-statx$auto-close_range$auto-socket-pipe$auto-fcntl$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000001dc0)={0x0, 0xffffffffffffff1c, &(0x7f0000001d80)={&(0x7f0000001d40)={0x28, r1, 0x1, 0x70bd27, 0x25dfdbff, {}, [@ETHTOOL_A_RINGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @ETHTOOL_A_RINGS_RX_MINI={0x8, 0x7, 0x6}]}, 0x28}, 0x1, 0x0, 0x0, 0x90}, 0x80000)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0xffffffffffffffff, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket(0xa, 0x2, 0x0)
pipe$auto(0x0)
fcntl$auto(0x8000000000000001, 0x26, 0x2)
r4 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r4, 0x0, 0xe)

program did not crash
single: failed to extract reproducer
bisect: bisecting 35 programs with base timeout 1m40s
testing program (duration=1m48s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [13, 24, 19, 26, 9, 30, 30, 26, 24, 24, 7, 11, 12, 12, 6, 24, 30, 2, 8, 21, 14, 8, 4, 30, 9, 28, 6, 29, 2, 2, 11, 19, 24, 15, 30]
detailed listing:
executing program 0:
statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x44f, 0x7, 0x5, 0x7181, 0x1ffde, 0x7, 0x3, 0x8, 0x9, 0x80003, 0x4, 0x200000000001, 0x384, 0x9, 0x8, 0x10006, 0x400007f, 0x0, 0x0, 0xe, 0x22000, 0x200, 0x0, 0x84, [0x3, 0x2, 0xffffffffffffffff, 0x2, 0x0, 0x402000, 0x0, 0xe, 0x1, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x8, 0x0, 0x6, 0x0, 0x8, 0x20000, 0x8, 0x10000000000, 0xffffffffffffffff, 0x4, 0x2f, 0x0, 0x0, 0x1006, 0x400000000005b8, 0xffff, 0x0, 0x100, 0x0, 0x6, 0x2, 0x88e, 0x40, 0xfffffffffffffffc, 0x8, 0xa38, 0x4, 0x3, 0xfffffffffffffffc, 0x2, 0x8, 0x10000000007, 0xc567]}, 0x1fa, 0xd)
r0 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0)
syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x801, 0x100)
socket(0x11, 0x3, 0x2)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
getsockopt$auto(0x6, 0x107, 0x15, 0x0, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x1c8340, 0x0)
ioctl$auto(r1, 0x40085112, 0x3)
ioctl$auto__ctl_fops_dm_ioctl(r0, 0x2, &(0x7f0000000380)="dcbb5fd7054bed139fb7f9fb1dca8fe1d88f65ee057c0e6faac40d106e4f0d52edf6e31c48e8d983ae3431fa707225c2c387e1a200b38759ba8e9187200e6d044ef46a534de751b1436f20ed7071b254509700aa726ea003a1b7b9ce2313756dc84bc4556ddac694c4553d72ed13a885176712c9cff968f74bd1d14ff734ad08e60cf7e7a7dd07d2b6ca9cb21ddaae68d2969afcf6c734f6ee1c63b1c93abf32264f9ec022b64c903276298739ee8ae7ac1fe14534ad54004f39ea1b99964702554c1494e1742baeae527cf3007d50fc92e924f73b6288e5d9fd071d2fba76b2fabd3faf5229f4c3168226346e3087026d3d2c8aed398d4988971e05ff0ab9f5f2328e7f51d5061584b44581a4c83e413718d3a82f87daf87d1d5a2c32fbaa58f095fbf34ccc603b632155c27289cb5598049a7c9160dfe8a01d5a1983408082941eb39db2a09c5a34dc876dfa58a589687aa0cf6be7b5b084a8f753758332896ec3adad7a79b751908ee2b3d25131f44185a0ed8d20e9b6b8a1ed11402b02e544b67caf3177eda039e64aaf295eca7953c165fa73afca96d7750663711101c6e14e44817c6ad4b1474132dd441ca5c9d7776c871ffacbd96910496cad7010b9b526135e84")
ioctl$auto__ctl_fops_dm_ioctl(r0, 0xfffffff7effffd05, &(0x7f00000001c0))
executing program 0:
mmap$auto(0x0, 0x20009, 0x4000000000db, 0xebd, 0x3, 0xfffffffffffffffc)
io_uring_setup$auto(0x6, 0x0)
lsm_set_self_attr$auto(0x1, 0x0, 0x80, 0x0)
socket(0xa, 0x2, 0x3a)
fspick$auto(0x926, 0x0, 0x10)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket(0x10, 0x2, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x47, 0x32b, 0x1ffde, 0x7, 0x6, 0x2, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x2, 0x10000, 0x80, 0x7, 0x0, 0x7, 0x0, 0x200, 0x0, 0x84, [0x0, 0x0, 0x0, 0x50100000000000, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x5, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x1, 0x0, 0xffffffffffffffff, 0x4, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x400000000005b8, 0x0, 0x0, 0x0, 0x4000000000, 0x6, 0xffffffffffffffff, 0x0, 0x8000000000008, 0xfffffffffffffffc, 0x3, 0xa38, 0x0, 0x0, 0xfffffffffffffffc, 0x2, 0x0, 0x0, 0x0, 0x3]}, 0x1fe, 0xd)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sysfs$auto(0x2, 0x8, 0x3)
r1 = socket(0x2, 0x6, 0x0)
getsockopt$auto(r1, 0x10d, 0xc, 0x0, 0x0)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b)
r2 = getuid()
msgctl$auto(0x1, 0x5, &(0x7f0000000300)={{0x2, <r3=>0xffffffffffffffff, 0xee00, 0x80e8, 0x401, 0x0, 0xa}, 0x0, &(0x7f00000002c0)=0x7, 0x8, 0x4, 0x80000000, 0x7fff, 0x101, 0x4, 0x7ff, 0xfeff})
setresuid$auto(r2, 0x0, r3)
sendmsg$auto_NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)={0x514, 0x0, 0x4, 0x70bd2a, 0x25dfdbff, {}, [@NL80211_ATTR_FRAME={0x1a3, 0x33, "7f48b200200b70fb607288173e35e81571d7067d0b3134c5f1b7c3f3319c16e526589141816aa34f4b60f1e14ec3e194430501ce3f596fc5b3348fce862444e3513f6f029a3b983af839586ef692034a69e9700b839563d4235a2e983eb22884af9ebacb353a2ceb17a4b29dafd0c9be4e5de096441eef87c6e2d30b154c897f31e32372c7e2d08466ae39b94d3c0309aa53e150c8074bb507bc1f3c43d82c9e17e416c9cde329e62bbafecb813cf7581a5b3fe5bd104a26122ebdb9ac6cbfb641a22ae16870626a337aa93d5bcdd6f9d9dfa1d5b83afd340ea65a60c4d5e3f6b7bad3f437a099d2c6b9a2bd0d422d062188e4355fac94751b69fa36eac8d88bc6d42478532c37ff4fc986ccb4fc26cf5fc45f50481afcae2c2317b1db92444762ba629c2b5218302fa5c96c85bfa2df5810e81b883c51f8ef7822fa182d5c3a7aadfbce3ea276625b031f5c320cf8a8a8954945eeb3a39414b9fc5a78e1347bf6f8501b8d13c06c6ec957c1f45e64ca3e7687e0398e383cade8d2677af868efc0e599b0ff19ee1df3c1f4807be3a3b6e10fab42bf3b788d9735e478b567dc"}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x6}, @NL80211_ATTR_REKEY_DATA={0x34f, 0x7a, 0x0, 0x1, [@nested={0x320, 0x140, 0x0, 0x1, [@nested={0x3c, 0x137, 0x0, 0x1, [@nested={0x4, 0x73}, @nested={0x4, 0xdb}, @typed={0x8, 0xa, 0x0, 0x0, @fd=r1}, @typed={0x8, 0x131, 0x0, 0x0, @uid=r2}, @typed={0x14, 0x5a, 0x0, 0x0, @ipv6=@loopback}, @typed={0xc, 0x7a, 0x0, 0x0, @u64=0x5}]}, @nested={0x5c, 0x146, 0x0, 0x1, [@typed={0x8, 0x89, 0x0, 0x0, @ipv4=@loopback}, @nested={0x4, 0x86}, @typed={0x46, 0x127, 0x0, 0x0, @binary="a221d5c01eefc0ace62ed64bc833bd4e42015e2ed47164d91f18271d270f6b11cb077313c76a83315dc19f7a1abf9e38d0f1d5674412c25ac7d65cdc1aed31e7d0fe"}, @nested={0x4, 0xc0}]}, @nested={0x283, 0x7b, 0x0, 0x1, [@generic="e8983d49d84e4393d355dc86a4618da3f6d5ec53eefdd2f9dea00151401f436729451169b935d7003ebbbcca072ac11663e4b78507cad7031542e821c5baa7929a382b5f0244228082c1d1fc135d7b5bbca52fcee7cba3ba5691d9494be6c5b719c1482b23f67dea80176ed4dd280391637089c109fb918f66f192c9ab3ba8d5643cdbf8d0418f3660574c88ab3519292f2e1bbe364418336295304abd7c3cfb56e5504341189321d1322c1c93cf908bbc0c74d3275a634c861e154184c4e94fbd57991512744d6479f19f5d51835533e6b95e423db2e602a1af28bccb51459da12ea865d9adcae3b4be980efd19db", @nested={0x4, 0xce}, @generic="ea7045dd86acd9fa48e6f9aa3a70ddc23a6bbb8cf4b37eeef9c7b18d83170a2347eef18fc6c0958ecf9eb662a1d1acdfc7c548d07721b383e25d46e7579452784deab1f43b7c3a9befda3d91b0fbfa0520c045dcf0ebe948019af0f8cd41db5460514322eb898130b31788f35fc85d7fb069afa360b8abe06838c1432e18949d3e4e705f478d8b74cbb93cee7a295635dd46b94137c6200b728ab674963368bec2733ee6e87289d486959ed8532e76172335133a32f51f7b6acefd306acf6931f5fa72ed462e02a8697fbe27b6e47bf01edf164baa57d965c208da8fe15cff", @generic="62767ff57be15361d5f3", @generic="f11b82c4a59077be7edb9c7e7c14e79f60e61ec1314b56d9c3081d8fc575a56ea39c39b3473bb4804a5e220612d25798ec2d4b37c2ff077ae8712b25722cfe32c9c280bee2652d04a75129668dbe7eeb9a11af9647353574b25f43181ffb8b4c1526d7c4464efa03d99bbc22f3956a5139f509588226c93a2ddbd4f0cd7f72a368f756272f76d987532992b78a44a0e7a0e6daaec10c1aee83e1a6f47e0e364356b4a1"]}]}, @nested={0x4, 0x14d, 0x0, 0x1, [@generic]}, @generic="2d945dfdfc273c35ac4f6a9dd709a22d659e9dc3e602ee5217942ff5387500e368ab3f6a7bedca"]}, @NL80211_ATTR_DISABLE_EHT={0x4}]}, 0x514}}, 0x4c090)
unshare$auto(0x40000080)
close_range$auto(0x2, 0x8, 0x0)
clock_gettime$auto(0x0, &(0x7f0000000000)={0x6, 0x10001})
capget$auto(&(0x7f0000000040)={0x5, 0xffffffffffffffff}, &(0x7f0000000080)={0x3, 0x8, 0xc0000})
executing program 0:
ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0)
sendfile$auto(0x2, 0x3, &(0x7f00000004c0), 0x7)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
munmap$auto(0x3, 0x4da)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
munmap$auto(0x5, 0xa)
r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff)
sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000000c0)={0x30, r1, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [@nested={0xc, 0x1, 0x0, 0x1, [@nested={0x8, 0x1, 0x0, 0x1, [@generic='\x00\x00\x00\x00']}]}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}]}, 0x30}, 0x1, 0x0, 0x0, 0x4}, 0x8880)
capset$auto(&(0x7f0000000080)={0x3, <r2=>0x0}, &(0x7f0000000140)={0x4, 0xffffff5e})
sendmsg$auto_NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xd0, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@NL80211_ATTR_PID={0x8, 0x52, r2}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x5e}, @NL80211_ATTR_FTM_RESPONDER={0xa4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x1f, 0x2, "2ae7af43013bb408f18830ce688abd78ca9afbf97564942016b29c"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "36978ea3eadfa74caff62a998527d2990575fd741f0cff070baf4690a9079804589daa7f9a4ce3fb667e9308cfbb1939ea853c8ddec2119c6609bcbce0164e4bd569b83810e757e2e853c763f1ffc43634f81da4a7fcc0d311345a56468a7e13456289fdfb7bea3e7942164d40"}]}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x532}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000801)
read$auto_random_fops_random(0xffffffffffffffff, &(0x7f0000000400)=""/183, 0xb7)
r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_CRIT_PROTOCOL_STOP(r0, &(0x7f00000003c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r3, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_ADMITTED_TIME={0x6, 0xd4, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004)
set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21)
sendmsg$auto_NCSI_CMD_SET_PACKAGE_MASK(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0xfebf0c436aa031f1)
seccomp$auto(0x1, 0x8, &(0x7f0000000400))
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x40c01, 0x0)
r4 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f00000000c0), 0x642, 0x0)
write$auto_split_huge_pages_fops_huge_memory(r4, &(0x7f0000000100)="3173a3", 0x3)
executing program 0:
r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/hung_task_check_interval_secs\x00', 0x88542, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/vm/overcommit_memory\x00', 0xf22437c730143eb6, 0x0)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/conf/wg0/drop_gratuitous_arp\x00', 0x202, 0x0)
sendfile$auto(r2, r2, 0x0, 0x7fffe000)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x6, 0x0)
mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100)
copy_file_range$auto(r3, 0x0, r3, &(0x7f0000000180)=0x80, 0x21c1, 0x0)
mmap$auto(0x0, 0x20009, 0xe1, 0xeb1, 0x40000000000a5, 0x8000)
r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r6=>0x0})
sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010029bd7020fddbdf250700000008000300", @ANYRES32=r6], 0x24}, 0x1, 0x0, 0x0, 0x20040010}, 0x20000084)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd)
socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL80211_CMD_SET_WIPHY(r7, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8001}, 0x40080)
setrlimit$auto(0x1000000007, 0x0)
open_tree$auto(0xffffffffffffffff, 0x0, 0x1001)
pipe2$auto(0x0, 0x7d)
ioctl$sock_SIOCGIFINDEX(r1, 0x5452, 0x0)
write$auto(r0, 0x0, 0x0)
executing program 0:
userfaultfd$auto(0x1)
ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/softnet_stat\x00', 0x0, 0x0)
sendfile$auto(0x2, 0x3, &(0x7f00000004c0), 0x7)
munmap$auto(0x5, 0xa)
syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xd0, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@NL80211_ATTR_PID={0x8}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x5e}, @NL80211_ATTR_FTM_RESPONDER={0xa4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x1f, 0x2, "2ae7af43013bb408f18830ce688abd78ca9afbf97564942016b29c"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "36978ea3eadfa74caff62a998527d2990575fd741f0cff070baf4690a9079804589daa7f9a4ce3fb667e9308cfbb1939ea853c8ddec2119c6609bcbce0164e4bd569b83810e757e2e853c763f1ffc43634f81da4a7fcc0d311345a56468a7e13456289fdfb7bea3e7942164d40"}]}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x532}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000801)
r0 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f00000000c0), 0x642, 0x0)
write$auto_split_huge_pages_fops_huge_memory(r0, &(0x7f0000000100)="3173a3", 0x3)
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r1 = syz_genetlink_get_family_id$auto_gtp(&(0x7f0000000040), r0)
r2 = openat$auto_generic(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/ieee80211/phy9/netdev:wlan1/stations/08:02:11:00:00:00/flags\x00', 0x408800, 0x0)
sendmsg$auto_GTP_CMD_ECHOREQ(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2020}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012dbd7000fbdbdf250300000008000200ff7f000014000b00fc000000000000000000000000000001080004000000000014400c00fe8000000000000000000000000000bb08000200070000000c0003000000000000000000080007006f0d718abd82f12e274086eabc09f4", @ANYRES32=r2, @ANYBLOB='\b\x00\t\x00\n\x00\x00\x00'], 0x70}, 0x1, 0x0, 0x0, 0x2000800}, 0x4000)
madvise$auto(0x6, 0xffffffffffff0001, 0x702b)
munmap$auto(0x20001000, 0x4)
connect$auto(0x3, 0x0, 0x54)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mmap$auto(0x0, 0x1000000004, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
mincore$auto(0x1000, 0x8, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
sigaltstack$auto(&(0x7f0000000080)={0x0, 0x80000002}, 0x0)
sigaltstack$auto(&(0x7f0000000080)={0x0, 0x80000002}, 0x0)
sendmsg$auto_NL80211_CMD_GET_FTM_RESPONDER_STATS(r0, 0x0, 0x20000000)
socket(0x0, 0x800, 0x92d)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
pwrite64$auto(0xc8, &(0x7f0000000080)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99??\x00\x00\x00\x01\xfd\xfd\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\x00\xff\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0xfdef, 0x3)
r3 = io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x403, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
move_pages$auto(0x1, 0x3, 0x0, 0x0, 0x0, 0x8000000000000000)
socket(0x2, 0x1, 0x0)
socket(0x21, 0x3, 0x95)
ioctl$auto(0x8000000000000001, 0x89ef, 0x9)
read$auto_mon_fops_text_t_mon_text(0xffffffffffffffff, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_NL80211_CMD_START_SCHED_SCAN(r3, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002abd7000fbdbdf254b000000060066004e200000040067001c00e700b82cad0c51f2a83adcfca107dd3f5f75695d36947dbd531ecfb154d85fcfa6e1"], 0x44}, 0x1, 0x0, 0x0, 0x20040000}, 0x40810)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/workqueue/scsi_tmf_0/max_active\x00', 0x123902, 0x0)
write$auto(r4, &(0x7f00000001c0)='0\"\xfb]$|\xcb1j\xeb0B|d\x1e\xec\x99\xb9\xfd\xd3\x89O\x9f\xac+\xf6\xd7/\xc9\xe9x\xd4\xf3\xc8\xf5\x7fW\xd3\xa6\x96\xd3^\xb8\xb4gq%H\xcc\x88r\xeaO\x8e\x10\t\xc7 P\xcf\xa7H\b\x04\x87\x98\x16`\xa3S\xd46\x10Wf\xc9<7\xcf\xc9\xf1\b\x9b\x8c\x9fu;\xc48(u\xf9Bx\n\xafW%/bBT\xa9\a\xed\xd2H4\x96\xa3U\xca\xf1\xef\x14dU\x15\x16\xa7\xdd\x01\x0e\xda\xc8\xd3\x00\xc5\b\x1a\xb0mN\x01\xb1\xc8B.U\xd1\x02\'\x9a\'\xf1;\xedJ\xf6@\xac\a\xf5\xf5 |\x1ex\xb7@=\xad\xe7\xff\xd6\xc1\xcf\x11\x0f\x99+v\x873\xc4\x17]\x17!]ct\xff\t\xb2A\x0f\x91\x02\xca&\x91<x\xe6\xc3q{KWa\xc6\x7f\xc7j\xa7\xaan8\xc3\xb5%\x8d(\x85\xcc&GH\xf4\x06\xda\xc4\xcc\xb5U?\xf3a(yG\xe2\xd7<W\xa1\xa5\xf2\x12\xdb\xca\xca\xf3\xd9\x95\x1d\xe5\x11\xcb\xdf\x85\xa3vU]?M\xd4\x9d\x10\xcb\x15\x92gp%\xae\x14`da\xc0', 0x2)
executing program 32:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r1 = syz_genetlink_get_family_id$auto_gtp(&(0x7f0000000040), r0)
r2 = openat$auto_generic(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/ieee80211/phy9/netdev:wlan1/stations/08:02:11:00:00:00/flags\x00', 0x408800, 0x0)
sendmsg$auto_GTP_CMD_ECHOREQ(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2020}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00012dbd7000fbdbdf250300000008000200ff7f000014000b00fc000000000000000000000000000001080004000000000014400c00fe8000000000000000000000000000bb08000200070000000c0003000000000000000000080007006f0d718abd82f12e274086eabc09f4", @ANYRES32=r2, @ANYBLOB='\b\x00\t\x00\n\x00\x00\x00'], 0x70}, 0x1, 0x0, 0x0, 0x2000800}, 0x4000)
madvise$auto(0x6, 0xffffffffffff0001, 0x702b)
munmap$auto(0x20001000, 0x4)
connect$auto(0x3, 0x0, 0x54)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mmap$auto(0x0, 0x1000000004, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
mincore$auto(0x1000, 0x8, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
sigaltstack$auto(&(0x7f0000000080)={0x0, 0x80000002}, 0x0)
sigaltstack$auto(&(0x7f0000000080)={0x0, 0x80000002}, 0x0)
sendmsg$auto_NL80211_CMD_GET_FTM_RESPONDER_STATS(r0, 0x0, 0x20000000)
socket(0x0, 0x800, 0x92d)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
pwrite64$auto(0xc8, &(0x7f0000000080)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99??\x00\x00\x00\x01\xfd\xfd\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\x00\xff\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0xfdef, 0x3)
r3 = io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x403, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
move_pages$auto(0x1, 0x3, 0x0, 0x0, 0x0, 0x8000000000000000)
socket(0x2, 0x1, 0x0)
socket(0x21, 0x3, 0x95)
ioctl$auto(0x8000000000000001, 0x89ef, 0x9)
read$auto_mon_fops_text_t_mon_text(0xffffffffffffffff, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_NL80211_CMD_START_SCHED_SCAN(r3, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002abd7000fbdbdf254b000000060066004e200000040067001c00e700b82cad0c51f2a83adcfca107dd3f5f75695d36947dbd531ecfb154d85fcfa6e1"], 0x44}, 0x1, 0x0, 0x0, 0x20040000}, 0x40810)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/workqueue/scsi_tmf_0/max_active\x00', 0x123902, 0x0)
write$auto(r4, &(0x7f00000001c0)='0\"\xfb]$|\xcb1j\xeb0B|d\x1e\xec\x99\xb9\xfd\xd3\x89O\x9f\xac+\xf6\xd7/\xc9\xe9x\xd4\xf3\xc8\xf5\x7fW\xd3\xa6\x96\xd3^\xb8\xb4gq%H\xcc\x88r\xeaO\x8e\x10\t\xc7 P\xcf\xa7H\b\x04\x87\x98\x16`\xa3S\xd46\x10Wf\xc9<7\xcf\xc9\xf1\b\x9b\x8c\x9fu;\xc48(u\xf9Bx\n\xafW%/bBT\xa9\a\xed\xd2H4\x96\xa3U\xca\xf1\xef\x14dU\x15\x16\xa7\xdd\x01\x0e\xda\xc8\xd3\x00\xc5\b\x1a\xb0mN\x01\xb1\xc8B.U\xd1\x02\'\x9a\'\xf1;\xedJ\xf6@\xac\a\xf5\xf5 |\x1ex\xb7@=\xad\xe7\xff\xd6\xc1\xcf\x11\x0f\x99+v\x873\xc4\x17]\x17!]ct\xff\t\xb2A\x0f\x91\x02\xca&\x91<x\xe6\xc3q{KWa\xc6\x7f\xc7j\xa7\xaan8\xc3\xb5%\x8d(\x85\xcc&GH\xf4\x06\xda\xc4\xcc\xb5U?\xf3a(yG\xe2\xd7<W\xa1\xa5\xf2\x12\xdb\xca\xca\xf3\xd9\x95\x1d\xe5\x11\xcb\xdf\x85\xa3vU]?M\xd4\x9d\x10\xcb\x15\x92gp%\xae\x14`da\xc0', 0x2)
executing program 1:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_fd=0x5, 0x7f, 0x9c, 0x7b2, 0x1, @relative_id=0x4, 0x80}, 0x96)
bpf$auto(0x1, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x7}, 0xc)
sendmsg$auto_SMC_NETLINK_DISABLE_SEID(0xffffffffffffffff, 0x0, 0x40000)
map_shadow_stack$auto(0xfffffffffffffffd, 0x7, 0x9)
unshare$auto(0x40000080)
msgctl$auto(0xe, 0x9, 0x0)
r0 = openat$auto_binder_ctl_fops_binderfs(0xffffffffffffff9c, &(0x7f0000000000), 0x80c00, 0x0)
socket(0x28, 0x2, 0xf)
openat$auto_random_fops_random(0xffffffffffffff9c, &(0x7f0000000200), 0x484400, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000380)='/dev/dri/card1\x00', 0x109400, 0x0)
bpf$auto(0x4, &(0x7f0000001e80)=@iter_create={r0, 0x6}, 0x5)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x40000, 0x0)
r1 = openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0)
read$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(r1, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), r2)
sendmsg$auto_TIPC_NL_MEDIA_GET(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)={0x14, r3, 0x701, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x10)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
read$auto(0x3, 0x0, 0x80)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x40802, 0x0)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd)
executing program 1:
mmap$auto(0x0, 0x20009, 0x4000000000db, 0xebd, 0x3, 0xfffffffffffffffc)
io_uring_setup$auto(0x6, 0x0)
lsm_set_self_attr$auto(0x1, 0x0, 0x80, 0x0)
socket(0xa, 0x2, 0x3a)
fspick$auto(0x926, 0x0, 0x10)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket(0x10, 0x2, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x47, 0x32b, 0x1ffde, 0x7, 0x6, 0x2, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x2, 0x10000, 0x80, 0x7, 0x0, 0x7, 0x0, 0x200, 0x0, 0x84, [0x0, 0x0, 0x0, 0x50100000000000, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x5, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x1, 0x0, 0xffffffffffffffff, 0x4, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x400000000005b8, 0x0, 0x0, 0x0, 0x4000000000, 0x6, 0xffffffffffffffff, 0x0, 0x8000000000008, 0xfffffffffffffffc, 0x3, 0xa38, 0x0, 0x0, 0xfffffffffffffffc, 0x2, 0x0, 0x0, 0x0, 0x3]}, 0x1fe, 0xd)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sysfs$auto(0x2, 0x8, 0x3)
r1 = socket(0x2, 0x6, 0x0)
getsockopt$auto(r1, 0x10d, 0xc, 0x0, 0x0)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b)
r2 = getuid()
msgctl$auto(0x1, 0x5, &(0x7f0000000300)={{0x2, <r3=>0xffffffffffffffff, 0xee00, 0x80e8, 0x401, 0x0, 0xa}, 0x0, &(0x7f00000002c0)=0x7, 0x8, 0x4, 0x80000000, 0x7fff, 0x101, 0x4, 0x7ff, 0xfeff})
setresuid$auto(r2, 0x0, r3)
sendmsg$auto_NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)={0x4e0, 0x0, 0x4, 0x70bd2a, 0x25dfdbff, {}, [@NL80211_ATTR_FRAME={0x1a3, 0x33, "7f48b200200b70fb607288173e35e81571d7067d0b3134c5f1b7c3f3319c16e526589141816aa34f4b60f1e14ec3e194430501ce3f596fc5b3348fce862444e3513f6f029a3b983af839586ef692034a69e9700b839563d4235a2e983eb22884af9ebacb353a2ceb17a4b29dafd0c9be4e5de096441eef87c6e2d30b154c897f31e32372c7e2d08466ae39b94d3c0309aa53e150c8074bb507bc1f3c43d82c9e17e416c9cde329e62bbafecb813cf7581a5b3fe5bd104a26122ebdb9ac6cbfb641a22ae16870626a337aa93d5bcdd6f9d9dfa1d5b83afd340ea65a60c4d5e3f6b7bad3f437a099d2c6b9a2bd0d422d062188e4355fac94751b69fa36eac8d88bc6d42478532c37ff4fc986ccb4fc26cf5fc45f50481afcae2c2317b1db92444762ba629c2b5218302fa5c96c85bfa2df5810e81b883c51f8ef7822fa182d5c3a7aadfbce3ea276625b031f5c320cf8a8a8954945eeb3a39414b9fc5a78e1347bf6f8501b8d13c06c6ec957c1f45e64ca3e7687e0398e383cade8d2677af868efc0e599b0ff19ee1df3c1f4807be3a3b6e10fab42bf3b788d9735e478b567dc"}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x6}, @NL80211_ATTR_REKEY_DATA={0x31b, 0x7a, 0x0, 0x1, [@nested={0x2ec, 0x140, 0x0, 0x1, [@nested={0x3c, 0x137, 0x0, 0x1, [@nested={0x4, 0x73}, @nested={0x4, 0xdb}, @typed={0x8, 0xa, 0x0, 0x0, @fd=r1}, @typed={0x8, 0x131, 0x0, 0x0, @uid=r2}, @typed={0x14, 0x5a, 0x0, 0x0, @ipv6=@loopback}, @typed={0xc, 0x7a, 0x0, 0x0, @u64=0x5}]}, @nested={0x5c, 0x146, 0x0, 0x1, [@typed={0x8, 0x89, 0x0, 0x0, @ipv4=@loopback}, @nested={0x4, 0x86}, @typed={0x46, 0x127, 0x0, 0x0, @binary="a221d5c01eefc0ace62ed64bc833bd4e42015e2ed47164d91f18271d270f6b11cb077313c76a83315dc19f7a1abf9e38d0f1d5674412c25ac7d65cdc1aed31e7d0fe"}, @nested={0x4, 0xc0}]}, @nested={0x24e, 0x7b, 0x0, 0x1, [@generic="e8983d49d84e4393d355dc86a4618da3f6d5ec53eefdd2f9dea00151401f436729451169b935d7003ebbbcca072ac11663e4b78507cad7031542e821c5baa7929a382b5f0244228082c1d1fc135d7b5bbca52fcee7cba3ba5691d9494be6c5b719c1482b23f67dea80176ed4dd280391637089c109fb918f66f192c9ab3ba8d5643cdbf8d0418f3660574c88ab3519292f2e1bbe364418336295304abd7c3cfb56e5504341189321d1322c1c93cf908bbc0c74d3275a634c861e154184c4e94fbd57991512744d6479f19f5d51835533e6b95e423db2e602a1af28bccb51459da12ea865d9adcae3b4be980efd19db", @nested={0x4, 0xce}, @generic="ea7045dd86acd9fa48e6f9aa3a70ddc23a6bbb8cf4b37eeef9c7b18d83170a2347eef18fc6c0958ecf9eb662a1d1acdfc7c548d07721b383e25d46e7579452784deab1f43b7c3a9befda3d91b0fbfa0520c045dcf0ebe948019af0f8cd41db5460514322eb898130b31788f35fc85d7fb069afa360b8abe06838c1432e18949d3e4e705f478d8b74cbb93cee7a295635dd46b94137c6200b728ab674963368bec2733ee6e87289d4", @generic="62767ff57be15361d5f3", @generic="f11b82c4a59077be7edb9c7e7c14e79f60e61ec1314b56d9c3081d8fc575a56ea39c39b3473bb4804a5e220612d25798ec2d4b37c2ff077ae8712b25722cfe32c9c280bee2652d04a75129668dbe7eeb9a11af9647353574b25f43181ffb8b4c1526d7c4464efa03d99bbc22f3956a5139f509588226c93a2ddbd4f0cd7f72a368f756272f76d987532992b78a44a0e7a0e6daaec10c1aee83e1a6f47e0e364356b4a13228"]}]}, @nested={0x4, 0x14d, 0x0, 0x1, [@generic]}, @generic="2d945dfdfc273c35ac4f6a9dd709a22d659e9dc3e602ee5217942ff5387500e368ab3f6a7bedca"]}, @NL80211_ATTR_DISABLE_EHT={0x4}]}, 0x4e0}}, 0x4c090)
unshare$auto(0x40000080)
close_range$auto(0x2, 0x8, 0x0)
clock_gettime$auto(0x0, &(0x7f0000000000)={0x6, 0x10001})
capget$auto(&(0x7f0000000040)={0x5, 0xffffffffffffffff}, &(0x7f0000000080)={0x3, 0x8, 0xc0000})
executing program 1:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_fd=0x5, 0x7f, 0x9c, 0x7b2, 0x1, @relative_id=0x4, 0x80}, 0x96)
bpf$auto(0x1, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x7}, 0xc)
sendmsg$auto_SMC_NETLINK_DISABLE_SEID(0xffffffffffffffff, 0x0, 0x40000)
map_shadow_stack$auto(0xfffffffffffffffd, 0x7, 0x9)
unshare$auto(0x40000080)
msgctl$auto(0xe, 0x9, 0x0)
r0 = openat$auto_binder_ctl_fops_binderfs(0xffffffffffffff9c, &(0x7f0000000000), 0x80c00, 0x0)
socket(0x28, 0x2, 0xf)
openat$auto_random_fops_random(0xffffffffffffff9c, &(0x7f0000000200), 0x484400, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000380)='/dev/dri/card1\x00', 0x109400, 0x0)
bpf$auto(0x4, &(0x7f0000001e80)=@iter_create={r0, 0x6}, 0x5)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x40000, 0x0)
r1 = openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0)
read$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(r1, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), r2)
sendmsg$auto_TIPC_NL_MEDIA_GET(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)={0x14, r3, 0x701, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x10)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
read$auto(0x3, 0x0, 0x80)
executing program 1:
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
socket(0x10, 0x2, 0xc)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd)
ioperm$auto(0x7, 0x6, 0xffffffffffff4064)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6)
syslog$auto(0x2, &(0x7f0000000000)='-#:\x00[\xda\xe2\xc3L\xd30{Q\xecvP\x93\x87\x1e\xdd\x95\x1b\x19qI\vv\xacO*X0V\x93\x85\xff\xb2\xdd\xd8\xd5Kh\xfa\xa3\xc7\x9b}\xec\x1e\xdc\x80\x1fR\xc30\x9a\xae\\\'\x14\x98\x98\xc3iDv\x97\xdfTMt\xe5?\xd0\xcc\xb8\xfa\a\x7f\x7f\x00\x00\x00\x00\x00\x00\x00n_\xb1\x1c\x7f\xb0y\xec\xe2\xcc\x1a/\xfa{d\xe4BN\x9c\xb9\x87.\xfe\xe7&1j\xe6]\xc3\x9anE6\x81\xe4\xec\xfa\xefE\xf7\x17h\xf4pumR\xd55Dd(\x0f(b\x1aD\xf4\x03\xc3\\\xdf\x8f\xa8\x82\xab\x102\xd1\xaf\xcaT\x86\x171\x11Q4\x94\x9d\xf5\x9c\xe3\xaa\xf3\xd26i\xf9\xb2\xd9T\xc9\xfd\xba\x91^\x19\x95\xde\xbc \xa8\x98\xc3\xed\xe9,{\xd4\xa1\xe4p\xcf\b\f\xb4\xbe_\xf2\xbe\xef\v\xf1d\xdd\x0e\xfc\xc3\xeaqt\x94\xe7\xce\xf1\xc5\x94~\xf6Cx\x0e\x98\xc7gE>*\x9c%\xa0\\\x14\t\tv.\x1c\x1a\xf1\xba\xc0>\xf4Hc\xc3\xfa\x033\x8f\xb9(\n/\xcdo\xc2', 0xcf)
executing program 1:
userfaultfd$auto(0x1)
ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/softnet_stat\x00', 0x0, 0x0)
sendfile$auto(0x2, 0x3, &(0x7f00000004c0), 0x7)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
munmap$auto(0x3, 0x4da)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
munmap$auto(0x5, 0xa)
sendmsg$auto_NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xd0, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@NL80211_ATTR_PID={0x8}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x5e}, @NL80211_ATTR_FTM_RESPONDER={0xa4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x1f, 0x2, "2ae7af43013bb408f18830ce688abd78ca9afbf97564942016b29c"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "36978ea3eadfa74caff62a998527d2990575fd741f0cff070baf4690a9079804589daa7f9a4ce3fb667e9308cfbb1939ea853c8ddec2119c6609bcbce0164e4bd569b83810e757e2e853c763f1ffc43634f81da4a7fcc0d311345a56468a7e13456289fdfb7bea3e7942164d40"}]}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x532}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000801)
r1 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f00000000c0), 0x642, 0x0)
write$auto_split_huge_pages_fops_huge_memory(r1, &(0x7f0000000100)="3173a3", 0x3)
executing program 1:
open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100)
open(&(0x7f0000000080)='./file0\x00', 0xeee00, 0x31)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x2, 0x0)
move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000)
mknod$auto(&(0x7f0000000180)=':,\x00', 0xc9, 0xfffffffa)
execve$auto(&(0x7f0000000040)=':,\x00', 0x0, 0x0)
shutdown$auto(0x200000003, 0x2)
open(0x0, 0x4242, 0xe1d2b27bdc14aabc)
socket(0x2, 0x3, 0x1)
ioctl$auto(0x1, 0x890c, 0x8)
executing program 33:
open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100)
open(&(0x7f0000000080)='./file0\x00', 0xeee00, 0x31)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x2, 0x0)
move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000)
mknod$auto(&(0x7f0000000180)=':,\x00', 0xc9, 0xfffffffa)
execve$auto(&(0x7f0000000040)=':,\x00', 0x0, 0x0)
shutdown$auto(0x200000003, 0x2)
open(0x0, 0x4242, 0xe1d2b27bdc14aabc)
socket(0x2, 0x3, 0x1)
ioctl$auto(0x1, 0x890c, 0x8)
executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/rpc/use-gss-proxy\x00', 0x0, 0x0)
read$auto_proc_reg_file_ops_compat_inode(r1, 0x0, 0x300)
openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/maps\x00', 0x200, 0x0)
r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000040), r0)
sendmsg$auto_L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="01002abd70002502000000000000"], 0x14}, 0x1, 0x0, 0x0, 0x24000000}, 0x20000000)
executing program 2:
mmap$auto(0x0, 0x20009, 0x4000000000db, 0xebd, 0x3, 0xfffffffffffffffc)
io_uring_setup$auto(0x6, 0x0)
lsm_set_self_attr$auto(0x1, 0x0, 0x80, 0x0)
socket(0xa, 0x2, 0x3a)
fspick$auto(0x926, 0x0, 0x10)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket(0x10, 0x2, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x47, 0x32b, 0x1ffde, 0x7, 0x6, 0x2, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x2, 0x10000, 0x80, 0x7, 0x0, 0x7, 0x0, 0x200, 0x0, 0x84, [0x0, 0x0, 0x0, 0x50100000000000, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x5, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x1, 0x0, 0xffffffffffffffff, 0x4, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x400000000005b8, 0x0, 0x0, 0x0, 0x4000000000, 0x6, 0xffffffffffffffff, 0x0, 0x8000000000008, 0xfffffffffffffffc, 0x3, 0xa38, 0x0, 0x0, 0xfffffffffffffffc, 0x2, 0x0, 0x0, 0x0, 0x3]}, 0x1fe, 0xd)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sysfs$auto(0x2, 0x8, 0x3)
r1 = socket(0x2, 0x6, 0x0)
getsockopt$auto(r1, 0x10d, 0xc, 0x0, 0x0)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b)
r2 = getuid()
msgctl$auto(0x1, 0x5, &(0x7f0000000300)={{0x2, <r3=>0xffffffffffffffff, 0xee00, 0x80e8, 0x401, 0x0, 0xa}, 0x0, &(0x7f00000002c0)=0x7, 0x8, 0x4, 0x80000000, 0x7fff, 0x101, 0x4, 0x7ff, 0xfeff})
setresuid$auto(r2, 0x0, r3)
sendmsg$auto_NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)={0x508, 0x0, 0x4, 0x70bd2a, 0x25dfdbff, {}, [@NL80211_ATTR_FRAME={0x1a3, 0x33, "7f48b200200b70fb607288173e35e81571d7067d0b3134c5f1b7c3f3319c16e526589141816aa34f4b60f1e14ec3e194430501ce3f596fc5b3348fce862444e3513f6f029a3b983af839586ef692034a69e9700b839563d4235a2e983eb22884af9ebacb353a2ceb17a4b29dafd0c9be4e5de096441eef87c6e2d30b154c897f31e32372c7e2d08466ae39b94d3c0309aa53e150c8074bb507bc1f3c43d82c9e17e416c9cde329e62bbafecb813cf7581a5b3fe5bd104a26122ebdb9ac6cbfb641a22ae16870626a337aa93d5bcdd6f9d9dfa1d5b83afd340ea65a60c4d5e3f6b7bad3f437a099d2c6b9a2bd0d422d062188e4355fac94751b69fa36eac8d88bc6d42478532c37ff4fc986ccb4fc26cf5fc45f50481afcae2c2317b1db92444762ba629c2b5218302fa5c96c85bfa2df5810e81b883c51f8ef7822fa182d5c3a7aadfbce3ea276625b031f5c320cf8a8a8954945eeb3a39414b9fc5a78e1347bf6f8501b8d13c06c6ec957c1f45e64ca3e7687e0398e383cade8d2677af868efc0e599b0ff19ee1df3c1f4807be3a3b6e10fab42bf3b788d9735e478b567dc"}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x6}, @NL80211_ATTR_REKEY_DATA={0x343, 0x7a, 0x0, 0x1, [@nested={0x314, 0x140, 0x0, 0x1, [@nested={0x3c, 0x137, 0x0, 0x1, [@nested={0x4, 0x73}, @nested={0x4, 0xdb}, @typed={0x8, 0xa, 0x0, 0x0, @fd=r1}, @typed={0x8, 0x131, 0x0, 0x0, @uid=r2}, @typed={0x14, 0x5a, 0x0, 0x0, @ipv6=@loopback}, @typed={0xc, 0x7a, 0x0, 0x0, @u64=0x5}]}, @nested={0x5c, 0x146, 0x0, 0x1, [@typed={0x8, 0x89, 0x0, 0x0, @ipv4=@loopback}, @nested={0x4, 0x86}, @typed={0x46, 0x127, 0x0, 0x0, @binary="a221d5c01eefc0ace62ed64bc833bd4e42015e2ed47164d91f18271d270f6b11cb077313c76a83315dc19f7a1abf9e38d0f1d5674412c25ac7d65cdc1aed31e7d0fe"}, @nested={0x4, 0xc0}]}, @nested={0x278, 0x7b, 0x0, 0x1, [@generic="e8983d49d84e4393d355dc86a4618da3f6d5ec53eefdd2f9dea00151401f436729451169b935d7003ebbbcca072ac11663e4b78507cad7031542e821c5baa7929a382b5f0244228082c1d1fc135d7b5bbca52fcee7cba3ba5691d9494be6c5b719c1482b23f67dea80176ed4dd280391637089c109fb918f66f192c9ab3ba8d5643cdbf8d0418f3660574c88ab3519292f2e1bbe364418336295304abd7c3cfb56e5504341189321d1322c1c93cf908bbc0c74d3275a634c861e154184c4e94fbd57991512744d6479f19f5d51835533e6b95e423db2e602a1af28bccb51459da12ea865d9adcae3b4be980efd19db", @nested={0x4, 0xce}, @generic="ea7045dd86acd9fa48e6f9aa3a70ddc23a6bbb8cf4b37eeef9c7b18d83170a2347eef18fc6c0958ecf9eb662a1d1acdfc7c548d07721b383e25d46e7579452784deab1f43b7c3a9befda3d91b0fbfa0520c045dcf0ebe948019af0f8cd41db5460514322eb898130b31788f35fc85d7fb069afa360b8abe06838c1432e18949d3e4e705f478d8b74cbb93cee7a295635dd46b94137c6200b728ab674963368bec2733ee6e87289d486959ed8532e76172335133a32f51f7b6acefd306acf6931f5fa72ed462e02a8697fbe27b6e47bf01edf", @generic="62767ff57be15361d5f3", @generic="f11b82c4a59077be7edb9c7e7c14e79f60e61ec1314b56d9c3081d8fc575a56ea39c39b3473bb4804a5e220612d25798ec2d4b37c2ff077ae8712b25722cfe32c9c280bee2652d04a75129668dbe7eeb9a11af9647353574b25f43181ffb8b4c1526d7c4464efa03d99bbc22f3956a5139f509588226c93a2ddbd4f0cd7f72a368f756272f76d987532992b78a44a0e7a0e6daaec10c1aee83e1a6f47e0e364356b4a13228"]}]}, @nested={0x4, 0x14d, 0x0, 0x1, [@generic]}, @generic="2d945dfdfc273c35ac4f6a9dd709a22d659e9dc3e602ee5217942ff5387500e368ab3f6a7bedca"]}, @NL80211_ATTR_DISABLE_EHT={0x4}]}, 0x508}}, 0x4c090)
unshare$auto(0x40000080)
close_range$auto(0x2, 0x8, 0x0)
clock_gettime$auto(0x0, &(0x7f0000000000)={0x6, 0x10001})
capget$auto(&(0x7f0000000040)={0x5, 0xffffffffffffffff}, &(0x7f0000000080)={0x3, 0x8, 0xc0000})
executing program 4:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x40000b, 0xde, 0x9b72, 0x2, 0x8000)
socket(0xa, 0x2, 0x88)
io_uring_setup$auto(0x6, 0x0)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
connect$auto(0x3, &(0x7f00000001c0)=@in={0x2, 0x4e24, @multicast1}, 0x55)
write$auto(0x3, 0x0, 0xfdef)
socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffdb5, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r0, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810)
syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000300), r0)
ioctl$auto_SNDRV_CTL_IOCTL_ELEM_LIST(0xffffffffffffffff, 0xc0505510, &(0x7f0000000340)={0xfffffffa, 0x3fc00, 0x4, @raw=0x5, &(0x7f0000000000)={@raw=0x6cd3dc16, 0x9, 0x10001, 0x7, "d0157f1da2e1b2c4464508046b8161ce335165000000000e04000000ccbe1a4ec13d465abb852246134abf87"}, "3e3e8bb7e73ba219b52c8a714934c55da88879fb30a0a166170c4bb1bc9cf1f6e9b3dbca453bff6195359c982cb5cb4c674a"})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x8000000008, 0xb, 0x40000009b71, 0xca7, 0x8000000000008000)
r2 = socket(0xa, 0x2, 0x88)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'wg0\x00', <r4=>0x0})
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r4, r3, 0x4, 0x1ff, r2, @relative_id=0x13, 0xe600}, 0xf)
bpf$auto(0x4, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffffffffffffffff, 0x0, 0x8000000000003}, 0x8)
read$auto(r0, &(0x7f0000000100)='nl80211\x00', 0xbe62)
sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030004020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000060007000100000008000200", @ANYRES32=0x0, @ANYBLOB="0c001a"], 0x68}, 0x1, 0x0, 0x0, 0x4044080}, 0x40090)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
mmap$auto(0x0, 0x2020008, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x22, 0x940, 0x1ffde, 0x3, 0x6, 0x8000002, 0x9, 0x5, 0x2, 0x4, 0xb0, 0x7, 0x2, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, [0x0, 0x0, 0x0, 0x243efbdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe6e]}, 0x1fe, 0x81)
executing program 3:
r0 = openat$auto_event_inject_fops_trace(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/tracing/events/vmalloc/alloc_vmap_area/inject\x00', 0x2, 0x0)
pwrite64$auto(r0, &(0x7f0000000140)='\vX_n\x91p\xe6\x1eRN8\x99C\x05s\x1cJ\x99\x00:\x00!\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x52, 0x3)
executing program 3:
userfaultfd$auto(0x1)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/softnet_stat\x00', 0x0, 0x0)
sendfile$auto(0x2, 0x3, &(0x7f00000004c0), 0x7)
munmap$auto(0x5, 0xa)
syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)={0xd0, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@NL80211_ATTR_PID={0x8}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x5e}, @NL80211_ATTR_FTM_RESPONDER={0xa4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x1f, 0x2, "2ae7af43013bb408f18830ce688abd78ca9afbf97564942016b29c"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "36978ea3eadfa74caff62a998527d2990575fd741f0cff070baf4690a9079804589daa7f9a4ce3fb667e9308cfbb1939ea853c8ddec2119c6609bcbce0164e4bd569b83810e757e2e853c763f1ffc43634f81da4a7fcc0d311345a56468a7e13456289fdfb7bea3e7942164d40"}]}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x532}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000801)
r0 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f00000000c0), 0x642, 0x0)
write$auto_split_huge_pages_fops_huge_memory(r0, &(0x7f0000000100)="3173a3", 0x3)
executing program 2:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_fd=0x5, 0x7f, 0x9c, 0x7b2, 0x1, @relative_id=0x4, 0x80}, 0x96)
bpf$auto(0x1, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x7}, 0xc)
sendmsg$auto_SMC_NETLINK_DISABLE_SEID(0xffffffffffffffff, 0x0, 0x40000)
map_shadow_stack$auto(0xfffffffffffffffd, 0x7, 0x9)
unshare$auto(0x40000080)
msgctl$auto(0xe, 0x9, 0x0)
r0 = openat$auto_binder_ctl_fops_binderfs(0xffffffffffffff9c, &(0x7f0000000000), 0x80c00, 0x0)
socket(0x28, 0x2, 0xf)
openat$auto_random_fops_random(0xffffffffffffff9c, &(0x7f0000000200), 0x484400, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000380)='/dev/dri/card1\x00', 0x109400, 0x0)
bpf$auto(0x4, &(0x7f0000001e80)=@iter_create={r0, 0x6}, 0x5)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x40000, 0x0)
r1 = openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0)
read$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(r1, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_TIPC_NL_MEDIA_GET(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)={0x14, 0x0, 0x701, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x10)
read$auto(0x3, 0x0, 0x80)
executing program 4:
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x40001, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r1 = open(&(0x7f0000000000)='./cgroup.cpu/cgroup.procs\x00', 0x2000, 0xb5d1af1605322c72)
open_by_handle_at$auto(r1, &(0x7f0000000040)={0x8, 0x2, "9700000000000000"}, 0x2)
pwritev$auto(0x3, &(0x7f0000001000)={&(0x7f0000000fc0), 0x8}, 0x5, 0x3, 0x9)
ppoll$auto(&(0x7f0000000000)={<r2=>r0, 0x202}, 0x9, 0x0, 0x0, 0x8)
r3 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_OVS_FLOW_CMD_GET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x2c, r3, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_KEY={0x14, 0x1, 0x0, 0x1, [@nested={0x8, 0x2, 0x0, 0x1, [@nested={0x4, 0x1d}]}, @typed={0x8, 0x13, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40010}, 0x800)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
socket(0xa, 0x2, 0x3a)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NBD_CMD_CONNECT(r5, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000000)={0x38, 0x0, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [@nested={0xc, 0x1, 0x0, 0x1, [@nested={0x8, 0x1, 0x0, 0x1, [@generic='\x00\x00\x00\x00']}]}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x6}, @NBD_ATTR_BACKEND_IDENTIFIER={0x6, 0xa, ',!'}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x8880)
write$auto_drm_connector_fops_drm_debugfs(r2, &(0x7f0000000100)="66958ddde5c88f39d148b0dfb04f2842b30695684c672af7cf29f9eea007e5ddfb4aef052597b69f07cc3600475a6b63b3fab7db1ec676f35a39a820a06ea908bf373b0a4c", 0x45)
executing program 4:
userfaultfd$auto(0x1)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/softnet_stat\x00', 0x0, 0x0)
sendfile$auto(0x2, 0x3, &(0x7f00000004c0), 0x7)
munmap$auto(0x5, 0xa)
syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xc8, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@NL80211_ATTR_PID={0x8}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x5e}, @NL80211_ATTR_FTM_RESPONDER={0xa4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x1f, 0x2, "2ae7af43013bb408f18830ce688abd78ca9afbf97564942016b29c"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "36978ea3eadfa74caff62a998527d2990575fd741f0cff070baf4690a9079804589daa7f9a4ce3fb667e9308cfbb1939ea853c8ddec2119c6609bcbce0164e4bd569b83810e757e2e853c763f1ffc43634f81da4a7fcc0d311345a56468a7e13456289fdfb7bea3e7942164d40"}]}]}, 0xc8}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000801)
r0 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f00000000c0), 0x642, 0x0)
write$auto_split_huge_pages_fops_huge_memory(r0, &(0x7f0000000100)="3173a3", 0x3)
executing program 3:
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x40001, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open_by_handle_at$auto(0xffffffffffffffff, &(0x7f0000000040)={0x8, 0x2, "9700000000000000"}, 0x2)
pwritev$auto(0x3, &(0x7f0000001000)={&(0x7f0000000fc0), 0x8}, 0x5, 0x3, 0x9)
executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
munmap$auto(0x20001000, 0x4)
mknod$auto(&(0x7f00000003c0)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5', 0x20e9, 0x103)
access$auto(&(0x7f0000000000)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5\x00', 0x3)
connect$auto(0x3, 0x0, 0x54)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
mincore$auto(0x1000, 0x8, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
sigaltstack$auto(&(0x7f0000000080)={0x0, 0x80000002}, 0x0)
sigaltstack$auto(&(0x7f0000000080)={0x0, 0x80000002}, 0x0)
sendmsg$auto_NL80211_CMD_GET_FTM_RESPONDER_STATS(r0, 0x0, 0x20000000)
socket(0x0, 0x800, 0x92d)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
r1 = socket(0xb, 0x801, 0x84)
getsockopt$auto(r1, 0x84, 0x6d, 0x0, &(0x7f0000000280)=0xc0)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x10001, 0x3, 0x8001)
madvise$auto(0x0, 0x80000001, 0xa)
r2 = gettid()
process_vm_writev$auto(r2, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0)
copy_file_range$auto(0x2, 0x0, 0x2, 0x0, 0x8001, 0x9)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x6, 0x0)
close_range$auto(0x2, 0x8, 0x0)
madvise$auto(0xb812, 0x89ce, 0xc)
sendmsg$auto_NBD_CMD_CONNECT(r0, 0x0, 0x8880)
socket$nl_generic(0x10, 0x3, 0x10)
executing program 4:
mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000003240), 0x20001, 0x0)
openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x28240, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x22100, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
msgctl$auto(0x0, 0xb, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000940)={'batadv0\x00'})
executing program 2:
unshare$auto(0x40000080)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
removexattr$auto(0x0, 0x0)
mmap$auto(0x4, 0xf8, 0x8, 0xeb5, 0xffffffffffffffff, 0xfffffffffffffff2)
getrandom$auto(0x0, 0x6000000, 0x3)
read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, &(0x7f0000000040)=""/88, 0x58)
read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, &(0x7f0000001080)=""/4092, 0xffc)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0)
socketpair$auto(0x4, 0x1, 0x20000, 0x0)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0)
ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x1, 0x1, 0x0)
r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)
ioctl$auto_SNDCTL_DSP_SYNC(r1, 0x5001, 0x7)
ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000000)=0x40)
connect$auto(0x3, &(0x7f00000001c0), 0x55)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2)
madvise$auto(0x0, 0x80000001, 0x8)
executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/rpc/use-gss-proxy\x00', 0x0, 0x0)
read$auto_proc_reg_file_ops_compat_inode(r1, 0x0, 0x300)
openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/maps\x00', 0x200, 0x0)
r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000040), r0)
sendmsg$auto_L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="01002abd70002502000000000000"], 0x14}, 0x1, 0x0, 0x0, 0x24000000}, 0x20000000)
executing program 2:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/i8042/serio1/rate\x00', 0x2, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000002c0), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL802154_CMD_SET_CCA_MODE(r2, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f00000001c0)=ANY=[@ANYBLOB="20000000f1da34d2b84da88d90dfcfab6bea62a418ffeaa6064f852d0b0018af8d7a8e01b94b2a450e52d18572be98698bc911a4affd1e9d42ace4ea42251a5abedb785b92ba77eb5308af21f689540d44efe490add170af0a8fa7173a4bb1d617563be192e5c24e661ff2f0bf1f55f9133fd8e3da83b3fc2cad2b0ee6fb8d6ea7005fe1f4347977", @ANYRES16=r1, @ANYBLOB="010129bd7000fddbdf250d0000000c0006000100000000000000"], 0x20}, 0x1, 0x0, 0x0, 0x60040440}, 0x800)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/usb/drivers/usbip-host/match_busid\x00', 0x0, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000001100)=""/4106, 0x100a)
read$auto(r0, 0x0, 0x2)
syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000080), r2)
r4 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000003640)='/proc/self/numa_maps\x00', 0x40080, 0x0)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
r5 = socket(0x11, 0xa, 0x1000)
setregid$auto(0x5, 0x6)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid$auto(0x0, 0x3ff, 0x0, 0x1000006, 0x0)
syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000140), 0xffffffffffffffff)
mmap$auto(0x0, 0xf4, 0xdf, 0xeb1, 0x401, 0x8000)
timer_create$auto(0x2, 0x0, 0x0)
sendmsg$auto_ETHTOOL_MSG_FEC_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000805}, 0x10)
sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="e3b727bf70ffffff7f0000000000dcb68952543a1f62c3ab33ca708b9dd70bc3000f00818d618ae358476c3f7d93d3fbef716d7dee4ab8261677bc79353ee173dd01f9b1d6c9780f1036445ee065d410dbe43ee31abd79282a16be415a258be6af56c311cca7141a0cb296186063ce996810aa94334f4564b36df31dc75bcfbb6d7721847b870d989715"], 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
timer_settime$auto(0x0, 0x7ff, &(0x7f0000000000)={{0xa6, 0x7}, {0x0, 0x3}}, 0x0)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd)
timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0xb, 0x10007}, {0x9, 0xcd21}}, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
socket$nl_generic(0x10, 0x3, 0x10)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x4)
process_mrelease$auto(0x4, 0x0)
ioctl$auto(r5, 0x2, 0x2)
read$auto_proc_pid_numa_maps_operations_internal(r4, &(0x7f0000000000)=""/110, 0x6e)
executing program 3:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000001100)=""/4106, 0x100a)
executing program 4:
r0 = openat$auto_event_inject_fops_trace(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/tracing/events/vmalloc/alloc_vmap_area/inject\x00', 0x2, 0x0)
pwrite64$auto(r0, 0x0, 0x52, 0x3)
executing program 3:
userfaultfd$auto(0x1)
ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/softnet_stat\x00', 0x0, 0x0)
sendfile$auto(0x2, 0x3, &(0x7f00000004c0), 0x7)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
munmap$auto(0x3, 0x4da)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xd0, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@NL80211_ATTR_PID={0x8}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x5e}, @NL80211_ATTR_FTM_RESPONDER={0xa4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x1f, 0x2, "2ae7af43013bb408f18830ce688abd78ca9afbf97564942016b29c"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "36978ea3eadfa74caff62a998527d2990575fd741f0cff070baf4690a9079804589daa7f9a4ce3fb667e9308cfbb1939ea853c8ddec2119c6609bcbce0164e4bd569b83810e757e2e853c763f1ffc43634f81da4a7fcc0d311345a56468a7e13456289fdfb7bea3e7942164d40"}]}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x532}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000801)
r1 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f00000000c0), 0x642, 0x0)
write$auto_split_huge_pages_fops_huge_memory(r1, &(0x7f0000000100)="3173a3", 0x3)
executing program 3:
ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0)
sendfile$auto(0x2, 0x3, &(0x7f00000004c0), 0x7)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
munmap$auto(0x3, 0x4da)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
munmap$auto(0x5, 0xa)
r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff)
sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000000c0)={0x2c, r1, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NBD_ATTR_SOCKETS={0xc, 0x7, 0x0, 0x1, [@nested={0x8, 0x1, 0x0, 0x1, [@nested={0x4, 0x1}]}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x8880)
capset$auto(&(0x7f0000000080)={0x3, <r2=>0x0}, &(0x7f0000000140)={0x4, 0xffffff5e})
sendmsg$auto_NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xd0, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@NL80211_ATTR_PID={0x8, 0x52, r2}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x5e}, @NL80211_ATTR_FTM_RESPONDER={0xa4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x1f, 0x2, "2ae7af43013bb408f18830ce688abd78ca9afbf97564942016b29c"}, @NL80211_FTM_RESP_ATTR_LCI={0x71, 0x2, "36978ea3eadfa74caff62a998527d2990575fd741f0cff070baf4690a9079804589daa7f9a4ce3fb667e9308cfbb1939ea853c8ddec2119c6609bcbce0164e4bd569b83810e757e2e853c763f1ffc43634f81da4a7fcc0d311345a56468a7e13456289fdfb7bea3e7942164d40"}]}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x532}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000801)
read$auto_random_fops_random(0xffffffffffffffff, &(0x7f0000000400)=""/183, 0xb7)
r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_CRIT_PROTOCOL_STOP(r0, &(0x7f00000003c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r3, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_ADMITTED_TIME={0x6, 0xd4, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004)
set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21)
sendmsg$auto_NCSI_CMD_SET_PACKAGE_MASK(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0xfebf0c436aa031f1)
seccomp$auto(0x1, 0x8, &(0x7f0000000400))
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x40c01, 0x0)
r4 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f00000000c0), 0x642, 0x0)
write$auto_split_huge_pages_fops_huge_memory(r4, &(0x7f0000000100)="3173a3", 0x3)
executing program 5:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_fd=0x5, 0x7f, 0x9c, 0x7b2, 0x1, @relative_id=0x4, 0x80}, 0x96)
bpf$auto(0x1, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x7}, 0xc)
sendmsg$auto_SMC_NETLINK_DISABLE_SEID(0xffffffffffffffff, 0x0, 0x40000)
map_shadow_stack$auto(0xfffffffffffffffd, 0x7, 0x9)
unshare$auto(0x40000080)
msgctl$auto(0xe, 0x9, 0x0)
r0 = openat$auto_binder_ctl_fops_binderfs(0xffffffffffffff9c, &(0x7f0000000000), 0x80c00, 0x0)
socket(0x28, 0x2, 0xf)
openat$auto_random_fops_random(0xffffffffffffff9c, &(0x7f0000000200), 0x484400, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000380)='/dev/dri/card1\x00', 0x109400, 0x0)
bpf$auto(0x4, &(0x7f0000001e80)=@iter_create={r0, 0x6}, 0x5)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x40000, 0x0)
r1 = openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0)
read$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(r1, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), r2)
sendmsg$auto_TIPC_NL_MEDIA_GET(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)={0x14, r3, 0x701, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x10)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
read$auto(0x3, 0x0, 0x80)
executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000001dc0)={0x0, 0xffffffffffffff1c, &(0x7f0000001d80)={&(0x7f0000001d40)={0x28, r1, 0x1, 0x70bd27, 0x25dfdbff, {}, [@ETHTOOL_A_RINGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @ETHTOOL_A_RINGS_RX_MINI={0x8, 0x7, 0x6}]}, 0x28}, 0x1, 0x0, 0x0, 0x90}, 0x80000)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0xffffffffffffffff, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket(0xa, 0x2, 0x0)
pipe$auto(0x0)
fcntl$auto(0x8000000000000001, 0x26, 0x2)
r4 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r4, 0x0, 0xe)
executing program 2:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x40000b, 0xde, 0x9b72, 0x2, 0x8000)
socket(0xa, 0x2, 0x88)
io_uring_setup$auto(0x6, 0x0)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
connect$auto(0x3, &(0x7f00000001c0)=@in={0x2, 0x4e24, @multicast1}, 0x55)
write$auto(0x3, 0x0, 0xfdef)
socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffdb5, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r0, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810)
syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000300), r0)
ioctl$auto_SNDRV_CTL_IOCTL_ELEM_LIST(0xffffffffffffffff, 0xc0505510, &(0x7f0000000340)={0xfffffffa, 0x3fc00, 0x4, @raw=0x5, &(0x7f0000000000)={@raw=0x6cd3dc16, 0x9, 0x10001, 0x7, "d0157f1da2e1b2c4464508046b8161ce335165000000000e04000000ccbe1a4ec13d465abb852246134abf87"}, "3e3e8bb7e73ba219b52c8a714934c55da88879fb30a0a166170c4bb1bc9cf1f6e9b3dbca453bff6195359c982cb5cb4c674a"})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8000, 0x0)
mmap$auto(0x0, 0x8000000008, 0xb, 0x40000009b71, 0xca7, 0x8000000000008000)
r2 = socket(0xa, 0x2, 0x88)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'wg0\x00', <r4=>0x0})
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r4, r3, 0x4, 0x1ff, r2, @relative_id=0x13, 0xe600}, 0xf)
bpf$auto(0x4, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffffffffffffffff, 0x0, 0x8000000000003}, 0x8)
read$auto(r0, &(0x7f0000000100)='nl80211\x00', 0xbe62)
sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030004020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000060007000100000008000200", @ANYRES32=0x0, @ANYBLOB="0c001a"], 0x68}, 0x1, 0x0, 0x0, 0x4044080}, 0x40090)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
mmap$auto(0x0, 0x2020008, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x22, 0x940, 0x1ffde, 0x3, 0x6, 0x8000002, 0x9, 0x5, 0x2, 0x4, 0xb0, 0x7, 0x2, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, [0x0, 0x0, 0x0, 0x243efbdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe6e]}, 0x1fe, 0x81)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$auto_ethtool-socket$nl_generic-ioctl$sock_SIOCGIFINDEX-sendmsg$auto_ETHTOOL_MSG_RINGS_SET-mmap$auto-close_range$auto-mmap$auto-statx$auto-close_range$auto-socket-pipe$auto-fcntl$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000001dc0)={0x0, 0xffffffffffffff1c, &(0x7f0000001d80)={&(0x7f0000001d40)={0x28, r1, 0x1, 0x70bd27, 0x25dfdbff, {}, [@ETHTOOL_A_RINGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @ETHTOOL_A_RINGS_RX_MINI={0x8, 0x7, 0x6}]}, 0x28}, 0x1, 0x0, 0x0, 0x90}, 0x80000)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0xffffffffffffffff, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket(0xa, 0x2, 0x0)
pipe$auto(0x0)
fcntl$auto(0x8000000000000001, 0x26, 0x2)
r4 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r4, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
single: successfully extracted reproducer
found reproducer with 15 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$auto_ethtool-socket$nl_generic-ioctl$sock_SIOCGIFINDEX-sendmsg$auto_ETHTOOL_MSG_RINGS_SET-mmap$auto-close_range$auto-mmap$auto-statx$auto-close_range$auto-socket-pipe$auto-fcntl$auto-openat$auto_force_devcoredump_fops_hci_vhci
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000001dc0)={0x0, 0xffffffffffffff1c, &(0x7f0000001d80)={&(0x7f0000001d40)={0x28, r1, 0x1, 0x70bd27, 0x25dfdbff, {}, [@ETHTOOL_A_RINGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @ETHTOOL_A_RINGS_RX_MINI={0x8, 0x7, 0x6}]}, 0x28}, 0x1, 0x0, 0x0, 0x90}, 0x80000)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0xffffffffffffffff, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket(0xa, 0x2, 0x0)
pipe$auto(0x0)
fcntl$auto(0x8000000000000001, 0x26, 0x2)
openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$auto_ethtool-socket$nl_generic-ioctl$sock_SIOCGIFINDEX-sendmsg$auto_ETHTOOL_MSG_RINGS_SET-mmap$auto-close_range$auto-mmap$auto-statx$auto-close_range$auto-socket-pipe$auto-fcntl$auto-write$auto
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000001dc0)={0x0, 0xffffffffffffff1c, &(0x7f0000001d80)={&(0x7f0000001d40)={0x28, r1, 0x1, 0x70bd27, 0x25dfdbff, {}, [@ETHTOOL_A_RINGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @ETHTOOL_A_RINGS_RX_MINI={0x8, 0x7, 0x6}]}, 0x28}, 0x1, 0x0, 0x0, 0x90}, 0x80000)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0xffffffffffffffff, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket(0xa, 0x2, 0x0)
pipe$auto(0x0)
fcntl$auto(0x8000000000000001, 0x26, 0x2)
write$auto(0xffffffffffffffff, 0x0, 0xe)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$auto_ethtool-socket$nl_generic-ioctl$sock_SIOCGIFINDEX-sendmsg$auto_ETHTOOL_MSG_RINGS_SET-mmap$auto-close_range$auto-mmap$auto-statx$auto-close_range$auto-socket-pipe$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000001dc0)={0x0, 0xffffffffffffff1c, &(0x7f0000001d80)={&(0x7f0000001d40)={0x28, r1, 0x1, 0x70bd27, 0x25dfdbff, {}, [@ETHTOOL_A_RINGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @ETHTOOL_A_RINGS_RX_MINI={0x8, 0x7, 0x6}]}, 0x28}, 0x1, 0x0, 0x0, 0x90}, 0x80000)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0xffffffffffffffff, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket(0xa, 0x2, 0x0)
pipe$auto(0x0)
r4 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r4, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$auto_ethtool-socket$nl_generic-ioctl$sock_SIOCGIFINDEX-sendmsg$auto_ETHTOOL_MSG_RINGS_SET-mmap$auto-close_range$auto-mmap$auto-statx$auto-close_range$auto-socket-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000001dc0)={0x0, 0xffffffffffffff1c, &(0x7f0000001d80)={&(0x7f0000001d40)={0x28, r1, 0x1, 0x70bd27, 0x25dfdbff, {}, [@ETHTOOL_A_RINGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @ETHTOOL_A_RINGS_RX_MINI={0x8, 0x7, 0x6}]}, 0x28}, 0x1, 0x0, 0x0, 0x90}, 0x80000)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0xffffffffffffffff, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket(0xa, 0x2, 0x0)
r4 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r4, 0x0, 0xe)

program crashed: WARNING: ODEBUG bug in hci_release_dev
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$auto_ethtool-socket$nl_generic-ioctl$sock_SIOCGIFINDEX-sendmsg$auto_ETHTOOL_MSG_RINGS_SET-mmap$auto-close_range$auto-mmap$auto-statx$auto-close_range$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000001dc0)={0x0, 0xffffffffffffff1c, &(0x7f0000001d80)={&(0x7f0000001d40)={0x28, r1, 0x1, 0x70bd27, 0x25dfdbff, {}, [@ETHTOOL_A_RINGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @ETHTOOL_A_RINGS_RX_MINI={0x8, 0x7, 0x6}]}, 0x28}, 0x1, 0x0, 0x0, 0x90}, 0x80000)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0xffffffffffffffff, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r4 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r4, 0x0, 0xe)

program crashed: WARNING: ODEBUG bug in hci_release_dev
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$auto_ethtool-socket$nl_generic-ioctl$sock_SIOCGIFINDEX-sendmsg$auto_ETHTOOL_MSG_RINGS_SET-mmap$auto-close_range$auto-mmap$auto-statx$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000001dc0)={0x0, 0xffffffffffffff1c, &(0x7f0000001d80)={&(0x7f0000001d40)={0x28, r1, 0x1, 0x70bd27, 0x25dfdbff, {}, [@ETHTOOL_A_RINGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @ETHTOOL_A_RINGS_RX_MINI={0x8, 0x7, 0x6}]}, 0x28}, 0x1, 0x0, 0x0, 0x90}, 0x80000)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0xffffffffffffffff, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
r4 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r4, 0x0, 0xe)

program crashed: WARNING: ODEBUG bug in hci_release_dev
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$auto_ethtool-socket$nl_generic-ioctl$sock_SIOCGIFINDEX-sendmsg$auto_ETHTOOL_MSG_RINGS_SET-mmap$auto-close_range$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000001dc0)={0x0, 0xffffffffffffff1c, &(0x7f0000001d80)={&(0x7f0000001d40)={0x28, r1, 0x1, 0x70bd27, 0x25dfdbff, {}, [@ETHTOOL_A_RINGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @ETHTOOL_A_RINGS_RX_MINI={0x8, 0x7, 0x6}]}, 0x28}, 0x1, 0x0, 0x0, 0x90}, 0x80000)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0xffffffffffffffff, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r4 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r4, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$auto_ethtool-socket$nl_generic-ioctl$sock_SIOCGIFINDEX-sendmsg$auto_ETHTOOL_MSG_RINGS_SET-mmap$auto-close_range$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000001dc0)={0x0, 0xffffffffffffff1c, &(0x7f0000001d80)={&(0x7f0000001d40)={0x28, r1, 0x1, 0x70bd27, 0x25dfdbff, {}, [@ETHTOOL_A_RINGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @ETHTOOL_A_RINGS_RX_MINI={0x8, 0x7, 0x6}]}, 0x28}, 0x1, 0x0, 0x0, 0x90}, 0x80000)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0xffffffffffffffff, 0x8, 0x0)
r4 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r4, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$auto_ethtool-socket$nl_generic-ioctl$sock_SIOCGIFINDEX-sendmsg$auto_ETHTOOL_MSG_RINGS_SET-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000001dc0)={0x0, 0xffffffffffffff1c, &(0x7f0000001d80)={&(0x7f0000001d40)={0x28, r1, 0x1, 0x70bd27, 0x25dfdbff, {}, [@ETHTOOL_A_RINGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @ETHTOOL_A_RINGS_RX_MINI={0x8, 0x7, 0x6}]}, 0x28}, 0x1, 0x0, 0x0, 0x90}, 0x80000)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
r4 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r4, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$auto_ethtool-socket$nl_generic-ioctl$sock_SIOCGIFINDEX-sendmsg$auto_ETHTOOL_MSG_RINGS_SET-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000001dc0)={0x0, 0xffffffffffffff1c, &(0x7f0000001d80)={&(0x7f0000001d40)={0x28, r1, 0x1, 0x70bd27, 0x25dfdbff, {}, [@ETHTOOL_A_RINGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @ETHTOOL_A_RINGS_RX_MINI={0x8, 0x7, 0x6}]}, 0x28}, 0x1, 0x0, 0x0, 0x90}, 0x80000)
r4 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r4, 0x0, 0xe)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$auto_ethtool-socket$nl_generic-ioctl$sock_SIOCGIFINDEX-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00'})
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r2, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$auto_ethtool-socket$nl_generic-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
r1 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r1, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$auto_ethtool-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
r1 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r1, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
simplifying guilty program options
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: slab-use-after-free Read in force_devcd_write
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
reproducing took 1h47m28.031570256s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in force_devcd_write+0x31f/0x350 drivers/bluetooth/hci_vhci.c:327
Read of size 8 at addr ffff88804bca5000 by task syz.0.616/6624

CPU: 1 UID: 0 PID: 6624 Comm: syz.0.616 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0xc3/0x620 mm/kasan/report.c:489
 kasan_report+0xd9/0x110 mm/kasan/report.c:602
 force_devcd_write+0x31f/0x350 drivers/bluetooth/hci_vhci.c:327
 full_proxy_write+0xfb/0x1b0 fs/debugfs/file.c:356
 vfs_write+0x24c/0x1150 fs/read_write.c:677
 ksys_write+0x12b/0x250 fs/read_write.c:731
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f38f2d85d29
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe62348be8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f38f2f75fa0 RCX: 00007f38f2d85d29
RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007f38f2e01aa8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f38f2f75fa0 R14: 00007f38f2f75fa0 R15: 00000000000018c5
 </TASK>

Allocated by task 5940:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
 __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394
 kmalloc_noprof include/linux/slab.h:901 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 vhci_open+0x4c/0x430 drivers/bluetooth/hci_vhci.c:634
 misc_open+0x35a/0x420 drivers/char/misc.c:165
 chrdev_open+0x237/0x6a0 fs/char_dev.c:414
 do_dentry_open+0xf59/0x1ea0 fs/open.c:945
 vfs_open+0x82/0x3f0 fs/open.c:1075
 do_open fs/namei.c:3828 [inline]
 path_openat+0x1e6a/0x2d60 fs/namei.c:3987
 do_filp_open+0x20c/0x470 fs/namei.c:4014
 do_sys_openat2+0x17a/0x1e0 fs/open.c:1402
 do_sys_open fs/open.c:1417 [inline]
 __do_sys_openat fs/open.c:1433 [inline]
 __se_sys_openat fs/open.c:1428 [inline]
 __x64_sys_openat+0x175/0x210 fs/open.c:1428
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Freed by task 5940:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:582
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x51/0x70 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:233 [inline]
 slab_free_hook mm/slub.c:2353 [inline]
 slab_free mm/slub.c:4613 [inline]
 kfree+0x14f/0x4b0 mm/slub.c:4761
 vhci_release+0xbb/0xf0 drivers/bluetooth/hci_vhci.c:670
 __fput+0x3f8/0xb60 fs/file_table.c:450
 task_work_run+0x14e/0x250 kernel/task_work.c:239
 exit_task_work include/linux/task_work.h:43 [inline]
 do_exit+0xadd/0x2d70 kernel/exit.c:938
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1087
 get_signal+0x2576/0x2610 kernel/signal.c:3017
 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

The buggy address belongs to the object at ffff88804bca5000
 which belongs to the cache kmalloc-1k of size 1024
The buggy address is located 0 bytes inside of
 freed 1024-byte region [ffff88804bca5000, ffff88804bca5400)

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4bca0
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000040 ffff88801ac41dc0 dead000000000100 dead000000000122
raw: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000
head: 00fff00000000040 ffff88801ac41dc0 dead000000000100 dead000000000122
head: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000
head: 00fff00000000003 ffffea00012f2801 ffffffffffffffff 0000000000000000
head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5936, tgid 5936 (syz-executor), ts 150952513241, free_ts 150476989014
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1556
 prep_new_page mm/page_alloc.c:1564 [inline]
 get_page_from_freelist+0xfce/0x2f80 mm/page_alloc.c:3474
 __alloc_pages_noprof+0x223/0x25b0 mm/page_alloc.c:4751
 alloc_pages_mpol_noprof+0x2c9/0x610 mm/mempolicy.c:2269
 alloc_slab_page mm/slub.c:2423 [inline]
 allocate_slab mm/slub.c:2589 [inline]
 new_slab+0x2c9/0x410 mm/slub.c:2642
 ___slab_alloc+0xce2/0x1650 mm/slub.c:3830
 __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3920
 __slab_alloc_node mm/slub.c:3995 [inline]
 slab_alloc_node mm/slub.c:4156 [inline]
 __kmalloc_cache_noprof+0xf6/0x420 mm/slub.c:4324
 kmalloc_noprof include/linux/slab.h:901 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 afs_alloc_call+0x4f/0x4a0 fs/afs/rxrpc.c:144
 afs_charge_preallocation+0xff/0x330 fs/afs/rxrpc.c:736
 afs_open_socket+0x298/0x350 fs/afs/rxrpc.c:95
 afs_net_init+0x95d/0xc60 fs/afs/main.c:123
 ops_init+0x1df/0x5f0 net/core/net_namespace.c:138
 setup_net+0x21f/0x860 net/core/net_namespace.c:362
 copy_net_ns+0x2b4/0x6c0 net/core/net_namespace.c:516
 create_new_namespaces+0x3ea/0xad0 kernel/nsproxy.c:110
page last free pid 5921 tgid 5921 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1127 [inline]
 free_unref_page+0x661/0x1080 mm/page_alloc.c:2657
 vfree+0x17a/0x890 mm/vmalloc.c:3382
 kcov_put kernel/kcov.c:439 [inline]
 kcov_put+0x2a/0x40 kernel/kcov.c:435
 kcov_close+0xd/0x20 kernel/kcov.c:535
 __fput+0x3f8/0xb60 fs/file_table.c:450
 task_work_run+0x14e/0x250 kernel/task_work.c:239
 exit_task_work include/linux/task_work.h:43 [inline]
 do_exit+0xadd/0x2d70 kernel/exit.c:938
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1087
 get_signal+0x2576/0x2610 kernel/signal.c:3017
 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Memory state around the buggy address:
 ffff88804bca4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff88804bca4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff88804bca5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                   ^
 ffff88804bca5080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88804bca5100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in force_devcd_write+0x31f/0x350 drivers/bluetooth/hci_vhci.c:327
Read of size 8 at addr ffff88804bca5000 by task syz.0.616/6624

CPU: 1 UID: 0 PID: 6624 Comm: syz.0.616 Not tainted 6.13.0-rc3-syzkaller-00193-ge9b8ffafd20a #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0xc3/0x620 mm/kasan/report.c:489
 kasan_report+0xd9/0x110 mm/kasan/report.c:602
 force_devcd_write+0x31f/0x350 drivers/bluetooth/hci_vhci.c:327
 full_proxy_write+0xfb/0x1b0 fs/debugfs/file.c:356
 vfs_write+0x24c/0x1150 fs/read_write.c:677
 ksys_write+0x12b/0x250 fs/read_write.c:731
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f38f2d85d29
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe62348be8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f38f2f75fa0 RCX: 00007f38f2d85d29
RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007f38f2e01aa8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f38f2f75fa0 R14: 00007f38f2f75fa0 R15: 00000000000018c5
 </TASK>

Allocated by task 5940:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
 __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394
 kmalloc_noprof include/linux/slab.h:901 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 vhci_open+0x4c/0x430 drivers/bluetooth/hci_vhci.c:634
 misc_open+0x35a/0x420 drivers/char/misc.c:165
 chrdev_open+0x237/0x6a0 fs/char_dev.c:414
 do_dentry_open+0xf59/0x1ea0 fs/open.c:945
 vfs_open+0x82/0x3f0 fs/open.c:1075
 do_open fs/namei.c:3828 [inline]
 path_openat+0x1e6a/0x2d60 fs/namei.c:3987
 do_filp_open+0x20c/0x470 fs/namei.c:4014
 do_sys_openat2+0x17a/0x1e0 fs/open.c:1402
 do_sys_open fs/open.c:1417 [inline]
 __do_sys_openat fs/open.c:1433 [inline]
 __se_sys_openat fs/open.c:1428 [inline]
 __x64_sys_openat+0x175/0x210 fs/open.c:1428
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Freed by task 5940:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:582
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x51/0x70 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:233 [inline]
 slab_free_hook mm/slub.c:2353 [inline]
 slab_free mm/slub.c:4613 [inline]
 kfree+0x14f/0x4b0 mm/slub.c:4761
 vhci_release+0xbb/0xf0 drivers/bluetooth/hci_vhci.c:670
 __fput+0x3f8/0xb60 fs/file_table.c:450
 task_work_run+0x14e/0x250 kernel/task_work.c:239
 exit_task_work include/linux/task_work.h:43 [inline]
 do_exit+0xadd/0x2d70 kernel/exit.c:938
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1087
 get_signal+0x2576/0x2610 kernel/signal.c:3017
 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

The buggy address belongs to the object at ffff88804bca5000
 which belongs to the cache kmalloc-1k of size 1024
The buggy address is located 0 bytes inside of
 freed 1024-byte region [ffff88804bca5000, ffff88804bca5400)

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4bca0
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000040 ffff88801ac41dc0 dead000000000100 dead000000000122
raw: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000
head: 00fff00000000040 ffff88801ac41dc0 dead000000000100 dead000000000122
head: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000
head: 00fff00000000003 ffffea00012f2801 ffffffffffffffff 0000000000000000
head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5936, tgid 5936 (syz-executor), ts 150952513241, free_ts 150476989014
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1556
 prep_new_page mm/page_alloc.c:1564 [inline]
 get_page_from_freelist+0xfce/0x2f80 mm/page_alloc.c:3474
 __alloc_pages_noprof+0x223/0x25b0 mm/page_alloc.c:4751
 alloc_pages_mpol_noprof+0x2c9/0x610 mm/mempolicy.c:2269
 alloc_slab_page mm/slub.c:2423 [inline]
 allocate_slab mm/slub.c:2589 [inline]
 new_slab+0x2c9/0x410 mm/slub.c:2642
 ___slab_alloc+0xce2/0x1650 mm/slub.c:3830
 __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3920
 __slab_alloc_node mm/slub.c:3995 [inline]
 slab_alloc_node mm/slub.c:4156 [inline]
 __kmalloc_cache_noprof+0xf6/0x420 mm/slub.c:4324
 kmalloc_noprof include/linux/slab.h:901 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 afs_alloc_call+0x4f/0x4a0 fs/afs/rxrpc.c:144
 afs_charge_preallocation+0xff/0x330 fs/afs/rxrpc.c:736
 afs_open_socket+0x298/0x350 fs/afs/rxrpc.c:95
 afs_net_init+0x95d/0xc60 fs/afs/main.c:123
 ops_init+0x1df/0x5f0 net/core/net_namespace.c:138
 setup_net+0x21f/0x860 net/core/net_namespace.c:362
 copy_net_ns+0x2b4/0x6c0 net/core/net_namespace.c:516
 create_new_namespaces+0x3ea/0xad0 kernel/nsproxy.c:110
page last free pid 5921 tgid 5921 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1127 [inline]
 free_unref_page+0x661/0x1080 mm/page_alloc.c:2657
 vfree+0x17a/0x890 mm/vmalloc.c:3382
 kcov_put kernel/kcov.c:439 [inline]
 kcov_put+0x2a/0x40 kernel/kcov.c:435
 kcov_close+0xd/0x20 kernel/kcov.c:535
 __fput+0x3f8/0xb60 fs/file_table.c:450
 task_work_run+0x14e/0x250 kernel/task_work.c:239
 exit_task_work include/linux/task_work.h:43 [inline]
 do_exit+0xadd/0x2d70 kernel/exit.c:938
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1087
 get_signal+0x2576/0x2610 kernel/signal.c:3017
 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Memory state around the buggy address:
 ffff88804bca4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff88804bca4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff88804bca5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                   ^
 ffff88804bca5080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88804bca5100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================