Extracting prog: 51m26.469486072s
Minimizing prog: 15m36.094395582s
Simplifying prog options: 0s
Extracting C: 1m25.929599209s
Simplifying C: 24m28.794392789s


extracting reproducer from 59 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-sendfile$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
single: failed to extract reproducer
bisect: bisecting 59 programs with base timeout 30s
testing program (duration=44s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 3, 3, 3, 3, 3, 3, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket(0xa, 0x3, 0xff)
ioctl$auto(0x3, 0x89e0, 0x91)
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000001640), r0)
sendmsg$auto_NL802154_CMD_SET_CCA_MODE(r0, &(0x7f0000001f40)={0x0, 0x0, &(0x7f0000001f00)={&(0x7f0000000180)={0x28, r1, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x9}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x9}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
executing program 0:
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/fs/o2cb/logmask/HEARTBEAT\x00', 0x2e02, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
read$auto(0x3, 0x0, 0x80)
executing program 0:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x2aa82, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0x8008ae9d, 0x88)
executing program 0:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_TIPC_NL_UDP_GET_REMOTEIP(r0, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={&(0x7f00000005c0)={0x14, r1, 0x9ec6579d452c1f15, 0x70bd2c, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4c000}, 0x20000080)
executing program 32:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_TIPC_NL_UDP_GET_REMOTEIP(r0, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={&(0x7f00000005c0)={0x14, r1, 0x9ec6579d452c1f15, 0x70bd2c, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4c000}, 0x20000080)
executing program 1:
mremap$auto(0x110c231000, 0x4, 0x4, 0x7, 0x100000000)
munmap$auto(0x1000000, 0x2000000c)
madvise$auto(0x0, 0xffffffffffff0001, 0x9)
mlockall$auto(0x3)
executing program 1:
sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="7d472dbd700049b5", @ANYRES32], 0x1c}, 0x1, 0x0, 0x0, 0x8}, 0x4000044)
r0 = socket(0x10, 0x2, 0x4)
sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c72da808bf8d5feacf8510"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c001)
write$auto(r0, &(0x7f0000000000)='-\x00', 0x2fb)
executing program 1:
r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r2=>0x0})
sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="13002cbd7040450e531c87abd4f908000300", @ANYRES32=r2, @ANYBLOB="0800610002000000080062"], 0x2c}, 0x1, 0x0, 0x0, 0x24004080}, 0x20040894)
executing program 1:
r0 = socket(0x2, 0x80002, 0x73)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={<r1=>0x9, <r2=>r0, 0x7ff, 0x6, 0x0, 0x100000b, 0x5f, 0x2}, 0x10)
bpf$auto(0x1a, &(0x7f0000000040)=@task_fd_query={r1, 0xffffffffffffffff, 0x1, 0x4d2066ba, 0x8, 0x0, r2, 0x4, 0x4}, 0xb2)
executing program 1:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
tkill$auto(0x80000000000001, 0x7)
executing program 1:
open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004)
chown$auto(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
executing program 33:
open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004)
chown$auto(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
executing program 2:
socket(0x10, 0x2, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
pipe2$auto(0x0, 0x80)
keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8)
executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'veth0_to_hsr\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001480), r0)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001c80)={&(0x7f0000000300)={0x30, r2, 0x1, 0x70bd2a, 0x25dfdc00, {}, [@ETHTOOL_A_CHANNELS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}]}, @ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x2}, @ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8, 0x9, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x8800}, 0x4)
executing program 2:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x12, &(0x7f0000000040), 0x1)
executing program 2:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mremap$auto(0x4000, 0x1fffe00, 0x3fd6, 0x3, 0xfffff000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mremap$auto(0x4000, 0xfee0, 0x3fd6, 0x3, 0xfffff000)
executing program 2:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0_macvtap\x00', <r2=>0x0})
sendmsg$auto_OVS_DP_CMD_NEW(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, r1, 0x1, 0x2070bd26, 0x25dfdbf8, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_NAME={0x8, 0x1, 'HfR\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x9}, @OVS_DP_ATTR_IFINDEX={0x8, 0x9, r2}]}, 0x34}, 0x1, 0x0, 0x0, 0x801}, 0x80)
executing program 34:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0_macvtap\x00', <r2=>0x0})
sendmsg$auto_OVS_DP_CMD_NEW(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, r1, 0x1, 0x2070bd26, 0x25dfdbf8, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_NAME={0x8, 0x1, 'HfR\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x9}, @OVS_DP_ATTR_IFINDEX={0x8, 0x9, r2}]}, 0x34}, 0x1, 0x0, 0x0, 0x801}, 0x80)
executing program 3:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0)
read$auto(0x3, 0x0, 0x7)
sendmmsg$auto(0x4, 0x0, 0x9a2, 0x4e)
executing program 3:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
socket(0xa, 0x801, 0x84)
semctl$auto(0x1ff, 0x2, 0x13, 0x1)
setsockopt$auto(0x3, 0x10000000084, 0x11, 0x0, 0x8)
executing program 3:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = socket(0xa, 0x801, 0x106)
setsockopt$auto(r0, 0x6, 0x21, 0x0, 0x10)
setsockopt$auto(0x3, 0x6, 0x21, 0x0, 0x10)
executing program 3:
unshare$auto(0x40000080)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000440), r0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(r0, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000001ec0)={0x18, r1, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_LINK={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x40000}, 0x24004080)
executing program 3:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
executing program 3:
r0 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f00000000c0), r1)
sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x3c, r2, 0x1, 0x70bd2d, 0x25dfdbf9, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x58}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_FD={0x8, 0x17, r0}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
executing program 35:
r0 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f00000000c0), r1)
sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x3c, r2, 0x1, 0x70bd2d, 0x25dfdbf9, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x58}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_FD={0x8, 0x17, r0}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
executing program 6:
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
clone$auto(0x1f, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x2)
executing program 6:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mlock$auto(0x1000, 0x6)
mlockall$auto(0x800000000000005)
executing program 6:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
ioctl$auto(r0, 0x4b33, 0x9)
executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r2=>0x0})
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x30, r1, 0xd0d58b333228212f, 0x70bd2d, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r2}, @NL80211_ATTR_SCAN_FREQUENCIES={0x14, 0x2c, 0x0, 0x1, [@typed={0x8, 0x34, 0x0, 0x0, @pid}, @typed={0x8, 0x76, 0x0, 0x0, @ipv4=@broadcast}]}]}, 0x30}}, 0x4000000)
executing program 6:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
executing program 6:
r0 = socket(0xa, 0x1, 0x84)
bind$auto(r0, &(0x7f0000000040)=@isdn={0x22, 0x40, 0x4, 0x8, 0x9}, 0x6a)
connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x0, @rand_addr=0x2}, 0x52)
shutdown$auto(0x200000003, 0x2)
executing program 36:
r0 = socket(0xa, 0x1, 0x84)
bind$auto(r0, &(0x7f0000000040)=@isdn={0x22, 0x40, 0x4, 0x8, 0x9}, 0x6a)
connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x0, @rand_addr=0x2}, 0x52)
shutdown$auto(0x200000003, 0x2)
executing program 7:
ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8)
syz_clone3(&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, {0x15}, 0x0, 0x0, 0x0, 0x0}, 0x58)
rt_sigtimedwait$auto(&(0x7f0000000040)={0x7fffffff}, 0x0, 0x0, 0x8)
executing program 8:
r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
syz_clone3(&(0x7f0000000200)={0x1a2005180, 0x0, 0x0, 0x0, {0xe}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$sock_SIOCGIFINDEX(r0, 0x4610, 0x0)
executing program 5:
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x801, 0x84)
openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000040), 0xa0900, 0x0)
ioctl$auto(0x3, 0x541b, 0x10000000000402)
executing program 8:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
ioctl$auto(r0, 0x541c, r1)
executing program 8:
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1e, 0x4, 0x0)
setsockopt$auto(0x3, 0x10f, 0x9, 0x0, 0x0)
executing program 5:
mq_timedsend$auto(0xffffffffffffffff, 0x0, 0xe, 0xb, &(0x7f0000000180)={0xffffffffffffffff, 0x10})
r0 = socket(0x11, 0x3, 0x6)
capset$auto(0x0, &(0x7f0000000000)={0x1, 0x47, 0x4a})
sendmmsg$auto(r0, &(0x7f0000000340)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000380)={&(0x7f0000000180), 0x36}, 0x2e, &(0x7f0000000380), 0x7, 0x1083}, 0x5}, 0x2, 0x102)
executing program 8:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
pipe2$auto(0x0, 0x80)
close_range$auto(0x7, 0xfffffffffffffff8, 0x2)
bpf$auto(0x10, 0x0, 0x9)
executing program 7:
socket(0x11, 0x3, 0x9)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
unshare$auto(0x40000080)
ioctl$auto(0x20000000000003, 0x890b, 0x2)
executing program 5:
setitimer$auto(0x1, &(0x7f0000000000)={{0x7fe, 0x7f}, {0x800100004, 0x1}}, 0x0)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x8000)
bpf$auto(0x12, &(0x7f0000000000)=@info={0x2800, 0x1ff, 0x2}, 0xcf)
executing program 4:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000)
io_uring_setup$auto(0x2, 0x0)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event2\x00', 0x2, 0x0)
ioctl$auto_evdev_fops_evdev(r0, 0x80084503, 0x0)
executing program 8:
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty39\x00', 0x40001, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
poll$auto(0x0, 0x5, 0x400)
ioctl$auto(0x3, 0x5405, 0x38)
executing program 4:
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
socket(0x2, 0x3, 0xa)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
setsockopt$auto(0x3, 0x0, 0x20, 0x0, 0x10001)
executing program 4:
madvise$auto(0x0, 0x2000040080000004, 0xe)
open(&(0x7f0000000040)='./cgroup.cpu/cpuset.cpus\x00', 0x121342, 0x0)
mprotect$auto(0x1ffff000, 0x810002, 0x0)
futex_wake$auto(&(0x7f0000000000), 0xffffffff, 0xe, 0x2)
executing program 7:
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nbd11\x00', 0x4840, 0x0)
fadvise64$auto(r0, 0x8, 0xc, 0x4)
executing program 7:
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
write$auto(0x3, 0x0, 0x100082)
executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'batadv0\x00', <r2=>0x0})
sendmsg$auto_BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000700)={0x1c, r1, 0x99bc9625bdb7e757, 0x70bd2d, 0x25dfdbff, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x10)
executing program 5:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bond0\x00', <r1=>0x0})
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r1, 0xffffffffffffffff, 0x4, 0x1ff, r0, @relative_id=0x13, 0xe600}, 0xf)
executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000740), r0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', <r2=>0x0})
sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f00000000c0)={0x28, r1, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@ETHTOOL_A_COALESCE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}, @ETHTOOL_A_COALESCE_RX_USECS_IRQ={0x8, 0x4, 0x3}]}, 0x28}, 0x1, 0x0, 0x0, 0x4089c}, 0x2400c810)
executing program 4:
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
close_range$auto(0x2, 0xffffffffffffffff, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x1b, &(0x7f0000000000), 0x1)
executing program 5:
munmap$auto(0x20001000, 0x2000000c)
statmount$auto(0x0, &(0x7f0000000180)={0x408, 0x6, 0x1ff, 0x7, 0x1d, 0x7181, 0x7fffffff, 0x7, 0x3, 0x9, 0x9, 0x80003, 0x4, 0x200000000001, 0xb4, 0x8, 0x8, 0x10007, 0x5, 0x629d, 0x0, 0xa, 0x8022000, 0x200, 0x0, 0x84, [0x5, 0x2, 0x0, 0xfffffffffffff6c6, 0x0, 0x2000, 0x0, 0xe, 0x3, 0x2, 0xfffffffffffffffd, 0xffffffffffffffff, 0x90, 0x0, 0x6, 0x5, 0xfffffffffffbfffd, 0x2000000000000004, 0x10000000000001, 0x10000000000, 0xffffffffffffffff, 0x4, 0xfffffffffffffe00, 0x0, 0x5, 0x5, 0xdcb, 0xffff, 0x0, 0x0, 0x0, 0x6, 0xffffffffffffffff, 0x88e, 0x8000000000008, 0xfffffffffffffffc, 0x9, 0xa38, 0x0, 0xb, 0xfffffffffff7fdfc, 0x1, 0x3ff, 0x7, 0xc567]}, 0x1fc, 0xd)
r0 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0)
ioctl$auto__ctl_fops_dm_ioctl(r0, 0xfffffffffffffd11, &(0x7f00000001c0))
executing program 7:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
executing program 4:
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/bus/input/handlers\x00', 0x40100, 0x0)
read$auto_proc_pagemap_operations_internal(r0, &(0x7f0000001540)=""/209, 0xd1)
read$auto(0x3, 0x0, 0x1f40)
open(0x0, 0x161342, 0x100)
executing program 5:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/flags\x00', 0x101142, 0x0)
mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
write$auto(r0, 0x0, 0x4)
executing program 8:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000440)={0x1c, r1, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000800}, 0x8000)

program crashed: WARNING: ODEBUG bug in hci_release_dev
bisect: bisecting 59 programs
bisect: split chunks (needed=false): <58>
bisect: split chunk #0 of len 58 into 3 parts
bisect: testing without sub-chunk 1/3
testing program (duration=39s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4]
detailed listing:
executing program 34:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0_macvtap\x00', <r2=>0x0})
sendmsg$auto_OVS_DP_CMD_NEW(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, r1, 0x1, 0x2070bd26, 0x25dfdbf8, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_NAME={0x8, 0x1, 'HfR\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x9}, @OVS_DP_ATTR_IFINDEX={0x8, 0x9, r2}]}, 0x34}, 0x1, 0x0, 0x0, 0x801}, 0x80)
executing program 3:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0)
read$auto(0x3, 0x0, 0x7)
sendmmsg$auto(0x4, 0x0, 0x9a2, 0x4e)
executing program 3:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
socket(0xa, 0x801, 0x84)
semctl$auto(0x1ff, 0x2, 0x13, 0x1)
setsockopt$auto(0x3, 0x10000000084, 0x11, 0x0, 0x8)
executing program 3:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = socket(0xa, 0x801, 0x106)
setsockopt$auto(r0, 0x6, 0x21, 0x0, 0x10)
setsockopt$auto(0x3, 0x6, 0x21, 0x0, 0x10)
executing program 3:
unshare$auto(0x40000080)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000440), r0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(r0, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000001ec0)={0x18, r1, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_LINK={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x40000}, 0x24004080)
executing program 3:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
executing program 3:
r0 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f00000000c0), r1)
sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x3c, r2, 0x1, 0x70bd2d, 0x25dfdbf9, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x58}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_FD={0x8, 0x17, r0}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
executing program 35:
r0 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f00000000c0), r1)
sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x3c, r2, 0x1, 0x70bd2d, 0x25dfdbf9, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x58}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_FD={0x8, 0x17, r0}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
executing program 6:
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
clone$auto(0x1f, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x2)
executing program 6:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mlock$auto(0x1000, 0x6)
mlockall$auto(0x800000000000005)
executing program 6:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
ioctl$auto(r0, 0x4b33, 0x9)
executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r2=>0x0})
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x30, r1, 0xd0d58b333228212f, 0x70bd2d, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r2}, @NL80211_ATTR_SCAN_FREQUENCIES={0x14, 0x2c, 0x0, 0x1, [@typed={0x8, 0x34, 0x0, 0x0, @pid}, @typed={0x8, 0x76, 0x0, 0x0, @ipv4=@broadcast}]}]}, 0x30}}, 0x4000000)
executing program 6:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
executing program 6:
r0 = socket(0xa, 0x1, 0x84)
bind$auto(r0, &(0x7f0000000040)=@isdn={0x22, 0x40, 0x4, 0x8, 0x9}, 0x6a)
connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x0, @rand_addr=0x2}, 0x52)
shutdown$auto(0x200000003, 0x2)
executing program 36:
r0 = socket(0xa, 0x1, 0x84)
bind$auto(r0, &(0x7f0000000040)=@isdn={0x22, 0x40, 0x4, 0x8, 0x9}, 0x6a)
connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x0, @rand_addr=0x2}, 0x52)
shutdown$auto(0x200000003, 0x2)
executing program 7:
ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8)
syz_clone3(&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, {0x15}, 0x0, 0x0, 0x0, 0x0}, 0x58)
rt_sigtimedwait$auto(&(0x7f0000000040)={0x7fffffff}, 0x0, 0x0, 0x8)
executing program 8:
r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
syz_clone3(&(0x7f0000000200)={0x1a2005180, 0x0, 0x0, 0x0, {0xe}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$sock_SIOCGIFINDEX(r0, 0x4610, 0x0)
executing program 5:
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x801, 0x84)
openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000040), 0xa0900, 0x0)
ioctl$auto(0x3, 0x541b, 0x10000000000402)
executing program 8:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
ioctl$auto(r0, 0x541c, r1)
executing program 8:
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1e, 0x4, 0x0)
setsockopt$auto(0x3, 0x10f, 0x9, 0x0, 0x0)
executing program 5:
mq_timedsend$auto(0xffffffffffffffff, 0x0, 0xe, 0xb, &(0x7f0000000180)={0xffffffffffffffff, 0x10})
r0 = socket(0x11, 0x3, 0x6)
capset$auto(0x0, &(0x7f0000000000)={0x1, 0x47, 0x4a})
sendmmsg$auto(r0, &(0x7f0000000340)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000380)={&(0x7f0000000180), 0x36}, 0x2e, &(0x7f0000000380), 0x7, 0x1083}, 0x5}, 0x2, 0x102)
executing program 8:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
pipe2$auto(0x0, 0x80)
close_range$auto(0x7, 0xfffffffffffffff8, 0x2)
bpf$auto(0x10, 0x0, 0x9)
executing program 7:
socket(0x11, 0x3, 0x9)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
unshare$auto(0x40000080)
ioctl$auto(0x20000000000003, 0x890b, 0x2)
executing program 5:
setitimer$auto(0x1, &(0x7f0000000000)={{0x7fe, 0x7f}, {0x800100004, 0x1}}, 0x0)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x8000)
bpf$auto(0x12, &(0x7f0000000000)=@info={0x2800, 0x1ff, 0x2}, 0xcf)
executing program 4:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000)
io_uring_setup$auto(0x2, 0x0)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event2\x00', 0x2, 0x0)
ioctl$auto_evdev_fops_evdev(r0, 0x80084503, 0x0)
executing program 8:
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty39\x00', 0x40001, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
poll$auto(0x0, 0x5, 0x400)
ioctl$auto(0x3, 0x5405, 0x38)
executing program 4:
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
socket(0x2, 0x3, 0xa)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
setsockopt$auto(0x3, 0x0, 0x20, 0x0, 0x10001)
executing program 4:
madvise$auto(0x0, 0x2000040080000004, 0xe)
open(&(0x7f0000000040)='./cgroup.cpu/cpuset.cpus\x00', 0x121342, 0x0)
mprotect$auto(0x1ffff000, 0x810002, 0x0)
futex_wake$auto(&(0x7f0000000000), 0xffffffff, 0xe, 0x2)
executing program 7:
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nbd11\x00', 0x4840, 0x0)
fadvise64$auto(r0, 0x8, 0xc, 0x4)
executing program 7:
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
write$auto(0x3, 0x0, 0x100082)
executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'batadv0\x00', <r2=>0x0})
sendmsg$auto_BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000700)={0x1c, r1, 0x99bc9625bdb7e757, 0x70bd2d, 0x25dfdbff, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x10)
executing program 5:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bond0\x00', <r1=>0x0})
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r1, 0xffffffffffffffff, 0x4, 0x1ff, r0, @relative_id=0x13, 0xe600}, 0xf)
executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000740), r0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', <r2=>0x0})
sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f00000000c0)={0x28, r1, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@ETHTOOL_A_COALESCE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}, @ETHTOOL_A_COALESCE_RX_USECS_IRQ={0x8, 0x4, 0x3}]}, 0x28}, 0x1, 0x0, 0x0, 0x4089c}, 0x2400c810)
executing program 4:
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
close_range$auto(0x2, 0xffffffffffffffff, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x1b, &(0x7f0000000000), 0x1)
executing program 5:
munmap$auto(0x20001000, 0x2000000c)
statmount$auto(0x0, &(0x7f0000000180)={0x408, 0x6, 0x1ff, 0x7, 0x1d, 0x7181, 0x7fffffff, 0x7, 0x3, 0x9, 0x9, 0x80003, 0x4, 0x200000000001, 0xb4, 0x8, 0x8, 0x10007, 0x5, 0x629d, 0x0, 0xa, 0x8022000, 0x200, 0x0, 0x84, [0x5, 0x2, 0x0, 0xfffffffffffff6c6, 0x0, 0x2000, 0x0, 0xe, 0x3, 0x2, 0xfffffffffffffffd, 0xffffffffffffffff, 0x90, 0x0, 0x6, 0x5, 0xfffffffffffbfffd, 0x2000000000000004, 0x10000000000001, 0x10000000000, 0xffffffffffffffff, 0x4, 0xfffffffffffffe00, 0x0, 0x5, 0x5, 0xdcb, 0xffff, 0x0, 0x0, 0x0, 0x6, 0xffffffffffffffff, 0x88e, 0x8000000000008, 0xfffffffffffffffc, 0x9, 0xa38, 0x0, 0xb, 0xfffffffffff7fdfc, 0x1, 0x3ff, 0x7, 0xc567]}, 0x1fc, 0xd)
r0 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0)
ioctl$auto__ctl_fops_dm_ioctl(r0, 0xfffffffffffffd11, &(0x7f00000001c0))
executing program 7:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
executing program 4:
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/bus/input/handlers\x00', 0x40100, 0x0)
read$auto_proc_pagemap_operations_internal(r0, &(0x7f0000001540)=""/209, 0xd1)
read$auto(0x3, 0x0, 0x1f40)
open(0x0, 0x161342, 0x100)
executing program 5:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/flags\x00', 0x101142, 0x0)
mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
write$auto(r0, 0x0, 0x4)
executing program 8:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000440)={0x1c, r1, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000800}, 0x8000)

program crashed: WARNING: ODEBUG bug in hci_release_dev
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/3
testing program (duration=34s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4]
detailed listing:
executing program 5:
mq_timedsend$auto(0xffffffffffffffff, 0x0, 0xe, 0xb, &(0x7f0000000180)={0xffffffffffffffff, 0x10})
r0 = socket(0x11, 0x3, 0x6)
capset$auto(0x0, &(0x7f0000000000)={0x1, 0x47, 0x4a})
sendmmsg$auto(r0, &(0x7f0000000340)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000380)={&(0x7f0000000180), 0x36}, 0x2e, &(0x7f0000000380), 0x7, 0x1083}, 0x5}, 0x2, 0x102)
executing program 8:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
pipe2$auto(0x0, 0x80)
close_range$auto(0x7, 0xfffffffffffffff8, 0x2)
bpf$auto(0x10, 0x0, 0x9)
executing program 7:
socket(0x11, 0x3, 0x9)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
unshare$auto(0x40000080)
ioctl$auto(0x20000000000003, 0x890b, 0x2)
executing program 5:
setitimer$auto(0x1, &(0x7f0000000000)={{0x7fe, 0x7f}, {0x800100004, 0x1}}, 0x0)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x8000)
bpf$auto(0x12, &(0x7f0000000000)=@info={0x2800, 0x1ff, 0x2}, 0xcf)
executing program 4:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000)
io_uring_setup$auto(0x2, 0x0)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event2\x00', 0x2, 0x0)
ioctl$auto_evdev_fops_evdev(r0, 0x80084503, 0x0)
executing program 8:
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty39\x00', 0x40001, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
poll$auto(0x0, 0x5, 0x400)
ioctl$auto(0x3, 0x5405, 0x38)
executing program 4:
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
socket(0x2, 0x3, 0xa)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
setsockopt$auto(0x3, 0x0, 0x20, 0x0, 0x10001)
executing program 4:
madvise$auto(0x0, 0x2000040080000004, 0xe)
open(&(0x7f0000000040)='./cgroup.cpu/cpuset.cpus\x00', 0x121342, 0x0)
mprotect$auto(0x1ffff000, 0x810002, 0x0)
futex_wake$auto(&(0x7f0000000000), 0xffffffff, 0xe, 0x2)
executing program 7:
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nbd11\x00', 0x4840, 0x0)
fadvise64$auto(r0, 0x8, 0xc, 0x4)
executing program 7:
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
write$auto(0x3, 0x0, 0x100082)
executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'batadv0\x00', <r2=>0x0})
sendmsg$auto_BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000700)={0x1c, r1, 0x99bc9625bdb7e757, 0x70bd2d, 0x25dfdbff, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x10)
executing program 5:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bond0\x00', <r1=>0x0})
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r1, 0xffffffffffffffff, 0x4, 0x1ff, r0, @relative_id=0x13, 0xe600}, 0xf)
executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000740), r0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', <r2=>0x0})
sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f00000000c0)={0x28, r1, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@ETHTOOL_A_COALESCE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}, @ETHTOOL_A_COALESCE_RX_USECS_IRQ={0x8, 0x4, 0x3}]}, 0x28}, 0x1, 0x0, 0x0, 0x4089c}, 0x2400c810)
executing program 4:
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
close_range$auto(0x2, 0xffffffffffffffff, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x1b, &(0x7f0000000000), 0x1)
executing program 5:
munmap$auto(0x20001000, 0x2000000c)
statmount$auto(0x0, &(0x7f0000000180)={0x408, 0x6, 0x1ff, 0x7, 0x1d, 0x7181, 0x7fffffff, 0x7, 0x3, 0x9, 0x9, 0x80003, 0x4, 0x200000000001, 0xb4, 0x8, 0x8, 0x10007, 0x5, 0x629d, 0x0, 0xa, 0x8022000, 0x200, 0x0, 0x84, [0x5, 0x2, 0x0, 0xfffffffffffff6c6, 0x0, 0x2000, 0x0, 0xe, 0x3, 0x2, 0xfffffffffffffffd, 0xffffffffffffffff, 0x90, 0x0, 0x6, 0x5, 0xfffffffffffbfffd, 0x2000000000000004, 0x10000000000001, 0x10000000000, 0xffffffffffffffff, 0x4, 0xfffffffffffffe00, 0x0, 0x5, 0x5, 0xdcb, 0xffff, 0x0, 0x0, 0x0, 0x6, 0xffffffffffffffff, 0x88e, 0x8000000000008, 0xfffffffffffffffc, 0x9, 0xa38, 0x0, 0xb, 0xfffffffffff7fdfc, 0x1, 0x3ff, 0x7, 0xc567]}, 0x1fc, 0xd)
r0 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0)
ioctl$auto__ctl_fops_dm_ioctl(r0, 0xfffffffffffffd11, &(0x7f00000001c0))
executing program 7:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
executing program 4:
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/bus/input/handlers\x00', 0x40100, 0x0)
read$auto_proc_pagemap_operations_internal(r0, &(0x7f0000001540)=""/209, 0xd1)
read$auto(0x3, 0x0, 0x1f40)
open(0x0, 0x161342, 0x100)
executing program 5:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/flags\x00', 0x101142, 0x0)
mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
write$auto(r0, 0x0, 0x4)
executing program 8:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000440)={0x1c, r1, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000800}, 0x8000)

program did not crash
bisect: testing without sub-chunk 3/3
testing program (duration=35s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4]
detailed listing:
executing program 34:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0_macvtap\x00', <r2=>0x0})
sendmsg$auto_OVS_DP_CMD_NEW(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, r1, 0x1, 0x2070bd26, 0x25dfdbf8, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_NAME={0x8, 0x1, 'HfR\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x9}, @OVS_DP_ATTR_IFINDEX={0x8, 0x9, r2}]}, 0x34}, 0x1, 0x0, 0x0, 0x801}, 0x80)
executing program 3:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0)
read$auto(0x3, 0x0, 0x7)
sendmmsg$auto(0x4, 0x0, 0x9a2, 0x4e)
executing program 3:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
socket(0xa, 0x801, 0x84)
semctl$auto(0x1ff, 0x2, 0x13, 0x1)
setsockopt$auto(0x3, 0x10000000084, 0x11, 0x0, 0x8)
executing program 3:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = socket(0xa, 0x801, 0x106)
setsockopt$auto(r0, 0x6, 0x21, 0x0, 0x10)
setsockopt$auto(0x3, 0x6, 0x21, 0x0, 0x10)
executing program 3:
unshare$auto(0x40000080)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000440), r0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(r0, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000001ec0)={0x18, r1, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_LINK={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x40000}, 0x24004080)
executing program 3:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
executing program 3:
r0 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f00000000c0), r1)
sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x3c, r2, 0x1, 0x70bd2d, 0x25dfdbf9, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x58}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_FD={0x8, 0x17, r0}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
executing program 35:
r0 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f00000000c0), r1)
sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x3c, r2, 0x1, 0x70bd2d, 0x25dfdbf9, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x58}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_FD={0x8, 0x17, r0}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
executing program 6:
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
clone$auto(0x1f, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x2)
executing program 6:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
mlock$auto(0x1000, 0x6)
mlockall$auto(0x800000000000005)
executing program 6:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
ioctl$auto(r0, 0x4b33, 0x9)
executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r2=>0x0})
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x30, r1, 0xd0d58b333228212f, 0x70bd2d, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r2}, @NL80211_ATTR_SCAN_FREQUENCIES={0x14, 0x2c, 0x0, 0x1, [@typed={0x8, 0x34, 0x0, 0x0, @pid}, @typed={0x8, 0x76, 0x0, 0x0, @ipv4=@broadcast}]}]}, 0x30}}, 0x4000000)
executing program 6:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
executing program 6:
r0 = socket(0xa, 0x1, 0x84)
bind$auto(r0, &(0x7f0000000040)=@isdn={0x22, 0x40, 0x4, 0x8, 0x9}, 0x6a)
connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x0, @rand_addr=0x2}, 0x52)
shutdown$auto(0x200000003, 0x2)
executing program 36:
r0 = socket(0xa, 0x1, 0x84)
bind$auto(r0, &(0x7f0000000040)=@isdn={0x22, 0x40, 0x4, 0x8, 0x9}, 0x6a)
connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x0, @rand_addr=0x2}, 0x52)
shutdown$auto(0x200000003, 0x2)
executing program 7:
ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8)
syz_clone3(&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, {0x15}, 0x0, 0x0, 0x0, 0x0}, 0x58)
rt_sigtimedwait$auto(&(0x7f0000000040)={0x7fffffff}, 0x0, 0x0, 0x8)
executing program 8:
r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
syz_clone3(&(0x7f0000000200)={0x1a2005180, 0x0, 0x0, 0x0, {0xe}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$sock_SIOCGIFINDEX(r0, 0x4610, 0x0)
executing program 5:
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x801, 0x84)
openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000040), 0xa0900, 0x0)
ioctl$auto(0x3, 0x541b, 0x10000000000402)
executing program 8:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
ioctl$auto(r0, 0x541c, r1)
executing program 8:
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1e, 0x4, 0x0)
setsockopt$auto(0x3, 0x10f, 0x9, 0x0, 0x0)
executing program 7:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
bisect: split chunks (needed=true): <20>, <18>
bisect: split chunk #0 of len 20 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=37s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4]
detailed listing:
executing program 6:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
ioctl$auto(r0, 0x4b33, 0x9)
executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r2=>0x0})
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x30, r1, 0xd0d58b333228212f, 0x70bd2d, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r2}, @NL80211_ATTR_SCAN_FREQUENCIES={0x14, 0x2c, 0x0, 0x1, [@typed={0x8, 0x34, 0x0, 0x0, @pid}, @typed={0x8, 0x76, 0x0, 0x0, @ipv4=@broadcast}]}]}, 0x30}}, 0x4000000)
executing program 6:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
executing program 6:
r0 = socket(0xa, 0x1, 0x84)
bind$auto(r0, &(0x7f0000000040)=@isdn={0x22, 0x40, 0x4, 0x8, 0x9}, 0x6a)
connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x0, @rand_addr=0x2}, 0x52)
shutdown$auto(0x200000003, 0x2)
executing program 36:
r0 = socket(0xa, 0x1, 0x84)
bind$auto(r0, &(0x7f0000000040)=@isdn={0x22, 0x40, 0x4, 0x8, 0x9}, 0x6a)
connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x0, @rand_addr=0x2}, 0x52)
shutdown$auto(0x200000003, 0x2)
executing program 7:
ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8)
syz_clone3(&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, {0x15}, 0x0, 0x0, 0x0, 0x0}, 0x58)
rt_sigtimedwait$auto(&(0x7f0000000040)={0x7fffffff}, 0x0, 0x0, 0x8)
executing program 8:
r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
syz_clone3(&(0x7f0000000200)={0x1a2005180, 0x0, 0x0, 0x0, {0xe}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$sock_SIOCGIFINDEX(r0, 0x4610, 0x0)
executing program 5:
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x801, 0x84)
openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000040), 0xa0900, 0x0)
ioctl$auto(0x3, 0x541b, 0x10000000000402)
executing program 8:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
ioctl$auto(r0, 0x541c, r1)
executing program 8:
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1e, 0x4, 0x0)
setsockopt$auto(0x3, 0x10f, 0x9, 0x0, 0x0)
executing program 5:
mq_timedsend$auto(0xffffffffffffffff, 0x0, 0xe, 0xb, &(0x7f0000000180)={0xffffffffffffffff, 0x10})
r0 = socket(0x11, 0x3, 0x6)
capset$auto(0x0, &(0x7f0000000000)={0x1, 0x47, 0x4a})
sendmmsg$auto(r0, &(0x7f0000000340)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000380)={&(0x7f0000000180), 0x36}, 0x2e, &(0x7f0000000380), 0x7, 0x1083}, 0x5}, 0x2, 0x102)
executing program 8:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
pipe2$auto(0x0, 0x80)
close_range$auto(0x7, 0xfffffffffffffff8, 0x2)
bpf$auto(0x10, 0x0, 0x9)
executing program 7:
socket(0x11, 0x3, 0x9)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
unshare$auto(0x40000080)
ioctl$auto(0x20000000000003, 0x890b, 0x2)
executing program 5:
setitimer$auto(0x1, &(0x7f0000000000)={{0x7fe, 0x7f}, {0x800100004, 0x1}}, 0x0)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x8000)
bpf$auto(0x12, &(0x7f0000000000)=@info={0x2800, 0x1ff, 0x2}, 0xcf)
executing program 4:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000)
io_uring_setup$auto(0x2, 0x0)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event2\x00', 0x2, 0x0)
ioctl$auto_evdev_fops_evdev(r0, 0x80084503, 0x0)
executing program 8:
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty39\x00', 0x40001, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
poll$auto(0x0, 0x5, 0x400)
ioctl$auto(0x3, 0x5405, 0x38)
executing program 4:
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
socket(0x2, 0x3, 0xa)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
setsockopt$auto(0x3, 0x0, 0x20, 0x0, 0x10001)
executing program 4:
madvise$auto(0x0, 0x2000040080000004, 0xe)
open(&(0x7f0000000040)='./cgroup.cpu/cpuset.cpus\x00', 0x121342, 0x0)
mprotect$auto(0x1ffff000, 0x810002, 0x0)
futex_wake$auto(&(0x7f0000000000), 0xffffffff, 0xe, 0x2)
executing program 7:
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nbd11\x00', 0x4840, 0x0)
fadvise64$auto(r0, 0x8, 0xc, 0x4)
executing program 7:
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
write$auto(0x3, 0x0, 0x100082)
executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'batadv0\x00', <r2=>0x0})
sendmsg$auto_BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000700)={0x1c, r1, 0x99bc9625bdb7e757, 0x70bd2d, 0x25dfdbff, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x10)
executing program 5:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bond0\x00', <r1=>0x0})
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r1, 0xffffffffffffffff, 0x4, 0x1ff, r0, @relative_id=0x13, 0xe600}, 0xf)
executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000740), r0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', <r2=>0x0})
sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f00000000c0)={0x28, r1, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@ETHTOOL_A_COALESCE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}, @ETHTOOL_A_COALESCE_RX_USECS_IRQ={0x8, 0x4, 0x3}]}, 0x28}, 0x1, 0x0, 0x0, 0x4089c}, 0x2400c810)
executing program 4:
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
close_range$auto(0x2, 0xffffffffffffffff, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x1b, &(0x7f0000000000), 0x1)
executing program 5:
munmap$auto(0x20001000, 0x2000000c)
statmount$auto(0x0, &(0x7f0000000180)={0x408, 0x6, 0x1ff, 0x7, 0x1d, 0x7181, 0x7fffffff, 0x7, 0x3, 0x9, 0x9, 0x80003, 0x4, 0x200000000001, 0xb4, 0x8, 0x8, 0x10007, 0x5, 0x629d, 0x0, 0xa, 0x8022000, 0x200, 0x0, 0x84, [0x5, 0x2, 0x0, 0xfffffffffffff6c6, 0x0, 0x2000, 0x0, 0xe, 0x3, 0x2, 0xfffffffffffffffd, 0xffffffffffffffff, 0x90, 0x0, 0x6, 0x5, 0xfffffffffffbfffd, 0x2000000000000004, 0x10000000000001, 0x10000000000, 0xffffffffffffffff, 0x4, 0xfffffffffffffe00, 0x0, 0x5, 0x5, 0xdcb, 0xffff, 0x0, 0x0, 0x0, 0x6, 0xffffffffffffffff, 0x88e, 0x8000000000008, 0xfffffffffffffffc, 0x9, 0xa38, 0x0, 0xb, 0xfffffffffff7fdfc, 0x1, 0x3ff, 0x7, 0xc567]}, 0x1fc, 0xd)
r0 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0)
ioctl$auto__ctl_fops_dm_ioctl(r0, 0xfffffffffffffd11, &(0x7f00000001c0))
executing program 7:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
executing program 4:
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/bus/input/handlers\x00', 0x40100, 0x0)
read$auto_proc_pagemap_operations_internal(r0, &(0x7f0000001540)=""/209, 0xd1)
read$auto(0x3, 0x0, 0x1f40)
open(0x0, 0x161342, 0x100)
executing program 5:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/flags\x00', 0x101142, 0x0)
mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
write$auto(r0, 0x0, 0x4)
executing program 8:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000440)={0x1c, r1, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000800}, 0x8000)

program crashed: WARNING: ODEBUG bug in hci_release_dev
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunk #1 of len 18 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=35s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4]
detailed listing:
executing program 6:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
ioctl$auto(r0, 0x4b33, 0x9)
executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r2=>0x0})
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x30, r1, 0xd0d58b333228212f, 0x70bd2d, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r2}, @NL80211_ATTR_SCAN_FREQUENCIES={0x14, 0x2c, 0x0, 0x1, [@typed={0x8, 0x34, 0x0, 0x0, @pid}, @typed={0x8, 0x76, 0x0, 0x0, @ipv4=@broadcast}]}]}, 0x30}}, 0x4000000)
executing program 6:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
executing program 6:
r0 = socket(0xa, 0x1, 0x84)
bind$auto(r0, &(0x7f0000000040)=@isdn={0x22, 0x40, 0x4, 0x8, 0x9}, 0x6a)
connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x0, @rand_addr=0x2}, 0x52)
shutdown$auto(0x200000003, 0x2)
executing program 36:
r0 = socket(0xa, 0x1, 0x84)
bind$auto(r0, &(0x7f0000000040)=@isdn={0x22, 0x40, 0x4, 0x8, 0x9}, 0x6a)
connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x0, @rand_addr=0x2}, 0x52)
shutdown$auto(0x200000003, 0x2)
executing program 7:
ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8)
syz_clone3(&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, {0x15}, 0x0, 0x0, 0x0, 0x0}, 0x58)
rt_sigtimedwait$auto(&(0x7f0000000040)={0x7fffffff}, 0x0, 0x0, 0x8)
executing program 8:
r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
syz_clone3(&(0x7f0000000200)={0x1a2005180, 0x0, 0x0, 0x0, {0xe}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$sock_SIOCGIFINDEX(r0, 0x4610, 0x0)
executing program 5:
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x801, 0x84)
openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000040), 0xa0900, 0x0)
ioctl$auto(0x3, 0x541b, 0x10000000000402)
executing program 8:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
ioctl$auto(r0, 0x541c, r1)
executing program 8:
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1e, 0x4, 0x0)
setsockopt$auto(0x3, 0x10f, 0x9, 0x0, 0x0)
executing program 7:
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
write$auto(0x3, 0x0, 0x100082)
executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'batadv0\x00', <r2=>0x0})
sendmsg$auto_BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000700)={0x1c, r1, 0x99bc9625bdb7e757, 0x70bd2d, 0x25dfdbff, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x10)
executing program 5:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bond0\x00', <r1=>0x0})
bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r1, 0xffffffffffffffff, 0x4, 0x1ff, r0, @relative_id=0x13, 0xe600}, 0xf)
executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000740), r0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', <r2=>0x0})
sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f00000000c0)={0x28, r1, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@ETHTOOL_A_COALESCE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}, @ETHTOOL_A_COALESCE_RX_USECS_IRQ={0x8, 0x4, 0x3}]}, 0x28}, 0x1, 0x0, 0x0, 0x4089c}, 0x2400c810)
executing program 4:
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
close_range$auto(0x2, 0xffffffffffffffff, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x1b, &(0x7f0000000000), 0x1)
executing program 5:
munmap$auto(0x20001000, 0x2000000c)
statmount$auto(0x0, &(0x7f0000000180)={0x408, 0x6, 0x1ff, 0x7, 0x1d, 0x7181, 0x7fffffff, 0x7, 0x3, 0x9, 0x9, 0x80003, 0x4, 0x200000000001, 0xb4, 0x8, 0x8, 0x10007, 0x5, 0x629d, 0x0, 0xa, 0x8022000, 0x200, 0x0, 0x84, [0x5, 0x2, 0x0, 0xfffffffffffff6c6, 0x0, 0x2000, 0x0, 0xe, 0x3, 0x2, 0xfffffffffffffffd, 0xffffffffffffffff, 0x90, 0x0, 0x6, 0x5, 0xfffffffffffbfffd, 0x2000000000000004, 0x10000000000001, 0x10000000000, 0xffffffffffffffff, 0x4, 0xfffffffffffffe00, 0x0, 0x5, 0x5, 0xdcb, 0xffff, 0x0, 0x0, 0x0, 0x6, 0xffffffffffffffff, 0x88e, 0x8000000000008, 0xfffffffffffffffc, 0x9, 0xa38, 0x0, 0xb, 0xfffffffffff7fdfc, 0x1, 0x3ff, 0x7, 0xc567]}, 0x1fc, 0xd)
r0 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0)
ioctl$auto__ctl_fops_dm_ioctl(r0, 0xfffffffffffffd11, &(0x7f00000001c0))
executing program 7:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
executing program 4:
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/bus/input/handlers\x00', 0x40100, 0x0)
read$auto_proc_pagemap_operations_internal(r0, &(0x7f0000001540)=""/209, 0xd1)
read$auto(0x3, 0x0, 0x1f40)
open(0x0, 0x161342, 0x100)
executing program 5:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/flags\x00', 0x101142, 0x0)
mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
write$auto(r0, 0x0, 0x4)
executing program 8:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000440)={0x1c, r1, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000800}, 0x8000)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=35s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4]
detailed listing:
executing program 6:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
ioctl$auto(r0, 0x4b33, 0x9)
executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r2=>0x0})
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x30, r1, 0xd0d58b333228212f, 0x70bd2d, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r2}, @NL80211_ATTR_SCAN_FREQUENCIES={0x14, 0x2c, 0x0, 0x1, [@typed={0x8, 0x34, 0x0, 0x0, @pid}, @typed={0x8, 0x76, 0x0, 0x0, @ipv4=@broadcast}]}]}, 0x30}}, 0x4000000)
executing program 6:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
executing program 6:
r0 = socket(0xa, 0x1, 0x84)
bind$auto(r0, &(0x7f0000000040)=@isdn={0x22, 0x40, 0x4, 0x8, 0x9}, 0x6a)
connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x0, @rand_addr=0x2}, 0x52)
shutdown$auto(0x200000003, 0x2)
executing program 36:
r0 = socket(0xa, 0x1, 0x84)
bind$auto(r0, &(0x7f0000000040)=@isdn={0x22, 0x40, 0x4, 0x8, 0x9}, 0x6a)
connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x0, @rand_addr=0x2}, 0x52)
shutdown$auto(0x200000003, 0x2)
executing program 7:
ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8)
syz_clone3(&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, {0x15}, 0x0, 0x0, 0x0, 0x0}, 0x58)
rt_sigtimedwait$auto(&(0x7f0000000040)={0x7fffffff}, 0x0, 0x0, 0x8)
executing program 8:
r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
syz_clone3(&(0x7f0000000200)={0x1a2005180, 0x0, 0x0, 0x0, {0xe}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$sock_SIOCGIFINDEX(r0, 0x4610, 0x0)
executing program 5:
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x801, 0x84)
openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000040), 0xa0900, 0x0)
ioctl$auto(0x3, 0x541b, 0x10000000000402)
executing program 8:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
ioctl$auto(r0, 0x541c, r1)
executing program 8:
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1e, 0x4, 0x0)
setsockopt$auto(0x3, 0x10f, 0x9, 0x0, 0x0)
executing program 5:
mq_timedsend$auto(0xffffffffffffffff, 0x0, 0xe, 0xb, &(0x7f0000000180)={0xffffffffffffffff, 0x10})
r0 = socket(0x11, 0x3, 0x6)
capset$auto(0x0, &(0x7f0000000000)={0x1, 0x47, 0x4a})
sendmmsg$auto(r0, &(0x7f0000000340)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000380)={&(0x7f0000000180), 0x36}, 0x2e, &(0x7f0000000380), 0x7, 0x1083}, 0x5}, 0x2, 0x102)
executing program 8:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
pipe2$auto(0x0, 0x80)
close_range$auto(0x7, 0xfffffffffffffff8, 0x2)
bpf$auto(0x10, 0x0, 0x9)
executing program 7:
socket(0x11, 0x3, 0x9)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
unshare$auto(0x40000080)
ioctl$auto(0x20000000000003, 0x890b, 0x2)
executing program 5:
setitimer$auto(0x1, &(0x7f0000000000)={{0x7fe, 0x7f}, {0x800100004, 0x1}}, 0x0)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x8000)
bpf$auto(0x12, &(0x7f0000000000)=@info={0x2800, 0x1ff, 0x2}, 0xcf)
executing program 4:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000)
io_uring_setup$auto(0x2, 0x0)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event2\x00', 0x2, 0x0)
ioctl$auto_evdev_fops_evdev(r0, 0x80084503, 0x0)
executing program 8:
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty39\x00', 0x40001, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
poll$auto(0x0, 0x5, 0x400)
ioctl$auto(0x3, 0x5405, 0x38)
executing program 4:
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
socket(0x2, 0x3, 0xa)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
setsockopt$auto(0x3, 0x0, 0x20, 0x0, 0x10001)
executing program 4:
madvise$auto(0x0, 0x2000040080000004, 0xe)
open(&(0x7f0000000040)='./cgroup.cpu/cpuset.cpus\x00', 0x121342, 0x0)
mprotect$auto(0x1ffff000, 0x810002, 0x0)
futex_wake$auto(&(0x7f0000000000), 0xffffffff, 0xe, 0x2)
executing program 7:
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nbd11\x00', 0x4840, 0x0)
fadvise64$auto(r0, 0x8, 0xc, 0x4)
executing program 7:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: WARNING: ODEBUG bug in hci_release_dev
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <10>, <9>
bisect: split chunk #0 of len 10 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=33s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4]
detailed listing:
executing program 7:
ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8)
syz_clone3(&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, {0x15}, 0x0, 0x0, 0x0, 0x0}, 0x58)
rt_sigtimedwait$auto(&(0x7f0000000040)={0x7fffffff}, 0x0, 0x0, 0x8)
executing program 8:
r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
syz_clone3(&(0x7f0000000200)={0x1a2005180, 0x0, 0x0, 0x0, {0xe}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$sock_SIOCGIFINDEX(r0, 0x4610, 0x0)
executing program 5:
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x801, 0x84)
openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000040), 0xa0900, 0x0)
ioctl$auto(0x3, 0x541b, 0x10000000000402)
executing program 8:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
ioctl$auto(r0, 0x541c, r1)
executing program 8:
close_range$auto(0x2, 0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1e, 0x4, 0x0)
setsockopt$auto(0x3, 0x10f, 0x9, 0x0, 0x0)
executing program 5:
mq_timedsend$auto(0xffffffffffffffff, 0x0, 0xe, 0xb, &(0x7f0000000180)={0xffffffffffffffff, 0x10})
r0 = socket(0x11, 0x3, 0x6)
capset$auto(0x0, &(0x7f0000000000)={0x1, 0x47, 0x4a})
sendmmsg$auto(r0, &(0x7f0000000340)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000380)={&(0x7f0000000180), 0x36}, 0x2e, &(0x7f0000000380), 0x7, 0x1083}, 0x5}, 0x2, 0x102)
executing program 8:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
pipe2$auto(0x0, 0x80)
close_range$auto(0x7, 0xfffffffffffffff8, 0x2)
bpf$auto(0x10, 0x0, 0x9)
executing program 7:
socket(0x11, 0x3, 0x9)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
unshare$auto(0x40000080)
ioctl$auto(0x20000000000003, 0x890b, 0x2)
executing program 5:
setitimer$auto(0x1, &(0x7f0000000000)={{0x7fe, 0x7f}, {0x800100004, 0x1}}, 0x0)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x8000)
bpf$auto(0x12, &(0x7f0000000000)=@info={0x2800, 0x1ff, 0x2}, 0xcf)
executing program 4:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000)
io_uring_setup$auto(0x2, 0x0)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event2\x00', 0x2, 0x0)
ioctl$auto_evdev_fops_evdev(r0, 0x80084503, 0x0)
executing program 8:
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty39\x00', 0x40001, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
poll$auto(0x0, 0x5, 0x400)
ioctl$auto(0x3, 0x5405, 0x38)
executing program 4:
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
socket(0x2, 0x3, 0xa)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
setsockopt$auto(0x3, 0x0, 0x20, 0x0, 0x10001)
executing program 4:
madvise$auto(0x0, 0x2000040080000004, 0xe)
open(&(0x7f0000000040)='./cgroup.cpu/cpuset.cpus\x00', 0x121342, 0x0)
mprotect$auto(0x1ffff000, 0x810002, 0x0)
futex_wake$auto(&(0x7f0000000000), 0xffffffff, 0xe, 0x2)
executing program 7:
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nbd11\x00', 0x4840, 0x0)
fadvise64$auto(r0, 0x8, 0xc, 0x4)
executing program 7:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=33s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4]
detailed listing:
executing program 6:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
ioctl$auto(r0, 0x4b33, 0x9)
executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r2=>0x0})
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x30, r1, 0xd0d58b333228212f, 0x70bd2d, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r2}, @NL80211_ATTR_SCAN_FREQUENCIES={0x14, 0x2c, 0x0, 0x1, [@typed={0x8, 0x34, 0x0, 0x0, @pid}, @typed={0x8, 0x76, 0x0, 0x0, @ipv4=@broadcast}]}]}, 0x30}}, 0x4000000)
executing program 6:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
executing program 6:
r0 = socket(0xa, 0x1, 0x84)
bind$auto(r0, &(0x7f0000000040)=@isdn={0x22, 0x40, 0x4, 0x8, 0x9}, 0x6a)
connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x0, @rand_addr=0x2}, 0x52)
shutdown$auto(0x200000003, 0x2)
executing program 36:
r0 = socket(0xa, 0x1, 0x84)
bind$auto(r0, &(0x7f0000000040)=@isdn={0x22, 0x40, 0x4, 0x8, 0x9}, 0x6a)
connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x0, @rand_addr=0x2}, 0x52)
shutdown$auto(0x200000003, 0x2)
executing program 5:
mq_timedsend$auto(0xffffffffffffffff, 0x0, 0xe, 0xb, &(0x7f0000000180)={0xffffffffffffffff, 0x10})
r0 = socket(0x11, 0x3, 0x6)
capset$auto(0x0, &(0x7f0000000000)={0x1, 0x47, 0x4a})
sendmmsg$auto(r0, &(0x7f0000000340)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000380)={&(0x7f0000000180), 0x36}, 0x2e, &(0x7f0000000380), 0x7, 0x1083}, 0x5}, 0x2, 0x102)
executing program 8:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
pipe2$auto(0x0, 0x80)
close_range$auto(0x7, 0xfffffffffffffff8, 0x2)
bpf$auto(0x10, 0x0, 0x9)
executing program 7:
socket(0x11, 0x3, 0x9)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
unshare$auto(0x40000080)
ioctl$auto(0x20000000000003, 0x890b, 0x2)
executing program 5:
setitimer$auto(0x1, &(0x7f0000000000)={{0x7fe, 0x7f}, {0x800100004, 0x1}}, 0x0)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x8000)
bpf$auto(0x12, &(0x7f0000000000)=@info={0x2800, 0x1ff, 0x2}, 0xcf)
executing program 4:
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000)
io_uring_setup$auto(0x2, 0x0)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event2\x00', 0x2, 0x0)
ioctl$auto_evdev_fops_evdev(r0, 0x80084503, 0x0)
executing program 8:
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty39\x00', 0x40001, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
poll$auto(0x0, 0x5, 0x400)
ioctl$auto(0x3, 0x5405, 0x38)
executing program 4:
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
socket(0x2, 0x3, 0xa)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
setsockopt$auto(0x3, 0x0, 0x20, 0x0, 0x10001)
executing program 4:
madvise$auto(0x0, 0x2000040080000004, 0xe)
open(&(0x7f0000000040)='./cgroup.cpu/cpuset.cpus\x00', 0x121342, 0x0)
mprotect$auto(0x1ffff000, 0x810002, 0x0)
futex_wake$auto(&(0x7f0000000000), 0xffffffff, 0xe, 0x2)
executing program 7:
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nbd11\x00', 0x4840, 0x0)
fadvise64$auto(r0, 0x8, 0xc, 0x4)
executing program 7:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: WARNING: ODEBUG bug in hci_release_dev
bisect: the chunk can be dropped
bisect: split chunk #1 of len 9 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=32s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4, 4, 4, 4, 4, 4, 4, 4, 4]
detailed listing:
executing program 6:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
ioctl$auto(r0, 0x4b33, 0x9)
executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r2=>0x0})
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x30, r1, 0xd0d58b333228212f, 0x70bd2d, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r2}, @NL80211_ATTR_SCAN_FREQUENCIES={0x14, 0x2c, 0x0, 0x1, [@typed={0x8, 0x34, 0x0, 0x0, @pid}, @typed={0x8, 0x76, 0x0, 0x0, @ipv4=@broadcast}]}]}, 0x30}}, 0x4000000)
executing program 6:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
executing program 6:
r0 = socket(0xa, 0x1, 0x84)
bind$auto(r0, &(0x7f0000000040)=@isdn={0x22, 0x40, 0x4, 0x8, 0x9}, 0x6a)
connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x0, @rand_addr=0x2}, 0x52)
shutdown$auto(0x200000003, 0x2)
executing program 36:
r0 = socket(0xa, 0x1, 0x84)
bind$auto(r0, &(0x7f0000000040)=@isdn={0x22, 0x40, 0x4, 0x8, 0x9}, 0x6a)
connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x0, @rand_addr=0x2}, 0x52)
shutdown$auto(0x200000003, 0x2)
executing program 8:
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty39\x00', 0x40001, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
poll$auto(0x0, 0x5, 0x400)
ioctl$auto(0x3, 0x5405, 0x38)
executing program 4:
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
socket(0x2, 0x3, 0xa)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
setsockopt$auto(0x3, 0x0, 0x20, 0x0, 0x10001)
executing program 4:
madvise$auto(0x0, 0x2000040080000004, 0xe)
open(&(0x7f0000000040)='./cgroup.cpu/cpuset.cpus\x00', 0x121342, 0x0)
mprotect$auto(0x1ffff000, 0x810002, 0x0)
futex_wake$auto(&(0x7f0000000000), 0xffffffff, 0xe, 0x2)
executing program 7:
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nbd11\x00', 0x4840, 0x0)
fadvise64$auto(r0, 0x8, 0xc, 0x4)
executing program 7:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: WARNING: ODEBUG bug in hci_release_dev
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <5>, <4>
bisect: split chunk #0 of len 5 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4, 4, 4, 4, 4, 4]
detailed listing:
executing program 6:
r0 = socket(0xa, 0x1, 0x84)
bind$auto(r0, &(0x7f0000000040)=@isdn={0x22, 0x40, 0x4, 0x8, 0x9}, 0x6a)
connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x0, @rand_addr=0x2}, 0x52)
shutdown$auto(0x200000003, 0x2)
executing program 36:
r0 = socket(0xa, 0x1, 0x84)
bind$auto(r0, &(0x7f0000000040)=@isdn={0x22, 0x40, 0x4, 0x8, 0x9}, 0x6a)
connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x0, @rand_addr=0x2}, 0x52)
shutdown$auto(0x200000003, 0x2)
executing program 8:
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty39\x00', 0x40001, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
poll$auto(0x0, 0x5, 0x400)
ioctl$auto(0x3, 0x5405, 0x38)
executing program 4:
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
socket(0x2, 0x3, 0xa)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
setsockopt$auto(0x3, 0x0, 0x20, 0x0, 0x10001)
executing program 4:
madvise$auto(0x0, 0x2000040080000004, 0xe)
open(&(0x7f0000000040)='./cgroup.cpu/cpuset.cpus\x00', 0x121342, 0x0)
mprotect$auto(0x1ffff000, 0x810002, 0x0)
futex_wake$auto(&(0x7f0000000000), 0xffffffff, 0xe, 0x2)
executing program 7:
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nbd11\x00', 0x4840, 0x0)
fadvise64$auto(r0, 0x8, 0xc, 0x4)
executing program 7:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=32s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4, 4, 4, 4, 4, 4, 4]
detailed listing:
executing program 6:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
ioctl$auto(r0, 0x4b33, 0x9)
executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r2=>0x0})
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x30, r1, 0xd0d58b333228212f, 0x70bd2d, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r2}, @NL80211_ATTR_SCAN_FREQUENCIES={0x14, 0x2c, 0x0, 0x1, [@typed={0x8, 0x34, 0x0, 0x0, @pid}, @typed={0x8, 0x76, 0x0, 0x0, @ipv4=@broadcast}]}]}, 0x30}}, 0x4000000)
executing program 6:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
executing program 8:
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty39\x00', 0x40001, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
poll$auto(0x0, 0x5, 0x400)
ioctl$auto(0x3, 0x5405, 0x38)
executing program 4:
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
socket(0x2, 0x3, 0xa)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
setsockopt$auto(0x3, 0x0, 0x20, 0x0, 0x10001)
executing program 4:
madvise$auto(0x0, 0x2000040080000004, 0xe)
open(&(0x7f0000000040)='./cgroup.cpu/cpuset.cpus\x00', 0x121342, 0x0)
mprotect$auto(0x1ffff000, 0x810002, 0x0)
futex_wake$auto(&(0x7f0000000000), 0xffffffff, 0xe, 0x2)
executing program 7:
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nbd11\x00', 0x4840, 0x0)
fadvise64$auto(r0, 0x8, 0xc, 0x4)
executing program 7:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: WARNING: ODEBUG bug in hci_release_dev
bisect: the chunk can be dropped
bisect: split chunk #1 of len 4 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4, 4, 4, 4, 4]
detailed listing:
executing program 6:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
ioctl$auto(r0, 0x4b33, 0x9)
executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r2=>0x0})
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x30, r1, 0xd0d58b333228212f, 0x70bd2d, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r2}, @NL80211_ATTR_SCAN_FREQUENCIES={0x14, 0x2c, 0x0, 0x1, [@typed={0x8, 0x34, 0x0, 0x0, @pid}, @typed={0x8, 0x76, 0x0, 0x0, @ipv4=@broadcast}]}]}, 0x30}}, 0x4000000)
executing program 6:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
executing program 4:
madvise$auto(0x0, 0x2000040080000004, 0xe)
open(&(0x7f0000000040)='./cgroup.cpu/cpuset.cpus\x00', 0x121342, 0x0)
mprotect$auto(0x1ffff000, 0x810002, 0x0)
futex_wake$auto(&(0x7f0000000000), 0xffffffff, 0xe, 0x2)
executing program 7:
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nbd11\x00', 0x4840, 0x0)
fadvise64$auto(r0, 0x8, 0xc, 0x4)
executing program 7:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: WARNING: ODEBUG bug in hci_release_dev
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <3>, <2>
bisect: split chunk #0 of len 3 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4, 4, 4]
detailed listing:
executing program 6:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
executing program 4:
madvise$auto(0x0, 0x2000040080000004, 0xe)
open(&(0x7f0000000040)='./cgroup.cpu/cpuset.cpus\x00', 0x121342, 0x0)
mprotect$auto(0x1ffff000, 0x810002, 0x0)
futex_wake$auto(&(0x7f0000000000), 0xffffffff, 0xe, 0x2)
executing program 7:
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nbd11\x00', 0x4840, 0x0)
fadvise64$auto(r0, 0x8, 0xc, 0x4)
executing program 7:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: WARNING: ODEBUG bug in hci_release_dev
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunk #1 of len 2 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4, 4]
detailed listing:
executing program 6:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
executing program 7:
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nbd11\x00', 0x4840, 0x0)
fadvise64$auto(r0, 0x8, 0xc, 0x4)
executing program 7:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4, 4]
detailed listing:
executing program 6:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
executing program 4:
madvise$auto(0x0, 0x2000040080000004, 0xe)
open(&(0x7f0000000040)='./cgroup.cpu/cpuset.cpus\x00', 0x121342, 0x0)
mprotect$auto(0x1ffff000, 0x810002, 0x0)
futex_wake$auto(&(0x7f0000000000), 0xffffffff, 0xe, 0x2)
executing program 7:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: WARNING: ODEBUG bug in hci_release_dev
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <1>, <1>
bisect: split chunk #0 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: split chunk #1 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: 3 programs left: 

executing program 6:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
executing program 4:
madvise$auto(0x0, 0x2000040080000004, 0xe)
open(&(0x7f0000000040)='./cgroup.cpu/cpuset.cpus\x00', 0x121342, 0x0)
mprotect$auto(0x1ffff000, 0x810002, 0x0)
futex_wake$auto(&(0x7f0000000000), 0xffffffff, 0xe, 0x2)
executing program 7:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)


bisect: trying to concatenate
bisect: concatenate 3 entries
minimizing program #0 before concatenation
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 4, 4]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
executing program 4:
madvise$auto(0x0, 0x2000040080000004, 0xe)
open(&(0x7f0000000040)='./cgroup.cpu/cpuset.cpus\x00', 0x121342, 0x0)
mprotect$auto(0x1ffff000, 0x810002, 0x0)
futex_wake$auto(&(0x7f0000000000), 0xffffffff, 0xe, 0x2)
executing program 7:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 4, 4]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004)
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
executing program 4:
madvise$auto(0x0, 0x2000040080000004, 0xe)
open(&(0x7f0000000040)='./cgroup.cpu/cpuset.cpus\x00', 0x121342, 0x0)
mprotect$auto(0x1ffff000, 0x810002, 0x0)
futex_wake$auto(&(0x7f0000000000), 0xffffffff, 0xe, 0x2)
executing program 7:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: WARNING: ODEBUG bug in hci_release_dev
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 4, 4]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
executing program 4:
madvise$auto(0x0, 0x2000040080000004, 0xe)
open(&(0x7f0000000040)='./cgroup.cpu/cpuset.cpus\x00', 0x121342, 0x0)
mprotect$auto(0x1ffff000, 0x810002, 0x0)
futex_wake$auto(&(0x7f0000000000), 0xffffffff, 0xe, 0x2)
executing program 7:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: WARNING: ODEBUG bug in hci_release_dev
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 4, 4]
detailed listing:
executing program 0:
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
executing program 4:
madvise$auto(0x0, 0x2000040080000004, 0xe)
open(&(0x7f0000000040)='./cgroup.cpu/cpuset.cpus\x00', 0x121342, 0x0)
mprotect$auto(0x1ffff000, 0x810002, 0x0)
futex_wake$auto(&(0x7f0000000000), 0xffffffff, 0xe, 0x2)
executing program 7:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: WARNING: ODEBUG bug in hci_release_dev
minimized 4 calls -> 1 calls
minimizing program #1 before concatenation
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 3, 4]
detailed listing:
executing program 6:
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
executing program 0:
madvise$auto(0x0, 0x2000040080000004, 0xe)
open(&(0x7f0000000040)='./cgroup.cpu/cpuset.cpus\x00', 0x121342, 0x0)
mprotect$auto(0x1ffff000, 0x810002, 0x0)
executing program 7:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: WARNING: ODEBUG bug in hci_release_dev
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 2, 4]
detailed listing:
executing program 6:
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
executing program 0:
madvise$auto(0x0, 0x2000040080000004, 0xe)
open(&(0x7f0000000040)='./cgroup.cpu/cpuset.cpus\x00', 0x121342, 0x0)
executing program 7:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: WARNING: ODEBUG bug in hci_release_dev
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 1, 4]
detailed listing:
executing program 6:
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
executing program 0:
madvise$auto(0x0, 0x2000040080000004, 0xe)
executing program 7:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: WARNING: ODEBUG bug in hci_release_dev
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 0, 4]
detailed listing:
executing program 6:
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
executing program 0:
executing program 7:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: WARNING: ODEBUG bug in hci_release_dev
minimized 4 calls -> 0 calls
minimizing program #2 before concatenation
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 0, 3]
detailed listing:
executing program 6:
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
executing program 4:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 0, 3]
detailed listing:
executing program 6:
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
executing program 4:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
write$auto(0xffffffffffffffff, 0x0, 0xe)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 0, 3]
detailed listing:
executing program 6:
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
executing program 4:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 0, 3]
detailed listing:
executing program 6:
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
executing program 4:
executing program 0:
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
minimized 4 calls -> 4 calls
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): rt_sigqueueinfo$auto-mmap$auto-sendfile$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: WARNING: ODEBUG bug in hci_release_dev
bisect: concatenation succeeded
found reproducer with 5 syscalls
minimizing guilty program
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): rt_sigqueueinfo$auto-mmap$auto-sendfile$auto-openat$auto_force_devcoredump_fops_hci_vhci
detailed listing:
executing program 0:
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): rt_sigqueueinfo$auto-mmap$auto-sendfile$auto-write$auto
detailed listing:
executing program 0:
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fffe000)
write$auto(0xffffffffffffffff, 0x0, 0xe)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): rt_sigqueueinfo$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: WARNING: ODEBUG bug in hci_release_dev
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): rt_sigqueueinfo$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): rt_sigqueueinfo$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
rt_sigqueueinfo$auto(0x1, 0x7, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci1/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): rt_sigqueueinfo$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
extracting C reproducer
testing compiled C program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): rt_sigqueueinfo$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
simplifying C reproducer
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): rt_sigqueueinfo$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing compiled C program (duration=45s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): rt_sigqueueinfo$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program did not crash
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): rt_sigqueueinfo$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program did not crash
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): rt_sigqueueinfo$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program did not crash
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): rt_sigqueueinfo$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): rt_sigqueueinfo$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program did not crash
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): rt_sigqueueinfo$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): rt_sigqueueinfo$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): rt_sigqueueinfo$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): rt_sigqueueinfo$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): rt_sigqueueinfo$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program did not crash
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): rt_sigqueueinfo$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program did not crash
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): rt_sigqueueinfo$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): rt_sigqueueinfo$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): rt_sigqueueinfo$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:false Sysctl:false Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): rt_sigqueueinfo$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): rt_sigqueueinfo$auto-mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: WARNING: ODEBUG bug in hci_release_dev
reproducing took 1h32m57.287889377s
repro crashed as (corrupted=false):
------------[ cut here ]------------
ODEBUG: free active (active state 0) object: ffff888034b59248 object type: timer_list hint: hci_devcd_timeout+0x0/0x2f0 include/linux/skbuff.h:2741
WARNING: CPU: 1 PID: 5834 at lib/debugobjects.c:612 debug_print_object+0x1a2/0x2b0 lib/debugobjects.c:612
Modules linked in:
CPU: 1 UID: 0 PID: 5834 Comm: syz-executor303 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
RIP: 0010:debug_print_object+0x1a2/0x2b0 lib/debugobjects.c:612
Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 48 8b 14 dd e0 83 b1 8b 41 56 4c 89 e6 48 c7 c7 60 78 b1 8b e8 4f 26 bc fc 90 <0f> 0b 90 90 58 83 05 f6 3a 7f 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d
RSP: 0018:ffffc900038c7988 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff815a17c9
RDX: ffff888034a3da00 RSI: ffffffff815a17d6 RDI: 0000000000000001
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8bb17f00
R13: ffffffff8b4f81a0 R14: ffffffff8a2b2750 R15: ffffc900038c7a98
FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffea0620ff8 CR3: 000000003477a000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __debug_check_no_obj_freed lib/debugobjects.c:1099 [inline]
 debug_check_no_obj_freed+0x4b7/0x600 lib/debugobjects.c:1129
 slab_free_hook mm/slub.c:2284 [inline]
 slab_free mm/slub.c:4613 [inline]
 kfree+0x2b3/0x4b0 mm/slub.c:4761
 hci_release_dev+0x4d9/0x600 net/bluetooth/hci_core.c:2758
 bt_host_release+0x6a/0xb0 net/bluetooth/hci_sysfs.c:87
 device_release+0xa1/0x240 drivers/base/core.c:2567
 kobject_cleanup lib/kobject.c:689 [inline]
 kobject_release lib/kobject.c:720 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x1e4/0x5a0 lib/kobject.c:737
 put_device+0x1f/0x30 drivers/base/core.c:3773
 vhci_release+0x81/0xf0 drivers/bluetooth/hci_vhci.c:665
 __fput+0x3f8/0xb60 fs/file_table.c:450
 task_work_run+0x14e/0x250 kernel/task_work.c:239
 exit_task_work include/linux/task_work.h:43 [inline]
 do_exit+0xad8/0x2d70 kernel/exit.c:938
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1087
 __do_sys_exit_group kernel/exit.c:1098 [inline]
 __se_sys_exit_group kernel/exit.c:1096 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1096
 x64_sys_call+0x151f/0x1720 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fd34925ccd9
Code: Unable to access opcode bytes at 0x7fd34925ccaf.
RSP: 002b:00007ffdcd9dcf28 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fd34925ccd9
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
RBP: 00007fd3492e93b0 R08: ffffffffffffffb0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd3492e93b0
R13: 0000000000000000 R14: 00007fd3492ebee0 R15: 00007fd349229b60
 </TASK>

final repro crashed as (corrupted=false):
------------[ cut here ]------------
ODEBUG: free active (active state 0) object: ffff888034b59248 object type: timer_list hint: hci_devcd_timeout+0x0/0x2f0 include/linux/skbuff.h:2741
WARNING: CPU: 1 PID: 5834 at lib/debugobjects.c:612 debug_print_object+0x1a2/0x2b0 lib/debugobjects.c:612
Modules linked in:
CPU: 1 UID: 0 PID: 5834 Comm: syz-executor303 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
RIP: 0010:debug_print_object+0x1a2/0x2b0 lib/debugobjects.c:612
Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 48 8b 14 dd e0 83 b1 8b 41 56 4c 89 e6 48 c7 c7 60 78 b1 8b e8 4f 26 bc fc 90 <0f> 0b 90 90 58 83 05 f6 3a 7f 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d
RSP: 0018:ffffc900038c7988 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff815a17c9
RDX: ffff888034a3da00 RSI: ffffffff815a17d6 RDI: 0000000000000001
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8bb17f00
R13: ffffffff8b4f81a0 R14: ffffffff8a2b2750 R15: ffffc900038c7a98
FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffea0620ff8 CR3: 000000003477a000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __debug_check_no_obj_freed lib/debugobjects.c:1099 [inline]
 debug_check_no_obj_freed+0x4b7/0x600 lib/debugobjects.c:1129
 slab_free_hook mm/slub.c:2284 [inline]
 slab_free mm/slub.c:4613 [inline]
 kfree+0x2b3/0x4b0 mm/slub.c:4761
 hci_release_dev+0x4d9/0x600 net/bluetooth/hci_core.c:2758
 bt_host_release+0x6a/0xb0 net/bluetooth/hci_sysfs.c:87
 device_release+0xa1/0x240 drivers/base/core.c:2567
 kobject_cleanup lib/kobject.c:689 [inline]
 kobject_release lib/kobject.c:720 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x1e4/0x5a0 lib/kobject.c:737
 put_device+0x1f/0x30 drivers/base/core.c:3773
 vhci_release+0x81/0xf0 drivers/bluetooth/hci_vhci.c:665
 __fput+0x3f8/0xb60 fs/file_table.c:450
 task_work_run+0x14e/0x250 kernel/task_work.c:239
 exit_task_work include/linux/task_work.h:43 [inline]
 do_exit+0xad8/0x2d70 kernel/exit.c:938
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1087
 __do_sys_exit_group kernel/exit.c:1098 [inline]
 __se_sys_exit_group kernel/exit.c:1096 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1096
 x64_sys_call+0x151f/0x1720 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fd34925ccd9
Code: Unable to access opcode bytes at 0x7fd34925ccaf.
RSP: 002b:00007ffdcd9dcf28 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fd34925ccd9
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
RBP: 00007fd3492e93b0 R08: ffffffffffffffb0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd3492e93b0
R13: 0000000000000000 R14: 00007fd3492ebee0 R15: 00007fd349229b60
 </TASK>