Extracting prog: 4m24.346400241s
Minimizing prog: 10m25.425285616s
Simplifying prog options: 0s
Extracting C: 53.322947083s
Simplifying C: 18m22.791122476s


extracting reproducer from 24 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-socket-io_uring_setup$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
socket(0x22, 0x80000, 0xd67d)
io_uring_setup$auto(0x6, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
single: failed to extract reproducer
bisect: bisecting 24 programs with base timeout 30s
testing program (duration=36s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 23, 5, 13, 30, 29, 7, 15, 17, 29, 22, 3, 17, 2, 30, 7, 5, 2, 10, 22, 30, 17, 5, 29]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = socket(0x80000000000000a, 0x2, 0x0)
sendto$auto(r0, 0x0, 0x402, 0x101, &(0x7f0000000000)=@generic={0xa, "01e983638bffff4993021400"}, 0x1c)
executing program 0:
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/net/ip_vs\x00', 0x121000, 0x0)
mmap$auto(0x0, 0xe6692ee, 0x1, 0x100000eb1, r0, 0x8000)
sendmmsg$auto(0x3, 0x0, 0x9a4, 0xffff)
mmap$auto(0x0, 0x9, 0x400000072, 0x8b72, 0x1000000002, 0x8000)
madvise$auto(0x405, 0xffffffffffff0001, 0x3)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
r1 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0)
ioctl$auto(r1, 0x81004517, r1)
sendmsg$auto_NL80211_CMD_RADAR_DETECT(0xffffffffffffffff, 0x0, 0x4008000)
r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$auto_NL80211_CMD_SET_INTERFACE(r2, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x0, 0x20, 0x70bd28, 0x25dfdbff, {}, [@NL80211_ATTR_STA_PLINK_ACTION={0x5, 0x19, 0x77}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)
ioctl$auto_UI_DEV_DESTROY(r2, 0x5502, 0x0)
sendmsg$auto_NL80211_CMD_STOP_NAN(0xffffffffffffffff, 0x0, 0x815)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0xffffffffffffffff, 0x300000000000)
adjtimex$auto(&(0x7f00000005c0)={0xf332b6e, 0x0, 0x2000000000000000, 0x8, 0xd4, 0x7, 0x5, 0x0, 0x10001, 0x1, 0x2, {0x8, 0x10001}, 0x1, 0x6, 0xfffffffffffffffd, 0x1007ffe, 0x0, 0x80000004, 0xa, 0xffffefffffff628e, 0xa747, 0x1, 0x1800})
r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
socket(0x2, 0x80002, 0x73)
bind$auto(r3, 0x0, 0x6a)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
io_uring_setup$auto(0x6, 0x0)
open(0x0, 0xb22142, 0x30)
socket(0x2b, 0x1, 0x1)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0)
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x1a1000, 0x0)
ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x67, 0xffffffffffffff0f, 0x7eff, 0x5, 0x80000000007, 0x1, 0x80000001, 0xff, 0x4, 0x7, 0xfc000000, 0xffffffff, 0x7fb, 0x40000000007, 0x9})
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop2/queue/discard_max_hw_bytes\x00', 0x42200, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$auto(0x3, 0x4, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0xffffffffffffffff, 0x0)
open(0x0, 0x22240, 0x55)
openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, 0x0, 0x1, 0x0)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$auto(0x3, 0x40106f52, r0)
executing program 0:
r0 = openat$auto_proc_pid_cmdline_ops_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/cmdline\x00', 0x2000, 0x0) (async)
mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) (async)
close_range$auto(0x2, 0x8, 0x0)
prctl$auto_PR_PPC_SET_DEXCR(0x49, 0x4, 0x0, 0x1, 0x7) (async)
io_uring_register$auto(0xffffffffffffffff, 0x4, &(0x7f00000001c0)="38807bd14b87b2ce5f7fc5d31cb5badc41a63b9fecd4d677fd12e3ec0ebb6367a40cf5c63823e9372c098c3c74237af684c16b78050fd5a44e24471ec870fab4eca3ba6842c943aed89a3605cadff436b220c8e2d47360faa8e05ee805b6142bc04a24137c2c623d288fe4ff72e6ccb8ab55f0ef01ee928617ab30fc153df7f585846fe8457645c428f2587f09fcab5a0c78f9b7a692e65cbcdcd3a9da49712dfe651dd29e06022127669005", 0xda77)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptyw5\x00', 0x0, 0x0) (async)
socket(0xa, 0x2, 0x3a)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async)
getrandom$auto(0x0, 0x6000000, 0x3) (async)
madvise$auto(0x0, 0xf663, 0x15) (async)
close_range$auto(0x2, 0x8000, 0x0) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8000, 0x0) (async)
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}})
io_uring_enter$auto(r2, 0x9, 0x820e, 0x29, 0x0, 0x18) (async)
socket(0x2a, 0x2, 0x0) (async)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async)
ioctl$auto(0x3, 0x800005411, 0x38)
r3 = prctl$auto(0x41555856, 0x4, 0x2008, 0x0, 0x0)
ioctl$auto_TIOCSETD2(r1, 0x5423, &(0x7f0000000080)="57da95123249eea4806ca3dee56d3e5909f1f469f6b1ff7ddd9d695f30bb1d559906aa05901761aa659da9fac5e018f142495ca50373521822cf4132ad22d0a177cc2ba4c7e7bc12d1ffa6878aa61e7d37a8f0b5605f818484b09f47e2b68519c42c41fa86a44b162458e254eed93065f017a3adebf74ea74dd77b107bc79a7b6a130262c17049a493917029bca2b397d34b233a970ca7aa55741cbf64d8555c0dbddeba514bc5d7122c1f754e3a83974df3be5e3a1d8d2a7026d298141e603a48ad20217d8c074930b80d8de68396917f18b5893aae64") (async)
setgroups$auto(0x7, &(0x7f0000000280)=0x5d3e) (async)
ioctl$auto(0x3, 0x890b, 0x38)
syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/mnt\x00') (async)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x405, 0x8000) (async)
capget$auto(0x0, 0xfffffffffffffffe) (async)
capset$auto(0x0, 0x0) (async)
ioctl$auto_SNDRV_PCM_IOCTL_STATUS322(r3, 0x806c4120, &(0x7f0000000000)={0xa, 0x3b, 0x6, 0x0, 0xf3c6, 0x8, 0x1df, 0x7fffffff, 0x55, 0x5, 0x7, 0xa, 0x1, 0xb72, 0x0, 0x1b, 0x7, 0x7fff, "fd8b75fa659072a33ae6a662ac50a2bc20e2121eb21bfea9df0cd42ebb7f359a58ce8f19"})
ioctl$auto_TCSBRK2(r3, 0x5409, &(0x7f00000002c0)="ff559f0885d0a1626741da2bb4a3a6f3d39d73b0270c37494bd11690f5d48832e7b39bc58046aa6fefa4d99b7a86a19a97894c0bdce9f150499dfeda0e47262eb151516427fa83db77c782154d157e07f414f8e30bbc0d8d643082ef2bc9968c7112afefe9c5c6371667d48a2a210e7f845bf876da48a6950cba32d4385ed5a69555a5fd1dab24d28e8db5da151d61047b15843dcd72f46d34b13e8e092d2bdf1ac6f943302d042152b2fff580184f3cecb4552bc2f556e837cfe114ebb8c85de6f8338b2d2bcd4cd1d8a49d7e8d4ef92dbb825b348168ee65a755d333fe8886a6d706d8e812c8bc768afb34bd70d3305fd503bdcb812b916058847c603db562c162c84fd3ea5de0a52464cca6582b322391c5c9c428833936b36414c2c14a504948b933140061945609b0d1e140995f4513d31014baca42bce26337d69813cc0bbe5be420fa492b99f7be1f589a4e705f6a5fde4baa91145a8f7d0c4ffb791a4e3418cf8a57c4ae9ca611eada76eaa8d8582d3d300e07cccf8d54f3c338ed0db6612d735a42f4de16878b7e5bea2c35265b29c1b3d7876578c92ca2aeec945e175e0193f931da997a297777b1f36458e9a7036e67ab2488e3be2a050555bd9e6134d31e9bbdaa438bf13724de2e67a1f71cfdfe6a22627f6c99bb7910df88f7da8ba3881248ac283989bad2ff953bb1168ad778bfb5cb7312667afc224ff7ebdb8fd118fbc276b016d040caf2a601de551ae2d14b7e446a599fdb0a5e8db5e70ef73ba0123655829e5385031bc4e371b7d94e1676b7b2bf4e91407b59fb7c1580adf07b0b402b0b238b58a99e910c9f184a157fa784355a8e03dca701e52b4ec5ff73e4afed0df95534bb31b0f6ef4db7c2e43fdbc2a01080b33707be62a9d25c741dad83db7df770a829cf7965d38596036c095d4b933e7c14629ac58119de8678c050bc37b2fe2cfbde79b72df489730f420d4f06be3ec9fc19a340487fd66a9996ed342de23aefb848552614d541f95aaaae664152b6febec57082b4d5fcf79c1a1aa98ef4f10c2273d09772e4030c5ec871fb06b6e1da7718c4ff2b75557710ce07a6c3d61d26115cfa15728ce39f31bb940e52abad7ff8e42c82bb04e7d688a50ffd19ca1643fe3c5a97ac87e2a2915370217b24bb29f426b801a34b8a49bdb236283e7428494ac5feec2d2bdbeb836abcfc36d28c63a807b8e654f3ce01e099e86a0565db7ef2cf83ff2d184ee08bc8380c332643acba497df3fa47389671f6f9403d56f7193084184758c2efe52f8432684d1d3adad4dfff678c31de44f2e78c03a6772c353a34ba3513f27949e5570bfa4d4c0d8eaa082e75314742be8bdfcc6414b55be5dbe7f41a2bf0582f98d6c7fb3cf9b1c744ab0c8d14228ca227ce05f05b20693e8a3c215aafe9fc58205ecef130f36dba39c422bc2bd1fb620ef1c1a2d5a0310b51eecab864835efd7b7f35b2ca4cbadc50176250d311ed17734f5651b895369fb71cc25be95dfc03d3870f31609937affe774d391fa4616e451a65b9cea35d45e4c6264d3c546214203671ebf3b2868ec346e84ee418076bbd9b657f72e7e85ca372f95fe73248e8e3b2e567ae70be7a5afc2d11b51427461b2cdb6e61b5c59631bd6441d66cfe12e5876cb1f2fca4885aacde14c46e429cd6ab9072935841c5327d7e90742b49285a728f113901052f12e136a06062b878bcc906f80746a24149dbb824657fff05a2cbba8e0524360e1ce2a556c4fd4ccd4c4659a279336a59f0132471609ab98f0f302b5183999c7da12501a3748d707418711b05a42f206999b37c4fb0b5450ba41c40c861136a2e24f52f12373aedf79468b36295043b7225a53e7625150b47c221b597a46f94f465279f7630e654991eed309e2651a65a23ce0ec01e23b1bf37b6156c6faf7dd55da9c551c392cc73e328dc35c211d898ebbd5c5adac8b8382651aab82a2067e141d0f5b563cf09d18df3affe32c5b3bcb7b494da9997b6b8998b4d56921ddfb9bdeabe078d60b5bcc41cafaa251a46ef4d58990b409f59c50793a7c7451fbbe9cdeb64d384422d2ac143dc9476157ff8fe96e163b9af424341f4d6391e4bf25c8bc6cfb36b9d1570fb9b0bf7e5fc3d6692352afe18b3e37c517faea7c0b40d3e39f07bb0a33fdeac769b34d1c8afcfd7b25c5a1595eed655cb236b6851b1beca72c728ad97f373d0ea7181547ebcf84515190f5b02906986ce5b64ef5c46cc801d31335399b1b83215c71111b80dae1e3086814e602d3e75f7ecdf6191940cdf1e468b3a921985c0b1f859ea0ca1bacfc427612ad5218f47f218dba7817ded28b04d0d306cc8e02b887da2634d60bf1efd032bdf125fd2dc589d250f976975b23304eeb37efa06fcd2fe451cfaf062c480e438fb5cef75d6f23608a35daca90a3536a77d24470b16616d121aae2d7c5f5cc64a4c06cc2b11dca6aa8b043490d9f42ca89678e0f65e701c6238efe3e1241aef08a61f6ab0fbf7674cfdf48a8598137149ee6c5b4fba27e2f14200017a40bcb881efdced67391e05ac6ed2cedee1b9e9fdbb784d67921fd21c73aef4f307a62aec8d2c96f8169ba4ff8679b4ca1528bb70d4594f5db6cc28fede23c69fbd9442a394ed5240c762401895aa548b4f433229f6dcd0a157e612f28391b2fea5929a963cf0d72429dcf2c1bafe76cfdfc5f4399964c31923afa67b70acbdf012ceeec433457710a24c3e1547d3e25524459d7a5cc567f8f1ca893b4c613dc4998042c50cd62fba3db3e86bb4cb77c6bf6e4636fb8d286359fecf6ccbb4354494c892918146dc8031670b253d3a150fbd2f527cae1b0f9eb8058ca4dc50b8f1488d8806412e2e9990eabd72f555cf9d9f0fd9f79507d5267517a61272183b79d3f1ad7d898ec520574ecea93762bbeb472b218b05310a17297cfa9a238352c6dd789b4cb66bba91a887f60c3bbea1507ece76dd572b4206f4b2a69ce583b71b5d4a53b989873dcbaf367bcfbe923104d9ae0ff346d3ccfeb7629712e144792c3dac9e48bfe4b3266d7b527b44344f7d706dba482d2f64a70f9a5d473f76f7bce5f8d44f3c2ace49e87e1396d7b6783d0d4402425de4fda9266a5e4fcd54810186aac7ebdb8904dcf0ddaaebcde16d1ce3df0c7c57265cf06b360cd2775685478ae7d0700b1d1c6f5672d976ed48a15ef4e1d6c2fd4a260708af0a6e739ef9330dc15b318e0deeebf7562a9c3c46c56a244c7c3c853c342b6c8f2fd96ce6b7931d8347d553857dab18ab1f4a6f1ec145af09982aa1d199dc81c460e95765de1b470e766d91d25d1bf4d027859f57142bbb092031c496611801c4e92efb1ea0c66b6ed61cfdc1db3dfe5cffa4916f084f2ecf944226e4d7f7f39227bdcfbf0d71c1912ffecf343b051dbd0f05e5b0235be526a95ac00c4b46464097c62a382856239b594874c4287a42b49ae3c0f3410ce4a168a9a88c888516107cf1ba9d5636d250e7962fb025c40c6783f3f922dfd145b9d4bdc8ab2b5cc303cf2d7c7fe012ae7e75486d2e4b85cc5ef7c7d0ed25640c7e2069d5cf373f1ffced4923ab38b42ce3a60908755ac95446c4514255f31e78aa3cb7f7f506dfb6809177fd790a5eeb67118813b5f771de54fae3a5e4ac770263b943627ce8d6a9e817eafea463550d419a1a717e51cb438de99e236d749b4b9a8a2489a0701520807404d558485cb944106260f330f202bf36de83cabc40d545666c23d2e75055a56e71bccce8db40db4c1ed1eb042e45c23b5f1f8baa549de21c3430da4b648217573289387701d380735fc57b9ef4cd3c4cd284cc89a6259979b173b6ca1c2ce9507f66770e9f57385bf230e65838bb91e03b84eba22fe4e1432e69fcaedc27a37a6538734e1d7de30193a27bd299d7157e1362ccfc508069c6a278d1d55a2029a5373ec7a90b5de1cd5d94a4181fbe3293c5009be946f82f2503ee061e8033b39591a6c3567ac93f961741fcd2f6bd606c5e586a96ed3df8e469ae6fa562a8eb26713a2a2b365ed2d4c5607feb3e48825f0533a0035737e30498649785597a4efc5d3c1da0815da6cc1832778c676c4b1cb14a9bc26da93581959e951f9c813299a3c53b5edac31d1ab9f1a07d00fc74efde907d1197e5d806edef6ac786f3a6ab93c4fea7f2631450ad068df54034aa9cf7899d63320af4b238f62794a0b8b66b47f12592f415fbb676724ef3c9782b8de2ef6fc63d6eeb7b81d607de4bcae34eb0fa915d64c014e01362a502cb9936a95f155ccf3444263dc2a0eec118d96edca94c8b2320ecd9b23a66a04b170eba0d652a7fd48eacc68a76e91c292e303b244d6256d2bb96e0c555b313ca2be7b7a68fb386959b339dfd5ec36c5895fa8d8ee8de387d456bb3405197f9f571c19fb3f75e608f38b57f3ca99498bf0a3b35cc82b06b54303bddec0d0dbe60daa03ea03eb2303b192b995ec30e385643e8fdc21a2a55faaed4bbbe944b9507fef07b163e8771b2613d7d607c35d97627e8145fed82f3d31ed97ff2776c41360b13dc45cf00389af28ded38d94e77a316c1a9ae724fd2fa1d771b56132c26199760ef95ee12ad65683a7b68d9485a9f486ee79d49aed74b0719ba0a4c6cda36230d05426e3ca5e6fb47dc4811edae0984e3f16832988c5da3b4b886033e3fe28e5526416175d53148b9658a25f131bd78015f3a74dd391e2bc707b8ba5c4154e5c01176a9390585b79cda0e2f5162f0f2cf611cdf0302a4127f3531a0d995062fab78a1f1b5da89fdae3156b8226c54159b66d6f1bf086bec1983dcd04dadb87d3dcefbcc1d9ab24d5f60e1da132c3f948d36d0470209aa0459c1b09fc0e02f14a3545c1a84c04338a6b8246d04f0f8afea16ec5069b3a810341242c0fc2117bea94719938d864b0a01de17570ff19bb05a0f3a81eca0b9f79959066b51dbdf1062de5af90e1240a353f8b1f5a84cc29ac9f9925b29718729855435597ac65b9bbd5dc52dc7c06f30e020a8fab7346129cab998076ce397490f988a4f9ee3ee3e2e80e8f2cffcbf679767f17d2ad3df9b45c06e328608ca464470dbfd74e4fa36a38e4129e3a4778c1742888ec23b8d1ec90ec1713b976a46cb7ded71d4542e8a2878c1313bd236e839bcf8d18e9aaee09e8722ed7cd8fa75d7606cbd596d8462cfa8cc0171949717b3a4fac6ed77dce8b9621c5e22f055482d24b695eede57274b34c684cd97a5dda25620730c187529a1323d3a530205afebe709bb66f962b94e9d0e4bb0f8ec5d8f70bbd758bb2b52f476c9cafee2b686e8eeeb25156fcc3beffb4eecb227bae590f71c14a3a71ec80e24f8854f08c0155f118cfc8bb04ab216df381accdcd3c5a6e5d16a33f0ed44af1d4b48209adf48b0d298143bed4074060f88983f06d524374871d9c742fab0e7ddf238c5ca193683ee7a1da4446b408adbaf80e0ec7004c1ac492458132d691d40d7f0002eab9147218ff569f85f9a240c7cfd162193b122148edb1fded9117c91aa59be9876eba1c0bf361071290406dfe897c2ae20b4da62865dee16e585c2091ca93b90bf5e1f6b5f5707425d9cf9300b5663a8a7f2223c5407f7dfd027896714ca8671aa2413d3f6f909134820a14223f215dc00b4e141a02c28bb0efd20258fce541be505e16c41088410396921ef42e764b13015e6c9c9fe5155045a72c04250f65c2c13a74197dcf5d2bbc21d6a3f7d46924067cd837e90ed845f34c9022fa2ce75ed07d7e9a5cd8c4baf978cc9b0d9ce6ba5e027c82aa706d6")
exit$auto(0xd5c4) (async)
read$auto_proc_pid_cmdline_ops_base(r0, 0x0, 0x0)
executing program 2:
socket(0x2, 0x5, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
connect$auto(0x3, 0x0, 0x55)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x3, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x4000000)
r1 = bpf$auto(0x4, &(0x7f00000001c0)=@bpf_attr_11={0xa, 0x10001, 0x2, 0x8, 0x8, 0x7, 0x82, r0}, 0x6f3)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$auto(0x10, r2, 0x4, 0x7ff)
unshare$auto(0x40000080)
semctl$auto_SETVAL(0x0, 0x7, 0x10, 0xfff)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x2008000)
mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4)
lstat$auto(&(0x7f0000000500)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x0)
r3 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0)
ioctl$auto_IOCTL_VMCI_VERSION2(r3, 0x7a7, 0x0)
ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, 0x6)
ioctl$auto_IOCTL_VMCI_QUEUEPAIR_SETVA(r3, 0x7a4, 0x0)
sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/dummy_hcd.1/usb2/bConfigurationValue\x00', 0x101142, 0x0)
write$auto(r4, &(0x7f0000000100)='-\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3C', 0x4)
r5 = ioctl$auto_TUNSETFILTEREBPF(r1, 0x800454e1, &(0x7f0000000000)=0x80000001)
mkdirat$auto(r5, &(0x7f0000000040)='./file0\x00', 0x400)
r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/cpu/cpu0/cache/index0/id\x00', 0x181400, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f0000000040)=""/114, 0x72)
sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x10, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0xe)
executing program 2:
mmap$auto(0x0, 0x7, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
sendmsg$auto_NET_SHAPER_CMD_GET2(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='\x00', @ANYRES16=0x0, @ANYBLOB="010029bd7000fcdbdf2501000000"], 0x14}, 0x1, 0x0, 0x0, 0x60040010}, 0x10)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, r0, 0x7ff, 0x6, 0x3, 0x1000009, 0x5f, 0x1, 0x3}, 0x4)
socket(0x2, 0x6, 0x0)
executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
set_mempolicy$auto(0x6, &(0x7f0000000000)=0x7fffffffffffffff, 0x4)
setsockopt$auto_SO_MARK(r0, 0xd, 0x24, &(0x7f0000000100)=']}&##/\'.\x00', 0x6)
mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000)
unshare$auto(0x40000080)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/psaux\x00', 0x2, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/udp_early_demux\x00', 0x28802, 0x0)
read$auto(0x3, 0x0, 0x80)
r1 = openat$auto_nsim_pp_hold_fops_netdev(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/netdevsim/netdevsim0/ports/3/pp_hold\x00', 0xc0b02, 0x0)
write$auto(r1, 0x0, 0xc70)
bpf$auto(0x0, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xffff, 0xfffff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x36242398, 0xfffff5b2, 0x3bb, 0x7, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3)
semtimedop$auto(0x0, &(0x7f0000000140)={0x7, 0x81, 0x70}, 0x1f4, 0x0)
socket(0x1, 0x2, 0x4)
bpf$auto(0x11000000, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=r0, 0x4007, @old_prog_fd=0x13b}, 0xa3)
executing program 2:
mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x3, 0x100)
socket(0x10, 0x3, 0x6)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyc7\x00', 0x189000, 0x0)
openat$auto_proc_timens_offsets_operations_base(0xffffffffffffff9c, &(0x7f0000002440), 0x80c02, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_objects_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socket(0x2, 0x1, 0x0)
socket(0x1d, 0x2, 0x2)
socket(0x10, 0x3, 0x6)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0)
ioctl$auto_TIOCSTI2(r0, 0x5412, 0x0)
executing program 2:
socket(0x2, 0x5, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
connect$auto(0x3, 0x0, 0x55)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x3, 0x4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x4000000)
r1 = bpf$auto(0x4, &(0x7f00000001c0)=@bpf_attr_11={0xa, 0x10001, 0x2, 0x8, 0x8, 0x7, 0x82, r0}, 0x6f3)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$auto(0x10, r2, 0x4, 0x7ff)
unshare$auto(0x40000080)
semctl$auto_SETVAL(0x0, 0x7, 0x10, 0xfff)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x2008000)
mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4)
lstat$auto(&(0x7f0000000500)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x0)
r3 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0)
ioctl$auto_IOCTL_VMCI_VERSION2(r3, 0x7a7, 0x0)
ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, 0x6)
ioctl$auto_IOCTL_VMCI_QUEUEPAIR_SETVA(r3, 0x7a4, 0x0)
sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/dummy_hcd.1/usb2/bConfigurationValue\x00', 0x101142, 0x0)
write$auto(r4, &(0x7f0000000100)='-\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3C', 0x4)
r5 = ioctl$auto_TUNSETFILTEREBPF(r1, 0x800454e1, &(0x7f0000000000)=0x80000001)
mkdirat$auto(r5, &(0x7f0000000040)='./file0\x00', 0x400)
r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/cpu/cpu0/cache/index0/id\x00', 0x181400, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f0000000040)=""/114, 0x72)
sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x10, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0xe)
executing program 3:
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/net/ip_vs\x00', 0x121000, 0x0)
mmap$auto(0x0, 0xe6692ee, 0x1, 0x100000eb1, r0, 0x8000)
sendmmsg$auto(0x3, 0x0, 0x9a4, 0xffff)
mmap$auto(0x0, 0x9, 0x400000072, 0x8b72, 0x1000000002, 0x8000)
madvise$auto(0x405, 0xffffffffffff0001, 0x3)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
r1 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0)
ioctl$auto(r1, 0x81004517, r1)
sendmsg$auto_NL80211_CMD_RADAR_DETECT(0xffffffffffffffff, 0x0, 0x4008000)
r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$auto_NL80211_CMD_SET_INTERFACE(r2, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x0, 0x20, 0x70bd28, 0x25dfdbff, {}, [@NL80211_ATTR_STA_PLINK_ACTION={0x5, 0x19, 0x77}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)
ioctl$auto_UI_DEV_DESTROY(r2, 0x5502, 0x0)
sendmsg$auto_NL80211_CMD_STOP_NAN(0xffffffffffffffff, 0x0, 0x815)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0xffffffffffffffff, 0x300000000000)
adjtimex$auto(&(0x7f00000005c0)={0xf332b6e, 0x0, 0x2000000000000000, 0x8, 0xd4, 0x7, 0x5, 0x0, 0x10001, 0x1, 0x2, {0x8, 0x10001}, 0x1, 0x6, 0xfffffffffffffffd, 0x1007ffe, 0x0, 0x80000004, 0xa, 0xffffefffffff628e, 0xa747, 0x1, 0x1800})
r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
socket(0x2, 0x80002, 0x73)
bind$auto(r3, 0x0, 0x6a)
write$auto(0xffffffffffffffff, &(0x7f0000000340)='\xa3o\a`\f\f4\xc6\xe7\x8a\x16h\x80\xb5\xed\xe4\xec\xfe\xe50\xb9\xbb1/#\xdc\xdd\xed\xa2\x85\xa1\xd5\xf5\xfeG\xdcI\xe3c\xb8BS\x04Y\xc9N\x98\xc6I_E \xc8^T\x84Mh\xf4Y\xcc\xe4\x9al\x88\x8fX\xcb\xad\x1d*\xec\x1dG@H/N\xaa\x1b\xce\x8b\xff\xcfe\xac\xda\xb0\xbe;-y\x12\x13\x93\x1d\xb5>\x1c\x02Tv\x92\xc0\x1c\xaa\x8a8\x0e_Fv\x00\xdc\nfd\x16\xa6d\xa3z\xdf\xc7o+1\xf4Q\xf7i\xd6.\t\x10\x99\xc4\x06\xa3\xbf*\xbb\xe0H\xc9u+\x17\x93!\x1c\xc3\xcd\xc1y\xaf\xf1\xd1B\xaa[\x9d\xb6\xad\xe2\xff\x9b[{\xd1z\x18\xba\x7f\xb5\x10\xdd1\xf2\x9c\xb0=\xf09\r\xc3\x1b9\xbe\xa8\xe76[/<,\xe1\x90\xb3G}\x85E\xc6\x8ak4\xc3+\xf0\x9f\xe0F\x1b\xdb\x84\x17\xc0\x99\xf1\xb5,\x1f\x8a\xe7\x0f\xd7\xc2{>\xb9q\xc3\xa7\xaaF|\\4\x03Z\xecH\x99\xber\xab\xe6+>\x95\x86\x83\xfb\x16o\x98\xe0\xe9d\xa1z^}\xc7\x12\xe6b\xa2\xb1X\x062\x12\xec\x12.\xbb\x10\x11\xdb_Xo\xfc\xcd\x8av\x80\xf0!n\x8d\xee)\rm\xc5\xee\xd6\xde\xc7\xf8\xdf\xc1?\x82\xca\xb6X\xe3\xfc\xf8\x1a\xe7U\xd6\f\x8e\x98+\x99\x1dqtV\xb4\x05\xa4ge', 0x110000a3d9)
open(0x0, 0xb22142, 0x30)
socket(0x2b, 0x1, 0x1)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0)
executing program 1:
fanotify_init$auto(0x5, 0x2)
ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0)
socket(0x11, 0x80003, 0x300)
executing program 3:
mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x3, 0x100)
socket(0x10, 0x3, 0x6)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyc7\x00', 0x189000, 0x0)
openat$auto_proc_timens_offsets_operations_base(0xffffffffffffff9c, &(0x7f0000002440), 0x80c02, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_objects_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socket(0x2, 0x1, 0x0)
socket(0x1d, 0x2, 0x2)
socket(0x10, 0x3, 0x6)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0)
ioctl$auto_TIOCSTI2(r0, 0x5412, 0x0)
executing program 1:
r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0)
write$auto_console_fops_tty_io(r0, &(0x7f0000000440)="671d2647dd69b6440843b6e6688a1f5ad9df2669e6f9cd236532b20ed763ac8caf4bde4c30b530ac6ebbff950e1a647d6a08a1b55dde5a409b4a", 0x3a)
executing program 3:
mmap$auto(0x0, 0x40000b, 0x800000000000e1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async)
mbind$auto(0xf000, 0x1, 0x1, 0x0, 0x7fff, 0x2)
mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2) (async)
openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000000600), 0x142, 0x0) (async)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/loop4\x00', 0xc040, 0x0)
ioctl$auto(0x3, 0x1, 0x90000800000402) (async)
sendmsg$auto_NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(0xffffffffffffffff, 0x0, 0x20040045)
socket$nl_generic(0x10, 0x3, 0x10) (async)
ioctl$auto_TIOCSETD2(0xffffffffffffffff, 0x5423, 0x0) (async)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) (async)
unshare$auto(0x40000080) (async)
syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff)
madvise$auto(0x0, 0x2003f0, 0x15) (async)
setsockopt$auto(0xffffffffffffffff, 0x1, 0x8010, 0x0, 0xba)
epoll_create$auto(0x6) (async)
r0 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x801, 0x0)
write$auto_ftrace_subsystem_filter_fops_trace_events(r0, 0x0, 0x0) (async)
mmap$auto(0x0, 0x2020009, 0x3, 0x15, 0xfffffffffffffffa, 0x8000)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) (async)
write$auto(0x3, 0x0, 0x7fffffff) (async)
openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/dynamic_events\x00', 0x80301, 0x0)
sendto$auto(0xffffffffffffffff, 0x0, 0x401, 0x120, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fb8000"}, 0x1c) (async)
pwrite64$auto(0xc8, 0x0, 0x6, 0x7a) (async)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async)
madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async)
mlock$auto(0x1000, 0x6) (async)
mlockall$auto(0x800000000000005) (async)
pselect6$auto(0x8000, &(0x7f0000000080)={[0x800, 0xf, 0xb, 0xb9, 0x6, 0x7, 0x28, 0x80000001, 0x100, 0x8024, 0x3, 0xffffffffffff6ee4, 0x9, 0x47, 0x3, 0x40]}, &(0x7f0000000100)={[0xfffffffffffffffc, 0x8, 0x101, 0x4, 0x8, 0x0, 0x3f8b, 0xc, 0x2, 0x2, 0x5, 0x7b, 0x1, 0x800, 0x7fffffffffffffff, 0x6]}, &(0x7f0000000180)={[0x5d58, 0x7, 0xa5, 0x7f, 0xffffffffffffff60, 0x6, 0xfffffffffffffffa, 0x2001, 0x4, 0x7, 0x6, 0x8000, 0x200c, 0x101, 0x2, 0x9]}, 0x0, &(0x7f0000000240)) (async)
mbind$auto(0x0, 0x2, 0x2, 0x0, 0x7, 0x0) (async)
write$auto(0xffffffffffffffff, &(0x7f0000000040)='\a\x00\x00\x00\xa6\x89\xef\xf5\x90H\x9f\xe9?\xc7~*O\xa7=\xe5\x04\xd91\xee\xc7WSd\xcc\xc5\xd4h\xc2\x91\x93}r\xab\x84\xe1\xd1\x02\x16\x12\xf9\x00\xe9\x8b\xef', 0x100000000000b6c)
executing program 1:
mmap$auto(0x0, 0x7, 0x4000000000df, 0xeb1, 0x401, 0x8000)
read$auto(0xffffffffffffffff, 0x0, 0x1f40)
sendmsg$auto_NET_SHAPER_CMD_GET2(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='\x00', @ANYRES16=0x0, @ANYBLOB="010029bd7000fcdbdf2501000000"], 0x14}, 0x1, 0x0, 0x0, 0x60040010}, 0x10)
r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r0, &(0x7f0000000200)={0x0, 0x7}, 0x3)
bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0xffffffffffffffff, 0x7ff, 0x6, 0x3, 0x1000009, 0x5f, 0x1, 0x3}, 0x4)
socket(0x2, 0x6, 0x0)
executing program 1:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/zram0/comp_algorithm\x00', 0x20b42, 0x0)
r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000380)='/proc/self/net/rxrpc/calls\x00', 0x20080, 0x0)
pread64$auto(r1, 0x0, 0x8, 0xffff)
write$auto(r0, &(0x7f0000000000)='/proc/self/net/rxrpc/calls\x00', 0x5)
write$auto(r0, 0x0, 0x81)
executing program 1:
r0 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000c00), 0xffffffffffffffff)
sendmsg$auto_TCP_METRICS_CMD_DEL(0xffffffffffffffff, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000c40)={0x1c, r0, 0x901, 0x70bd29, 0x25dfdbfb, {}, [@TCP_METRICS_ATTR_ADDR_IPV4={0x8, 0x1, @remote}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x40)
executing program 3:
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x42, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1d, 0x3, 0x1)
socket(0x10, 0x2, 0xc)
socket(0x10, 0x2, 0x14)
mmap$auto(0x0, 0x5, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket(0xa, 0x3, 0x88)
socket(0x2, 0x6, 0x0)
ioctl$auto(0x1, 0x890c, 0x8) (fail_nth: 7)
executing program 1:
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/net/ip_vs\x00', 0x121000, 0x0)
mmap$auto(0x0, 0xe6692ee, 0x1, 0x100000eb1, r0, 0x8000)
sendmmsg$auto(0x3, 0x0, 0x9a4, 0xffff)
mmap$auto(0x0, 0x9, 0x400000072, 0x8b72, 0x1000000002, 0x8000)
madvise$auto(0x405, 0xffffffffffff0001, 0x3)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
r1 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0)
ioctl$auto(r1, 0x81004517, r1)
sendmsg$auto_NL80211_CMD_RADAR_DETECT(0xffffffffffffffff, 0x0, 0x4008000)
r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$auto_NL80211_CMD_SET_INTERFACE(r2, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x0, 0x20, 0x70bd28, 0x25dfdbff, {}, [@NL80211_ATTR_STA_PLINK_ACTION={0x5, 0x19, 0x77}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)
ioctl$auto_UI_DEV_DESTROY(r2, 0x5502, 0x0)
sendmsg$auto_NL80211_CMD_STOP_NAN(0xffffffffffffffff, 0x0, 0x815)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0xffffffffffffffff, 0x300000000000)
adjtimex$auto(&(0x7f00000005c0)={0xf332b6e, 0x0, 0x2000000000000000, 0x8, 0xd4, 0x7, 0x5, 0x0, 0x10001, 0x1, 0x2, {0x8, 0x10001}, 0x1, 0x6, 0xfffffffffffffffd, 0x1007ffe, 0x0, 0x80000004, 0xa, 0xffffefffffff628e, 0xa747, 0x1, 0x1800})
r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
socket(0x2, 0x80002, 0x73)
bind$auto(r3, 0x0, 0x6a)
write$auto(0xffffffffffffffff, &(0x7f0000000340)='\xa3o\a`\f\f4\xc6\xe7\x8a\x16h\x80\xb5\xed\xe4\xec\xfe\xe50\xb9\xbb1/#\xdc\xdd\xed\xa2\x85\xa1\xd5\xf5\xfeG\xdcI\xe3c\xb8BS\x04Y\xc9N\x98\xc6I_E \xc8^T\x84Mh\xf4Y\xcc\xe4\x9al\x88\x8fX\xcb\xad\x1d*\xec\x1dG@H/N\xaa\x1b\xce\x8b\xff\xcfe\xac\xda\xb0\xbe;-y\x12\x13\x93\x1d\xb5>\x1c\x02Tv\x92\xc0\x1c\xaa\x8a8\x0e_Fv\x00\xdc\nfd\x16\xa6d\xa3z\xdf\xc7o+1\xf4Q\xf7i\xd6.\t\x10\x99\xc4\x06\xa3\xbf*\xbb\xe0H\xc9u+\x17\x93!\x1c\xc3\xcd\xc1y\xaf\xf1\xd1B\xaa[\x9d\xb6\xad\xe2\xff\x9b[{\xd1z\x18\xba\x7f\xb5\x10\xdd1\xf2\x9c\xb0=\xf09\r\xc3\x1b9\xbe\xa8\xe76[/<,\xe1\x90\xb3G}\x85E\xc6\x8ak4\xc3+\xf0\x9f\xe0F\x1b\xdb\x84\x17\xc0\x99\xf1\xb5,\x1f\x8a\xe7\x0f\xd7\xc2{>\xb9q\xc3\xa7\xaaF|\\4\x03Z\xecH\x99\xber\xab\xe6+>\x95\x86\x83\xfb\x16o\x98\xe0\xe9d\xa1z^}\xc7\x12\xe6b\xa2\xb1X\x062\x12\xec\x12.\xbb\x10\x11\xdb_Xo\xfc\xcd\x8av\x80\xf0!n\x8d\xee)\rm\xc5\xee\xd6\xde\xc7\xf8\xdf\xc1?\x82\xca\xb6X\xe3\xfc\xf8\x1a\xe7U\xd6\f\x8e\x98+\x99\x1dqtV\xb4\x05\xa4ge', 0x110000a3d9)
open(0x0, 0xb22142, 0x30)
socket(0x2b, 0x1, 0x1)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x5, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0)
executing program 2:
unshare$auto(0x40000080)
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0)
ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000040))
ppoll$auto(&(0x7f0000000000)={<r1=>r0, 0x40}, 0x2, 0x0, 0x0, 0x8)
mmap$auto(0x0, 0x2020009, 0x4, 0xf8, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'syz_tun\x00', <r3=>0x0})
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
fanotify_init$auto(0x5, 0x2000000000002)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x26, 0x80805, 0x0)
socket(0xa, 0x3, 0x6)
clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2)
bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r3, 0x7f, 0x99, 0x8, 0x1, @relative_id=0x8, 0x5}, 0x92)
bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffffffffffffffff, 0x0, 0x3}, 0x6)
r4 = open(0x0, 0x261c2, 0x84)
bpf$auto(0x3, &(0x7f00000001c0)=@raw_tracepoint={0x5, r4, 0x0, 0x3}, 0xc)
r5 = openat$auto_tracing_total_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/buffer_total_size_kb\x00', 0x101000, 0x0)
io_uring_setup$auto(0x7, &(0x7f0000000080)={0xfff, 0x0, 0x60000, 0x2, 0x0, 0x5, r5, [0xa, 0x80, 0x3], {0x8, 0x6, 0x2, 0xfffffffe, 0x0, 0xccbc, 0x40, 0x6, 0x8}, {0xfffffffc, 0x8, 0x9d, 0x6, 0xffffffff, 0x6895, 0x3, 0x3}})
r6 = socket(0x29, 0x2, 0x0)
ioctl$auto(r6, 0x8bf0, 0x24)
close_range$auto(0x2, 0x8, 0x0)
memfd_create$auto(0x0, 0xe)
socket(0x2, 0x1, 0x106)
recvfrom$auto(r4, 0x0, 0x8, 0x100, 0x0, 0xfffffffffffffffd)
read$auto_nsim_dev_trap_fa_cookie_fops_dev(r1, &(0x7f0000000300)=""/240, 0xf0)
ioctl$auto_SNDCTL_DSP_SYNC(r0, 0x5001, 0xfffffffffffffffc)
r7 = socket(0x10, 0x2, 0xc)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="10000000", @ANYRES64], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x80)
executing program 3:
mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x3, 0x100)
socket(0x10, 0x3, 0x6)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyc7\x00', 0x189000, 0x0)
openat$auto_proc_timens_offsets_operations_base(0xffffffffffffff9c, &(0x7f0000002440), 0x80c02, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_objects_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socket(0x2, 0x1, 0x0)
socket(0x1d, 0x2, 0x2)
socket(0x10, 0x3, 0x6)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0)
ioctl$auto_TIOCSTI2(r0, 0x5412, 0x0)
executing program 3:
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
socket(0x22, 0x80000, 0xd67d)
io_uring_setup$auto(0x6, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)
executing program 0:
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x2020009, 0x2, 0xf8, 0xfffffffffffffffa, 0x8000)
r0 = socket(0x2, 0x6, 0x0)
close_range$auto(0x2, 0x8, 0x0)
memfd_create$auto(0x0, 0xe)
r1 = socket(0x2, 0x1, 0x106)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x31}}, 0x6a)
sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000)
syz_clone(0x5000400, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x2400c000}, 0x48000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24004810}, 0x24040000)
sendmmsg$auto(0x3, 0x0, 0x3, 0x0)
r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/rds/tcp/rds_tcp_rcvbuf\x00', 0x800, 0x0)
read$auto_proc_sys_file_operations_proc_sysctl(r2, 0x0, 0x0)
recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd)
write$auto(0x3, 0x0, 0xfffffdef)
shutdown$auto(0x200000003, 0x2)
write$auto(0xffffffffffffffff, 0x0, 0x800)
getpeername$auto(0x3, 0x0, 0x0)
socket(0x2a, 0x2, 0xb)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/mm/transparent_hugepage/khugepaged/max_ptes_none\x00', 0x183042, 0x0)
pipe$auto(0x0)
fcntl$auto(r3, 0x5, 0x6)
r4 = socket(0x2, 0x6, 0x0)
setsockopt$auto(r4, 0x0, 0x10, 0x0, 0x17)
close_range$auto(0x2, 0x8000, 0x0)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-socket-io_uring_setup$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
socket(0x22, 0x80000, 0xd67d)
io_uring_setup$auto(0x6, 0x0)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
single: successfully extracted reproducer
found reproducer with 5 syscalls
minimizing guilty program
testing program (duration=1m47.48083273s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-socket-io_uring_setup$auto-openat$auto_force_devcoredump_fops_hci_vhci
detailed listing:
executing program 0:
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
socket(0x22, 0x80000, 0xd67d)
io_uring_setup$auto(0x6, 0x0)
openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)

program did not crash
testing program (duration=1m47.48083273s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-socket-io_uring_setup$auto-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
socket(0x22, 0x80000, 0xd67d)
io_uring_setup$auto(0x6, 0x0)
write$auto(0xffffffffffffffff, 0x0, 0xe)

program did not crash
testing program (duration=1m47.48083273s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-socket-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
socket(0x22, 0x80000, 0xd67d)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=1m47.48083273s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing program (duration=1m47.48083273s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
testing program (duration=1m47.48083273s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$auto(r0, 0x0, 0xe)

program did not crash
extracting C reproducer
testing compiled C program (duration=1m47.48083273s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
simplifying C reproducer
testing compiled C program (duration=1m47.48083273s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m47.48083273s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m47.48083273s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program did not crash
testing compiled C program (duration=1m47.48083273s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m47.48083273s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m47.48083273s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m47.48083273s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m47.48083273s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m47.48083273s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m47.48083273s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program did not crash
testing compiled C program (duration=1m47.48083273s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m47.48083273s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m47.48083273s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m47.48083273s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m47.48083273s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
testing compiled C program (duration=1m47.48083273s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_force_devcoredump_fops_hci_vhci-write$auto
program crashed: KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
reproducing took 34m5.885775362s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: vmalloc-out-of-bounds in skb_put_data include/linux/skbuff.h:2752 [inline]
BUG: KASAN: vmalloc-out-of-bounds in hci_devcd_dump+0x142/0x240 net/bluetooth/coredump.c:258
Read of size 140 at addr ffffc90000ace000 by task kworker/u9:1/5151

CPU: 1 UID: 0 PID: 5151 Comm: kworker/u9:1 Not tainted 6.15.0-rc1-syzkaller-00288-ge618ee89561b #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: hci0 hci_devcd_timeout
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:408 [inline]
 print_report+0xc3/0x670 mm/kasan/report.c:521
 kasan_report+0xe0/0x110 mm/kasan/report.c:634
 check_region_inline mm/kasan/generic.c:183 [inline]
 kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189
 __asan_memcpy+0x23/0x60 mm/kasan/shadow.c:105
 skb_put_data include/linux/skbuff.h:2752 [inline]
 hci_devcd_dump+0x142/0x240 net/bluetooth/coredump.c:258
 hci_devcd_timeout+0xb5/0x2e0 net/bluetooth/coredump.c:413
 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

The buggy address ffffc90000ace000 belongs to a vmalloc virtual mapping
Memory state around the buggy address:
 ffffc90000acdf00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc90000acdf80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
>ffffc90000ace000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
                   ^
 ffffc90000ace080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc90000ace100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
==================================================================

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: vmalloc-out-of-bounds in skb_put_data include/linux/skbuff.h:2752 [inline]
BUG: KASAN: vmalloc-out-of-bounds in hci_devcd_dump+0x142/0x240 net/bluetooth/coredump.c:258
Read of size 140 at addr ffffc90000ace000 by task kworker/u9:1/5151

CPU: 1 UID: 0 PID: 5151 Comm: kworker/u9:1 Not tainted 6.15.0-rc1-syzkaller-00288-ge618ee89561b #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: hci0 hci_devcd_timeout
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:408 [inline]
 print_report+0xc3/0x670 mm/kasan/report.c:521
 kasan_report+0xe0/0x110 mm/kasan/report.c:634
 check_region_inline mm/kasan/generic.c:183 [inline]
 kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189
 __asan_memcpy+0x23/0x60 mm/kasan/shadow.c:105
 skb_put_data include/linux/skbuff.h:2752 [inline]
 hci_devcd_dump+0x142/0x240 net/bluetooth/coredump.c:258
 hci_devcd_timeout+0xb5/0x2e0 net/bluetooth/coredump.c:413
 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

The buggy address ffffc90000ace000 belongs to a vmalloc virtual mapping
Memory state around the buggy address:
 ffffc90000acdf00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc90000acdf80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
>ffffc90000ace000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
                   ^
 ffffc90000ace080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc90000ace100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
==================================================================