Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:22620' (ECDSA) to the list of known hosts. 2025/07/07 17:40:16 fuzzer started 2025/07/07 17:40:16 dialing manager at localhost:42083 syzkaller login: [ 51.901609] cgroup: Unknown subsys name 'net' [ 51.987512] cgroup: Unknown subsys name 'cpuset' [ 52.010067] cgroup: Unknown subsys name 'rlimit' 2025/07/07 17:40:28 syscalls: 208 2025/07/07 17:40:28 code coverage: enabled 2025/07/07 17:40:28 comparison tracing: enabled 2025/07/07 17:40:28 extra coverage: enabled 2025/07/07 17:40:28 setuid sandbox: enabled 2025/07/07 17:40:28 namespace sandbox: enabled 2025/07/07 17:40:28 Android sandbox: enabled 2025/07/07 17:40:28 fault injection: enabled 2025/07/07 17:40:28 leak checking: enabled 2025/07/07 17:40:28 net packet injection: enabled 2025/07/07 17:40:28 net device setup: enabled 2025/07/07 17:40:28 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/07/07 17:40:28 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/07/07 17:40:28 USB emulation: enabled 2025/07/07 17:40:28 hci packet injection: enabled 2025/07/07 17:40:28 wifi device emulation: enabled 2025/07/07 17:40:28 802.15.4 emulation: enabled 2025/07/07 17:40:28 fetching corpus: 0, signal 0/0 (executing program) 2025/07/07 17:40:29 starting 8 fuzzer processes 17:40:29 executing program 0: sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x48, 0x0, 0x200, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x10000}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x3f}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x80}]}, 0x48}, 0x1, 0x0, 0x0, 0x80}, 0x8000) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, 0x0, 0x4, 0x70bd29, 0x25dfdbff, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$gtp(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$GTP_CMD_DELPDP(r0, &(0x7f0000000340)={&(0x7f0000000240), 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x2c, r1, 0x20, 0x70bd2d, 0x25dfdbfe, {}, [@GTPA_I_TEI={0x8}, @GTPA_VERSION={0x8}, @GTPA_LINK={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4004}, 0x20000040) r2 = syz_genetlink_get_family_id$gtp(&(0x7f00000003c0), r0) sendmsg$GTP_CMD_GETPDP(r0, &(0x7f0000000480)={&(0x7f0000000380), 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x1c, r2, 0x10, 0x70bd26, 0x25dfdbfb, {}, [@GTPA_MS_ADDRESS={0x8, 0x5, @broadcast}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20048040}, 0x8000) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(r3, &(0x7f0000000640)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000600)={&(0x7f0000000540)={0x90, 0x0, 0x400, 0x4, 0x25dfdbfb, {}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x21}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x3}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x100000000}, @NBD_ATTR_SOCKETS={0x4c, 0x7, 0x0, 0x1, [{0x8}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8, 0x1, r0}, {0x8}, {0x8, 0x1, r4}, {0x8}]}, @NBD_ATTR_CLIENT_FLAGS={0xc}]}, 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x10, 0x3e8, 0x800, 0x70bd2d, 0x25dfdbfd, "", ["", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0xc080}, 0x40814) sendmsg$NBD_CMD_STATUS(r3, &(0x7f0000000840)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x2c, 0x0, 0x8, 0x70bd25, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x96}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20064014}, 0x8004) r5 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_USER(r5, &(0x7f0000000940)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000900)={&(0x7f00000008c0)={0x18, 0x3ed, 0x400, 0x70bd2d, 0x25dfdbfc, "3fd522fef68b39f8", ["", ""]}, 0x18}, 0x1, 0x0, 0x0, 0x804}, 0x4000001) sendmsg$AUDIT_SIGNAL_INFO(r5, &(0x7f0000000a40)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000a00)={&(0x7f00000009c0)={0x10, 0x3f2, 0x2, 0x70bd2d, 0x25dfdbfe, "", ["", "", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x24000090}, 0x8010) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NET_DM_CMD_STOP(r6, &(0x7f0000000b40)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x440010}, 0xc, &(0x7f0000000b00)={&(0x7f0000000ac0)={0x14, 0x0, 0x100, 0x70bd25, 0x25dfdbfb, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40801}, 0x4080) r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000bc0), r0) sendmsg$BATADV_CMD_GET_VLAN(r0, &(0x7f0000000c80)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000c40)={&(0x7f0000000c00)={0x24, r7, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x24}}, 0x40001) syz_genetlink_get_family_id$gtp(&(0x7f0000000cc0), 0xffffffffffffffff) 17:40:29 executing program 3: ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(0xffffffffffffffff, 0xc058534b, &(0x7f0000000000)={0xd8af3b8a, 0x3, 0x3e, 0x8, 0x8, 0x3}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f0000000080)={0xfff, 0x3, 0xffffffff}) write$nbd(0xffffffffffffffff, &(0x7f0000000100)={0x67446698, 0x0, 0x0, 0x3, 0x1, "2957c77d82fb63a9fdcf1da5cfa2fe73186ef46e44e4baaced73eb6c2226029c541e93b867a42b896f479bcc6f0da78a2253f0dd326689bce6848d5998aceb708f79a35b9da97a"}, 0x57) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x4058534c, &(0x7f0000000180)={0x3, 0x5, 0x1, 0x0, 0x6, 0x2}) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(0xffffffffffffffff, 0xc08c5336, &(0x7f0000000200)={0x9, 0x2, 0x0, 'queue0\x00', 0x6}) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, &(0x7f00000002c0)={0x20, 0x2, 'client0\x00', 0x2, "e5c06e4c1e553064", "2f5de9973d80e972c7b828b404958698435a8451d9712f3e2a924babecd78ceb", 0x7, 0x3}) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(0xffffffffffffffff, 0xc058534b, &(0x7f0000000380)={0x4, 0x1, 0x80000000, 0x3, 0x80000001, 0xfffffffe}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000440), 0x400400) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f0000000480)={0x7ff, 0x7, 0x9}) sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000500), 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x38, 0x0, 0x400, 0x70bd26, 0x25dfdbfd, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x8}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x2}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @multicast}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x2}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000010}, 0x24000080) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000600)) r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) connect$802154_dgram(r1, &(0x7f0000000640)={0x24, @long={0x3, 0x1}}, 0x14) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000740)={{{@in6, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@private2}, 0x0, @in=@local}}, &(0x7f0000000840)=0xe8) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000900)={'syztnl2\x00', &(0x7f0000000880)={'ip6gre0\x00', r2, 0x29, 0x3, 0x81, 0x1, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private1={0xfc, 0x1, '\x00', 0x1}, 0x8000, 0x700, 0xfffffff9, 0x4}}) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socketpair(0x1f, 0x80000, 0x9, &(0x7f0000000980)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = openat$vcs(0xffffffffffffff9c, &(0x7f00000009c0), 0x200001, 0x0) sendmsg$NBD_CMD_STATUS(r3, &(0x7f0000000ac0)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a00)={0x60, 0x0, 0x4, 0x70bd25, 0x25dfdbfb, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r4}, {0x8}, {0x8, 0x1, r5}, {0x8}]}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x1}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x6638d807}]}, 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x14) 17:40:29 executing program 4: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x200200) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r0, 0xc0bc5351, &(0x7f0000000040)={0x10000, 0x2, 'client1\x00', 0xffffffff80000007, "f7c78a7d0d5cc334", "f8220851f137a7113de4625e9a87598e6dc3997b27f960c43be5d3a24b5cae00", 0xd20, 0x40}) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(0xffffffffffffffff, 0x40505331, &(0x7f0000000100)={{0x4, 0x81}, {0xf0, 0xe0}, 0x9, 0x4, 0x7}) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='hugetlb.1GB.failcnt\x00', 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$gtp(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$GTP_CMD_DELPDP(r1, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r2, 0x100, 0x70bd2c, 0x25dfdbff, {}, [@GTPA_VERSION={0x8, 0x2, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4048808}, 0x20) syz_genetlink_get_family_id$gtp(&(0x7f0000000300), 0xffffffffffffffff) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000340)='cpuset.cpus\x00', 0x2, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_STOP_SCHED_SCAN(r1, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x28, r3, 0x2, 0x70bd27, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x33}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f00000004c0), 0x185806, 0x0) sendmsg$BATADV_CMD_GET_VLAN(r4, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x24, 0x0, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x1}]}, 0x24}}, 0x34048080) write$bt_hci(r4, &(0x7f0000000600)={0x1, @write_voice_setting={{0xc26, 0x2}, {0x20}}}, 0x6) socketpair(0xf, 0x5, 0x1, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), r1) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r5, &(0x7f0000000780)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x3c, r7, 0x200, 0x70bd28, 0x25dfdbfc, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x3ff}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40081}, 0x10) r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r6) sendmsg$BATADV_CMD_GET_ORIGINATORS(r6, &(0x7f00000008c0)={&(0x7f00000007c0), 0xc, &(0x7f0000000880)={&(0x7f0000000840)={0x3c, r8, 0x100, 0x70bd2d, 0x25dfdbff, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x40}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x87}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0xffffffff}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x9}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24000013}, 0x40040d4) [ 63.490282] audit: type=1400 audit(1751910029.462:7): avc: denied { execmem } for pid=272 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 17:40:29 executing program 5: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x438080, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000040)={0x0, 0x80, 0x40, 0x5, 0x40, 0x3, 0x0, 0x5, 0x4, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x4e1e, 0x1, @perf_config_ext={0xd881, 0x1}, 0x400, 0xff, 0xe70, 0x1, 0x3, 0x8a86, 0x8, 0x0, 0x7fff, 0x0, 0x1}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000100), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) sendmsg$NBD_CMD_RECONFIGURE(r1, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x48, r2, 0x20, 0x70bd2d, 0x25dfdbfd, {}, [@NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0x8, 0x1, r0}, {0x8, 0x1, r3}, {0x8, 0x1, r0}]}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x5}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x2}]}, 0x48}, 0x1, 0x0, 0x0, 0x2800404c}, 0x40000) r4 = perf_event_open(&(0x7f00000002c0)={0x3, 0x80, 0x3, 0x3, 0x68, 0x6, 0x0, 0xadffe5c, 0x1401, 0x5, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8, 0x4, @perf_bp={&(0x7f0000000280)}, 0x1, 0x20, 0x7f, 0x2, 0x9, 0x40000000, 0xff, 0x0, 0x80000000, 0x0, 0xaab}, 0xffffffffffffffff, 0x3, r0, 0x2) ioctl$PERF_EVENT_IOC_RESET(r4, 0x2403, 0x8) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x38, r2, 0x103, 0x70bd2c, 0x25dfdbfb, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x401}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000041}, 0x20000080) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000440), r6) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000480)={'batadv_slave_1\x00'}) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@dev, @in=@local}}, {{@in6=@dev}, 0x0, @in6=@private2}}, &(0x7f00000005c0)=0xe8) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000600)={0x24, 0x3f, 0x3, 0xff, 0x1, 0xff, 0xae71}, 0xc) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) ioctl$sock_SIOCDELRT(r7, 0x890c, &(0x7f0000000680)={0x0, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x3}, @ax25={0x3, @null, 0x2}, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x4}, 0x200, 0x0, 0x0, 0x0, 0x40, &(0x7f0000000640)='veth0_to_bridge\x00', 0x7, 0x200, 0xfff}) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x1) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000740), r5) sendmsg$NBD_CMD_STATUS(r6, &(0x7f00000008c0)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000880)={&(0x7f0000000800)={0x7c, r8, 0x200, 0x70bd26, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0xfc4}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x81}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x920}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x120}, @NBD_ATTR_CLIENT_FLAGS={0xc}, @NBD_ATTR_SOCKETS={0x2c, 0x7, 0x0, 0x1, [{0x8}, {0x8}, {0x8, 0x1, r0}, {0x8}, {0x8, 0x1, r0}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0xd650d0646d5189d2}, 0x88c1) 17:40:29 executing program 6: connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x3f, @any, 0x11, 0x2}, 0xe) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x103000, 0x0) accept4$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @none}, &(0x7f00000000c0)=0xe, 0x81000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000140)={'batadv_slave_0\x00', 0x0}) sendmsg$BATADV_CMD_GET_GATEWAYS(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x24, 0x0, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r1}]}, 0x24}, 0x1, 0x0, 0x0, 0x8001}, 0x4040091) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) r3 = accept4(r2, &(0x7f0000000280)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private0}}}, &(0x7f0000000300)=0x80, 0x800) setsockopt$WPAN_SECURITY_LEVEL(r3, 0x0, 0x2, &(0x7f0000000340), 0x4) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, &(0x7f0000000380)) setsockopt$WPAN_SECURITY_LEVEL(r4, 0x0, 0x2, &(0x7f00000003c0)=0x5, 0x4) r5 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) sendmsg$802154_dgram(r5, &(0x7f0000000540)={&(0x7f0000000400)={0x24, @short={0x2, 0x2, 0xaaa3}}, 0x14, &(0x7f0000000500)={&(0x7f0000000440)="d87bd09bf18cd7f9d4e49d535399dccf17e169f84c7b3ded1a46108611a146a140afc66e71e1d0347bbdc41cf993360b9d7e206f75c8891bee56be24b7aec8f67225c7b259205d6ca257cabb2ffecdcb1f6520af368c92688de0f90961a380b660a2f9bf9b29f88f997a650ef96a2cc256333f0fd8c786560e57c5280158a4c76a047fb560e1ab3f371d41b20405e590d42ff95e588948b697fde0c306dd8673e72c635d4cb75a62b6f1a965", 0xac}, 0x1, 0x0, 0x0, 0x40}, 0x2c008000) r6 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/attr/sockcreate\x00', 0x2, 0x0) write$selinux_attr(r6, &(0x7f00000005c0)='system_u:object_r:modules_object_t:s0\x00', 0x26) openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) getsockopt$WPAN_SECURITY_LEVEL(r4, 0x0, 0x2, &(0x7f0000000640), &(0x7f0000000680)=0x4) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000006c0), 0x48840) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r7, 0x40505331, &(0x7f0000000700)={{0x2, 0x9}, {0x80, 0x1}, 0x8, 0x0, 0x5}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000780)={0x0, 0x0, 0xffffffffffffffff, 0x4, 0x80000}) 17:40:29 executing program 1: sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x44, 0x0, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0xcc0}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x80000001}]}, 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x24004010) sendmsg$BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, 0x0, 0x200, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8005}, 0x400d4) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x44, r1, 0x2, 0x70bd2d, 0x25dfdbff, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x200}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xfffff800}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x200400c1}, 0x20000040) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_START_SCHED_SCAN(r0, &(0x7f0000000500)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x44, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SCHED_SCAN_INTERVAL={0x8, 0x77, 0x6}, @NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST={0x6, 0xf7, {0xa}}, @NL80211_ATTR_BG_SCAN_PERIOD={0x6, 0x98, 0x127}, @NL80211_ATTR_SCHED_SCAN_DELAY={0x8, 0xdc, 0x7}, @NL80211_ATTR_MEASUREMENT_DURATION={0x6, 0xeb, 0x34b8}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000}, 0x20004095) sendmsg$NL80211_CMD_SET_MAC_ACL(r0, &(0x7f0000000680)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000640)={&(0x7f0000000580)={0x90, 0x0, 0x8, 0x70bd2d, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_ACL_POLICY={0x8, 0xa5, 0x1}, @NL80211_ATTR_MAC_ADDRS={0x64, 0xa6, 0x0, 0x1, [{0xa, 0x6, @device_b}, {0xa, 0x6, @device_b}, {0xa, 0x6, @device_b}, {0xa, 0x6, @broadcast}, {0xa, 0x6, @broadcast}, {0xa}, {0xa, 0x6, @device_b}, {0xa}]}, @NL80211_ATTR_ACL_POLICY={0x8}, @NL80211_ATTR_ACL_POLICY={0x8, 0xa5, 0x1}]}, 0x90}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) r3 = socket(0x23, 0x5, 0x3ff) sendmsg$BATADV_CMD_SET_VLAN(r3, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x40, r1, 0x4, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x80}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x401}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x9}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x400}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @local}]}, 0x40}, 0x1, 0x0, 0x0, 0x6004084}, 0x80) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f00000007c0), 0x90000, 0x0) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000840), r0) sendmsg$BATADV_CMD_GET_GATEWAYS(r4, &(0x7f0000000900)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x24, r5, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x6}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x10000}]}, 0x24}, 0x1, 0x0, 0x0, 0x4800}, 0x4040044) r6 = syz_genetlink_get_family_id$nbd(&(0x7f0000000980), 0xffffffffffffffff) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, &(0x7f0000000a40)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000a00)={&(0x7f00000009c0)={0x20, r6, 0x20, 0x70bd28, 0x25dfdbfb, {}, [@NBD_ATTR_TIMEOUT={0xc}]}, 0x20}, 0x1, 0x0, 0x0, 0x24000844}, 0x40000) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000000b80)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000b40)={&(0x7f0000000ac0)={0x58, r5, 0x100, 0x70bd2a, 0x25dfdbfb, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x7}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x3}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x3}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @multicast}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0xcac2}]}, 0x58}, 0x1, 0x0, 0x0, 0x5}, 0x40850) r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000c00), r0) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r0, &(0x7f0000000cc0)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000c80)={&(0x7f0000000c40)={0x1c, r7, 0x4, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc810}, 0x20000010) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r4, 0x89f0, &(0x7f0000000dc0)={'syztnl1\x00', &(0x7f0000000d00)={'syztnl1\x00', 0x0, 0x700, 0x8, 0x5, 0x0, {{0x19, 0x4, 0x3, 0x3c, 0x64, 0x64, 0x0, 0x80, 0x2b, 0x0, @multicast1, @local, {[@lsrr={0x83, 0x7, 0x84, [@broadcast]}, @ssrr={0x89, 0x13, 0xca, [@multicast1, @broadcast, @multicast1, @local]}, @noop, @ssrr={0x89, 0x13, 0x59, [@remote, @empty, @local, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @rr={0x7, 0x1b, 0xd, [@broadcast, @multicast1, @dev={0xac, 0x14, 0x14, 0x32}, @private=0xa010100, @initdev={0xac, 0x1e, 0x1, 0x0}, @remote]}, @ra={0x94, 0x4, 0x8}]}}}}}) sendmsg$NL80211_CMD_STOP_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000f00)={&(0x7f0000000e00)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x50, 0x0, 0x20, 0x70bd2c, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x10}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x38}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x49}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x41}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x6a}]}, 0x50}, 0x1, 0x0, 0x0, 0x8880}, 0x10) 17:40:29 executing program 2: ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) socketpair(0x1a, 0x6, 0x7ff, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$AUDIT_ADD_RULE(r1, &(0x7f0000000540)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000500)={&(0x7f00000000c0)={0x428, 0x3f3, 0x800, 0x70bd26, 0x25dfdbfc, {0x5, 0x1, 0x1c, [0x5, 0x3, 0x2, 0x3ff, 0x3, 0x31, 0x3c0, 0x11e, 0x0, 0x1, 0x6, 0xfffffe6a, 0x400, 0x8, 0x28, 0xc166, 0x1f, 0x3, 0x57c9, 0x7, 0x200000, 0x0, 0x5, 0x2, 0x7f, 0xfffffffb, 0x80, 0x1000, 0x3, 0x17a, 0x65, 0x4, 0x3f, 0x6d, 0x6, 0x302, 0x1, 0x2, 0xea, 0x401, 0x9, 0x4, 0x9, 0x3, 0x0, 0x3, 0x20, 0x1c65, 0xfffffbff, 0xfffffff9, 0x3, 0xcc, 0x0, 0x7fffffff, 0x5, 0x80000000, 0x6, 0x94e, 0xf32, 0x654, 0xb782, 0xe7, 0x7, 0x1], [0x9, 0x7, 0x0, 0x8, 0xfffff800, 0x6012, 0xcc43, 0x8001, 0x0, 0x3, 0x1ff, 0x0, 0x6, 0x0, 0xff, 0x2, 0x1, 0x7f, 0x7, 0xd6, 0x1000, 0x7f, 0x5, 0x6, 0x4, 0x79, 0x8, 0x3, 0x50c, 0x3, 0xb18d, 0xff, 0x4, 0x8, 0x80da, 0x0, 0x101, 0x7fffffff, 0xfbb, 0x81, 0x80000001, 0x6b64, 0x6, 0x1, 0xffffbc96, 0x4, 0x6, 0x4, 0x6, 0x2, 0x100, 0x5, 0x7, 0x101, 0x401, 0x5, 0xb0, 0xac, 0x3, 0x1, 0x401, 0x1ff, 0xdb79, 0x5e], [0x0, 0xbdd8, 0x9, 0x8, 0x0, 0xffffffff, 0x6, 0x0, 0xed, 0x3ff, 0x3, 0x80000001, 0xcd, 0x6d, 0x483, 0x4, 0x355, 0x7f, 0xfc, 0xff, 0x0, 0xffff0001, 0x8, 0x401, 0x80, 0x4, 0x8, 0x6, 0x3ff, 0x9, 0x4, 0xff, 0x20, 0x2, 0x9, 0x557, 0xdb, 0x7, 0x3, 0x5, 0x6, 0xff, 0x6, 0xdc, 0x7ff, 0x10000, 0x2, 0x0, 0x5, 0xffffffff, 0xffffffb7, 0x5, 0x3, 0x0, 0xe8b, 0x0, 0x100, 0x3, 0x1, 0x0, 0x0, 0x7, 0x8001, 0x4], [0x80, 0xfffffffa, 0x1, 0x5, 0x400, 0x9, 0xfffff001, 0x80000001, 0x4, 0x6, 0x9, 0x1, 0x1, 0x2, 0xfffffe3b, 0x6, 0x3, 0x6, 0x5, 0x8, 0x5a3e, 0x8, 0x0, 0xfffffffb, 0x1548, 0xfff, 0x0, 0x0, 0xe8, 0x80000001, 0x200, 0xb037, 0x2, 0x7ff, 0x8, 0x8000, 0x1, 0x2, 0x6, 0x7, 0x3, 0x8, 0x1, 0x6, 0x9, 0x1, 0x9, 0xcb6, 0x5, 0x80000001, 0x2, 0x1, 0x3, 0x9, 0x0, 0xfffff0ed, 0x4, 0x1ff, 0x7fff, 0x7ff, 0x8, 0x101, 0x2, 0x2], 0x5, ['-${{\x00']}, ["", "", "", "", ""]}, 0x428}, 0x1, 0x0, 0x0, 0x20000000}, 0x100) socketpair(0x2b, 0xa, 0x7ff, &(0x7f0000000c40)={0xffffffffffffffff}) r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000cc0)='ns/mnt\x00') ioctl$sock_SIOCDELRT(r1, 0x890c, &(0x7f0000000d40)={0x0, @nfc={0x27, 0x1, 0x1, 0x6}, @xdp={0x2c, 0x6, 0x0, 0x30}, @xdp={0x2c, 0x8, 0x0, 0x40}, 0x6, 0x0, 0x0, 0x0, 0x40, &(0x7f0000000d00)='veth0_to_batadv\x00', 0x81, 0x3f, 0xffff}) sendmsg$GTP_CMD_GETPDP(r2, &(0x7f0000000e80)={&(0x7f0000000c80)={0x10, 0x0, 0x0, 0xab62d235f224c692}, 0xc, &(0x7f0000000e40)={&(0x7f0000000dc0)={0x4c, 0x0, 0x2, 0x70bd28, 0x25dfdbfd, {}, [@GTPA_PEER_ADDRESS={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0xa}}, @GTPA_O_TEI={0x8}, @GTPA_O_TEI={0x8, 0x9, 0x3}, @GTPA_NET_NS_FD={0x8, 0x7, r3}, @GTPA_O_TEI={0x8, 0x9, 0x4}, @GTPA_LINK={0x8, 0x1, r4}, @GTPA_VERSION={0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000ec0), 0x40, 0x0) connect$bt_l2cap(r5, &(0x7f0000000f00)={0x1f, 0x5, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x9, 0x1}, 0xe) r6 = ioctl$LOOP_CTL_GET_FREE(r5, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r6) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000001000)={{{@in6=@local, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@private0}, 0x0, @in=@initdev}}, &(0x7f0000001100)=0xe8) sendmsg$BATADV_CMD_GET_ORIGINATORS(r5, &(0x7f00000011c0)={&(0x7f0000000f40)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000001180)={&(0x7f0000001140)={0x3c, 0x0, 0x2, 0x70bd2d, 0x25dfdbff, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x6}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x1}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r7}]}, 0x3c}}, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, &(0x7f0000001200)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r5, 0xc0182101, &(0x7f0000001280)={r8, 0x8001, 0x7}) r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000012c0)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup_int(r9, &(0x7f0000001300)='hugetlb.2MB.max_usage_in_bytes\x00', 0x2, 0x0) ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000001340)={0xffffffffffffffff, 0x6000, "00818b", 0x1}) 17:40:29 executing program 7: setsockopt$WPAN_SECURITY(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000000), 0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vcan0\x00'}) r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_WANTACK(r0, 0x0, 0x0, &(0x7f0000000080)=0x1, 0x4) r1 = socket(0x2c, 0x1, 0x6) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x2c, r2, 0x100, 0x70bd2b, 0x25dfdbff, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x9}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x4}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x20000080) sendmsg$BATADV_CMD_GET_HARDIF(r1, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8800200}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, 0x0, 0x10, 0x70bd29, 0x25dfdbfc, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x9810}, 0x4) r3 = accept$packet(r1, 0x0, &(0x7f0000000300)) accept$packet(r3, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000380)=0x14) r5 = socket(0x2, 0x2, 0x8) r6 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000400)='ns/uts\x00') sendmsg$GTP_CMD_DELPDP(r5, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x28, 0x0, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [@GTPA_TID={0xc, 0x3, 0x1}, @GTPA_NET_NS_FD={0x8, 0x7, r6}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x30010080) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000500)={'vxcan0\x00'}) r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000580), r5) sendmsg$BATADV_CMD_SET_VLAN(r5, &(0x7f0000000680)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x60, r7, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}]}, 0x60}, 0x1, 0x0, 0x0, 0x20040050}, 0x881) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000d00)={&(0x7f0000000b00)=@abs, 0x6e, &(0x7f0000000c80)=[{&(0x7f0000000b80)=""/230, 0xe6}], 0x1, &(0x7f0000000cc0)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x30}, 0x10020) r9 = syz_genetlink_get_family_id$batadv(&(0x7f0000000d80), r1) sendmsg$BATADV_CMD_GET_GATEWAYS(r8, &(0x7f0000000e80)={&(0x7f0000000d40)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000e40)={&(0x7f0000000dc0)={0x48, r9, 0x10, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xfff}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x80}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @multicast}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x2}]}, 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x91) getsockopt$bt_l2cap_L2CAP_OPTIONS(r8, 0x6, 0x1, &(0x7f0000000ec0), &(0x7f0000000f00)=0xc) [ 64.686095] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 64.688390] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 64.690332] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 64.694407] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 64.698145] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 64.701595] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 64.703898] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 64.705698] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 64.716159] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 64.721570] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 64.758984] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 64.760855] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 64.766653] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 64.768387] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 64.769882] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 64.772038] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 64.774986] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 64.778477] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 64.779827] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 64.782036] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 64.783737] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 64.785398] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 64.789216] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 64.791490] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 64.795662] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 64.805112] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 64.807470] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 64.808750] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 64.812534] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 64.813730] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 64.815062] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 64.815212] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 64.818012] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 64.822476] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 64.825599] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 64.826753] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 64.828727] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 64.837064] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 64.852759] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 64.871911] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 65.022098] [ 65.022866] ============================= [ 65.023512] WARNING: suspicious RCU usage [ 65.024105] 6.16.0-rc4-next-20250704 #1 Not tainted [ 65.029805] ----------------------------- [ 65.030430] fs/proc/proc_sysctl.c:934 suspicious rcu_dereference_check() usage! [ 65.031507] [ 65.031507] other info that might help us debug this: [ 65.031507] [ 65.032676] [ 65.032676] rcu_scheduler_active = 2, debug_locks = 1 [ 65.033655] 3 locks held by syz-executor.4/285: [ 65.034354] #0: ffff88800f91a400 (sb_writers#4){.+.+}-{0:0}, at: path_openat+0x1cd3/0x2880 [ 65.035670] #1: ffff88800ba66618 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: path_openat+0x1308/0x2880 [ 65.037130] #2: ffff88801c036c90 (&lockref->lock){+.+.}-{3:3}, at: d_alloc_parallel+0xf97/0x1330 [ 65.038522] [ 65.038522] stack backtrace: [ 65.039175] CPU: 1 UID: 0 PID: 285 Comm: syz-executor.4 Not tainted 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) [ 65.039206] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 65.039218] Call Trace: [ 65.039226] [ 65.039234] dump_stack_lvl+0xfa/0x120 [ 65.039260] lockdep_rcu_suspicious+0x152/0x1c0 [ 65.039286] proc_sys_compare+0x28a/0x340 [ 65.039306] ? __pfx_proc_sys_compare+0x10/0x10 [ 65.039328] d_same_name+0x229/0x2e0 [ 65.039362] d_alloc_parallel+0x7c1/0x1330 [ 65.039396] ? __pfx_d_alloc_parallel+0x10/0x10 [ 65.039422] ? __pfx_default_wake_function+0x10/0x10 [ 65.039453] ? __d_lookup+0x25f/0x490 [ 65.039483] lookup_open.isra.0+0x64f/0x1530 [ 65.039515] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 65.039556] ? mnt_get_write_access+0x81/0x2d0 [ 65.039575] ? mnt_get_write_access+0x1ea/0x2d0 [ 65.039602] path_openat+0xc26/0x2880 [ 65.039640] ? __lock_acquire+0x694/0x1b70 [ 65.039661] ? __pfx_path_openat+0x10/0x10 [ 65.039698] do_filp_open+0x1e8/0x450 [ 65.039727] ? __pfx_do_filp_open+0x10/0x10 [ 65.039766] ? find_held_lock+0x2b/0x80 [ 65.039794] ? alloc_fd+0x2c1/0x560 [ 65.039819] ? lock_release+0xc8/0x290 [ 65.039845] ? alloc_fd+0x2c1/0x560 [ 65.039880] do_sys_openat2+0x104/0x1b0 [ 65.039904] ? __pfx_do_sys_openat2+0x10/0x10 [ 65.039929] ? __fput+0x67b/0xb50 [ 65.039956] __x64_sys_openat+0x142/0x200 [ 65.039980] ? __pfx___x64_sys_openat+0x10/0x10 [ 65.040002] ? __pfx_fput_close_sync+0x10/0x10 [ 65.040036] do_syscall_64+0xbf/0x360 [ 65.040060] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.040082] RIP: 0033:0x7f9bbcbcca04 [ 65.040098] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 65.040117] RSP: 002b:00007ffe10d34f30 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 65.040136] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f9bbcbcca04 [ 65.040149] RDX: 0000000000080001 RSI: 00007f9bbcc83286 RDI: 00000000ffffff9c [ 65.040162] RBP: 00007f9bbcc83286 R08: 0000000000000000 R09: 00007ffe10d34f20 [ 65.040174] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000080001 [ 65.040187] R13: 00007ffe10d34fd0 R14: 0000000000000000 R15: 00000000000000f8 [ 65.040214] [ 66.774806] Bluetooth: hci1: command tx timeout [ 66.775501] Bluetooth: hci0: command tx timeout [ 66.902363] Bluetooth: hci3: command tx timeout [ 66.903748] Bluetooth: hci6: command tx timeout [ 66.904395] Bluetooth: hci5: command tx timeout [ 66.904492] Bluetooth: hci2: command tx timeout [ 66.904918] Bluetooth: hci4: command tx timeout [ 66.966262] Bluetooth: hci7: command tx timeout [ 68.822242] Bluetooth: hci1: command tx timeout [ 68.822694] Bluetooth: hci0: command tx timeout [ 68.951254] Bluetooth: hci4: command tx timeout [ 68.951682] Bluetooth: hci6: command tx timeout [ 68.951711] Bluetooth: hci2: command tx timeout [ 68.952064] Bluetooth: hci5: command tx timeout [ 68.952977] Bluetooth: hci3: command tx timeout [ 69.014243] Bluetooth: hci7: command tx timeout [ 70.870595] Bluetooth: hci1: command tx timeout [ 70.871636] Bluetooth: hci0: command tx timeout [ 70.998467] Bluetooth: hci5: command tx timeout [ 70.999387] Bluetooth: hci4: command tx timeout [ 71.000114] Bluetooth: hci3: command tx timeout [ 71.001017] Bluetooth: hci2: command tx timeout [ 71.001065] Bluetooth: hci6: command tx timeout [ 71.062568] Bluetooth: hci7: command tx timeout [ 72.918704] Bluetooth: hci1: command tx timeout [ 72.919230] Bluetooth: hci0: command tx timeout [ 73.046263] Bluetooth: hci6: command tx timeout [ 73.046717] Bluetooth: hci3: command tx timeout [ 73.047097] Bluetooth: hci2: command tx timeout [ 73.047522] Bluetooth: hci4: command tx timeout [ 73.047905] Bluetooth: hci5: command tx timeout [ 73.111387] Bluetooth: hci7: command tx timeout VM DIAGNOSIS: 17:40:31 Registers: info registers vcpu 0 RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff84ba2d8e RDX=ffffed1003806d90 RSI=0000000000000004 RDI=ffff88801c036c78 RBP=ffff88801c036c78 RSP=ffff888015fb76a0 R8 =0000000000000000 R9 =ffffed1003806d8f R10=ffff88801c036c7b R11=0000000000000001 R12=1ffff11002bf6ed5 R13=0000000000000003 R14=ffffed1003806d8f R15=ffff888015fb76d8 RIP=ffffffff84ba2f20 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555581f8a400 00000000 00000000 GS =0000 ffff8880e55f3000 00000000 00000000 LDT=0000 fffffe4f00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055fb06246080 CR3=0000000033f78000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffff000000000000ffff000000000000 XMM02=ffffff0000ff00000000000000000000 XMM03=ffff0000ffffffff0000000000000000 XMM04=ffffffffffffff00ffffffffff000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff828b5a45 RDI=ffffffff8871dee0 RBP=ffffffff8871dea0 RSP=ffff8880162a72b8 R8 =0000000000000000 R9 =ffffed1001498046 R10=0000000000000020 R11=0000000000000001 R12=0000000000000020 R13=0000000000000010 R14=ffffffff8871dea0 R15=ffffffff828b5a30 RIP=ffffffff828b5a9d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555569e23400 00000000 00000000 GS =0000 ffff8880e56f3000 00000000 00000000 LDT=0000 fffffe4500000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f36948aaca0 CR3=0000000032bfe000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=ffffffffffffff00000000ff00000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000