Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:46842' (ECDSA) to the list of known hosts. 2022/09/30 15:57:37 fuzzer started 2022/09/30 15:57:37 dialing manager at localhost:40535 syzkaller login: [ 38.111349] cgroup: Unknown subsys name 'net' [ 38.224859] cgroup: Unknown subsys name 'rlimit' 2022/09/30 15:57:51 syscalls: 2215 2022/09/30 15:57:51 code coverage: enabled 2022/09/30 15:57:51 comparison tracing: enabled 2022/09/30 15:57:51 extra coverage: enabled 2022/09/30 15:57:51 setuid sandbox: enabled 2022/09/30 15:57:51 namespace sandbox: enabled 2022/09/30 15:57:51 Android sandbox: enabled 2022/09/30 15:57:51 fault injection: enabled 2022/09/30 15:57:51 leak checking: enabled 2022/09/30 15:57:51 net packet injection: enabled 2022/09/30 15:57:51 net device setup: enabled 2022/09/30 15:57:51 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/30 15:57:51 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/30 15:57:51 USB emulation: enabled 2022/09/30 15:57:51 hci packet injection: enabled 2022/09/30 15:57:51 wifi device emulation: failed to parse kernel version (6.0.0-rc7-next-20220929) 2022/09/30 15:57:51 802.15.4 emulation: enabled 2022/09/30 15:57:51 fetching corpus: 50, signal 25118/26894 (executing program) 2022/09/30 15:57:51 fetching corpus: 100, signal 37930/41257 (executing program) 2022/09/30 15:57:51 fetching corpus: 150, signal 45168/49994 (executing program) 2022/09/30 15:57:51 fetching corpus: 200, signal 52788/58971 (executing program) 2022/09/30 15:57:51 fetching corpus: 250, signal 62850/70168 (executing program) 2022/09/30 15:57:51 fetching corpus: 300, signal 66186/74808 (executing program) 2022/09/30 15:57:52 fetching corpus: 350, signal 70835/80623 (executing program) 2022/09/30 15:57:52 fetching corpus: 400, signal 74931/85868 (executing program) 2022/09/30 15:57:52 fetching corpus: 450, signal 76943/89102 (executing program) 2022/09/30 15:57:52 fetching corpus: 500, signal 79598/92910 (executing program) 2022/09/30 15:57:52 fetching corpus: 550, signal 83000/97317 (executing program) 2022/09/30 15:57:52 fetching corpus: 600, signal 85895/101248 (executing program) 2022/09/30 15:57:52 fetching corpus: 650, signal 88708/105020 (executing program) 2022/09/30 15:57:52 fetching corpus: 700, signal 92431/109569 (executing program) 2022/09/30 15:57:53 fetching corpus: 750, signal 94810/112874 (executing program) 2022/09/30 15:57:53 fetching corpus: 800, signal 96979/116003 (executing program) 2022/09/30 15:57:53 fetching corpus: 850, signal 98269/118325 (executing program) 2022/09/30 15:57:53 fetching corpus: 900, signal 100579/121481 (executing program) 2022/09/30 15:57:53 fetching corpus: 950, signal 102653/124357 (executing program) 2022/09/30 15:57:53 fetching corpus: 1000, signal 105433/127795 (executing program) 2022/09/30 15:57:53 fetching corpus: 1050, signal 107204/130304 (executing program) 2022/09/30 15:57:53 fetching corpus: 1100, signal 108358/132351 (executing program) 2022/09/30 15:57:53 fetching corpus: 1150, signal 110222/134959 (executing program) 2022/09/30 15:57:54 fetching corpus: 1200, signal 113052/138388 (executing program) 2022/09/30 15:57:54 fetching corpus: 1250, signal 115402/141323 (executing program) 2022/09/30 15:57:54 fetching corpus: 1300, signal 116629/143300 (executing program) 2022/09/30 15:57:54 fetching corpus: 1350, signal 118101/145430 (executing program) 2022/09/30 15:57:54 fetching corpus: 1400, signal 119850/147765 (executing program) 2022/09/30 15:57:54 fetching corpus: 1450, signal 121909/150343 (executing program) 2022/09/30 15:57:54 fetching corpus: 1500, signal 123012/152166 (executing program) 2022/09/30 15:57:54 fetching corpus: 1550, signal 124580/154269 (executing program) 2022/09/30 15:57:55 fetching corpus: 1600, signal 126000/156268 (executing program) 2022/09/30 15:57:55 fetching corpus: 1650, signal 128053/158701 (executing program) 2022/09/30 15:57:55 fetching corpus: 1700, signal 129863/160885 (executing program) 2022/09/30 15:57:55 fetching corpus: 1750, signal 131064/162651 (executing program) 2022/09/30 15:57:55 fetching corpus: 1800, signal 131967/164192 (executing program) 2022/09/30 15:57:55 fetching corpus: 1850, signal 134278/166655 (executing program) 2022/09/30 15:57:55 fetching corpus: 1900, signal 136238/168892 (executing program) 2022/09/30 15:57:55 fetching corpus: 1950, signal 137359/170583 (executing program) 2022/09/30 15:57:56 fetching corpus: 2000, signal 138280/172059 (executing program) 2022/09/30 15:57:56 fetching corpus: 2050, signal 141549/175127 (executing program) 2022/09/30 15:57:56 fetching corpus: 2100, signal 143977/177511 (executing program) 2022/09/30 15:57:56 fetching corpus: 2150, signal 144800/178854 (executing program) 2022/09/30 15:57:56 fetching corpus: 2200, signal 146203/180564 (executing program) 2022/09/30 15:57:56 fetching corpus: 2250, signal 147382/182052 (executing program) 2022/09/30 15:57:56 fetching corpus: 2300, signal 149283/184014 (executing program) 2022/09/30 15:57:56 fetching corpus: 2350, signal 150007/185188 (executing program) 2022/09/30 15:57:57 fetching corpus: 2400, signal 151503/186815 (executing program) 2022/09/30 15:57:57 fetching corpus: 2450, signal 152233/187976 (executing program) 2022/09/30 15:57:57 fetching corpus: 2500, signal 153005/189127 (executing program) 2022/09/30 15:57:57 fetching corpus: 2550, signal 154343/190567 (executing program) 2022/09/30 15:57:57 fetching corpus: 2600, signal 155120/191676 (executing program) 2022/09/30 15:57:57 fetching corpus: 2650, signal 156364/193101 (executing program) 2022/09/30 15:57:57 fetching corpus: 2700, signal 157316/194305 (executing program) 2022/09/30 15:57:57 fetching corpus: 2750, signal 158081/195399 (executing program) 2022/09/30 15:57:57 fetching corpus: 2800, signal 159131/196617 (executing program) 2022/09/30 15:57:58 fetching corpus: 2850, signal 159820/197664 (executing program) 2022/09/30 15:57:58 fetching corpus: 2900, signal 160863/198928 (executing program) 2022/09/30 15:57:58 fetching corpus: 2950, signal 161778/200047 (executing program) 2022/09/30 15:57:58 fetching corpus: 3000, signal 162725/201129 (executing program) 2022/09/30 15:57:58 fetching corpus: 3050, signal 163419/202099 (executing program) 2022/09/30 15:57:58 fetching corpus: 3100, signal 164590/203314 (executing program) 2022/09/30 15:57:58 fetching corpus: 3150, signal 166196/204643 (executing program) 2022/09/30 15:57:58 fetching corpus: 3200, signal 166836/205553 (executing program) 2022/09/30 15:57:59 fetching corpus: 3250, signal 167601/206463 (executing program) 2022/09/30 15:57:59 fetching corpus: 3300, signal 169063/207755 (executing program) 2022/09/30 15:57:59 fetching corpus: 3350, signal 169895/208681 (executing program) 2022/09/30 15:57:59 fetching corpus: 3400, signal 170406/209480 (executing program) 2022/09/30 15:57:59 fetching corpus: 3450, signal 171240/210335 (executing program) 2022/09/30 15:57:59 fetching corpus: 3500, signal 172111/211192 (executing program) 2022/09/30 15:57:59 fetching corpus: 3550, signal 172879/212059 (executing program) 2022/09/30 15:57:59 fetching corpus: 3600, signal 173316/212765 (executing program) 2022/09/30 15:58:00 fetching corpus: 3650, signal 173925/213565 (executing program) 2022/09/30 15:58:00 fetching corpus: 3700, signal 174533/214379 (executing program) 2022/09/30 15:58:00 fetching corpus: 3750, signal 175200/215124 (executing program) 2022/09/30 15:58:00 fetching corpus: 3800, signal 175963/215911 (executing program) 2022/09/30 15:58:00 fetching corpus: 3850, signal 176702/216679 (executing program) 2022/09/30 15:58:00 fetching corpus: 3900, signal 177302/217410 (executing program) 2022/09/30 15:58:00 fetching corpus: 3950, signal 178296/218207 (executing program) 2022/09/30 15:58:00 fetching corpus: 4000, signal 178897/218931 (executing program) 2022/09/30 15:58:01 fetching corpus: 4050, signal 179344/219551 (executing program) 2022/09/30 15:58:01 fetching corpus: 4100, signal 180266/220324 (executing program) 2022/09/30 15:58:01 fetching corpus: 4150, signal 181129/221059 (executing program) 2022/09/30 15:58:01 fetching corpus: 4200, signal 181535/221656 (executing program) 2022/09/30 15:58:01 fetching corpus: 4250, signal 182259/222329 (executing program) 2022/09/30 15:58:01 fetching corpus: 4300, signal 182775/222932 (executing program) 2022/09/30 15:58:01 fetching corpus: 4350, signal 183385/223548 (executing program) 2022/09/30 15:58:01 fetching corpus: 4400, signal 184475/224308 (executing program) 2022/09/30 15:58:02 fetching corpus: 4450, signal 185471/224999 (executing program) 2022/09/30 15:58:02 fetching corpus: 4500, signal 185983/225580 (executing program) 2022/09/30 15:58:02 fetching corpus: 4550, signal 186632/226176 (executing program) 2022/09/30 15:58:02 fetching corpus: 4600, signal 187094/226729 (executing program) 2022/09/30 15:58:02 fetching corpus: 4650, signal 188129/227364 (executing program) 2022/09/30 15:58:02 fetching corpus: 4700, signal 188464/227855 (executing program) 2022/09/30 15:58:02 fetching corpus: 4750, signal 189390/228447 (executing program) 2022/09/30 15:58:02 fetching corpus: 4800, signal 189882/228943 (executing program) 2022/09/30 15:58:02 fetching corpus: 4850, signal 190658/229515 (executing program) 2022/09/30 15:58:02 fetching corpus: 4872, signal 190746/229896 (executing program) 2022/09/30 15:58:02 fetching corpus: 4872, signal 190746/230277 (executing program) 2022/09/30 15:58:02 fetching corpus: 4872, signal 190746/230684 (executing program) 2022/09/30 15:58:03 fetching corpus: 4872, signal 190746/231072 (executing program) 2022/09/30 15:58:03 fetching corpus: 4872, signal 190746/231445 (executing program) 2022/09/30 15:58:03 fetching corpus: 4872, signal 190746/231872 (executing program) 2022/09/30 15:58:03 fetching corpus: 4872, signal 190746/232267 (executing program) 2022/09/30 15:58:03 fetching corpus: 4872, signal 190746/232683 (executing program) 2022/09/30 15:58:03 fetching corpus: 4872, signal 190746/233075 (executing program) 2022/09/30 15:58:03 fetching corpus: 4872, signal 190746/233456 (executing program) 2022/09/30 15:58:03 fetching corpus: 4872, signal 190746/233893 (executing program) 2022/09/30 15:58:03 fetching corpus: 4872, signal 190746/234306 (executing program) 2022/09/30 15:58:03 fetching corpus: 4872, signal 190746/234671 (executing program) 2022/09/30 15:58:03 fetching corpus: 4872, signal 190746/235072 (executing program) 2022/09/30 15:58:03 fetching corpus: 4872, signal 190746/235488 (executing program) 2022/09/30 15:58:03 fetching corpus: 4872, signal 190746/235897 (executing program) 2022/09/30 15:58:03 fetching corpus: 4872, signal 190746/236306 (executing program) 2022/09/30 15:58:03 fetching corpus: 4872, signal 190746/236699 (executing program) 2022/09/30 15:58:03 fetching corpus: 4872, signal 190746/237086 (executing program) 2022/09/30 15:58:03 fetching corpus: 4872, signal 190746/237438 (executing program) 2022/09/30 15:58:03 fetching corpus: 4872, signal 190746/237438 (executing program) 2022/09/30 15:58:05 starting 8 fuzzer processes 15:58:05 executing program 1: ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_EXTERNAL_AUTH(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0x300, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3ff, 0x4}}}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x4004000) r2 = pidfd_getfd(r0, r0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000180)) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r2, 0xc0189373, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0x4}}, './file0\x00'}) syz_io_uring_setup(0x5c45, &(0x7f0000000200)={0x0, 0x74e, 0x20, 0x1, 0x3a9, 0x0, r3}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000280)=0x0, &(0x7f00000002c0)=0x0) sendmsg$NL80211_CMD_SET_WDS_PEER(r0, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x2c, r1, 0x800, 0x70bd2d, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x505, 0x3c}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @random="04c3b15ae2a5"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x2000}, 0x4080855) r6 = clone3(&(0x7f0000000740)={0x400, &(0x7f0000000480), &(0x7f00000004c0), &(0x7f0000000500), {0x3}, &(0x7f0000000540)=""/138, 0x8a, &(0x7f0000000600)=""/218, &(0x7f0000000700)=[0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff], 0x5}, 0x58) perf_event_open(&(0x7f0000000400)={0x1, 0x80, 0x20, 0x20, 0x0, 0xd9, 0x0, 0x1914, 0x2, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x2, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0xa, 0x1, @perf_config_ext={0xffffffff, 0x8}, 0x1, 0x1, 0x5, 0x4, 0x7fffffff, 0x8001, 0x8001, 0x0, 0x58, 0x0, 0x100000001}, r6, 0xe, 0xffffffffffffffff, 0x3) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) syz_io_uring_submit(r4, r5, &(0x7f00000007c0)=@IORING_OP_SPLICE={0x1e, 0x4, 0x0, @fd_index=0xa, 0x0, {}, 0xfffffff7, 0xd, 0x1, {0x0, r7, r0}}, 0x7) r8 = pidfd_getfd(r2, r3, 0x0) io_cancel(0x0, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x3, 0x4, r0, &(0x7f0000000800)="010f3fb0873a305dbb3cc89b6b64c76df5579b23ced3b02ba4281e9fef88a4243e9fb8926dc69b6d18b5ba421e7359fa1f354eaf67cf0916c4d0a82ae9b6e7a487d53507e607dd2483fab167761d0545df8806442bb06818e366499a40039da379dddd8de13719507f80f1a81f709f0fa055fe66ad1568437caa20507ac6d96b7265c343b8060988148b6db5eeeaecac781b163f383afa9196db8a0a7f0c114e91254a1dad7fe1dd3b4e4f05ea78a8bf175f8cebd32287c0f1e5d1c3bf6777ac80bf7205c5140b", 0xc7, 0xa6, 0x0, 0x3, r8}, &(0x7f0000000940)) sync() ioperm(0x5, 0x3, 0x0) r9 = creat(&(0x7f0000000980)='./file0\x00', 0x6) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), r3) sendmsg$NL80211_CMD_NEW_KEY(r9, &(0x7f0000000ac0)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a40)={0x28, r10, 0x100, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x4, 0x18}}}}, [@NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x2}]}, 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x20000845) sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f0000000f00)={&(0x7f0000000b40)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000ec0)={&(0x7f0000000b80)={0x334, 0x0, 0x800, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_MON={0x24, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfffffff7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}]}, @TIPC_NLA_BEARER={0x114, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0x9, @empty}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x10000, @mcast1, 0x4}}}}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x196}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10001}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x30}}}, {0x14, 0x2, @in={0x2, 0x4e22, @rand_addr=0x64010102}}}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x40}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @multicast2}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0x9, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0xad2a}}}}]}, @TIPC_NLA_SOCK={0x8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_BEARER={0x68, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7ff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfff}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e23, @empty}}, {0x14, 0x2, @in={0x2, 0x4e21, @remote}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1e}]}, @TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x200}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xe5}]}, @TIPC_NLA_MON={0x1c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x25}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3}]}, @TIPC_NLA_BEARER={0x98, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x8}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x30}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfff}]}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffa}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xaf17}]}]}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}]}, @TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_NAME={0x15, 0x1, @l2={'ib', 0x3a, 'veth1_macvtap\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x5}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x8, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, 0x5}}, {0x14, 0x2, @in={0x2, 0x4e24, @private=0xa010102}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e24, @remote}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x10000, @private0, 0xc8c5}}}}]}]}, 0x334}, 0x1, 0x0, 0x0, 0x4004000}, 0x40080) 15:58:05 executing program 4: getsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000000)={@loopback, @loopback}, &(0x7f0000000040)=0x8) r0 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000080), 0x2, 0x0) fcntl$notify(r0, 0x402, 0x80000000) ioctl$AUTOFS_IOC_READY(0xffffffffffffffff, 0x9360, 0x6) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000000c0)=0xffffffffffffffff, 0x4) ioctl$INCFS_IOC_CREATE_FILE(r0, 0xc058671e, &(0x7f0000000480)={{'\x00', 0x1}, {0x6}, 0x1, 0x0, 0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)="2ef11eb184ce73562508f9f7924925fbec28fee818298117496090ab9d0099595d82ec5f4795f771b3fc1e8a25f4100775e1c128abd3d14248335aeeb45512affe26ba1286a15dbe1f554f1b0c3e57dd4991e490e78116ca1953bbf48b2b21605f9ae3cad8020df603e737dc56ff694aab4ae52ff9fc680694404643f6f7a5da6b1b625ba7e500214dfdfb5c91dea5e67b9992c6ed290070586a1b32c6fb97c1f8881d517a622035e9454f4924eb7ff3dc8ca3fc0b86eba12902bb58cd5b7d825878b921b7ab53e541fa15f1c3baa43de0a1d7c6156f202305d809cd187ebde9c454e37a9d414a3e67bd4d5fc8492333e0711e1b2f2018ae824a882dc55a64a7b9755bb9228016a33d6d8c6a31b22cfb0b4e22e73977a4cb7ddcb8f50d17c95e9bcf801a81cdeee27a4783669cc573e9029ca743898f54cea5f8215ccd836db39612ea61638b59ce439b437b72f7265d56f80f7b835041dfc7f58fd89e013a3faac6600d3116d9e54eac45c504505272586c29e5bbe0d0690f624cd7393cca8dc7f9c1ab318475c9da2ced8cbd468d2724df7cbb2392bf04e240221dbc1dce33f75a12d3a8b3285757acdee095c864ad542ee5b8cdbc24", 0x1b7, 0x0, &(0x7f0000000340)={0x2, 0xde, {0x0, 0xc, 0x11, "4a018f07611cadfcdcda973a8c7278ab5b", 0xc0, "c83a4840f60a32b0cd54edb53910609f9ced71a8202399a456676234ebf39c9008485cd7319c283a41618a3e317aa90f962201ea1a98cb6b930e8d9ace5fe68d09d260d813db23d203340b435e5d8e361f03af4b774446d385b8f665c30a624dc097f1596af330ccf75493179959ecf68f81d17093a43c89ea81473ede2026b91d1856ae953685a38466f35dc4ba554f74aa9349f7a667e8c0ed2121c4fd2668a9af7936b32d2245df58e3c69ea9aff444cc717bb35283662eec71cb49443f6f"}, 0x22, "6d7e03c7befd351aa2e1cff68b4ddff1035c8150df5a325c2e5b14fa18c4dbeafa55"}, 0x10c}) r1 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000007c0)={{'\x00', 0x1}, {0x9}, 0x145, 0x0, 0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000540)='./file0\x00', &(0x7f0000000580)="882e5dcbadec", 0x6, 0x0, &(0x7f00000005c0)={0x2, 0x13a, {0x0, 0xc, 0x67, "866e898a8576be255736b2922d88d5bbc1ce26ebdce91850b85e462a890b2bf81c1de7f4f8c5e79b3e300ee5181e6c9a4a1fdd52d07522adceb7313b3433a4a95aee19561ddc3bcc3a5e14abb1f188422687111746a1a385d99b14d63bd7c53874f32fee98a58a", 0xc6, "a3715ce30beec32443a1b6fa39eb2398f6e8c330462495a769c946f4a83a88ab4b9c885500cf81f87c878bb9f538fddb5259ea86f8d8d10a5a41b18d99082d4c835c5b75539e6118d5e90afa2f9553a5df25e81c102ea4cdeef0d8a6bb5d298030721db49e8b44c28a38c0f7b9de6a23ef0d2068df8edfde9c08693bc8f645aba622dd4873ed46fa9852c9e5039a8e17e60c050b8ec200e829e29f1ef6c179011a0a66267fe3fc1868959efe97c1bfb45e97cf402a64af53fc5a99648744a31080988e6b8016"}, 0xa8, "e971d5a931d6483ada1e7f8d3942053fa1864087bc68bf3dd6ff8d1266cfcde39b4fa3954f57e4dcd1801695cb8a53aeb9969fb214018912e36e74af4eb2e90a77283b31f60319f7e5a721a85a503597aafc971bbe434d70598dd91c9b3955619ebe5d5d8e02267e3bcd6df8e9a50b0ae2fdcfca97155eb6f86bb0991b2f5e758fc0340e52545e7cc12ef0a56cfa064ad9c20b2cbf2dbcbb4e8e9e1fcf3d50eaad46d39f44640d1e"}, 0x1ee}) ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, &(0x7f0000000840)) r2 = syz_open_dev$rtc(&(0x7f0000000940), 0x4, 0x212201) ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, '\x00', [{0x1, 0x79, 0xfffffffffffffffb, 0xeeb3, 0x2, 0xec}, {0x8, 0x5, 0x2, 0x2, 0x100000001, 0xd9fc}]}) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000b00)={'ip6_vti0\x00', &(0x7f0000000a80)={'ip6_vti0\x00', 0x0, 0x2f, 0x33, 0x0, 0x2, 0x1, @remote, @private0={0xfc, 0x0, '\x00', 0x1}, 0x80, 0x1, 0x3f, 0x1}}) ioctl$sock_ipv6_tunnel_SIOCADD6RD(0xffffffffffffffff, 0x89f9, &(0x7f0000000bc0)={'sit0\x00', &(0x7f0000000b40)={'syztnl0\x00', r3, 0x2f, 0x9, 0x2, 0x3f, 0x3, @remote, @local, 0x1, 0x700, 0xc170, 0x4}}) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) fdatasync(r4) ioctl$F2FS_IOC_WRITE_CHECKPOINT(r0, 0xf507, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000c00)={{0x1, 0x1, 0x18, r1, @out_args}, './file0\x00'}) ioctl$RTC_UIE_ON(r5, 0x7003) signalfd4(r1, &(0x7f0000000c40)={[0x9]}, 0x8, 0x800) sendmsg$NFT_BATCH(r5, &(0x7f0000000d80)={&(0x7f0000000c80), 0xc, &(0x7f0000000d40)={&(0x7f0000000cc0)={{0x14}, [@NFT_MSG_DELTABLE={0x20, 0x2, 0xa, 0x201, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x48}, 0x1, 0x0, 0x0, 0x4040080}, 0x24000000) 15:58:05 executing program 2: ioctl$RTC_UIE_ON(0xffffffffffffffff, 0x7003) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000000)=0x0) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000040)={"9a6f503f94e72b320ab7a2eff6b32069", 0x0, r0, {0xfff, 0x7}, {0x6, 0x4}, 0x3, [0xe4aa, 0xc97, 0x200, 0x8, 0x2, 0x5, 0xfffffffffffff061, 0x15, 0xfa, 0x800, 0x7, 0x598, 0x5, 0x6, 0x5, 0x3]}) ioctl$FS_IOC_SETFSLABEL(0xffffffffffffffff, 0x41009432, &(0x7f0000000140)="5a05709c0f483c413b8ab03e3a9832f940cf10fa4bca86ae4c0c9b6fbf8498205a6f0d50df8eff4cf4b20887df5f4219b081b1789df3d94e5a63814243d6d85aff2fb1a5753a9881af333c887115dffe1077a1e947c6e9812b9ea3a78f10ec504a65df76037ed6cf533e5e1f6680f25d55c4a1dd267943b003bbd92b3c0b60f391fa216164d349de38bdec241d7275f7012a556f99948db9276cb53d42288fb03ad69f6380375868306017c67ee1eaae0866e0d6ef34ed8a99bb9304784760a5422a9a19d5bd0d88f3fbcead5fa9e336872bd8269ce34f6752048656a7dace2943fb4bd065c05c0ad7a05cdc697dbe4010aa9a9329a712976abebb32df111219") ioctl$FAT_IOCTL_SET_ATTRIBUTES(0xffffffffffffffff, 0x40047211, &(0x7f0000000240)) ioctl$FS_IOC_READ_VERITY_METADATA(0xffffffffffffffff, 0xc0286687, &(0x7f0000001280)={0x1, 0x5, 0x1000, &(0x7f0000000280)=""/4096}) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f00000012c0)={0x0, 0xffffffffffffffff, 0x1, 0x7fffffff, 0x3, 0x2}) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000001300)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) ioctl$BLKROTATIONAL(r1, 0x127e, &(0x7f0000001340)) r2 = fsmount(r1, 0x0, 0x75) r3 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000001380)='/proc/thread-self/attr/fscreate\x00', 0x2, 0x0) r4 = epoll_create(0x6) tee(r3, r4, 0x7, 0x4) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x3000000, 0x4000010, r2, 0x0) r6 = fcntl$dupfd(r2, 0x406, 0xffffffffffffffff) syz_io_uring_submit(r5, 0x0, &(0x7f0000001400)=@IORING_OP_SEND={0x1a, 0x5, 0x0, r6, 0x0, &(0x7f00000013c0)="f295fe40f0b46daf27aaa2d9ec7d9574d8a550065ff0f606213daf7c3ae872eadd285ea9cc851c0c20c29f1e6e", 0x2d, 0x1, 0x1}, 0xfffffffd) write$selinux_attr(r1, &(0x7f0000001440)='system_u:object_r:dpkg_exec_t:s0\x00', 0x21) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000014c0)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_VLAN(r1, &(0x7f00000015c0)={&(0x7f0000001480)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000001580)={&(0x7f0000001500)={0x54, 0x0, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x3}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x2}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x4}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}]}, 0x54}, 0x1, 0x0, 0x0, 0x40}, 0x8000) syz_io_uring_submit(r5, 0x0, &(0x7f0000001600)=@IORING_OP_ASYNC_CANCEL={0xe, 0x3, 0x0, 0x0, 0x0, 0x12345}, 0x6) 15:58:05 executing program 0: ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x1}}, './file0\x00'}) fstat(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TUNSETGROUP(r0, 0x400454ce, r1) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020662a, &(0x7f00000000c0)={0xbf5, 0x8, 0x2, 0x8, 0x7, [{0x9, 0x1, 0x1, '\x00', 0x400}, {0x1, 0x1f, 0x0, '\x00', 0x1205}, {0x78, 0x81, 0x400, '\x00', 0xc8c}, {0x906f, 0x9, 0xfffffffffffffffa, '\x00', 0x2200}, {0xeeff, 0x5, 0x75c, '\x00', 0x31de60d9c53ca5a}, {0x0, 0x200, 0x4, '\x00', 0x500}, {0x3, 0x12e, 0x51, '\x00', 0x905}]}) ioctl$EXT4_IOC_GETSTATE(0xffffffffffffffff, 0x40046629, &(0x7f0000000280)) pwrite64(0xffffffffffffffff, &(0x7f00000002c0)="a69817017eb9c7352db6d1c19068e6f35ef64c210204413fa5b11b007c2e5c55d115250331848905ba379bc875243baf4b0babfe44bf8c77f0784b5a8222f9afa9650af8d181e1e57a9b8d266e49eacc86d88b9b5b2a0f3b18441d930a59fac3", 0x60, 0x1f) setxattr$trusted_overlay_opaque(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), &(0x7f00000003c0), 0x2, 0x1) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc018937e, &(0x7f0000000400)={{0x1, 0x1, 0x18, r0, @out_args}, './file0\x00'}) fcntl$setownex(r2, 0xf, &(0x7f0000000440)={0x1, 0xffffffffffffffff}) getxattr(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)=@random={'os2.', 'b^%{}\x00'}, &(0x7f0000000500)=""/123, 0x7b) lstat(&(0x7f0000000580)='./file0\x00', &(0x7f00000005c0)) ioctl$VT_ACTIVATE(r0, 0x5606, 0x5) llistxattr(&(0x7f0000000640)='./file0\x00', &(0x7f0000000680)=""/197, 0xc5) r3 = syz_mount_image$iso9660(&(0x7f0000000780), &(0x7f00000007c0)='./file0\x00', 0x20, 0x5, &(0x7f0000000b80)=[{&(0x7f0000000800)="e1e5783d2076b530b6ee7d9682e5e2144bf337de55e4861d6090ac324fdee755649d5e66495cb1c3397581842f014d808029fbd3794224224ab9a1c5acb259961c8e77163fe583ebcc431e9902682ad74ca1b2c9aa10d759c68c0d9a01bb05d1ed735bcd2141750f498b6e6cb23bed3e2f3412015e107cf42a2510b91a40587572", 0x81, 0x1}, {&(0x7f00000008c0)="2968fda24aa18e28dd6a8f52f28cf89a0d5678ede6b9ae847127f6feb29dd1f3025f9cb3ffd9d98cab8bba683ff7540d7ff0d85991a0b622d76d197b477c20b359e389732d1b9dfc8d6b33d1689c0123029e11f8b1c9e757139233bf2a10a88090e4155dcd3d6d81902ec2fb7c8bdc974d07304f43b2ff41564c14562502a3e086d788a5096b45e6d2ddd6d935a59486d6b0ecc7d636d1f095f68894a14b0c365e6b5d84e6625deeb6ab1cb9c78092190c616ce831df88181da2cab01232a9276a92e0a612c5b071d483504173444bc94f57a088c1c0f041e29121a385073ce3", 0xe0}, {&(0x7f00000009c0)="1dd26b2d22024ef746d0d9f3545f11313a603138534004c197f5a6536c0fec567d79a35cd9aa31bbfea89e8d385296ac3927212a1bcae30444f48f79719d8f1fb87c43a9d7e32c385e1a71a9868085b2652706", 0x53, 0x1}, {&(0x7f0000000a40)="8a49d31d28c3c606734cccb57e39e7923d495e67345b3af95c80b0df6a04e0adc7bc267140d25a3a043f944db8ba74b960247663300273eacbfead00ef2517c091451defb55fb2c01ec8da934c821872c8391459f6d3758704457a3457b5d38ee62c682bfef76467a3f8453ebcc7283176a545ce841f6af65da28fbb88b9570b3679ebadb6b8d784ad291d736647c7941a897a3a464691564cc071b7287501b8cd", 0xa1, 0xc07}, {&(0x7f0000000b00)="870b259d741a2e1d13e3fdb8ba31d1777eb31131bc525e2356ad91b2635b04b29664260b51966b001f6883720cf0ba9cbe2e1d8742c6388fa17c6df9dadaead52ca13ccbd1022a7a2ca2610c2cd710cb18593b82e988dd5cc16dc4e1993a0714da204c6697b2436313759d359e5617c350185e634f8fe0", 0x77, 0x5}], 0x0, &(0x7f0000000c00)={[{@map_acorn}, {@utf8}, {@map_acorn}, {@mode}, {@hide}, {}], [{@subj_type={'subj_type', 0x3d, 'b^%{}\x00'}}, {@smackfsdef={'smackfsdef', 0x3d, 'b^%{}\x00'}}, {@smackfsdef}, {@obj_type={'obj_type', 0x3d, 'y\x00'}}, {@seclabel}]}) execveat(r3, &(0x7f0000000cc0)='./file0\x00', &(0x7f0000000f40)=[&(0x7f0000000d00)='os2.', &(0x7f0000000d40)='\'],\x00', &(0x7f0000000d80)='\xad]%\x00', &(0x7f0000000dc0)='y\x00', &(0x7f0000000e00)='\x00', &(0x7f0000000e40)='trusted.overlay.opaque\x00', &(0x7f0000000e80)='trusted.overlay.opaque\x00', &(0x7f0000000ec0)='!-- ]\x9d]*\x00', &(0x7f0000000f00)='/\x00'], &(0x7f0000001000)=[&(0x7f0000000fc0)='\x00'], 0x400) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000001040)={{0x1, 0x1, 0x18}, './file0\x00'}) r4 = creat(&(0x7f0000001140)='./file0\x00', 0x40) getsockopt$packet_buf(r4, 0x107, 0xd, &(0x7f0000001180)=""/60, &(0x7f00000011c0)=0x3c) r5 = signalfd4(0xffffffffffffffff, &(0x7f0000001200)={[0x2]}, 0x8, 0x101800) ioctl$KDFONTOP_GET(r5, 0x4b72, &(0x7f0000001640)={0x1, 0x0, 0xa, 0xc, 0xcd, &(0x7f0000001240)}) 15:58:05 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$IP_SET_OP_GET_BYINDEX(r0, 0x1, 0x53, &(0x7f0000000000)={0x7, 0x7, 0x3}, &(0x7f0000000040)=0x28) r1 = accept4$packet(0xffffffffffffffff, 0x0, &(0x7f0000000080), 0x80000) ioctl$sock_SIOCOUTQNSD(r1, 0x894b, &(0x7f00000000c0)) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000100)="48592d820a74e0129ea4494d4583d94e", 0x10) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000140)="1b1c1b523ed912375398d484b1a248cc", 0x10) setsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000180)="75f0265d407fc15cd63b3afecffd2d31bda838205ff847c079935cf5864eaf8cb17b47625940f63977fb1c11304bcf38eceeec3a75f44e928aa64149cda2b865bf5871017ca0308d7d219cf5d2b25079ab951c35be0662263dc618cf739042a520bb651300", 0x65) r2 = accept4$inet(r0, &(0x7f0000000200)={0x2, 0x0, @empty}, &(0x7f0000000240)=0x10, 0x800) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000280)={0x0, @initdev, @broadcast}, &(0x7f00000002c0)=0xc) close(r0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r5 = getgid() ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000300)={{0x1, 0x1, 0x18, r4, {0xffffffffffffffff, r5}}, './file0\x00'}) r7 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000400), 0x4400, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r7, 0x89f3, &(0x7f00000004c0)={'ip6_vti0\x00', &(0x7f0000000440)={'syztnl2\x00', r3, 0x29, 0x6, 0x6, 0x14b8000, 0x47, @private0={0xfc, 0x0, '\x00', 0x1}, @loopback, 0x80, 0x40, 0x20}}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r7, 0x89f3, &(0x7f0000000580)={'syztnl2\x00', &(0x7f0000000500)={'syztnl1\x00', r8, 0x2b, 0x3, 0x3, 0x80000000, 0x1, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, @private0, 0x80, 0x1, 0x5e9c}}) newfstatat(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', &(0x7f0000000600), 0x1000) ioctl$EXT4_IOC_CLEAR_ES_CACHE(r2, 0x6628) setsockopt$inet6_tcp_buf(r6, 0x6, 0x21, &(0x7f0000000680)="3b983735e9e2220a36d17f7fec5072347545f9b4fdb1ac6140991ab5b98f025200e89c6ec668e080", 0x28) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r4, 0x8983, &(0x7f00000006c0)={0x0, 'gretap0\x00', {0x4}, 0x7ff}) 15:58:05 executing program 6: write$sndseq(0xffffffffffffffff, &(0x7f0000000180)=[{0x1f, 0x0, 0x7f, 0x3, @tick=0xdb6, {0x40, 0x4}, {0x7e}, @raw8={"faaa182743187b79e06191b7"}}, {0x1, 0x7f, 0x40, 0xef, @tick, {0x1, 0x7}, {0x3f, 0x1}, @quote={{0x3, 0xf4}, 0x800, &(0x7f0000000100)={0x0, 0xa, 0x7, 0x72, @time={0x4}, {0x7, 0x1f}, {0x0, 0xff}, @quote={{0x22, 0x9}, 0x6, &(0x7f00000000c0)={0x5, 0xab, 0x20, 0x0, @tick=0xfffffffc, {0x9, 0x8}, {0x3, 0x8}, @ext={0xa6, &(0x7f0000000000)="c3c33fd1a7b11b94951ec7866e3eb39b9d8824d0438c7da0da8065d1a57e67bc6dfa0c72e979f5f740b2f193a5a283ec98742040e7712b964ae80ce5046fa5ad496a57ab4ae6ba32f4803c70594eb81096edb0dfb06889437f089aed11cffacf90f8f10f737148301779256b007071fbce23dc640fc80e5f9b948d7a053734b0b14130b0834fce4830e55b2a0ba980c4498e0c9a91f8df0421f8c47c1e5d576787a1e8e09940"}}}}}}, {0x6, 0x5, 0x3e, 0x8, @tick=0x4d, {0x8, 0x6}, {0xf9, 0x2d}, @quote={{0x7}, 0x4, &(0x7f0000000140)={0x2c, 0x8, 0xff, 0x5, @tick=0x4, {0x2, 0x7}, {0xf8}, @raw32={[0x8000, 0x80000000, 0xffff]}}}}, {0x9, 0x4, 0x7, 0x8, @time={0xffff7fff, 0x7}, {0x7f, 0x6}, {0xaa, 0x8}, @quote={{0x5, 0x8}, 0xfffe}}, {0x1, 0x6, 0xaa, 0x2, @time={0x1, 0x92}, {0x5, 0xff}, {0x7, 0x3}, @connect={{0x3, 0x9}, {0x14, 0x7}}}], 0x8c) r0 = syz_io_uring_setup(0x61e8, &(0x7f0000000240)={0x0, 0x7c23, 0x4, 0x0, 0x12}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000002c0), &(0x7f0000000300)) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000000, 0x10, r0, 0x0) r2 = syz_io_uring_complete(r1) getpeername(r2, &(0x7f0000000340)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, &(0x7f00000003c0)=0x80) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000000400)=0x6102, 0x4) r4 = syz_io_uring_complete(r1) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000440)={'netdevsim0\x00', 0x0}) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000480)=0xa05, 0x4) r6 = openat$vcs(0xffffffffffffff9c, &(0x7f00000004c0), 0x40, 0x0) setsockopt$packet_add_memb(r6, 0x107, 0x1, &(0x7f0000000500)={r5, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x25}}, 0x10) r7 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540), 0xb0040, 0x0) ioctl$sock_SIOCDELRT(r3, 0x890c, &(0x7f0000000680)={0x0, @l2tp={0x2, 0x0, @local, 0x4}, @xdp={0x2c, 0xc, r5, 0x11}, @qipcrtr={0x2a, 0x3, 0x7fff}, 0xffed, 0x0, 0x0, 0x0, 0x101, 0x0, 0x5cf, 0x3, 0xfffb}) setsockopt$packet_add_memb(r7, 0x107, 0x1, &(0x7f0000000700)={r8, 0x1, 0x6, @random="e50c497a1945"}, 0x10) r9 = signalfd4(0xffffffffffffffff, &(0x7f0000000740)={[0x800]}, 0x8, 0x800) getsockopt$inet_mreqn(r9, 0x0, 0x0, &(0x7f0000000780)={@private, @empty}, &(0x7f00000007c0)=0xc) r10 = syz_open_dev$mouse(&(0x7f0000000800), 0x5, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r10, 0x1, r2, &(0x7f0000000840)={0x40000008}) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000880)={{{@in6=@empty, @in=@initdev}}, {{@in=@private}}}, &(0x7f0000000980)=0xe8) signalfd4(0xffffffffffffffff, &(0x7f00000009c0)={[0x8]}, 0x8, 0x0) [ 66.218406] audit: type=1400 audit(1664553485.717:6): avc: denied { execmem } for pid=285 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 15:58:05 executing program 5: ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_STOP_AP(r0, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r1, 0x200, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4080) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r0, 0xc018937a, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0, {0x3}}, './file0\x00'}) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f00000001c0)={'\x00', 0x800, 0x9, 0x8, 0x40, 0x7, 0xffffffffffffffff}) r3 = socket$inet6(0xa, 0x5, 0x1) write$binfmt_script(r3, &(0x7f0000000300)={'#! ', './file0', [{0x20, 'nl80211\x00'}, {0x20, '({}-\xd5(V)^&+'}, {0x20, '\'\x06)$\\*%^^^.+/'}], 0xa, "b4a574a8df45bfb294a83c4532cbe4bf47dc76755f4e18e466c9d13b50b6204ba9c341a1658c75a6fc00d7cb895494913fb3a613cbe36a0e0fa38e806ce0eb83d13caff607220770bcf78eb13619350919fa8371a4df681b093afabf246f4d59d6173cc0e28aa313f6e9b6dbd485c4555bfb96f3c01ed52499900fa0432e278517893400e2236a5d23db0e7916b9f55b55c97eba78cc17aeb807747bd278d61de638c1a02dda375f1460965208182d7092d69d26d79fa4f7cc690aea4372a47e9a93"}, 0xf0) r4 = perf_event_open$cgroup(&(0x7f0000000440)={0x0, 0x80, 0xfb, 0xf8, 0x1f, 0xd7, 0x0, 0xffff, 0x3000, 0xb, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x3, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x3f, 0x1, @perf_bp={&(0x7f0000000400)}, 0x10818, 0x2, 0x3f, 0x5, 0x7, 0x7, 0x6, 0x0, 0xff, 0x0, 0x7}, 0xffffffffffffffff, 0x9, r2, 0x6) close(r4) pipe2(&(0x7f00000004c0)={0xffffffffffffffff}, 0x4000) sendmsg$NL80211_CMD_GET_REG(r5, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x68, r1, 0x500, 0x70bd2d, 0x25dfdbff, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'bb\x00'}, @NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'a\x00'}, @NL80211_ATTR_REG_RULES={0x2c, 0x22, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x6}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x488a}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x6b8}, @NL80211_ATTR_FREQ_RANGE_END={0x8}]}]}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'bb\x00'}]}, 0x68}, 0x1, 0x0, 0x0, 0x40000}, 0x40400d0) sendfile(r4, r2, &(0x7f0000000640)=0x100, 0x1d7) pipe2(&(0x7f0000000680)={0xffffffffffffffff}, 0x0) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000700), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_COALESCE(r6, &(0x7f00000007c0)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x34, r7, 0x100, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_COALESCE_RULE_CONDITION={0x8, 0x2, 0x1}, @NL80211_ATTR_COALESCE_RULE_CONDITION={0x8}, @NL80211_ATTR_COALESCE_RULE_CONDITION={0x8, 0x2, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x48801}, 0x4000000) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000800)='pagemap\x00') ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000880)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r6, &(0x7f0000000940)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x80200000}, 0xc, &(0x7f0000000900)={&(0x7f00000008c0)={0x28, r7, 0x400, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x100, 0x6f}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x10}, 0xc043) r9 = creat(&(0x7f0000000980)='./file0\x00', 0x0) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r9, &(0x7f0000000b00)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a40)={0x70, 0x0, 0xd02, 0x70bd28, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x0, 0x7a}}}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x48d24605}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x7}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1d2}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x100}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x6}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}], @NL80211_ATTR_DURATION={0x8, 0x57, 0x1}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x3ff}]}, 0x70}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008000) 15:58:05 executing program 7: sendmsg$IEEE802154_LLSEC_LIST_DEV(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x300, 0x70bd26, 0x25dfdbff, {}, ["", "", "", "", "", ""]}, 0x14}}, 0x20004001) r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = syz_genetlink_get_family_id$gtp(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$GTP_CMD_DELPDP(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x48, r1, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@GTPA_TID={0xc, 0x3, 0x4}, @GTPA_MS_ADDRESS={0x8, 0x5, @multicast2}, @GTPA_FLOW={0x6, 0x6, 0x4}, @GTPA_FLOW={0x6}, @GTPA_NET_NS_FD={0x8}, @GTPA_O_TEI={0x8}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x400a844) r2 = openat$sr(0xffffffffffffff9c, &(0x7f0000000300), 0x608042, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f00000002c0), r2) ioctl$AUTOFS_DEV_IOCTL_VERSION(r0, 0xc0189371, &(0x7f0000000340)={{0x1, 0x1, 0x18, r2}, './file0\x00'}) close(r3) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000440)='/sys/module/snd_intel_sdw_acpi', 0x583000, 0x4) sendmsg$NL80211_CMD_SET_MAC_ACL(r4, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x78, 0x0, 0x100, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x1, 0x35}}}}, [@NL80211_ATTR_MAC_ADDRS={0x28, 0xa6, 0x0, 0x1, [{0xa}, {0xa}, {0xa, 0x6, @broadcast}]}, @NL80211_ATTR_MAC_ADDRS={0x28, 0xa6, 0x0, 0x1, [{0xa, 0x6, @device_b}, {0xa}, {0xa, 0x6, @broadcast}]}]}, 0x78}}, 0x40) syz_genetlink_get_family_id$SEG6(&(0x7f00000005c0), r2) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r5, 0xc020f509, &(0x7f0000000600)={r4, 0x3, 0xa5, 0x8}) r6 = accept(r5, &(0x7f0000000640)=@l2, &(0x7f00000006c0)=0x80) r7 = syz_open_dev$vcsn(&(0x7f0000000700), 0x9, 0x3811c0) ioctl$EXT4_IOC_MOVE_EXT(r6, 0xc028660f, &(0x7f0000000740)={0x0, r7, 0x1000, 0x9, 0x3, 0x800}) syz_genetlink_get_family_id$gtp(&(0x7f0000000780), r4) r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000800), r7) sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f0000000900)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x68, r8, 0x4, 0x70bd27, 0x25dfdbfb, {{}, {}, {0x4c, 0x18, {0x7, @media='eth\x00'}}}, ["", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x4004}, 0x4008050) sendmsg$TIPC_NL_SOCK_GET(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000980)={0x134, 0x0, 0x300, 0x70bd25, 0x25dfdbfb, {}, [@TIPC_NLA_NODE={0x54, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY={0x42, 0x4, {'gcm(aes)\x00', 0x1a, "39cadcbbb54d72f79ea17cf6fad40dedc63fe57344621113eac1"}}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8}]}, @TIPC_NLA_NODE={0x24, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_NODE_ID={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6873}, @TIPC_NLA_NODE_ID={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5a82}]}, @TIPC_NLA_NET={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x10000}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x1000}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x100000000}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xff}]}, @TIPC_NLA_SOCK={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xdf}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x80000001}]}, @TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x81}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x5}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1ff00000}]}, @TIPC_NLA_SOCK={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7f}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xd818}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xffffff7e}]}]}, 0x134}, 0x1, 0x0, 0x0, 0x800}, 0x880) [ 67.403268] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 67.405047] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 67.408242] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 67.413754] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 67.415688] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 67.417021] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 67.426453] Bluetooth: hci0: HCI_REQ-0x0c1a [ 67.464815] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 67.481550] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 67.487600] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 67.491842] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 67.493893] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 67.522750] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 67.524266] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 67.525242] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 67.526781] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 67.529277] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 67.530680] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 67.532389] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 67.535112] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 67.537024] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 67.538048] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 67.539507] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 67.539779] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 67.540834] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 67.542958] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 67.546686] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 67.546852] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 67.548245] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 67.549326] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 67.550408] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 67.550695] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 67.552349] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 67.553126] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 67.554227] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 67.555315] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 67.556770] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 67.558319] Bluetooth: hci1: HCI_REQ-0x0c1a [ 67.559802] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 67.565356] Bluetooth: hci6: HCI_REQ-0x0c1a [ 67.573591] Bluetooth: hci4: HCI_REQ-0x0c1a [ 67.573620] Bluetooth: hci2: HCI_REQ-0x0c1a [ 67.577733] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 67.579492] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 67.592586] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 67.595408] Bluetooth: hci3: HCI_REQ-0x0c1a [ 67.611623] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 67.613623] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 67.615232] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 67.620460] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 67.626872] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 67.628235] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 67.630080] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 67.634455] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 67.642327] Bluetooth: hci5: HCI_REQ-0x0c1a [ 67.646517] Bluetooth: hci7: HCI_REQ-0x0c1a [ 69.479557] Bluetooth: hci0: command 0x0409 tx timeout [ 69.606515] Bluetooth: hci3: command 0x0409 tx timeout [ 69.607340] Bluetooth: hci4: command 0x0409 tx timeout [ 69.607984] Bluetooth: hci2: command 0x0409 tx timeout [ 69.609093] Bluetooth: hci6: command 0x0409 tx timeout [ 69.609791] Bluetooth: hci1: command 0x0409 tx timeout [ 69.670281] Bluetooth: hci7: command 0x0409 tx timeout [ 69.671064] Bluetooth: hci5: command 0x0409 tx timeout [ 71.526306] Bluetooth: hci0: command 0x041b tx timeout [ 71.654374] Bluetooth: hci1: command 0x041b tx timeout [ 71.654927] Bluetooth: hci6: command 0x041b tx timeout [ 71.655354] Bluetooth: hci2: command 0x041b tx timeout [ 71.655742] Bluetooth: hci4: command 0x041b tx timeout [ 71.656125] Bluetooth: hci3: command 0x041b tx timeout [ 71.718268] Bluetooth: hci5: command 0x041b tx timeout [ 71.718689] Bluetooth: hci7: command 0x041b tx timeout [ 73.574326] Bluetooth: hci0: command 0x040f tx timeout [ 73.702266] Bluetooth: hci3: command 0x040f tx timeout [ 73.702704] Bluetooth: hci4: command 0x040f tx timeout [ 73.703218] Bluetooth: hci2: command 0x040f tx timeout [ 73.703719] Bluetooth: hci6: command 0x040f tx timeout [ 73.704118] Bluetooth: hci1: command 0x040f tx timeout [ 73.766226] Bluetooth: hci7: command 0x040f tx timeout [ 73.766628] Bluetooth: hci5: command 0x040f tx timeout [ 75.622223] Bluetooth: hci0: command 0x0419 tx timeout [ 75.750301] Bluetooth: hci1: command 0x0419 tx timeout [ 75.750879] Bluetooth: hci6: command 0x0419 tx timeout [ 75.751765] Bluetooth: hci2: command 0x0419 tx timeout [ 75.752300] Bluetooth: hci4: command 0x0419 tx timeout [ 75.752698] Bluetooth: hci3: command 0x0419 tx timeout [ 75.814294] Bluetooth: hci5: command 0x0419 tx timeout [ 75.814718] Bluetooth: hci7: command 0x0419 tx timeout 15:59:03 executing program 4: r0 = syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) sendmmsg(r3, &(0x7f000000af40)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000200)="84", 0x1}], 0x1}}], 0x1, 0x0) io_uring_enter(r0, 0x1, 0x0, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) r4 = socket$inet_icmp(0x2, 0x2, 0x1) sendmmsg$inet(r4, &(0x7f0000000b00)=[{{&(0x7f0000000040)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000000180)=[{&(0x7f0000000240)="9639f0b978c71652d761cd1b678559f9821a343cdbb4848975feaae90430a728dd8e282e941e8a2b917d370e05aa7b4ae9d4d98529bbab5872f730d2683f7ef43a485e1c7adfaf4fddb30a00a810c66b4dc9c7c94683ab7c8865531f417d2e591e9ac684791150ca7e004b4c2627463b8974f4cb890147c7", 0x78}, {&(0x7f00000002c0)="d1dbe430b3a2d6b3406852d49898b2b5cd34e18b7a73de75b7649664aedd7708f12017fbbc54d95b87397074b56d151e65b117f12f58bdf0e60bcb4e5ec8ae21c2b894e86a77c5121f297de6c2647c5c444b924ab7b27793bffa6142f25aeee75c1a56cb1495e1e3aeb238481ecae48ea684b67458733aefe8e4e2bf005f921e52a3a547fa05d8e50bc358728b08d9b8a8e0faa5261004c845ccd0681ba43aa33959619f90c2412332669052d7f3cbe29519c67cb2f632ca96546a38dea04098c671b349e6d136f5af299c4376bd2cdf89e060c0593b094e51889be0c8e11efc10cb6850da60e81d3bc6138feae89a6af5b4038a", 0xf4}], 0x2, &(0x7f00000003c0)=[@ip_ttl={{0x14}}], 0x18}}, {{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000400)="c766540810c5cd72b4e4a31ebfa0816b8f07472857bec12c6dabb2b3a4eb45dd1faa9228614722da7b90a32aac03dffc3f203a930f7a74ec4d827e6ed8b303fb5a18414923633b6a139da11f5559500860a9296d30e56ec13afa6f834c2b580b22e390191ef7e912fd40fe815f38086d548570d480832341511e6a99c3fe4c1d229e68cf10aa", 0x86}, {&(0x7f00000004c0)="477638389ba276bf30114ab8a579fd6c54c18c25b9cde85019a30aa963c52ca4ae0d83f2aaa2e97dc875290fd0af3cb1a45f3bd0e87006abb9dcf19ba279d713f1c94e4b25158b4d01ab7e711d329610", 0x50}], 0x2, &(0x7f0000000580)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @empty, @remote}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x3}}, @ip_tos_u8={{0x11}}, @ip_retopts={{0x38, 0x0, 0x7, {[@lsrr={0x83, 0xf, 0x66, [@remote, @dev={0xac, 0x14, 0x14, 0x17}, @rand_addr=0x64010102]}, @timestamp_addr={0x44, 0xc, 0x63, 0x1, 0x7, [{@rand_addr=0x64010101, 0x1}]}, @noop, @noop, @noop, @generic={0x88, 0x6, "b5b35cb4"}, @noop]}}}, @ip_retopts={{0x7c, 0x0, 0x7, {[@timestamp_prespec={0x44, 0xc, 0x39, 0x3, 0x9, [{@dev={0xac, 0x14, 0x14, 0x32}, 0x8}]}, @generic={0x7, 0x3, "cf"}, @ra={0x94, 0x4, 0x1}, @noop, @cipso={0x86, 0x57, 0x3, [{0x2, 0xd, "ecb03cb72db6d27e005947"}, {0x5, 0x7, "efa17733c4"}, {0x2, 0x6, "d9ae663d"}, {0x8188054bbdb728ed, 0x5, "df8f4f"}, {0x2, 0x5, "b006d7"}, {0x1, 0x3, "04"}, {0x2, 0x12, "9e4875b77f5eab23dc4719ce07963305"}, {0x1, 0x10, "617a37a6101bf2f16d0f9025e6b6"}, {0x2, 0x8, "dc475b177fe9"}]}]}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0xc0}}], 0x120}}, {{&(0x7f00000006c0)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x3d}}, 0x10, &(0x7f0000000740)=[{&(0x7f0000000700)="9a475c35de98e2221dff243c3fd495c0a691ef03cd10e7e4118b9f56e7c077b1af26", 0x22}], 0x1, &(0x7f0000000880)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x80}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x7}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @broadcast, @multicast1}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x5}}, @ip_retopts={{0x74, 0x0, 0x7, {[@ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x2c, 0x25, 0x3, 0x4, [{@dev={0xac, 0x14, 0x14, 0x1f}, 0x1}, {@loopback, 0x7}, {@broadcast, 0x8}, {@multicast1, 0x2}, {@rand_addr=0x64010101, 0x3f}]}, @noop, @cipso={0x86, 0xf, 0x3, [{0x5, 0x9, "15460cfe151ebe"}]}, @ra={0x94, 0x4}, @generic={0x94, 0x3, "fc"}, @generic={0x7, 0x5, "5aed1d"}, @lsrr={0x83, 0x17, 0xdf, [@broadcast, @private=0xa010101, @private=0xa010100, @rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x1, 0x0}]}]}}}], 0xe0}}, {{&(0x7f0000000780)={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000a40)=[{&(0x7f00000007c0)="04d454c326689f75bf9336afb27d9a3e27983bc6f5c6f10c9b110e3c4cc8ff8ce2feafb6acd4eb6c4b4a51ca21966c25030d366421cd1778ec11afc0170add72ecd0892cd05fa162825aa427d781a739009e6c1f79c51b82bbffd49b1c9e9dae2c873de34a1bc2", 0x67}, {&(0x7f0000000980)="ab29f75de6b309e943c57c0bfc39dc5031f24bf0735502ec95a7b94767befd0ad9af37bfee6c979f813ff2b90c570a1f24b98e4cccbbcd11", 0x38}, {&(0x7f00000009c0)="942af66a167e8e5b199fc4fad65d176543908818f71d46801a1381c8f6cfe94fb4e70e242ae8024126c1735f80b7850d184074b66cd56b78f71de8401c9ed937d02a417bd0f387", 0x47}], 0x3, &(0x7f0000000a80)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x10000}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x6}}], 0x48}}], 0x4, 0x8000) 15:59:03 executing program 4: r0 = syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}, 0x0) sendmmsg(r3, &(0x7f000000af40)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000200)="84", 0x1}], 0x1}}], 0x1, 0x0) io_uring_enter(r0, 0x1, 0x0, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) r4 = socket$inet_icmp(0x2, 0x2, 0x1) sendmmsg$inet(r4, &(0x7f0000000b00)=[{{&(0x7f0000000040)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000000180)=[{&(0x7f0000000240)="9639f0b978c71652d761cd1b678559f9821a343cdbb4848975feaae90430a728dd8e282e941e8a2b917d370e05aa7b4ae9d4d98529bbab5872f730d2683f7ef43a485e1c7adfaf4fddb30a00a810c66b4dc9c7c94683ab7c8865531f417d2e591e9ac684791150ca7e004b4c2627463b8974f4cb890147c7", 0x78}, {&(0x7f00000002c0)="d1dbe430b3a2d6b3406852d49898b2b5cd34e18b7a73de75b7649664aedd7708f12017fbbc54d95b87397074b56d151e65b117f12f58bdf0e60bcb4e5ec8ae21c2b894e86a77c5121f297de6c2647c5c444b924ab7b27793bffa6142f25aeee75c1a56cb1495e1e3aeb238481ecae48ea684b67458733aefe8e4e2bf005f921e52a3a547fa05d8e50bc358728b08d9b8a8e0faa5261004c845ccd0681ba43aa33959619f90c2412332669052d7f3cbe29519c67cb2f632ca96546a38dea04098c671b349e6d136f5af299c4376bd2cdf89e060c0593b094e51889be0c8e11efc10cb6850da60e81d3bc6138feae89a6af5b4038a", 0xf4}], 0x2, &(0x7f00000003c0)=[@ip_ttl={{0x14}}], 0x18}}, {{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000400)="c766540810c5cd72b4e4a31ebfa0816b8f07472857bec12c6dabb2b3a4eb45dd1faa9228614722da7b90a32aac03dffc3f203a930f7a74ec4d827e6ed8b303fb5a18414923633b6a139da11f5559500860a9296d30e56ec13afa6f834c2b580b22e390191ef7e912fd40fe815f38086d548570d480832341511e6a99c3fe4c1d229e68cf10aa", 0x86}, {&(0x7f00000004c0)="477638389ba276bf30114ab8a579fd6c54c18c25b9cde85019a30aa963c52ca4ae0d83f2aaa2e97dc875290fd0af3cb1a45f3bd0e87006abb9dcf19ba279d713f1c94e4b25158b4d01ab7e711d329610", 0x50}], 0x2, &(0x7f0000000580)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @empty, @remote}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x3}}, @ip_tos_u8={{0x11}}, @ip_retopts={{0x38, 0x0, 0x7, {[@lsrr={0x83, 0xf, 0x66, [@remote, @dev={0xac, 0x14, 0x14, 0x17}, @rand_addr=0x64010102]}, @timestamp_addr={0x44, 0xc, 0x63, 0x1, 0x7, [{@rand_addr=0x64010101, 0x1}]}, @noop, @noop, @noop, @generic={0x88, 0x6, "b5b35cb4"}, @noop]}}}, @ip_retopts={{0x7c, 0x0, 0x7, {[@timestamp_prespec={0x44, 0xc, 0x39, 0x3, 0x9, [{@dev={0xac, 0x14, 0x14, 0x32}, 0x8}]}, @generic={0x7, 0x3, "cf"}, @ra={0x94, 0x4, 0x1}, @noop, @cipso={0x86, 0x57, 0x3, [{0x2, 0xd, "ecb03cb72db6d27e005947"}, {0x5, 0x7, "efa17733c4"}, {0x2, 0x6, "d9ae663d"}, {0x8188054bbdb728ed, 0x5, "df8f4f"}, {0x2, 0x5, "b006d7"}, {0x1, 0x3, "04"}, {0x2, 0x12, "9e4875b77f5eab23dc4719ce07963305"}, {0x1, 0x10, "617a37a6101bf2f16d0f9025e6b6"}, {0x2, 0x8, "dc475b177fe9"}]}]}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0xc0}}], 0x120}}, {{&(0x7f00000006c0)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x3d}}, 0x10, &(0x7f0000000740)=[{&(0x7f0000000700)="9a475c35de98e2221dff243c3fd495c0a691ef03cd10e7e4118b9f56e7c077b1af26", 0x22}], 0x1, &(0x7f0000000880)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x80}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x7}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @broadcast, @multicast1}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x5}}, @ip_retopts={{0x74, 0x0, 0x7, {[@ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x2c, 0x25, 0x3, 0x4, [{@dev={0xac, 0x14, 0x14, 0x1f}, 0x1}, {@loopback, 0x7}, {@broadcast, 0x8}, {@multicast1, 0x2}, {@rand_addr=0x64010101, 0x3f}]}, @noop, @cipso={0x86, 0xf, 0x3, [{0x5, 0x9, "15460cfe151ebe"}]}, @ra={0x94, 0x4}, @generic={0x94, 0x3, "fc"}, @generic={0x7, 0x5, "5aed1d"}, @lsrr={0x83, 0x17, 0xdf, [@broadcast, @private=0xa010101, @private=0xa010100, @rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x1, 0x0}]}]}}}], 0xe0}}, {{&(0x7f0000000780)={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000a40)=[{&(0x7f00000007c0)="04d454c326689f75bf9336afb27d9a3e27983bc6f5c6f10c9b110e3c4cc8ff8ce2feafb6acd4eb6c4b4a51ca21966c25030d366421cd1778ec11afc0170add72ecd0892cd05fa162825aa427d781a739009e6c1f79c51b82bbffd49b1c9e9dae2c873de34a1bc2", 0x67}, {&(0x7f0000000980)="ab29f75de6b309e943c57c0bfc39dc5031f24bf0735502ec95a7b94767befd0ad9af37bfee6c979f813ff2b90c570a1f24b98e4cccbbcd11", 0x38}, {&(0x7f00000009c0)="942af66a167e8e5b199fc4fad65d176543908818f71d46801a1381c8f6cfe94fb4e70e242ae8024126c1735f80b7850d184074b66cd56b78f71de8401c9ed937d02a417bd0f387", 0x47}], 0x3, &(0x7f0000000a80)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x10000}}, @ip_tos_u8={{0x11}}, @ip_ttl={{0x14, 0x0, 0x2, 0x6}}], 0x48}}], 0x4, 0x8000) 15:59:03 executing program 4: syz_emit_ethernet(0x8a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaa80000000000000800450000790b49fe7a0c850809ee2f117c000000000006907864010100ac1414aa00000080c362606029ed52e4075e3cb8615a467d2267905a4dec9a4e018300"/91, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="a000000090780000020fbdbe3c6af51c4143e23450af61fe05f989f60009fa2eb6ab35ecb5fe06e2d4c3d9010522000000000000000000000000000000000000000000000000000000000000000002040000fe07f9897db37a000000"], 0x0) syz_emit_ethernet(0xdd, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb00114642414099e1642c3dc30f66c14bc79b8e19135ec7f005e5cf79d445915b05f4f42f7ff3256e68d8f3a49d403435f1bc969a6ebdff2898e19b959d36537278c7aa5fa6f69a5b543d362235bf7f524f7c01ff0f8fada1b7366737e0485075d20d5bc2f8e33464a640c5cba73e1ad386a8e4a4db7338b4cfe87a11ea1e586ea6f6e9e5cab02efa53c0987e3dbe020b10124b592c1d03cecef3abbbbed32b1e4455641af81bf83fbbeffad8c8ec3f98e62b323b8a12eb9b302cbef2a4e5a1fcb61c7f23949a0863812e89d48b91c837db374eb4f3848f3849772f1bed00bb6950aad87d7dceacddb13299cd93af4975b9533e9a204000d035407f6fa1918cdbec7babbb40c976ac825662486ae6289392624603672d7ab7d0deae199c0eaede92fefd122c18ec683e1bb95fbc194ab8d48c634de6e07175d12172a1a4ba645f009c1407b3f945469957095f29d4045d1d3f94fc16b0447a054ab3e1b36ba94a4e04b72548cf81c02a72f9"], &(0x7f00000001c0)={0x1, 0x3, [0x5ab, 0xd4e, 0x2c4, 0x431]}) syz_emit_ethernet(0xae, &(0x7f0000000200)={@multicast, @multicast, @val={@val={0x9100, 0x0, 0x1}, {0x8100, 0x7, 0x1, 0x3}}, {@x25={0x805, {0x1, 0x1, 0x1f, "9e1ae9fba6da60eac9fb627531cd87e927c6c87ab33f065f3d021a52470fd16c7e6dbee71b823f0248b9f9c1568cf06e941d30851f9a8340775e5a1056445a0258ba98807f42bc40b7c93de8e097586a386bef6eedb8ae1a64160878ea81817ee5c47e6f9202df3a3544438460812636ca4807857202f32fec228037c0ee5fe44a35c974c19a7529c315820041f994fa9824cf99f1"}}}}, 0x0) syz_emit_ethernet(0x56, &(0x7f0000000140)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x21}, @remote, @void, {@canfd={0xd, {{0x2}, 0x13, 0x1, 0x0, 0x0, "515858ad08720dd67d61c04c76e4ce65c636f441b37580deefa9a285fd962eeac38d4d1ec90b5358c126de55ff835cfbfb7a447a0b4d56dd2fbecd4e46b0b942"}}}}, &(0x7f00000004c0)={0x1, 0x1, [0x246, 0x16d, 0x3ab, 0xe9a]}) syz_emit_ethernet(0x5e, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @random="9032a9684cf5", @val={@val={0x9100, 0x4, 0x1, 0x2}, {0x8100, 0x7, 0x1, 0x1}}, {@ipv4={0x800, @icmp={{0xd, 0x4, 0x3, 0x4, 0x48, 0x65, 0x0, 0x6, 0x1, 0x0, @broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@cipso={0x86, 0x1e, 0xffffffffffffffff, [{0x0, 0xf, "322bce8b671ee0b8348df0a1d3"}, {0x7, 0x9, "3941772be43ef1"}]}, @noop]}}, @timestamp={0xd, 0x0, 0x0, 0x3, 0x1af7, 0x7fffffff, 0x1, 0x4}}}}}, 0x0) r0 = socket$nl_audit(0x10, 0x3, 0x9) getsockname(r0, &(0x7f0000000a40)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @private1}}, &(0x7f0000000ac0)=0x80) recvfrom(r0, &(0x7f0000000500)=""/185, 0xb9, 0x61, &(0x7f00000005c0)=@pptp={0x18, 0x2, {0x3, @broadcast}}, 0x80) syz_emit_ethernet(0x31, &(0x7f00000000c0)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0xf}, @broadcast, @void, {@x25={0x805, {0x3, 0x3, 0x27, "82fd67440b0692000ad04cb70ff87fd38f0ebbfdcb7de44431bd692bad5242ed"}}}}, &(0x7f0000000100)={0x1, 0x2, [0xfd0, 0xc6e, 0x5b1, 0x4bc]}) 15:59:03 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x4c, 0x0, 0x0) 15:59:03 executing program 4: r0 = open$dir(&(0x7f0000000200)='.\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000380)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x20004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) getdents64(r0, &(0x7f00000000c0)=""/120, 0x78) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/slab', 0x0, 0x0) lseek(r2, 0x2000005, 0x0) getdents64(r2, &(0x7f0000000240)=""/226, 0x20000258) r3 = openat2(r0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)={0x0, 0x9}, 0x18) getdents64(r3, &(0x7f0000000180)=""/16, 0x10) 15:59:03 executing program 7: modify_ldt$read_default(0x2, &(0x7f0000000000)=""/42, 0x2a) r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b036f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r1 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000200), 0x102, 0x0) ioctl$BLKZEROOUT(r1, 0x127f, 0x0) openat(r1, &(0x7f0000000180)='./file1\x00', 0x24c00, 0x8) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r2, 0xf1887000) chroot(0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r3, 0xc0189375, &(0x7f0000000400)=ANY=[@ANYBLOB="0180a5a268fbd7bbacb70aa9533c5b2b41783b151ad07e5d3ceed7bcdee5006dc37b469f", @ANYRES32, @ANYRES64=r0]) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) io_uring_setup(0x454c, 0x0) setxattr$security_capability(&(0x7f0000000300)='./file0\x00', &(0x7f0000000240), &(0x7f0000000500)=@v3={0x3000000, [{0x0, 0x72}, {0xffffffff, 0x2}]}, 0x18, 0x2) modify_ldt$read_default(0x2, &(0x7f0000000540)=""/229, 0xe5) write$binfmt_aout(r4, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f00000001c0), 0x8}, 0x15182, 0x7, 0x4}, 0x0, 0x7, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r4, r2, 0x0, 0xfffffdef) [ 124.462519] audit: type=1400 audit(1664553543.961:7): avc: denied { open } for pid=3816 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 124.464232] audit: type=1400 audit(1664553543.961:8): avc: denied { kernel } for pid=3816 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 124.488871] ------------[ cut here ]------------ [ 124.488901] [ 124.488906] ====================================================== [ 124.488912] WARNING: possible circular locking dependency detected [ 124.488918] 6.0.0-rc7-next-20220929 #1 Not tainted [ 124.488929] ------------------------------------------------------ [ 124.488934] syz-executor.4/3819 is trying to acquire lock: [ 124.488945] ffffffff853faab8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 124.489005] [ 124.489005] but task is already holding lock: [ 124.489010] ffff88800ea76420 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 124.489054] [ 124.489054] which lock already depends on the new lock. [ 124.489054] [ 124.489059] [ 124.489059] the existing dependency chain (in reverse order) is: [ 124.489064] [ 124.489064] -> #3 (&ctx->lock){....}-{2:2}: [ 124.489087] _raw_spin_lock+0x2a/0x40 [ 124.489105] __perf_event_task_sched_out+0x53b/0x18d0 [ 124.489124] __schedule+0xedd/0x2470 [ 124.489148] schedule+0xda/0x1b0 [ 124.489176] exit_to_user_mode_prepare+0x114/0x1a0 [ 124.489195] syscall_exit_to_user_mode+0x19/0x40 [ 124.489217] do_syscall_64+0x48/0x90 [ 124.489245] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 124.489267] [ 124.489267] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 124.489291] _raw_spin_lock_nested+0x30/0x40 [ 124.489309] raw_spin_rq_lock_nested+0x1e/0x30 [ 124.489330] task_fork_fair+0x63/0x4d0 [ 124.489357] sched_cgroup_fork+0x3d0/0x540 [ 124.489382] copy_process+0x4183/0x6e20 [ 124.489399] kernel_clone+0xe7/0x890 [ 124.489415] user_mode_thread+0xad/0xf0 [ 124.489433] rest_init+0x24/0x250 [ 124.489452] arch_call_rest_init+0xf/0x14 [ 124.489479] start_kernel+0x4c6/0x4eb [ 124.489504] secondary_startup_64_no_verify+0xe0/0xeb [ 124.489527] [ 124.489527] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 124.489550] _raw_spin_lock_irqsave+0x39/0x60 [ 124.489568] try_to_wake_up+0xab/0x1930 [ 124.489591] up+0x75/0xb0 [ 124.489615] __up_console_sem+0x6e/0x80 [ 124.489641] console_unlock+0x46a/0x590 [ 124.489671] vprintk_emit+0x1bd/0x560 [ 124.489700] vprintk+0x84/0xa0 [ 124.489727] _printk+0xba/0xf1 [ 124.489745] kauditd_hold_skb.cold+0x3f/0x4e [ 124.489773] kauditd_send_queue+0x233/0x290 [ 124.489798] kauditd_thread+0x5f9/0x9c0 [ 124.489822] kthread+0x2ed/0x3a0 [ 124.489846] ret_from_fork+0x22/0x30 [ 124.489866] [ 124.489866] -> #0 ((console_sem).lock){....}-{2:2}: [ 124.489890] __lock_acquire+0x2a02/0x5e70 [ 124.489918] lock_acquire+0x1a2/0x530 [ 124.489944] _raw_spin_lock_irqsave+0x39/0x60 [ 124.489963] down_trylock+0xe/0x70 [ 124.489988] __down_trylock_console_sem+0x3b/0xd0 [ 124.490015] vprintk_emit+0x16b/0x560 [ 124.490043] vprintk+0x84/0xa0 [ 124.490070] _printk+0xba/0xf1 [ 124.490087] report_bug.cold+0x72/0xab [ 124.490115] handle_bug+0x3c/0x70 [ 124.490142] exc_invalid_op+0x14/0x50 [ 124.490171] asm_exc_invalid_op+0x16/0x20 [ 124.490195] group_sched_out.part.0+0x2c7/0x460 [ 124.490225] ctx_sched_out+0x8f1/0xc10 [ 124.490253] __perf_event_task_sched_out+0x6d0/0x18d0 [ 124.490272] __schedule+0xedd/0x2470 [ 124.490295] schedule+0xda/0x1b0 [ 124.490318] exit_to_user_mode_prepare+0x114/0x1a0 [ 124.490336] syscall_exit_to_user_mode+0x19/0x40 [ 124.490358] do_syscall_64+0x48/0x90 [ 124.490386] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 124.490407] [ 124.490407] other info that might help us debug this: [ 124.490407] [ 124.490412] Chain exists of: [ 124.490412] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 124.490412] [ 124.490437] Possible unsafe locking scenario: [ 124.490437] [ 124.490441] CPU0 CPU1 [ 124.490445] ---- ---- [ 124.490449] lock(&ctx->lock); [ 124.490458] lock(&rq->__lock); [ 124.490469] lock(&ctx->lock); [ 124.490479] lock((console_sem).lock); [ 124.490489] [ 124.490489] *** DEADLOCK *** [ 124.490489] [ 124.490492] 2 locks held by syz-executor.4/3819: [ 124.490504] #0: ffff88806cf37e98 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 124.490554] #1: ffff88800ea76420 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 124.490599] [ 124.490599] stack backtrace: [ 124.490604] CPU: 1 PID: 3819 Comm: syz-executor.4 Not tainted 6.0.0-rc7-next-20220929 #1 [ 124.490625] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 124.490645] Call Trace: [ 124.490651] [ 124.490659] dump_stack_lvl+0x8b/0xb3 [ 124.490692] check_noncircular+0x263/0x2e0 [ 124.490721] ? format_decode+0x26c/0xb50 [ 124.490748] ? print_circular_bug+0x450/0x450 [ 124.490777] ? enable_ptr_key_workfn+0x20/0x20 [ 124.490806] ? format_decode+0x26c/0xb50 [ 124.490835] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 124.490866] __lock_acquire+0x2a02/0x5e70 [ 124.490903] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 124.490942] lock_acquire+0x1a2/0x530 [ 124.490970] ? down_trylock+0xe/0x70 [ 124.490999] ? lock_release+0x750/0x750 [ 124.491035] ? vprintk+0x84/0xa0 [ 124.491065] _raw_spin_lock_irqsave+0x39/0x60 [ 124.491085] ? down_trylock+0xe/0x70 [ 124.491112] down_trylock+0xe/0x70 [ 124.491139] ? vprintk+0x84/0xa0 [ 124.491168] __down_trylock_console_sem+0x3b/0xd0 [ 124.491198] vprintk_emit+0x16b/0x560 [ 124.491230] vprintk+0x84/0xa0 [ 124.491260] _printk+0xba/0xf1 [ 124.491279] ? record_print_text.cold+0x16/0x16 [ 124.491307] ? report_bug.cold+0x66/0xab [ 124.491337] ? group_sched_out.part.0+0x2c7/0x460 [ 124.491369] report_bug.cold+0x72/0xab [ 124.491401] handle_bug+0x3c/0x70 [ 124.491431] exc_invalid_op+0x14/0x50 [ 124.491462] asm_exc_invalid_op+0x16/0x20 [ 124.491483] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 124.491518] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 6b 17 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 124.491537] RSP: 0018:ffff888040b47c48 EFLAGS: 00010006 [ 124.491552] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 124.491565] RDX: ffff88803f1ed040 RSI: ffffffff81565e67 RDI: 0000000000000005 [ 124.491579] RBP: ffff888040bd0000 R08: 0000000000000005 R09: 0000000000000001 [ 124.491591] R10: 0000000000000000 R11: ffffffff865b405b R12: ffff88800ea76400 [ 124.491604] R13: ffff88806cf3d2c0 R14: ffffffff8547d040 R15: 0000000000000002 [ 124.491623] ? group_sched_out.part.0+0x2c7/0x460 [ 124.491657] ? group_sched_out.part.0+0x2c7/0x460 [ 124.491691] ctx_sched_out+0x8f1/0xc10 [ 124.491725] __perf_event_task_sched_out+0x6d0/0x18d0 [ 124.491750] ? lock_is_held_type+0xd7/0x130 [ 124.491773] ? __perf_cgroup_move+0x160/0x160 [ 124.491792] ? set_next_entity+0x304/0x550 [ 124.491822] ? update_curr+0x267/0x740 [ 124.491853] ? lock_is_held_type+0xd7/0x130 [ 124.491877] __schedule+0xedd/0x2470 [ 124.491907] ? io_schedule_timeout+0x150/0x150 [ 124.491935] ? rcu_read_lock_sched_held+0x3e/0x80 [ 124.491970] schedule+0xda/0x1b0 [ 124.491995] exit_to_user_mode_prepare+0x114/0x1a0 [ 124.492016] syscall_exit_to_user_mode+0x19/0x40 [ 124.492039] do_syscall_64+0x48/0x90 [ 124.492070] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 124.492093] RIP: 0033:0x7f4cc0aeab19 [ 124.492106] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 124.492125] RSP: 002b:00007f4cbe060218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 124.492144] RAX: 0000000000000001 RBX: 00007f4cc0bfdf68 RCX: 00007f4cc0aeab19 [ 124.492156] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f4cc0bfdf6c [ 124.492169] RBP: 00007f4cc0bfdf60 R08: 000000000000000e R09: 0000000000000000 [ 124.492181] R10: 0000000000000004 R11: 0000000000000246 R12: 00007f4cc0bfdf6c [ 124.492194] R13: 00007fff0b1882cf R14: 00007f4cbe060300 R15: 0000000000022000 [ 124.492216] [ 124.495374] loop7: detected capacity change from 0 to 40 [ 124.495941] WARNING: CPU: 1 PID: 3819 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 124.583379] Modules linked in: [ 124.583753] CPU: 1 PID: 3819 Comm: syz-executor.4 Not tainted 6.0.0-rc7-next-20220929 #1 [ 124.584675] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 124.585944] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 124.586574] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 6b 17 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 124.588617] RSP: 0018:ffff888040b47c48 EFLAGS: 00010006 [ 124.589223] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 124.590037] RDX: ffff88803f1ed040 RSI: ffffffff81565e67 RDI: 0000000000000005 [ 124.590864] RBP: ffff888040bd0000 R08: 0000000000000005 R09: 0000000000000001 [ 124.591676] R10: 0000000000000000 R11: ffffffff865b405b R12: ffff88800ea76400 [ 124.592484] R13: ffff88806cf3d2c0 R14: ffffffff8547d040 R15: 0000000000000002 [ 124.593297] FS: 00007f4cbe060700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 124.594217] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 124.594899] CR2: 000055ae416e5080 CR3: 0000000040396000 CR4: 0000000000350ee0 [ 124.595707] Call Trace: [ 124.596014] [ 124.596281] ctx_sched_out+0x8f1/0xc10 [ 124.596748] __perf_event_task_sched_out+0x6d0/0x18d0 [ 124.597348] ? lock_is_held_type+0xd7/0x130 [ 124.597848] ? __perf_cgroup_move+0x160/0x160 [ 124.598374] ? set_next_entity+0x304/0x550 [ 124.598885] ? update_curr+0x267/0x740 [ 124.599341] ? lock_is_held_type+0xd7/0x130 [ 124.599833] __schedule+0xedd/0x2470 [ 124.600274] ? io_schedule_timeout+0x150/0x150 [ 124.600808] ? rcu_read_lock_sched_held+0x3e/0x80 [ 124.601377] schedule+0xda/0x1b0 [ 124.601787] exit_to_user_mode_prepare+0x114/0x1a0 [ 124.602350] syscall_exit_to_user_mode+0x19/0x40 [ 124.602901] do_syscall_64+0x48/0x90 [ 124.603339] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 124.603923] RIP: 0033:0x7f4cc0aeab19 [ 124.604352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 124.606372] RSP: 002b:00007f4cbe060218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 124.607230] RAX: 0000000000000001 RBX: 00007f4cc0bfdf68 RCX: 00007f4cc0aeab19 [ 124.608030] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f4cc0bfdf6c [ 124.608834] RBP: 00007f4cc0bfdf60 R08: 000000000000000e R09: 0000000000000000 [ 124.609632] R10: 0000000000000004 R11: 0000000000000246 R12: 00007f4cc0bfdf6c [ 124.610422] R13: 00007fff0b1882cf R14: 00007f4cbe060300 R15: 0000000000022000 [ 124.611279] [ 124.611551] irq event stamp: 1002 [ 124.611944] hardirqs last enabled at (1001): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 124.613000] hardirqs last disabled at (1002): [] __schedule+0x1225/0x2470 [ 124.613941] softirqs last enabled at (724): [] __irq_exit_rcu+0x11b/0x180 [ 124.614901] softirqs last disabled at (691): [] __irq_exit_rcu+0x11b/0x180 [ 124.615850] ---[ end trace 0000000000000000 ]--- 15:59:04 executing program 4: r0 = open$dir(&(0x7f0000000200)='.\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000380)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x20004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) getdents64(r0, &(0x7f00000000c0)=""/120, 0x78) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/slab', 0x0, 0x0) lseek(r2, 0x2000005, 0x0) getdents64(r2, &(0x7f0000000240)=""/226, 0x20000258) r3 = openat2(r0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)={0x0, 0x9}, 0x18) getdents64(r3, &(0x7f0000000180)=""/16, 0x10) 15:59:04 executing program 4: r0 = open$dir(&(0x7f0000000200)='.\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000380)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x20004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) getdents64(r0, &(0x7f00000000c0)=""/120, 0x78) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/slab', 0x0, 0x0) lseek(r2, 0x2000005, 0x0) getdents64(r2, &(0x7f0000000240)=""/226, 0x20000258) r3 = openat2(r0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)={0x0, 0x9}, 0x18) getdents64(r3, &(0x7f0000000180)=""/16, 0x10) [ 125.956961] loop0: detected capacity change from 0 to 12 [ 125.967448] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 125.970980] loop0: detected capacity change from 0 to 12 [ 128.980744] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 128.981910] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 128.984223] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 128.987031] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 128.988106] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 128.989996] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 128.993233] Bluetooth: hci1: HCI_REQ-0x0c1a [ 130.982215] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 131.046207] Bluetooth: hci1: command 0x0409 tx timeout [ 133.094263] Bluetooth: hci1: command 0x041b tx timeout VM DIAGNOSIS: 15:59:04 Registers: info registers vcpu 0 RAX=000000000000075a RBX=0000000000000000 RCX=0000000000000000 RDX=0000000000000000 RSI=0000000000000000 RDI=ffffffff85561e40 RBP=ffff888040b24000 RSP=ffff888040aefd98 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=ffffffff85561e40 R13=ffff88800d10f8a0 R14=ffff888015c0bc30 R15=0000000000000000 RIP=ffffffff818cc5f2 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fba47989700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fba4798a000 CR3=000000000e7aa000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM02=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM03=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=0000000000000065 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff823ba3c1 RDI=ffffffff8765a9c0 RBP=ffffffff8765a980 RSP=ffff888040b47650 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000065 R11=0000000000000001 R12=0000000000000065 R13=ffffffff8765a980 R14=0000000000000010 R15=ffffffff823ba3b0 RIP=ffffffff823ba419 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f4cbe060700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055ae416e5080 CR3=0000000040396000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 69646f6d0a3a3720 6d6172676f727020 YMM02=0000000000000000 0000000000000000 3066377830282620 2c32783028746c75 YMM03=0000000000000000 0000000000000000 7a7973203d203072 0a2961327830202c YMM04=0000000000000000 0000000000000000 3062366436633130 36223d2930303030 YMM05=0000000000000000 0000000000000000 3030323030303030 3030663778302826 YMM06=0000000000000000 0000000000000000 5c30656c69662f2e 273d293030313030 YMM07=0000000000000000 0000000000000000 3030303030303030 6637783028262874 YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000