Warning: Permanently added '[localhost]:11335' (ECDSA) to the list of known hosts. 2022/09/13 18:13:05 fuzzer started 2022/09/13 18:13:05 dialing manager at localhost:36597 syzkaller login: [ 40.776337] cgroup: Unknown subsys name 'net' [ 40.878090] cgroup: Unknown subsys name 'rlimit' 2022/09/13 18:13:21 syscalls: 2215 2022/09/13 18:13:21 code coverage: enabled 2022/09/13 18:13:21 comparison tracing: enabled 2022/09/13 18:13:21 extra coverage: enabled 2022/09/13 18:13:21 setuid sandbox: enabled 2022/09/13 18:13:21 namespace sandbox: enabled 2022/09/13 18:13:21 Android sandbox: enabled 2022/09/13 18:13:21 fault injection: enabled 2022/09/13 18:13:21 leak checking: enabled 2022/09/13 18:13:21 net packet injection: enabled 2022/09/13 18:13:21 net device setup: enabled 2022/09/13 18:13:21 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/13 18:13:21 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/13 18:13:21 USB emulation: enabled 2022/09/13 18:13:21 hci packet injection: enabled 2022/09/13 18:13:21 wifi device emulation: failed to parse kernel version (6.0.0-rc5-next-20220913) 2022/09/13 18:13:21 802.15.4 emulation: enabled 2022/09/13 18:13:21 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/13 18:13:21 fetching corpus: 43, signal 33732/37244 (executing program) 2022/09/13 18:13:21 fetching corpus: 93, signal 46513/51488 (executing program) 2022/09/13 18:13:21 fetching corpus: 143, signal 60162/66373 (executing program) 2022/09/13 18:13:21 fetching corpus: 193, signal 65534/73113 (executing program) 2022/09/13 18:13:22 fetching corpus: 243, signal 70373/79265 (executing program) 2022/09/13 18:13:22 fetching corpus: 293, signal 76535/86612 (executing program) 2022/09/13 18:13:22 fetching corpus: 343, signal 82878/94104 (executing program) 2022/09/13 18:13:22 fetching corpus: 393, signal 87975/100260 (executing program) 2022/09/13 18:13:22 fetching corpus: 443, signal 93312/106650 (executing program) 2022/09/13 18:13:22 fetching corpus: 493, signal 97821/112156 (executing program) 2022/09/13 18:13:22 fetching corpus: 543, signal 103124/118340 (executing program) 2022/09/13 18:13:23 fetching corpus: 593, signal 106450/122637 (executing program) 2022/09/13 18:13:23 fetching corpus: 643, signal 110720/127820 (executing program) 2022/09/13 18:13:23 fetching corpus: 693, signal 113081/131158 (executing program) 2022/09/13 18:13:23 fetching corpus: 743, signal 116915/135680 (executing program) 2022/09/13 18:13:23 fetching corpus: 793, signal 121162/140581 (executing program) 2022/09/13 18:13:23 fetching corpus: 843, signal 124511/144631 (executing program) 2022/09/13 18:13:24 fetching corpus: 893, signal 128932/149616 (executing program) 2022/09/13 18:13:24 fetching corpus: 943, signal 132070/153386 (executing program) 2022/09/13 18:13:24 fetching corpus: 993, signal 134594/156625 (executing program) 2022/09/13 18:13:24 fetching corpus: 1043, signal 137886/160498 (executing program) 2022/09/13 18:13:24 fetching corpus: 1093, signal 139646/162980 (executing program) 2022/09/13 18:13:24 fetching corpus: 1143, signal 142597/166489 (executing program) 2022/09/13 18:13:24 fetching corpus: 1193, signal 144966/169435 (executing program) 2022/09/13 18:13:25 fetching corpus: 1243, signal 147147/172222 (executing program) 2022/09/13 18:13:25 fetching corpus: 1293, signal 148816/174503 (executing program) 2022/09/13 18:13:25 fetching corpus: 1343, signal 150165/176521 (executing program) 2022/09/13 18:13:25 fetching corpus: 1393, signal 152382/179246 (executing program) 2022/09/13 18:13:25 fetching corpus: 1443, signal 154568/181931 (executing program) 2022/09/13 18:13:25 fetching corpus: 1493, signal 156341/184237 (executing program) 2022/09/13 18:13:25 fetching corpus: 1543, signal 157876/186288 (executing program) 2022/09/13 18:13:25 fetching corpus: 1593, signal 159939/188760 (executing program) 2022/09/13 18:13:26 fetching corpus: 1643, signal 161293/190629 (executing program) 2022/09/13 18:13:26 fetching corpus: 1693, signal 163704/193313 (executing program) 2022/09/13 18:13:26 fetching corpus: 1743, signal 164923/195104 (executing program) 2022/09/13 18:13:26 fetching corpus: 1793, signal 166682/197283 (executing program) 2022/09/13 18:13:26 fetching corpus: 1843, signal 168325/199350 (executing program) 2022/09/13 18:13:26 fetching corpus: 1893, signal 169871/201266 (executing program) 2022/09/13 18:13:26 fetching corpus: 1943, signal 171712/203423 (executing program) 2022/09/13 18:13:27 fetching corpus: 1993, signal 173108/205221 (executing program) 2022/09/13 18:13:27 fetching corpus: 2043, signal 174189/206812 (executing program) 2022/09/13 18:13:27 fetching corpus: 2093, signal 175989/208816 (executing program) 2022/09/13 18:13:27 fetching corpus: 2143, signal 178207/211131 (executing program) 2022/09/13 18:13:27 fetching corpus: 2193, signal 180152/213132 (executing program) 2022/09/13 18:13:27 fetching corpus: 2243, signal 181454/214868 (executing program) 2022/09/13 18:13:28 fetching corpus: 2293, signal 183087/216708 (executing program) 2022/09/13 18:13:28 fetching corpus: 2343, signal 184131/218095 (executing program) 2022/09/13 18:13:28 fetching corpus: 2393, signal 185164/219446 (executing program) 2022/09/13 18:13:28 fetching corpus: 2443, signal 186185/220833 (executing program) 2022/09/13 18:13:28 fetching corpus: 2493, signal 188172/222783 (executing program) 2022/09/13 18:13:28 fetching corpus: 2543, signal 189201/224113 (executing program) 2022/09/13 18:13:28 fetching corpus: 2593, signal 190055/225366 (executing program) 2022/09/13 18:13:29 fetching corpus: 2643, signal 190997/226624 (executing program) 2022/09/13 18:13:29 fetching corpus: 2693, signal 192271/228057 (executing program) 2022/09/13 18:13:29 fetching corpus: 2743, signal 193231/229238 (executing program) 2022/09/13 18:13:29 fetching corpus: 2793, signal 195235/231064 (executing program) 2022/09/13 18:13:29 fetching corpus: 2843, signal 196081/232207 (executing program) 2022/09/13 18:13:29 fetching corpus: 2893, signal 197392/233593 (executing program) 2022/09/13 18:13:29 fetching corpus: 2943, signal 198442/234863 (executing program) 2022/09/13 18:13:30 fetching corpus: 2993, signal 199715/236180 (executing program) 2022/09/13 18:13:30 fetching corpus: 3043, signal 200608/237287 (executing program) 2022/09/13 18:13:30 fetching corpus: 3093, signal 201785/238499 (executing program) 2022/09/13 18:13:30 fetching corpus: 3143, signal 203108/239794 (executing program) 2022/09/13 18:13:30 fetching corpus: 3193, signal 203893/240800 (executing program) 2022/09/13 18:13:30 fetching corpus: 3243, signal 204813/241851 (executing program) 2022/09/13 18:13:30 fetching corpus: 3293, signal 206368/243244 (executing program) 2022/09/13 18:13:31 fetching corpus: 3343, signal 207592/244445 (executing program) 2022/09/13 18:13:31 fetching corpus: 3393, signal 208274/245322 (executing program) 2022/09/13 18:13:31 fetching corpus: 3443, signal 209013/246256 (executing program) 2022/09/13 18:13:31 fetching corpus: 3493, signal 209903/247239 (executing program) 2022/09/13 18:13:31 fetching corpus: 3543, signal 211090/248316 (executing program) 2022/09/13 18:13:31 fetching corpus: 3593, signal 211744/249105 (executing program) 2022/09/13 18:13:31 fetching corpus: 3643, signal 212653/250083 (executing program) 2022/09/13 18:13:32 fetching corpus: 3693, signal 213822/251134 (executing program) 2022/09/13 18:13:32 fetching corpus: 3743, signal 214549/251974 (executing program) 2022/09/13 18:13:32 fetching corpus: 3793, signal 215536/252964 (executing program) 2022/09/13 18:13:32 fetching corpus: 3843, signal 216320/253795 (executing program) 2022/09/13 18:13:32 fetching corpus: 3893, signal 217319/254703 (executing program) 2022/09/13 18:13:32 fetching corpus: 3943, signal 217923/255451 (executing program) 2022/09/13 18:13:32 fetching corpus: 3993, signal 218738/256267 (executing program) 2022/09/13 18:13:32 fetching corpus: 4043, signal 219502/257019 (executing program) 2022/09/13 18:13:33 fetching corpus: 4093, signal 220023/257707 (executing program) 2022/09/13 18:13:33 fetching corpus: 4143, signal 220828/258499 (executing program) 2022/09/13 18:13:33 fetching corpus: 4193, signal 221461/259192 (executing program) 2022/09/13 18:13:33 fetching corpus: 4243, signal 222341/260012 (executing program) 2022/09/13 18:13:33 fetching corpus: 4293, signal 223189/260868 (executing program) 2022/09/13 18:13:33 fetching corpus: 4343, signal 223648/261438 (executing program) 2022/09/13 18:13:33 fetching corpus: 4393, signal 224300/262136 (executing program) 2022/09/13 18:13:33 fetching corpus: 4443, signal 224765/262745 (executing program) 2022/09/13 18:13:34 fetching corpus: 4493, signal 225468/263411 (executing program) 2022/09/13 18:13:34 fetching corpus: 4543, signal 226115/264058 (executing program) 2022/09/13 18:13:34 fetching corpus: 4593, signal 226540/264589 (executing program) 2022/09/13 18:13:34 fetching corpus: 4643, signal 227311/265266 (executing program) 2022/09/13 18:13:34 fetching corpus: 4693, signal 227893/265843 (executing program) 2022/09/13 18:13:34 fetching corpus: 4743, signal 228480/266424 (executing program) 2022/09/13 18:13:34 fetching corpus: 4793, signal 229554/267162 (executing program) 2022/09/13 18:13:35 fetching corpus: 4843, signal 230393/267800 (executing program) 2022/09/13 18:13:35 fetching corpus: 4893, signal 231051/268368 (executing program) 2022/09/13 18:13:35 fetching corpus: 4943, signal 231859/269011 (executing program) 2022/09/13 18:13:35 fetching corpus: 4993, signal 232667/269591 (executing program) 2022/09/13 18:13:35 fetching corpus: 5043, signal 233354/270212 (executing program) 2022/09/13 18:13:35 fetching corpus: 5093, signal 233918/270751 (executing program) 2022/09/13 18:13:35 fetching corpus: 5143, signal 234517/271281 (executing program) 2022/09/13 18:13:36 fetching corpus: 5193, signal 235231/271833 (executing program) 2022/09/13 18:13:36 fetching corpus: 5243, signal 235926/272385 (executing program) 2022/09/13 18:13:36 fetching corpus: 5293, signal 236450/272850 (executing program) 2022/09/13 18:13:36 fetching corpus: 5343, signal 237102/273353 (executing program) 2022/09/13 18:13:36 fetching corpus: 5393, signal 237804/273853 (executing program) 2022/09/13 18:13:36 fetching corpus: 5443, signal 238289/274259 (executing program) 2022/09/13 18:13:36 fetching corpus: 5493, signal 238829/274714 (executing program) 2022/09/13 18:13:37 fetching corpus: 5543, signal 239243/275123 (executing program) 2022/09/13 18:13:37 fetching corpus: 5593, signal 239700/275531 (executing program) 2022/09/13 18:13:37 fetching corpus: 5643, signal 240753/276059 (executing program) 2022/09/13 18:13:37 fetching corpus: 5693, signal 241287/276451 (executing program) 2022/09/13 18:13:37 fetching corpus: 5743, signal 241868/276892 (executing program) 2022/09/13 18:13:37 fetching corpus: 5793, signal 242345/277260 (executing program) 2022/09/13 18:13:37 fetching corpus: 5843, signal 242923/277672 (executing program) 2022/09/13 18:13:38 fetching corpus: 5893, signal 243545/278065 (executing program) 2022/09/13 18:13:38 fetching corpus: 5943, signal 244118/278433 (executing program) 2022/09/13 18:13:38 fetching corpus: 5993, signal 244584/278808 (executing program) 2022/09/13 18:13:38 fetching corpus: 6043, signal 244924/279131 (executing program) 2022/09/13 18:13:38 fetching corpus: 6093, signal 245482/279468 (executing program) 2022/09/13 18:13:38 fetching corpus: 6143, signal 245923/279795 (executing program) 2022/09/13 18:13:38 fetching corpus: 6193, signal 246713/280221 (executing program) 2022/09/13 18:13:39 fetching corpus: 6243, signal 247353/280561 (executing program) 2022/09/13 18:13:39 fetching corpus: 6293, signal 247879/280893 (executing program) 2022/09/13 18:13:39 fetching corpus: 6343, signal 248895/281226 (executing program) 2022/09/13 18:13:39 fetching corpus: 6393, signal 249405/281574 (executing program) 2022/09/13 18:13:39 fetching corpus: 6443, signal 249783/281905 (executing program) 2022/09/13 18:13:39 fetching corpus: 6493, signal 250117/282191 (executing program) 2022/09/13 18:13:39 fetching corpus: 6542, signal 250985/282481 (executing program) 2022/09/13 18:13:40 fetching corpus: 6592, signal 251573/282750 (executing program) 2022/09/13 18:13:40 fetching corpus: 6642, signal 252086/283041 (executing program) 2022/09/13 18:13:40 fetching corpus: 6692, signal 252568/283300 (executing program) 2022/09/13 18:13:40 fetching corpus: 6742, signal 253092/283527 (executing program) 2022/09/13 18:13:40 fetching corpus: 6792, signal 253413/283757 (executing program) 2022/09/13 18:13:40 fetching corpus: 6842, signal 253756/284009 (executing program) 2022/09/13 18:13:40 fetching corpus: 6892, signal 254271/284174 (executing program) 2022/09/13 18:13:41 fetching corpus: 6942, signal 254703/284180 (executing program) 2022/09/13 18:13:41 fetching corpus: 6992, signal 255212/284188 (executing program) 2022/09/13 18:13:41 fetching corpus: 7042, signal 255723/284189 (executing program) 2022/09/13 18:13:41 fetching corpus: 7092, signal 256006/284191 (executing program) 2022/09/13 18:13:41 fetching corpus: 7142, signal 256423/284202 (executing program) 2022/09/13 18:13:41 fetching corpus: 7192, signal 257055/284232 (executing program) 2022/09/13 18:13:41 fetching corpus: 7242, signal 257509/284232 (executing program) 2022/09/13 18:13:42 fetching corpus: 7292, signal 258042/284234 (executing program) 2022/09/13 18:13:42 fetching corpus: 7342, signal 258588/284263 (executing program) 2022/09/13 18:13:42 fetching corpus: 7392, signal 259012/284281 (executing program) 2022/09/13 18:13:42 fetching corpus: 7442, signal 259809/284313 (executing program) 2022/09/13 18:13:42 fetching corpus: 7492, signal 260161/284316 (executing program) 2022/09/13 18:13:42 fetching corpus: 7542, signal 260560/284326 (executing program) 2022/09/13 18:13:43 fetching corpus: 7592, signal 261321/284335 (executing program) 2022/09/13 18:13:43 fetching corpus: 7642, signal 261806/284371 (executing program) 2022/09/13 18:13:43 fetching corpus: 7692, signal 262312/284415 (executing program) 2022/09/13 18:13:43 fetching corpus: 7742, signal 263055/284428 (executing program) 2022/09/13 18:13:43 fetching corpus: 7792, signal 263891/284433 (executing program) 2022/09/13 18:13:43 fetching corpus: 7842, signal 264314/284436 (executing program) 2022/09/13 18:13:44 fetching corpus: 7891, signal 264873/284438 (executing program) 2022/09/13 18:13:44 fetching corpus: 7941, signal 265226/284439 (executing program) 2022/09/13 18:13:44 fetching corpus: 7991, signal 265778/284440 (executing program) 2022/09/13 18:13:44 fetching corpus: 8041, signal 266227/284471 (executing program) 2022/09/13 18:13:44 fetching corpus: 8091, signal 266659/284472 (executing program) 2022/09/13 18:13:44 fetching corpus: 8141, signal 267119/284473 (executing program) 2022/09/13 18:13:44 fetching corpus: 8190, signal 267663/284475 (executing program) 2022/09/13 18:13:44 fetching corpus: 8240, signal 268099/284503 (executing program) 2022/09/13 18:13:44 fetching corpus: 8290, signal 268595/284523 (executing program) 2022/09/13 18:13:45 fetching corpus: 8340, signal 268898/284545 (executing program) 2022/09/13 18:13:45 fetching corpus: 8390, signal 269394/284545 (executing program) 2022/09/13 18:13:45 fetching corpus: 8440, signal 269852/284547 (executing program) 2022/09/13 18:13:45 fetching corpus: 8490, signal 270370/284551 (executing program) 2022/09/13 18:13:45 fetching corpus: 8540, signal 270945/284557 (executing program) 2022/09/13 18:13:45 fetching corpus: 8590, signal 271390/284560 (executing program) 2022/09/13 18:13:45 fetching corpus: 8640, signal 272017/284566 (executing program) 2022/09/13 18:13:46 fetching corpus: 8690, signal 272525/284575 (executing program) 2022/09/13 18:13:46 fetching corpus: 8740, signal 272879/284598 (executing program) 2022/09/13 18:13:46 fetching corpus: 8790, signal 273317/284598 (executing program) 2022/09/13 18:13:46 fetching corpus: 8840, signal 273936/284641 (executing program) 2022/09/13 18:13:46 fetching corpus: 8890, signal 274242/284644 (executing program) 2022/09/13 18:13:46 fetching corpus: 8940, signal 274598/284649 (executing program) 2022/09/13 18:13:46 fetching corpus: 8975, signal 274933/284652 (executing program) 2022/09/13 18:13:46 fetching corpus: 8975, signal 274933/284652 (executing program) 2022/09/13 18:13:50 starting 8 fuzzer processes 18:13:50 executing program 0: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCGETD(r0, 0x5424, &(0x7f0000000000)) 18:13:50 executing program 3: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000100)=[{0x34, 0x0, 0x0, 0xfffffffd}, {0x6}]}) syz_open_procfs(0x0, 0x0) 18:13:50 executing program 1: r0 = syz_io_uring_setup(0x35c3, &(0x7f0000000180)={0x0, 0x39dd}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000040), &(0x7f0000000200)) io_uring_register$IORING_REGISTER_FILES(r0, 0x8, &(0x7f0000000240)=[0xffffffffffffffff], 0x1) 18:13:50 executing program 2: mq_open(&(0x7f0000000880)=']-\xf4]+)-\x00', 0x40, 0x0, 0x0) 18:13:50 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_triestat\x00') pread64(r0, &(0x7f0000000040)=""/170, 0xaa, 0x200000007fffffff) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000180), 0x101000, 0x0) syz_io_uring_setup(0x5d6f, &(0x7f0000000680)={0x0, 0xbcc0, 0x2, 0x2, 0x273, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000700), 0x0) socket$netlink(0x10, 0x3, 0xb) [ 85.198837] audit: type=1400 audit(1663092830.099:6): avc: denied { execmem } for pid=286 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 18:13:50 executing program 7: creat(&(0x7f0000000040)='./file0\x00', 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000006c0)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x2, 0x0) 18:13:50 executing program 5: r0 = syz_mount_image$tmpfs(&(0x7f00000006c0), &(0x7f0000000700)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='mpol=default,size=53p,huge=never,nr_inodes=1']) symlinkat(&(0x7f0000000040)='./file1\x00', r0, &(0x7f0000000180)='./file0\x00') 18:13:50 executing program 6: syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="042fd1800000"], 0x8) [ 86.569980] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 86.571631] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 86.573515] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 86.575174] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 86.576852] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 86.578324] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 86.581870] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 86.582906] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 86.584086] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 86.587753] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 86.589458] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 86.591443] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 86.593413] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 86.594884] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 86.596395] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 86.597513] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 86.598689] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.600240] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 86.601431] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 86.602688] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.604334] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 86.613169] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.614816] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 86.616108] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 86.617555] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 86.617633] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 86.619246] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 86.621052] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 86.621720] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 86.622455] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.624193] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 86.624649] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 86.627172] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 86.627230] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 86.628374] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 86.629541] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 86.631585] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 86.635382] Bluetooth: hci0: HCI_REQ-0x0c1a [ 86.637597] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 86.639079] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 86.640441] Bluetooth: hci5: HCI_REQ-0x0c1a [ 86.640679] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 86.642741] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 86.644842] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 86.651090] Bluetooth: hci3: HCI_REQ-0x0c1a [ 86.668395] Bluetooth: hci6: HCI_REQ-0x0c1a [ 86.675066] Bluetooth: hci1: HCI_REQ-0x0c1a [ 86.675895] Bluetooth: hci4: HCI_REQ-0x0c1a [ 86.694525] Bluetooth: hci2: HCI_REQ-0x0c1a [ 86.717678] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 86.723211] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 86.724781] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 86.731317] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 86.735729] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 86.737409] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 86.753016] Bluetooth: hci7: HCI_REQ-0x0c1a [ 88.691635] Bluetooth: hci6: command 0x0409 tx timeout [ 88.692011] Bluetooth: hci4: command 0x0409 tx timeout [ 88.693046] Bluetooth: hci3: command 0x0409 tx timeout [ 88.693557] Bluetooth: hci1: command 0x0409 tx timeout [ 88.694290] Bluetooth: hci0: command 0x0409 tx timeout [ 88.694743] Bluetooth: hci5: command 0x0409 tx timeout [ 88.755157] Bluetooth: hci2: command 0x0409 tx timeout [ 88.819978] Bluetooth: hci7: command 0x0409 tx timeout [ 90.739075] Bluetooth: hci5: command 0x041b tx timeout [ 90.739698] Bluetooth: hci0: command 0x041b tx timeout [ 90.740208] Bluetooth: hci1: command 0x041b tx timeout [ 90.741255] Bluetooth: hci4: command 0x041b tx timeout [ 90.741729] Bluetooth: hci3: command 0x041b tx timeout [ 90.742424] Bluetooth: hci6: command 0x041b tx timeout [ 90.802981] Bluetooth: hci2: command 0x041b tx timeout [ 90.867023] Bluetooth: hci7: command 0x041b tx timeout [ 92.787479] Bluetooth: hci6: command 0x040f tx timeout [ 92.788015] Bluetooth: hci3: command 0x040f tx timeout [ 92.788465] Bluetooth: hci4: command 0x040f tx timeout [ 92.788894] Bluetooth: hci1: command 0x040f tx timeout [ 92.790129] Bluetooth: hci0: command 0x040f tx timeout [ 92.790567] Bluetooth: hci5: command 0x040f tx timeout [ 92.851042] Bluetooth: hci2: command 0x040f tx timeout [ 92.915070] Bluetooth: hci7: command 0x040f tx timeout [ 94.835017] Bluetooth: hci5: command 0x0419 tx timeout [ 94.835498] Bluetooth: hci0: command 0x0419 tx timeout [ 94.836641] Bluetooth: hci1: command 0x0419 tx timeout [ 94.837192] Bluetooth: hci4: command 0x0419 tx timeout [ 94.837605] Bluetooth: hci3: command 0x0419 tx timeout [ 94.838270] Bluetooth: hci6: command 0x0419 tx timeout [ 94.899312] Bluetooth: hci2: command 0x0419 tx timeout [ 94.963009] Bluetooth: hci7: command 0x0419 tx timeout 18:14:46 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x0, &(0x7f0000000040)}, 0x10) socket$inet_udp(0x2, 0x2, 0x0) r2 = dup(r0) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{&(0x7f0000000280)={0xa, 0x4e22, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x40}, 0x0, &(0x7f00000004c0)=[{&(0x7f00000002c0)="840ed7cb019cc4c626bd522b9b297ab0228f"}, {&(0x7f0000000440)="f117c9546fdf673e848c4c40aae7d578e6a70ca6261a43b646cf390b39b5b5f8e490cbc2954c666512f0df544eee3737d7dfed7d929427a7110deb7349410be3c1ce5c55ab6187bb39dc6908fd34b3b34203a5184310cdcb173d03bad191e46181"}, {&(0x7f0000000300)="9fb8735a86"}]}}], 0x63, 0x24048894) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) dup(r2) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="00042cbd7000fedbdf25460000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00010000000c008f0004000000000000000c0090000300000000000000080001007063690011000200303030303a30303a31302e300000000008008e00010000000c008f0007000000000000000c00900071000000000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00020000000c008f00ff0f0000000000000c00900003000000000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00010000000c008f003e360000000000000c0090000900000000000000"], 0x110}, 0x1, 0x0, 0x0, 0x4000040}, 0x4008010) [ 142.106619] audit: type=1400 audit(1663092887.006:7): avc: denied { open } for pid=3732 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 142.108271] audit: type=1400 audit(1663092887.008:8): avc: denied { kernel } for pid=3732 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 142.151906] ------------[ cut here ]------------ [ 142.151934] [ 142.151938] ====================================================== [ 142.151942] WARNING: possible circular locking dependency detected [ 142.151947] 6.0.0-rc5-next-20220913 #1 Not tainted [ 142.151953] ------------------------------------------------------ [ 142.151957] syz-executor.5/3733 is trying to acquire lock: [ 142.151965] ffffffff853fa878 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 142.152006] [ 142.152006] but task is already holding lock: [ 142.152009] ffff888041ffb820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 142.152037] [ 142.152037] which lock already depends on the new lock. [ 142.152037] [ 142.152041] [ 142.152041] the existing dependency chain (in reverse order) is: [ 142.152045] [ 142.152045] -> #3 (&ctx->lock){....}-{2:2}: [ 142.152059] _raw_spin_lock+0x2a/0x40 [ 142.152076] __perf_event_task_sched_out+0x53b/0x18d0 [ 142.152089] __schedule+0xedd/0x2470 [ 142.152099] schedule+0xda/0x1b0 [ 142.152109] exit_to_user_mode_prepare+0x114/0x1a0 [ 142.152130] syscall_exit_to_user_mode+0x19/0x40 [ 142.152149] do_syscall_64+0x48/0x90 [ 142.152163] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 142.152180] [ 142.152180] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 142.152194] _raw_spin_lock_nested+0x30/0x40 [ 142.152209] raw_spin_rq_lock_nested+0x1e/0x30 [ 142.152223] task_fork_fair+0x63/0x4d0 [ 142.152240] sched_cgroup_fork+0x3d0/0x540 [ 142.152254] copy_process+0x3f9e/0x6df0 [ 142.152265] kernel_clone+0xe7/0x890 [ 142.152274] user_mode_thread+0xad/0xf0 [ 142.152285] rest_init+0x24/0x250 [ 142.152301] arch_call_rest_init+0xf/0x14 [ 142.152322] start_kernel+0x4c1/0x4e6 [ 142.152339] secondary_startup_64_no_verify+0xe0/0xeb [ 142.152354] [ 142.152354] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 142.152368] _raw_spin_lock_irqsave+0x39/0x60 [ 142.152383] try_to_wake_up+0xab/0x1920 [ 142.152396] up+0x75/0xb0 [ 142.152408] __up_console_sem+0x6e/0x80 [ 142.152424] console_unlock+0x46a/0x590 [ 142.152440] do_con_write+0xc05/0x1d50 [ 142.152453] con_write+0x21/0x40 [ 142.152462] n_tty_write+0x4d4/0xfe0 [ 142.152475] file_tty_write.constprop.0+0x49c/0x8f0 [ 142.152488] vfs_write+0x9c3/0xd90 [ 142.152507] ksys_write+0x127/0x250 [ 142.152524] do_syscall_64+0x3b/0x90 [ 142.152537] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 142.152554] [ 142.152554] -> #0 ((console_sem).lock){....}-{2:2}: [ 142.152568] __lock_acquire+0x2a02/0x5e70 [ 142.152584] lock_acquire+0x1a2/0x530 [ 142.152600] _raw_spin_lock_irqsave+0x39/0x60 [ 142.152615] down_trylock+0xe/0x70 [ 142.152628] __down_trylock_console_sem+0x3b/0xd0 [ 142.152644] vprintk_emit+0x16b/0x560 [ 142.152661] vprintk+0x84/0xa0 [ 142.152678] _printk+0xba/0xf1 [ 142.152696] report_bug.cold+0x72/0xab [ 142.152708] handle_bug+0x3c/0x70 [ 142.152721] exc_invalid_op+0x14/0x50 [ 142.152734] asm_exc_invalid_op+0x16/0x20 [ 142.152751] group_sched_out.part.0+0x2c7/0x460 [ 142.152768] ctx_sched_out+0x8f1/0xc10 [ 142.152777] __perf_event_task_sched_out+0x6d0/0x18d0 [ 142.152789] __schedule+0xedd/0x2470 [ 142.152799] schedule+0xda/0x1b0 [ 142.152808] exit_to_user_mode_prepare+0x114/0x1a0 [ 142.152828] syscall_exit_to_user_mode+0x19/0x40 [ 142.152845] do_syscall_64+0x48/0x90 [ 142.152858] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 142.152875] [ 142.152875] other info that might help us debug this: [ 142.152875] [ 142.152877] Chain exists of: [ 142.152877] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 142.152877] [ 142.152892] Possible unsafe locking scenario: [ 142.152892] [ 142.152895] CPU0 CPU1 [ 142.152897] ---- ---- [ 142.152899] lock(&ctx->lock); [ 142.152905] lock(&rq->__lock); [ 142.152911] lock(&ctx->lock); [ 142.152918] lock((console_sem).lock); [ 142.152923] [ 142.152923] *** DEADLOCK *** [ 142.152923] [ 142.152925] 2 locks held by syz-executor.5/3733: [ 142.152932] #0: ffff88806cf37cd8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 142.152957] #1: ffff888041ffb820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 142.152985] [ 142.152985] stack backtrace: [ 142.152988] CPU: 1 PID: 3733 Comm: syz-executor.5 Not tainted 6.0.0-rc5-next-20220913 #1 [ 142.153001] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 142.153009] Call Trace: [ 142.153012] [ 142.153017] dump_stack_lvl+0x8b/0xb3 [ 142.153032] check_noncircular+0x263/0x2e0 [ 142.153049] ? format_decode+0x26c/0xb50 [ 142.153065] ? print_circular_bug+0x450/0x450 [ 142.153082] ? enable_ptr_key_workfn+0x20/0x20 [ 142.153097] ? format_decode+0x26c/0xb50 [ 142.153112] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 142.153130] __lock_acquire+0x2a02/0x5e70 [ 142.153152] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 142.153174] lock_acquire+0x1a2/0x530 [ 142.153191] ? down_trylock+0xe/0x70 [ 142.153206] ? rcu_read_unlock+0x40/0x40 [ 142.153227] ? vprintk+0x84/0xa0 [ 142.153245] _raw_spin_lock_irqsave+0x39/0x60 [ 142.153261] ? down_trylock+0xe/0x70 [ 142.153274] down_trylock+0xe/0x70 [ 142.153288] ? vprintk+0x84/0xa0 [ 142.153305] __down_trylock_console_sem+0x3b/0xd0 [ 142.153323] vprintk_emit+0x16b/0x560 [ 142.153342] vprintk+0x84/0xa0 [ 142.153360] _printk+0xba/0xf1 [ 142.153377] ? record_print_text.cold+0x16/0x16 [ 142.153399] ? report_bug.cold+0x66/0xab [ 142.153414] ? group_sched_out.part.0+0x2c7/0x460 [ 142.153425] report_bug.cold+0x72/0xab [ 142.153440] handle_bug+0x3c/0x70 [ 142.153454] exc_invalid_op+0x14/0x50 [ 142.153468] asm_exc_invalid_op+0x16/0x20 [ 142.153485] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 142.153499] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 142.153511] RSP: 0018:ffff8880186a7c48 EFLAGS: 00010006 [ 142.153520] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 142.153528] RDX: ffff88801e3ab580 RSI: ffffffff81566027 RDI: 0000000000000005 [ 142.153536] RBP: ffff888042de0000 R08: 0000000000000005 R09: 0000000000000001 [ 142.153544] R10: 0000000000000000 R11: ffffffff865aa05b R12: ffff888041ffb800 [ 142.153551] R13: ffff88806cf3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 142.153562] ? group_sched_out.part.0+0x2c7/0x460 [ 142.153575] ? group_sched_out.part.0+0x2c7/0x460 [ 142.153588] ctx_sched_out+0x8f1/0xc10 [ 142.153601] __perf_event_task_sched_out+0x6d0/0x18d0 [ 142.153616] ? lock_is_held_type+0xd7/0x130 [ 142.153635] ? __perf_cgroup_move+0x160/0x160 [ 142.153647] ? set_next_entity+0x304/0x550 [ 142.153665] ? update_curr+0x267/0x740 [ 142.153684] ? lock_is_held_type+0xd7/0x130 [ 142.153702] __schedule+0xedd/0x2470 [ 142.153715] ? io_schedule_timeout+0x150/0x150 [ 142.153728] ? rcu_read_lock_sched_held+0x3e/0x80 [ 142.153749] schedule+0xda/0x1b0 [ 142.153760] exit_to_user_mode_prepare+0x114/0x1a0 [ 142.153780] syscall_exit_to_user_mode+0x19/0x40 [ 142.153799] do_syscall_64+0x48/0x90 [ 142.153813] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 142.153830] RIP: 0033:0x7fb78eb19b19 [ 142.153839] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 142.153850] RSP: 002b:00007fb78c08f218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 142.153861] RAX: 0000000000000001 RBX: 00007fb78ec2cf68 RCX: 00007fb78eb19b19 [ 142.153869] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fb78ec2cf6c [ 142.153876] RBP: 00007fb78ec2cf60 R08: 000000000000000e R09: 0000000000000000 [ 142.153883] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fb78ec2cf6c [ 142.153891] R13: 00007fffaa32cb8f R14: 00007fb78c08f300 R15: 0000000000022000 [ 142.153903] [ 142.205205] WARNING: CPU: 1 PID: 3733 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 142.205839] Modules linked in: [ 142.206060] CPU: 1 PID: 3733 Comm: syz-executor.5 Not tainted 6.0.0-rc5-next-20220913 #1 [ 142.206634] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 142.207367] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 142.207731] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 142.208920] RSP: 0018:ffff8880186a7c48 EFLAGS: 00010006 [ 142.209277] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 142.209744] RDX: ffff88801e3ab580 RSI: ffffffff81566027 RDI: 0000000000000005 [ 142.210221] RBP: ffff888042de0000 R08: 0000000000000005 R09: 0000000000000001 [ 142.210692] R10: 0000000000000000 R11: ffffffff865aa05b R12: ffff888041ffb800 [ 142.211161] R13: ffff88806cf3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 142.211631] FS: 00007fb78c08f700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 142.212162] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 142.212548] CR2: 00007f76090668e0 CR3: 00000000177b0000 CR4: 0000000000350ee0 [ 142.213026] Call Trace: [ 142.213203] [ 142.213364] ctx_sched_out+0x8f1/0xc10 [ 142.213629] __perf_event_task_sched_out+0x6d0/0x18d0 [ 142.213979] ? lock_is_held_type+0xd7/0x130 [ 142.214285] ? __perf_cgroup_move+0x160/0x160 [ 142.214589] ? set_next_entity+0x304/0x550 [ 142.214882] ? update_curr+0x267/0x740 [ 142.215154] ? lock_is_held_type+0xd7/0x130 [ 142.215452] __schedule+0xedd/0x2470 [ 142.215708] ? io_schedule_timeout+0x150/0x150 [ 142.216018] ? rcu_read_lock_sched_held+0x3e/0x80 [ 142.216353] schedule+0xda/0x1b0 [ 142.216588] exit_to_user_mode_prepare+0x114/0x1a0 [ 142.216936] syscall_exit_to_user_mode+0x19/0x40 [ 142.217264] do_syscall_64+0x48/0x90 [ 142.217522] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 142.217874] RIP: 0033:0x7fb78eb19b19 [ 142.218128] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 142.219309] RSP: 002b:00007fb78c08f218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 142.219807] RAX: 0000000000000001 RBX: 00007fb78ec2cf68 RCX: 00007fb78eb19b19 [ 142.220274] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fb78ec2cf6c [ 142.220738] RBP: 00007fb78ec2cf60 R08: 000000000000000e R09: 0000000000000000 [ 142.221241] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fb78ec2cf6c [ 142.221720] R13: 00007fffaa32cb8f R14: 00007fb78c08f300 R15: 0000000000022000 [ 142.222203] [ 142.222363] irq event stamp: 2970 [ 142.222596] hardirqs last enabled at (2969): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 142.223221] hardirqs last disabled at (2970): [] __schedule+0x1225/0x2470 [ 142.223766] softirqs last enabled at (2698): [] __irq_exit_rcu+0x11b/0x180 [ 142.224334] softirqs last disabled at (2371): [] __irq_exit_rcu+0x11b/0x180 [ 142.224907] ---[ end trace 0000000000000000 ]--- 18:14:47 executing program 1: r0 = syz_io_uring_setup(0x35c3, &(0x7f0000000180)={0x0, 0x39dd}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000040), &(0x7f0000000200)) io_uring_register$IORING_REGISTER_FILES(r0, 0x8, &(0x7f0000000240)=[0xffffffffffffffff], 0x1) 18:14:47 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x0, &(0x7f0000000040)}, 0x10) socket$inet_udp(0x2, 0x2, 0x0) r2 = dup(r0) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{&(0x7f0000000280)={0xa, 0x4e22, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x40}, 0x0, &(0x7f00000004c0)=[{&(0x7f00000002c0)="840ed7cb019cc4c626bd522b9b297ab0228f"}, {&(0x7f0000000440)="f117c9546fdf673e848c4c40aae7d578e6a70ca6261a43b646cf390b39b5b5f8e490cbc2954c666512f0df544eee3737d7dfed7d929427a7110deb7349410be3c1ce5c55ab6187bb39dc6908fd34b3b34203a5184310cdcb173d03bad191e46181"}, {&(0x7f0000000300)="9fb8735a86"}]}}], 0x63, 0x24048894) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) dup(r2) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="00042cbd7000fedbdf25460000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00010000000c008f0004000000000000000c0090000300000000000000080001007063690011000200303030303a30303a31302e300000000008008e00010000000c008f0007000000000000000c00900071000000000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00020000000c008f00ff0f0000000000000c00900003000000000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00010000000c008f003e360000000000000c0090000900000000000000"], 0x110}, 0x1, 0x0, 0x0, 0x4000040}, 0x4008010) 18:14:47 executing program 1: r0 = syz_io_uring_setup(0x35c3, &(0x7f0000000180)={0x0, 0x39dd}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000040), &(0x7f0000000200)) io_uring_register$IORING_REGISTER_FILES(r0, 0x8, &(0x7f0000000240)=[0xffffffffffffffff], 0x1) 18:14:47 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x0, &(0x7f0000000040)}, 0x10) socket$inet_udp(0x2, 0x2, 0x0) r2 = dup(r0) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{&(0x7f0000000280)={0xa, 0x4e22, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x40}, 0x0, &(0x7f00000004c0)=[{&(0x7f00000002c0)="840ed7cb019cc4c626bd522b9b297ab0228f"}, {&(0x7f0000000440)="f117c9546fdf673e848c4c40aae7d578e6a70ca6261a43b646cf390b39b5b5f8e490cbc2954c666512f0df544eee3737d7dfed7d929427a7110deb7349410be3c1ce5c55ab6187bb39dc6908fd34b3b34203a5184310cdcb173d03bad191e46181"}, {&(0x7f0000000300)="9fb8735a86"}]}}], 0x63, 0x24048894) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) dup(r2) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="00042cbd7000fedbdf25460000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00010000000c008f0004000000000000000c0090000300000000000000080001007063690011000200303030303a30303a31302e300000000008008e00010000000c008f0007000000000000000c00900071000000000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00020000000c008f00ff0f0000000000000c00900003000000000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00010000000c008f003e360000000000000c0090000900000000000000"], 0x110}, 0x1, 0x0, 0x0, 0x4000040}, 0x4008010) 18:14:47 executing program 1: r0 = syz_io_uring_setup(0x35c3, &(0x7f0000000180)={0x0, 0x39dd}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000040), &(0x7f0000000200)) io_uring_register$IORING_REGISTER_FILES(r0, 0x8, &(0x7f0000000240)=[0xffffffffffffffff], 0x1) 18:14:47 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x0, &(0x7f0000000040)}, 0x10) socket$inet_udp(0x2, 0x2, 0x0) r2 = dup(r0) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{&(0x7f0000000280)={0xa, 0x4e22, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x40}, 0x0, &(0x7f00000004c0)=[{&(0x7f00000002c0)="840ed7cb019cc4c626bd522b9b297ab0228f"}, {&(0x7f0000000440)="f117c9546fdf673e848c4c40aae7d578e6a70ca6261a43b646cf390b39b5b5f8e490cbc2954c666512f0df544eee3737d7dfed7d929427a7110deb7349410be3c1ce5c55ab6187bb39dc6908fd34b3b34203a5184310cdcb173d03bad191e46181"}, {&(0x7f0000000300)="9fb8735a86"}]}}], 0x63, 0x24048894) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) dup(r2) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="00042cbd7000fedbdf25460000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00010000000c008f0004000000000000000c0090000300000000000000080001007063690011000200303030303a30303a31302e300000000008008e00010000000c008f0007000000000000000c00900071000000000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00020000000c008f00ff0f0000000000000c00900003000000000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00010000000c008f003e360000000000000c0090000900000000000000"], 0x110}, 0x1, 0x0, 0x0, 0x4000040}, 0x4008010) 18:14:47 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x0, &(0x7f0000000040)}, 0x10) socket$inet_udp(0x2, 0x2, 0x0) r2 = dup(r0) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{&(0x7f0000000280)={0xa, 0x4e22, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x40}, 0x0, &(0x7f00000004c0)=[{&(0x7f00000002c0)="840ed7cb019cc4c626bd522b9b297ab0228f"}, {&(0x7f0000000440)="f117c9546fdf673e848c4c40aae7d578e6a70ca6261a43b646cf390b39b5b5f8e490cbc2954c666512f0df544eee3737d7dfed7d929427a7110deb7349410be3c1ce5c55ab6187bb39dc6908fd34b3b34203a5184310cdcb173d03bad191e46181"}, {&(0x7f0000000300)="9fb8735a86"}]}}], 0x63, 0x24048894) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) dup(r2) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="00042cbd7000fedbdf25460000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00010000000c008f0004000000000000000c0090000300000000000000080001007063690011000200303030303a30303a31302e300000000008008e00010000000c008f0007000000000000000c00900071000000000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00020000000c008f00ff0f0000000000000c00900003000000000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00010000000c008f003e360000000000000c0090000900000000000000"], 0x110}, 0x1, 0x0, 0x0, 0x4000040}, 0x4008010) [ 144.034883] audit: type=1326 audit(1663092888.935:9): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3908 comm="syz-executor.3" exe="/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6eb400fb19 code=0x0 [ 144.677058] Bluetooth: hci7: Malformed Event: 0x2f [ 144.677634] Bluetooth: hci7: Malformed Event: 0x2f [ 144.869087] audit: type=1326 audit(1663092889.769:10): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3908 comm="syz-executor.3" exe="/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6eb400fb19 code=0x0 18:14:49 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_triestat\x00') pread64(r0, &(0x7f0000000040)=""/170, 0xaa, 0x200000007fffffff) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000180), 0x101000, 0x0) syz_io_uring_setup(0x5d6f, &(0x7f0000000680)={0x0, 0xbcc0, 0x2, 0x2, 0x273, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000700), 0x0) socket$netlink(0x10, 0x3, 0xb) 18:14:49 executing program 3: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000100)=[{0x34, 0x0, 0x0, 0xfffffffd}, {0x6}]}) syz_open_procfs(0x0, 0x0) 18:14:49 executing program 6: syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="042fd1800000"], 0x8) 18:14:49 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x0, &(0x7f0000000040)}, 0x10) socket$inet_udp(0x2, 0x2, 0x0) r2 = dup(r0) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{&(0x7f0000000280)={0xa, 0x4e22, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x40}, 0x0, &(0x7f00000004c0)=[{&(0x7f00000002c0)="840ed7cb019cc4c626bd522b9b297ab0228f"}, {&(0x7f0000000440)="f117c9546fdf673e848c4c40aae7d578e6a70ca6261a43b646cf390b39b5b5f8e490cbc2954c666512f0df544eee3737d7dfed7d929427a7110deb7349410be3c1ce5c55ab6187bb39dc6908fd34b3b34203a5184310cdcb173d03bad191e46181"}, {&(0x7f0000000300)="9fb8735a86"}]}}], 0x63, 0x24048894) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) dup(r2) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="00042cbd7000fedbdf25460000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00010000000c008f0004000000000000000c0090000300000000000000080001007063690011000200303030303a30303a31302e300000000008008e00010000000c008f0007000000000000000c00900071000000000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00020000000c008f00ff0f0000000000000c00900003000000000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00010000000c008f003e360000000000000c0090000900000000000000"], 0x110}, 0x1, 0x0, 0x0, 0x4000040}, 0x4008010) 18:14:49 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x0, &(0x7f0000000040)}, 0x10) socket$inet_udp(0x2, 0x2, 0x0) r2 = dup(r0) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{&(0x7f0000000280)={0xa, 0x4e22, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x40}, 0x0, &(0x7f00000004c0)=[{&(0x7f00000002c0)="840ed7cb019cc4c626bd522b9b297ab0228f"}, {&(0x7f0000000440)="f117c9546fdf673e848c4c40aae7d578e6a70ca6261a43b646cf390b39b5b5f8e490cbc2954c666512f0df544eee3737d7dfed7d929427a7110deb7349410be3c1ce5c55ab6187bb39dc6908fd34b3b34203a5184310cdcb173d03bad191e46181"}, {&(0x7f0000000300)="9fb8735a86"}]}}], 0x63, 0x24048894) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) dup(r2) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="00042cbd7000fedbdf25460000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00010000000c008f0004000000000000000c0090000300000000000000080001007063690011000200303030303a30303a31302e300000000008008e00010000000c008f0007000000000000000c00900071000000000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00020000000c008f00ff0f0000000000000c00900003000000000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00010000000c008f003e360000000000000c0090000900000000000000"], 0x110}, 0x1, 0x0, 0x0, 0x4000040}, 0x4008010) 18:14:49 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x0, &(0x7f0000000040)}, 0x10) socket$inet_udp(0x2, 0x2, 0x0) r2 = dup(r0) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{&(0x7f0000000280)={0xa, 0x4e22, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x40}, 0x0, &(0x7f00000004c0)=[{&(0x7f00000002c0)="840ed7cb019cc4c626bd522b9b297ab0228f"}, {&(0x7f0000000440)="f117c9546fdf673e848c4c40aae7d578e6a70ca6261a43b646cf390b39b5b5f8e490cbc2954c666512f0df544eee3737d7dfed7d929427a7110deb7349410be3c1ce5c55ab6187bb39dc6908fd34b3b34203a5184310cdcb173d03bad191e46181"}, {&(0x7f0000000300)="9fb8735a86"}]}}], 0x63, 0x24048894) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) dup(r2) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="00042cbd7000fedbdf25460000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00010000000c008f0004000000000000000c0090000300000000000000080001007063690011000200303030303a30303a31302e300000000008008e00010000000c008f0007000000000000000c00900071000000000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00020000000c008f00ff0f0000000000000c00900003000000000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00010000000c008f003e360000000000000c0090000900000000000000"], 0x110}, 0x1, 0x0, 0x0, 0x4000040}, 0x4008010) 18:14:49 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_triestat\x00') pread64(r0, &(0x7f0000000040)=""/170, 0xaa, 0x200000007fffffff) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000180), 0x101000, 0x0) syz_io_uring_setup(0x5d6f, &(0x7f0000000680)={0x0, 0xbcc0, 0x2, 0x2, 0x273, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000700), 0x0) socket$netlink(0x10, 0x3, 0xb) 18:14:49 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_triestat\x00') pread64(r0, &(0x7f0000000040)=""/170, 0xaa, 0x200000007fffffff) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000180), 0x101000, 0x0) syz_io_uring_setup(0x5d6f, &(0x7f0000000680)={0x0, 0xbcc0, 0x2, 0x2, 0x273, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000700), 0x0) socket$netlink(0x10, 0x3, 0xb) [ 144.968151] Bluetooth: hci7: Malformed Event: 0x2f [ 144.996826] audit: type=1326 audit(1663092889.897:11): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=3986 comm="syz-executor.3" exe="/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6eb400fb19 code=0x0 18:14:49 executing program 6: syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="042fd1800000"], 0x8) [ 145.053482] Bluetooth: hci7: Malformed Event: 0x2f 18:14:49 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x0, &(0x7f0000000040)}, 0x10) socket$inet_udp(0x2, 0x2, 0x0) r2 = dup(r0) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{&(0x7f0000000280)={0xa, 0x4e22, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x40}, 0x0, &(0x7f00000004c0)=[{&(0x7f00000002c0)="840ed7cb019cc4c626bd522b9b297ab0228f"}, {&(0x7f0000000440)="f117c9546fdf673e848c4c40aae7d578e6a70ca6261a43b646cf390b39b5b5f8e490cbc2954c666512f0df544eee3737d7dfed7d929427a7110deb7349410be3c1ce5c55ab6187bb39dc6908fd34b3b34203a5184310cdcb173d03bad191e46181"}, {&(0x7f0000000300)="9fb8735a86"}]}}], 0x63, 0x24048894) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) dup(r2) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="00042cbd7000fedbdf25460000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00010000000c008f0004000000000000000c0090000300000000000000080001007063690011000200303030303a30303a31302e300000000008008e00010000000c008f0007000000000000000c00900071000000000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00020000000c008f00ff0f0000000000000c00900003000000000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00010000000c008f003e360000000000000c0090000900000000000000"], 0x110}, 0x1, 0x0, 0x0, 0x4000040}, 0x4008010) 18:14:49 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x0, &(0x7f0000000040)}, 0x10) socket$inet_udp(0x2, 0x2, 0x0) r2 = dup(r0) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{&(0x7f0000000280)={0xa, 0x4e22, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x40}, 0x0, &(0x7f00000004c0)=[{&(0x7f00000002c0)="840ed7cb019cc4c626bd522b9b297ab0228f"}, {&(0x7f0000000440)="f117c9546fdf673e848c4c40aae7d578e6a70ca6261a43b646cf390b39b5b5f8e490cbc2954c666512f0df544eee3737d7dfed7d929427a7110deb7349410be3c1ce5c55ab6187bb39dc6908fd34b3b34203a5184310cdcb173d03bad191e46181"}, {&(0x7f0000000300)="9fb8735a86"}]}}], 0x63, 0x24048894) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) dup(r2) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="00042cbd7000fedbdf25460000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00010000000c008f0004000000000000000c0090000300000000000000080001007063690011000200303030303a30303a31302e300000000008008e00010000000c008f0007000000000000000c00900071000000000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00020000000c008f00ff0f0000000000000c00900003000000000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00010000000c008f003e360000000000000c0090000900000000000000"], 0x110}, 0x1, 0x0, 0x0, 0x4000040}, 0x4008010) 18:14:49 executing program 6: syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="042fd1800000"], 0x8) 18:14:50 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x0, &(0x7f0000000040)}, 0x10) socket$inet_udp(0x2, 0x2, 0x0) r2 = dup(r0) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{&(0x7f0000000280)={0xa, 0x4e22, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x40}, 0x0, &(0x7f00000004c0)=[{&(0x7f00000002c0)="840ed7cb019cc4c626bd522b9b297ab0228f"}, {&(0x7f0000000440)="f117c9546fdf673e848c4c40aae7d578e6a70ca6261a43b646cf390b39b5b5f8e490cbc2954c666512f0df544eee3737d7dfed7d929427a7110deb7349410be3c1ce5c55ab6187bb39dc6908fd34b3b34203a5184310cdcb173d03bad191e46181"}, {&(0x7f0000000300)="9fb8735a86"}]}}], 0x63, 0x24048894) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) dup(r2) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="00042cbd7000fedbdf25460000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00010000000c008f0004000000000000000c0090000300000000000000080001007063690011000200303030303a30303a31302e300000000008008e00010000000c008f0007000000000000000c00900071000000000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00020000000c008f00ff0f0000000000000c00900003000000000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00010000000c008f003e360000000000000c0090000900000000000000"], 0x110}, 0x1, 0x0, 0x0, 0x4000040}, 0x4008010) 18:14:50 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_triestat\x00') pread64(r0, &(0x7f0000000040)=""/170, 0xaa, 0x200000007fffffff) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000180), 0x101000, 0x0) syz_io_uring_setup(0x5d6f, &(0x7f0000000680)={0x0, 0xbcc0, 0x2, 0x2, 0x273, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000700), 0x0) socket$netlink(0x10, 0x3, 0xb) 18:14:50 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_triestat\x00') pread64(r0, &(0x7f0000000040)=""/170, 0xaa, 0x200000007fffffff) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000180), 0x101000, 0x0) syz_io_uring_setup(0x5d6f, &(0x7f0000000680)={0x0, 0xbcc0, 0x2, 0x2, 0x273, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000700), 0x0) socket$netlink(0x10, 0x3, 0xb) [ 145.133249] Bluetooth: hci7: Malformed Event: 0x2f 18:14:50 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_triestat\x00') pread64(r0, &(0x7f0000000040)=""/170, 0xaa, 0x200000007fffffff) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000180), 0x101000, 0x0) syz_io_uring_setup(0x5d6f, &(0x7f0000000680)={0x0, 0xbcc0, 0x2, 0x2, 0x273, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000700), 0x0) socket$netlink(0x10, 0x3, 0xb) 18:14:50 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x0, &(0x7f0000000040)}, 0x10) socket$inet_udp(0x2, 0x2, 0x0) r2 = dup(r0) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{&(0x7f0000000280)={0xa, 0x4e22, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x40}, 0x0, &(0x7f00000004c0)=[{&(0x7f00000002c0)="840ed7cb019cc4c626bd522b9b297ab0228f"}, {&(0x7f0000000440)="f117c9546fdf673e848c4c40aae7d578e6a70ca6261a43b646cf390b39b5b5f8e490cbc2954c666512f0df544eee3737d7dfed7d929427a7110deb7349410be3c1ce5c55ab6187bb39dc6908fd34b3b34203a5184310cdcb173d03bad191e46181"}, {&(0x7f0000000300)="9fb8735a86"}]}}], 0x63, 0x24048894) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) dup(r2) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="00042cbd7000fedbdf25460000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00010000000c008f0004000000000000000c0090000300000000000000080001007063690011000200303030303a30303a31302e300000000008008e00010000000c008f0007000000000000000c00900071000000000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00020000000c008f00ff0f0000000000000c00900003000000000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00010000000c008f003e360000000000000c0090000900000000000000"], 0x110}, 0x1, 0x0, 0x0, 0x4000040}, 0x4008010) 18:14:50 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x0, &(0x7f0000000040)}, 0x10) socket$inet_udp(0x2, 0x2, 0x0) r2 = dup(r0) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{&(0x7f0000000280)={0xa, 0x4e22, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x40}, 0x0, &(0x7f00000004c0)=[{&(0x7f00000002c0)="840ed7cb019cc4c626bd522b9b297ab0228f"}, {&(0x7f0000000440)="f117c9546fdf673e848c4c40aae7d578e6a70ca6261a43b646cf390b39b5b5f8e490cbc2954c666512f0df544eee3737d7dfed7d929427a7110deb7349410be3c1ce5c55ab6187bb39dc6908fd34b3b34203a5184310cdcb173d03bad191e46181"}, {&(0x7f0000000300)="9fb8735a86"}]}}], 0x63, 0x24048894) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) dup(r2) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="00042cbd7000fedbdf25460000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00010000000c008f0004000000000000000c0090000300000000000000080001007063690011000200303030303a30303a31302e300000000008008e00010000000c008f0007000000000000000c00900071000000000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00020000000c008f00ff0f0000000000000c00900003000000000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e00010000000c008f003e360000000000000c0090000900000000000000"], 0x110}, 0x1, 0x0, 0x0, 0x4000040}, 0x4008010) 18:14:50 executing program 1: syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(r0, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000a40)={0x14, 0x7, 0x1, 0x101}, 0x14}}, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 18:14:50 executing program 6: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000040)=0x3, 0x4) sendmsg$inet(r0, &(0x7f0000000ac0)={&(0x7f0000000380)={0x2, 0x0, @empty}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)="fee1", 0xffec}], 0x1}, 0x0) 18:14:50 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_triestat\x00') pread64(r0, &(0x7f0000000040)=""/170, 0xaa, 0x200000007fffffff) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000180), 0x101000, 0x0) syz_io_uring_setup(0x5d6f, &(0x7f0000000680)={0x0, 0xbcc0, 0x2, 0x2, 0x273, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000700), 0x0) socket$netlink(0x10, 0x3, 0xb) 18:14:50 executing program 3: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000100)=[{0x34, 0x0, 0x0, 0xfffffffd}, {0x6}]}) syz_open_procfs(0x0, 0x0) 18:14:50 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_triestat\x00') pread64(r0, &(0x7f0000000040)=""/170, 0xaa, 0x200000007fffffff) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000180), 0x101000, 0x0) syz_io_uring_setup(0x5d6f, &(0x7f0000000680)={0x0, 0xbcc0, 0x2, 0x2, 0x273, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000700), 0x0) socket$netlink(0x10, 0x3, 0xb) [ 145.932941] hrtimer: interrupt took 15870 ns [ 145.945184] audit: type=1326 audit(1663092890.845:12): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=4029 comm="syz-executor.3" exe="/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6eb400fb19 code=0x0 18:14:50 executing program 6: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000040)=0x3, 0x4) sendmsg$inet(r0, &(0x7f0000000ac0)={&(0x7f0000000380)={0x2, 0x0, @empty}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)="fee1", 0xffec}], 0x1}, 0x0) 18:14:50 executing program 1: timer_create(0x0, 0x0, 0xfffffffffffffffd) 18:14:51 executing program 1: r0 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$FIONREAD(r0, 0x541b, 0x0) 18:14:51 executing program 6: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000040)=0x3, 0x4) sendmsg$inet(r0, &(0x7f0000000ac0)={&(0x7f0000000380)={0x2, 0x0, @empty}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)="fee1", 0xffec}], 0x1}, 0x0) 18:14:51 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_triestat\x00') pread64(r0, &(0x7f0000000040)=""/170, 0xaa, 0x200000007fffffff) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000180), 0x101000, 0x0) syz_io_uring_setup(0x5d6f, &(0x7f0000000680)={0x0, 0xbcc0, 0x2, 0x2, 0x273, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000700), 0x0) socket$netlink(0x10, 0x3, 0xb) VM DIAGNOSIS: 18:14:47 Registers: info registers vcpu 0 RAX=0000000080000001 RBX=0000000000000049 RCX=ffffffff815b9e06 RDX=ffff888017745040 RSI=0000000000000000 RDI=0000000000000006 RBP=0000000000000009 RSP=ffff888042df7bb8 R8 =0000000000000006 R9 =0000000000000009 R10=0000000000000009 R11=0000000000000001 R12=ffff88800811a100 R13=0000000000000009 R14=0000000000000056 R15=dffffc0000000000 RIP=ffffffff81461747 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f1aef9ab540 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f1aefbe0000 CR3=000000001b2a4000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 ffff00ffffffffff ffffffffffff00ff YMM02=0000000000000000 0000000000000000 4c4700362e322e32 5f4342494c470035 YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000470035 YMM04=0000000000000000 0000000000000000 4342494c4700362e 322e325f4342494c YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=000000000000003a RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822b25c1 RDI=ffffffff8763fae0 RBP=ffffffff8763faa0 RSP=ffff8880186a7698 R8 =0000000000000001 R9 =000000000000000a R10=000000000000003a R11=0000000000000001 R12=000000000000003a R13=ffffffff8763faa0 R14=0000000000000010 R15=ffffffff822b25b0 RIP=ffffffff822b2619 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fb78c08f700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f76090668e0 CR3=00000000177b0000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007fb78ec007c0 00007fb78ec007c8 YMM02=0000000000000000 0000000000000000 00007fb78ec007e0 00007fb78ec007c0 YMM03=0000000000000000 0000000000000000 00007fb78ec007c8 00007fb78ec007c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000