Warning: Permanently added '[localhost]:21768' (ECDSA) to the list of known hosts. 2022/10/03 17:14:15 fuzzer started 2022/10/03 17:14:15 dialing manager at localhost:35095 syzkaller login: [ 36.816241] cgroup: Unknown subsys name 'net' [ 36.910318] cgroup: Unknown subsys name 'rlimit' 2022/10/03 17:14:28 syscalls: 2215 2022/10/03 17:14:28 code coverage: enabled 2022/10/03 17:14:28 comparison tracing: enabled 2022/10/03 17:14:28 extra coverage: enabled 2022/10/03 17:14:28 setuid sandbox: enabled 2022/10/03 17:14:28 namespace sandbox: enabled 2022/10/03 17:14:28 Android sandbox: enabled 2022/10/03 17:14:28 fault injection: enabled 2022/10/03 17:14:28 leak checking: enabled 2022/10/03 17:14:28 net packet injection: enabled 2022/10/03 17:14:28 net device setup: enabled 2022/10/03 17:14:28 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/10/03 17:14:28 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/10/03 17:14:28 USB emulation: enabled 2022/10/03 17:14:28 hci packet injection: enabled 2022/10/03 17:14:28 wifi device emulation: failed to parse kernel version (6.0.0-rc7-next-20220930) 2022/10/03 17:14:28 802.15.4 emulation: enabled 2022/10/03 17:14:28 fetching corpus: 50, signal 30710/32525 (executing program) 2022/10/03 17:14:28 fetching corpus: 100, signal 37725/41284 (executing program) 2022/10/03 17:14:28 fetching corpus: 150, signal 44225/49386 (executing program) 2022/10/03 17:14:29 fetching corpus: 200, signal 49279/56021 (executing program) 2022/10/03 17:14:29 fetching corpus: 250, signal 54109/62396 (executing program) 2022/10/03 17:14:29 fetching corpus: 300, signal 57813/67595 (executing program) 2022/10/03 17:14:29 fetching corpus: 350, signal 62411/73578 (executing program) 2022/10/03 17:14:29 fetching corpus: 400, signal 65912/78474 (executing program) 2022/10/03 17:14:29 fetching corpus: 450, signal 69545/83504 (executing program) 2022/10/03 17:14:29 fetching corpus: 500, signal 74908/90108 (executing program) 2022/10/03 17:14:30 fetching corpus: 550, signal 81515/97745 (executing program) 2022/10/03 17:14:30 fetching corpus: 600, signal 84096/101605 (executing program) 2022/10/03 17:14:30 fetching corpus: 650, signal 87955/106568 (executing program) 2022/10/03 17:14:30 fetching corpus: 700, signal 91045/110836 (executing program) 2022/10/03 17:14:30 fetching corpus: 750, signal 93669/114682 (executing program) 2022/10/03 17:14:30 fetching corpus: 800, signal 95823/118014 (executing program) 2022/10/03 17:14:30 fetching corpus: 850, signal 97142/120569 (executing program) 2022/10/03 17:14:30 fetching corpus: 900, signal 99917/124443 (executing program) 2022/10/03 17:14:30 fetching corpus: 950, signal 103966/129381 (executing program) 2022/10/03 17:14:31 fetching corpus: 1000, signal 107244/133559 (executing program) 2022/10/03 17:14:31 fetching corpus: 1050, signal 108794/136175 (executing program) 2022/10/03 17:14:31 fetching corpus: 1100, signal 110621/139009 (executing program) 2022/10/03 17:14:31 fetching corpus: 1150, signal 112224/141654 (executing program) 2022/10/03 17:14:31 fetching corpus: 1200, signal 114922/145162 (executing program) 2022/10/03 17:14:31 fetching corpus: 1250, signal 118105/149112 (executing program) 2022/10/03 17:14:31 fetching corpus: 1300, signal 119543/151517 (executing program) 2022/10/03 17:14:31 fetching corpus: 1350, signal 121245/154112 (executing program) 2022/10/03 17:14:32 fetching corpus: 1400, signal 123168/156950 (executing program) 2022/10/03 17:14:32 fetching corpus: 1450, signal 125312/159912 (executing program) 2022/10/03 17:14:32 fetching corpus: 1500, signal 126962/162385 (executing program) 2022/10/03 17:14:32 fetching corpus: 1550, signal 128943/165176 (executing program) 2022/10/03 17:14:32 fetching corpus: 1600, signal 130429/167512 (executing program) 2022/10/03 17:14:32 fetching corpus: 1650, signal 131108/169211 (executing program) 2022/10/03 17:14:32 fetching corpus: 1700, signal 132765/171652 (executing program) 2022/10/03 17:14:32 fetching corpus: 1750, signal 133834/173601 (executing program) 2022/10/03 17:14:33 fetching corpus: 1800, signal 135386/175856 (executing program) 2022/10/03 17:14:33 fetching corpus: 1850, signal 136406/177766 (executing program) 2022/10/03 17:14:33 fetching corpus: 1900, signal 137849/179961 (executing program) 2022/10/03 17:14:33 fetching corpus: 1950, signal 139349/182154 (executing program) 2022/10/03 17:14:33 fetching corpus: 2000, signal 140983/184432 (executing program) 2022/10/03 17:14:33 fetching corpus: 2050, signal 143521/187470 (executing program) 2022/10/03 17:14:33 fetching corpus: 2100, signal 145705/190101 (executing program) 2022/10/03 17:14:34 fetching corpus: 2150, signal 146669/191836 (executing program) 2022/10/03 17:14:34 fetching corpus: 2200, signal 148110/193911 (executing program) 2022/10/03 17:14:34 fetching corpus: 2250, signal 149009/195575 (executing program) 2022/10/03 17:14:34 fetching corpus: 2300, signal 149816/197162 (executing program) 2022/10/03 17:14:34 fetching corpus: 2350, signal 150800/198855 (executing program) 2022/10/03 17:14:34 fetching corpus: 2400, signal 152066/200793 (executing program) 2022/10/03 17:14:34 fetching corpus: 2450, signal 153219/202552 (executing program) 2022/10/03 17:14:34 fetching corpus: 2500, signal 154753/204569 (executing program) 2022/10/03 17:14:34 fetching corpus: 2550, signal 155269/205910 (executing program) 2022/10/03 17:14:34 fetching corpus: 2600, signal 155971/207351 (executing program) 2022/10/03 17:14:35 fetching corpus: 2650, signal 156782/208879 (executing program) 2022/10/03 17:14:35 fetching corpus: 2700, signal 158069/210674 (executing program) 2022/10/03 17:14:35 fetching corpus: 2750, signal 159219/212379 (executing program) 2022/10/03 17:14:35 fetching corpus: 2800, signal 160177/213948 (executing program) 2022/10/03 17:14:35 fetching corpus: 2850, signal 160808/215227 (executing program) 2022/10/03 17:14:35 fetching corpus: 2900, signal 162238/217124 (executing program) 2022/10/03 17:14:35 fetching corpus: 2950, signal 163043/218590 (executing program) 2022/10/03 17:14:35 fetching corpus: 3000, signal 163778/219959 (executing program) 2022/10/03 17:14:35 fetching corpus: 3050, signal 164536/221344 (executing program) 2022/10/03 17:14:36 fetching corpus: 3100, signal 165588/222930 (executing program) 2022/10/03 17:14:36 fetching corpus: 3150, signal 166494/224374 (executing program) 2022/10/03 17:14:36 fetching corpus: 3200, signal 166911/225521 (executing program) 2022/10/03 17:14:36 fetching corpus: 3250, signal 167383/226687 (executing program) 2022/10/03 17:14:36 fetching corpus: 3300, signal 168748/228385 (executing program) 2022/10/03 17:14:36 fetching corpus: 3350, signal 169285/229579 (executing program) 2022/10/03 17:14:36 fetching corpus: 3400, signal 169917/230879 (executing program) 2022/10/03 17:14:36 fetching corpus: 3450, signal 170491/232034 (executing program) 2022/10/03 17:14:37 fetching corpus: 3500, signal 171489/233430 (executing program) 2022/10/03 17:14:37 fetching corpus: 3550, signal 172875/235033 (executing program) 2022/10/03 17:14:37 fetching corpus: 3600, signal 174691/236840 (executing program) 2022/10/03 17:14:37 fetching corpus: 3650, signal 175950/238358 (executing program) 2022/10/03 17:14:37 fetching corpus: 3700, signal 176409/239449 (executing program) 2022/10/03 17:14:37 fetching corpus: 3750, signal 176992/240613 (executing program) 2022/10/03 17:14:37 fetching corpus: 3800, signal 177336/241648 (executing program) 2022/10/03 17:14:37 fetching corpus: 3850, signal 178186/242942 (executing program) 2022/10/03 17:14:38 fetching corpus: 3900, signal 178959/244199 (executing program) 2022/10/03 17:14:38 fetching corpus: 3950, signal 179487/245321 (executing program) 2022/10/03 17:14:38 fetching corpus: 4000, signal 179901/246326 (executing program) 2022/10/03 17:14:38 fetching corpus: 4050, signal 180737/247561 (executing program) 2022/10/03 17:14:38 fetching corpus: 4100, signal 181361/248737 (executing program) 2022/10/03 17:14:38 fetching corpus: 4150, signal 181773/249724 (executing program) 2022/10/03 17:14:38 fetching corpus: 4200, signal 182349/250802 (executing program) 2022/10/03 17:14:38 fetching corpus: 4250, signal 182833/251883 (executing program) 2022/10/03 17:14:38 fetching corpus: 4300, signal 184169/253286 (executing program) 2022/10/03 17:14:39 fetching corpus: 4350, signal 184796/254396 (executing program) 2022/10/03 17:14:39 fetching corpus: 4400, signal 185921/255664 (executing program) 2022/10/03 17:14:39 fetching corpus: 4450, signal 186527/256678 (executing program) 2022/10/03 17:14:39 fetching corpus: 4500, signal 187127/257747 (executing program) 2022/10/03 17:14:39 fetching corpus: 4550, signal 187630/258720 (executing program) 2022/10/03 17:14:39 fetching corpus: 4600, signal 188040/259662 (executing program) 2022/10/03 17:14:39 fetching corpus: 4650, signal 188567/260668 (executing program) 2022/10/03 17:14:39 fetching corpus: 4700, signal 189432/261765 (executing program) 2022/10/03 17:14:40 fetching corpus: 4750, signal 190171/262805 (executing program) 2022/10/03 17:14:40 fetching corpus: 4800, signal 192149/264313 (executing program) 2022/10/03 17:14:40 fetching corpus: 4850, signal 192864/265330 (executing program) 2022/10/03 17:14:40 fetching corpus: 4900, signal 193329/266242 (executing program) 2022/10/03 17:14:40 fetching corpus: 4950, signal 194357/267323 (executing program) 2022/10/03 17:14:40 fetching corpus: 5000, signal 194783/268171 (executing program) 2022/10/03 17:14:40 fetching corpus: 5000, signal 194783/268916 (executing program) 2022/10/03 17:14:40 fetching corpus: 5000, signal 194783/269636 (executing program) 2022/10/03 17:14:40 fetching corpus: 5000, signal 194783/270388 (executing program) 2022/10/03 17:14:40 fetching corpus: 5000, signal 194783/271114 (executing program) 2022/10/03 17:14:40 fetching corpus: 5000, signal 194783/271862 (executing program) 2022/10/03 17:14:40 fetching corpus: 5000, signal 194783/272620 (executing program) 2022/10/03 17:14:40 fetching corpus: 5000, signal 194783/273353 (executing program) 2022/10/03 17:14:40 fetching corpus: 5000, signal 194783/274076 (executing program) 2022/10/03 17:14:40 fetching corpus: 5000, signal 194783/274815 (executing program) 2022/10/03 17:14:40 fetching corpus: 5000, signal 194783/275585 (executing program) 2022/10/03 17:14:40 fetching corpus: 5000, signal 194783/276320 (executing program) 2022/10/03 17:14:40 fetching corpus: 5000, signal 194783/277025 (executing program) 2022/10/03 17:14:40 fetching corpus: 5000, signal 194783/277737 (executing program) 2022/10/03 17:14:40 fetching corpus: 5000, signal 194783/278457 (executing program) 2022/10/03 17:14:40 fetching corpus: 5000, signal 194783/279165 (executing program) 2022/10/03 17:14:40 fetching corpus: 5000, signal 194783/279904 (executing program) 2022/10/03 17:14:40 fetching corpus: 5000, signal 194783/280656 (executing program) 2022/10/03 17:14:40 fetching corpus: 5000, signal 194783/281372 (executing program) 2022/10/03 17:14:40 fetching corpus: 5000, signal 194783/282118 (executing program) 2022/10/03 17:14:40 fetching corpus: 5000, signal 194783/282844 (executing program) 2022/10/03 17:14:40 fetching corpus: 5000, signal 194783/283575 (executing program) 2022/10/03 17:14:40 fetching corpus: 5000, signal 194783/284342 (executing program) 2022/10/03 17:14:40 fetching corpus: 5000, signal 194783/285064 (executing program) 2022/10/03 17:14:40 fetching corpus: 5000, signal 194783/285783 (executing program) 2022/10/03 17:14:40 fetching corpus: 5000, signal 194783/286507 (executing program) 2022/10/03 17:14:41 fetching corpus: 5000, signal 194783/287235 (executing program) 2022/10/03 17:14:41 fetching corpus: 5000, signal 194783/288007 (executing program) 2022/10/03 17:14:41 fetching corpus: 5000, signal 194783/288706 (executing program) 2022/10/03 17:14:41 fetching corpus: 5000, signal 194783/289450 (executing program) 2022/10/03 17:14:41 fetching corpus: 5000, signal 194783/290161 (executing program) 2022/10/03 17:14:41 fetching corpus: 5000, signal 194783/290907 (executing program) 2022/10/03 17:14:41 fetching corpus: 5000, signal 194783/291669 (executing program) 2022/10/03 17:14:41 fetching corpus: 5000, signal 194783/292379 (executing program) 2022/10/03 17:14:41 fetching corpus: 5000, signal 194783/293164 (executing program) 2022/10/03 17:14:41 fetching corpus: 5000, signal 194783/293930 (executing program) 2022/10/03 17:14:41 fetching corpus: 5000, signal 194783/294621 (executing program) 2022/10/03 17:14:41 fetching corpus: 5000, signal 194783/295348 (executing program) 2022/10/03 17:14:41 fetching corpus: 5000, signal 194783/296080 (executing program) 2022/10/03 17:14:41 fetching corpus: 5000, signal 194783/296828 (executing program) 2022/10/03 17:14:41 fetching corpus: 5000, signal 194783/297525 (executing program) 2022/10/03 17:14:41 fetching corpus: 5000, signal 194783/298254 (executing program) 2022/10/03 17:14:41 fetching corpus: 5000, signal 194783/298985 (executing program) 2022/10/03 17:14:41 fetching corpus: 5000, signal 194783/299697 (executing program) 2022/10/03 17:14:41 fetching corpus: 5000, signal 194783/300412 (executing program) 2022/10/03 17:14:41 fetching corpus: 5000, signal 194783/301139 (executing program) 2022/10/03 17:14:41 fetching corpus: 5000, signal 194783/301911 (executing program) 2022/10/03 17:14:41 fetching corpus: 5000, signal 194783/302635 (executing program) 2022/10/03 17:14:41 fetching corpus: 5000, signal 194783/303403 (executing program) 2022/10/03 17:14:41 fetching corpus: 5000, signal 194783/304131 (executing program) 2022/10/03 17:14:41 fetching corpus: 5000, signal 194783/304834 (executing program) 2022/10/03 17:14:41 fetching corpus: 5000, signal 194783/305572 (executing program) 2022/10/03 17:14:41 fetching corpus: 5000, signal 194783/305876 (executing program) 2022/10/03 17:14:41 fetching corpus: 5000, signal 194783/305876 (executing program) 2022/10/03 17:14:44 starting 8 fuzzer processes 17:14:44 executing program 1: ioctl$EVIOCRMFF(0xffffffffffffffff, 0x40044581, &(0x7f0000000000)=0x3) ioctl$EVIOCGPHYS(0xffffffffffffffff, 0x80404507, &(0x7f0000000040)=""/174) getpeername(0xffffffffffffffff, &(0x7f0000000100)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, &(0x7f0000000180)=0x80) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) copy_file_range(r0, &(0x7f00000001c0)=0x5ac8, r1, &(0x7f0000000240)=0x7fffffff, 0x7, 0x0) syncfs(0xffffffffffffffff) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f00000002c0)={{0x1, 0x1, 0x18, r0, {0x81}}, './file0\x00'}) linkat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', r2, &(0x7f0000000300)='./file0\x00', 0x400) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r2, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x4}}, './file0\x00'}) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f0000000380)=@req3={0x6, 0x9, 0x0, 0x382f, 0x3, 0xfffffffa, 0x9537}, 0x1c) ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) r4 = perf_event_open$cgroup(&(0x7f00000003c0)={0x5, 0x80, 0x81, 0xfa, 0xd9, 0x9, 0x0, 0xffff, 0x4802, 0x4, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x400, 0x2, @perf_config_ext={0xeb, 0x6f7}, 0x240, 0x8, 0x7, 0x3, 0x400, 0x5, 0x5, 0x0, 0x2630}, r3, 0x8, r3, 0x4) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r3, 0xc0189375, &(0x7f0000000440)={{0x1, 0x1, 0x18, r4}, './file0\x00'}) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0xa) pipe2(&(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$EVIOCGABS2F(r6, 0x8018456f, &(0x7f00000004c0)=""/100) r7 = openat$cgroup_devices(r3, &(0x7f0000000540)='devices.allow\x00', 0x2, 0x0) ioctl$BTRFS_IOC_WAIT_SYNC(r7, 0x40089416, &(0x7f0000000580)) renameat(0xffffffffffffff9c, &(0x7f00000005c0)='./file0/file0\x00', r2, &(0x7f0000000600)='./file0\x00') ioctl$EVIOCSABS20(0xffffffffffffffff, 0x401845e0, &(0x7f0000000680)={0x6f, 0x2, 0xfffffffc, 0xa249, 0x3, 0x4}) 17:14:44 executing program 0: ioctl$BTRFS_IOC_DEV_REPLACE(0xffffffffffffffff, 0xca289435, &(0x7f0000000000)={0x2, 0x3, @status={[0x1, 0x3, 0x80000000, 0x3, 0x8001, 0xfffffffffffffeff]}, [0xfffffffffffffff8, 0x6, 0x77cdd3c9, 0x0, 0x8, 0xf4, 0x0, 0x9, 0x6, 0xbf5, 0xd9, 0x5, 0x3, 0xffffffffffffffe0, 0x2, 0x8000000000000000, 0x1, 0x7, 0x1, 0x80000001, 0x3, 0x4, 0x1, 0x0, 0x7, 0x0, 0x3ff, 0x80, 0x9, 0x5, 0x1, 0x2, 0x5, 0x8, 0x4, 0x0, 0x0, 0x75, 0x6, 0x5, 0x1, 0x921, 0x80, 0xd7f4400000000000, 0x5, 0x39f, 0x9, 0x0, 0x7, 0x4, 0x2, 0x3f, 0x0, 0x100, 0xc91, 0x3b, 0x2, 0x33c, 0x4, 0x0, 0x6, 0x3, 0x8, 0x3]}) r0 = syz_open_dev$tty1(0xc, 0x4, 0x2) sendfile(0xffffffffffffffff, r0, &(0x7f0000000a40)=0x3, 0x9) ioctl$KDFONTOP_COPY(r0, 0x4b72, &(0x7f0000000e80)={0x3, 0x0, 0x8, 0x1c, 0x64, &(0x7f0000000a80)}) ioctl$EXT4_IOC_CHECKPOINT(r0, 0x4004662b, &(0x7f0000000ec0)=0x6) ioctl$TIOCMBIC(r0, 0x5417, &(0x7f0000000f00)) sendmsg$DCCPDIAG_GETSOCK(0xffffffffffffffff, &(0x7f00000011c0)={&(0x7f0000000f40)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000001180)={&(0x7f0000000f80)={0x1d0, 0x13, 0x2, 0x70bd27, 0x25dfdbfb, {0x23, 0x3, 0x20, 0x2, {0x4e22, 0x4e20, [0x20, 0x35b, 0x1, 0x8000], [0x10001, 0x9, 0x5, 0x9], 0x0, [0x200, 0x6]}, 0xff, 0x2}, [@INET_DIAG_REQ_BYTECODE={0xbc, 0x1, "d3beaa2fbe911f4a81c48a5a263c9c901be71af7ab20b6299f51917ddc244125e42880fa94c3f39d2203b411b8cc484e78a3f5fb186c51aa5b8fd5e81fa99c9da7e417d47a288af04268a6be7670239fec1000e41adeb276a147f49534bb3e174b24c7f034195b0be245bf0b07d0580646c4628f75aae1700aa1dc448f251d246268cf72a60be51e2bcf40bec347a370140e918e498ad58c69f29c7351bd48ef808e17424e4d14492fddeb1a10889e8e99ca355342e749c0"}, @INET_DIAG_REQ_BYTECODE={0x86, 0x1, "c4670644231147cb7a1ed051e6a984825fa6609358d6fe77dcc1a29e4f87964f9e39025423e20b3ac4e35ef392923523d45397fbf134d6f1da1a90c058c7e9cee4cb1ad6d7aed98d2ecf3429d6fcdde82c05fc64cb7695c8a3f84814611a687a6471c45c4fc30a735765a3b621bdbc2cd6eb0289bf1dc9df5309978d173e94156f16"}, @INET_DIAG_REQ_BYTECODE={0x40, 0x1, "e3e6553298d315f72ac400904b43a6be9f249fc9fafb8af2c1a73c52d27b06b300fc358360bb1e3b3db94ce00d3c790034f921bc519a5edd75ab95cf"}]}, 0x1d0}, 0x1, 0x0, 0x0, 0x4008054}, 0x0) r1 = syz_open_dev$ptys(0xc, 0x3, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x9, &(0x7f0000001200)=""/46, &(0x7f0000001240)=0x2e) r2 = syz_mount_image$vfat(&(0x7f0000001280), &(0x7f00000012c0)='./file0\x00', 0x1, 0x7, &(0x7f0000002700)=[{&(0x7f0000001300)="7e0ca782e9f42aed49b658ccd9dcda5d9649ee34ea8332a9b2eebc28eb2b62bfce899c1b9dba158968702a3d0d721d9d5a6cc9774409d862c7717148eda5a3746ee1ad81162e0b43386b263a3b40c929e499e64ff6f044d25ca264d57d5ea350978bd9e8751776b459f7fffce476250c1a68061a7dfe68a202de350fc4f98a81d50583bfb947c685855a4a7c545bba3391b0fd83abbf0ad4c60821e82a2321372782dd8f564a7e9bbcdd9f4ec7013ddf606122e1cddba1ff6d9d56fcd5ce0a66a72cee4f8acb1efdba72828be351154879cac4fcfc9df95180a387f30697d0d8efc16f3ff7d2078eb57e391880cfdf3c165c2835", 0xf4, 0x6}, {&(0x7f0000001400)="74bcafedf268de2e471471cb7e9ffa68914df8193b11a36f0f525c9b35d368e2280d979f2101065efcc678ccbd7f3e58aec45f7c2007be0a2a33e009629db2a007282782a63ce80694ad984cc0ac886635f8c7a32639d6e7f1a52775d7bd563c7820e4c44c898afa79a7cdeebcaf1e44022405f5f3efd08e2e0c5822b1793d55f38f76ac48e16e00020cb1d45a7c1d6ff5678ce35866a0205a96672054b4548f74525139a35f96ac", 0xa8, 0x6}, {&(0x7f00000014c0)="513549448b9c9c984739de1954f1f32180557085bd69b64b64aba1eaa481537635e31414621fd6bd6f45e8d75b5be0a1c8b524b7670d733ecb54484043b7f1a44351ee0122c29a97fdc21272d9bb8fb2b4bd793cee1b79cfa9094366d61ec9051865c5570ecb681473fd4da4da93a59b09d186ecd647582988388f7b524e7b5ec8bb837664c0a430fd4ce9767cd4554fca92594537c2fd18217714ae90f429ccaf44ed4a375a8ec099e8ea8056d51e9cfa1ac00fbb2233e158d1e6d015bf", 0xbe, 0x100000000}, {&(0x7f0000001580)="77bfe4fdda77a1aa6b46302e87c4c37d8bec2be821e18b21a37a6366ac1406b5aae5450be5139ccbee655c9b0b01513913223688a2ab58bfda8fcab41b7b1d3c46e6a35293f4b275dc94cf94ed9522277581bc5155ceaee9f31e65cc9591d8d2bd66e1a9098da7608885f9dd9e9637245a7c288cae5ce1b62b1d1d11deebf8bd70c17714521409c0128d6d740f3949457726530c900d95982e017cbeb61c4f7d9cb177e5e46643bc2002ee33cfbdb6f85663fdc86ca195062826ec239c3550121c2684d588ccd3f20352ce53534e5482136ff41ff00531538f674b6139814d1f264e4bd433449decd2416cf3db3d9f38bd07ad59b5fef5d0862d4713d94acdc6a3f1aa2d8105e827703f31adf31d4361f474855dc997f6e002190b90aba7cc8187b61f0bf1847e3dc1aaa28be85350eebb3e93de57a6c02432245e243e313b282105c75dfe7969aefb53b0af786804a737c08d70414fa3d0badfb9d489e184f3b6a38e15740647eb3fe6addb78de7246d2bf73927e640ac4cf7ded86c1f7fcd845b4138fac03103645a06f6e4a824b8f6ad3109a6a258dc81247d6b100acd5e28db1056d618201b7188371017c1fd29ae14853618a65b9b9f103160296ef9474679b4bd424c88236cfdd4ba48aaaa88ede706ec4193fbe78355440d07516e9eb7fd68166f8ab94e4084ce0884f54fb1dc82f91b2ab510da2053706c302a6a5b3abbb55513449a390d958b434ea21a3f64edb80257fd08147f02cc2a711b4c1735e415dfbd99eed45ab957351c76da5e4a2ffcbce9ce6ae4bed0698edc243e21188a32813342dc45c1e4ce46ddf60651c80f2eb9773be0780d211a8abf1d3fe7c661bbd68e7e2fa0e17eb0d40994c5e10e0e18bb0f6ff27eb65a34d5af07f941d2c18cb58a61b2ff92a2c19f887133010fa7b3db53b05c2ebc50f548be968bf91760d25a38e1c9b695ce1dcc34623d44b634a025a3b106cf4d67e4f079254f29001c2f15def31c6413febe1b499cd14eef08f28fa31067ead53ecee2a8f836719505685c1d92200d005a2c95009bf5c6012d3e312748e43c2e5840a96a49fd297cf40157618ee0e2da4f36ad681b89efc17a984c2f3c94fcbb7c67b516a3a34bf1cd3b008f253c2849abe7f16f56536d5e353604e000bf27cadf6f6acd2158dcb33eed3fe1239d2808c59fa732b627b9f1935fdde112afe4b8a6660beb8ac26080e2b1f6d9d5ce577bf03be9bc93435f2f0ec7987ffddc3fc28227bb9e865cde6c7ffed7d35753ce996082e35ae406e505cbff623fe6640611d8850572ac23b5115c1d93b2fa4b3be3f76bfcdf3ed0ff652037d67f332ed554815b665a4cb178aeef25f766083fbacdb8459c8e6059ac54f745570c1f9f695bf2c72a3ac95a659a2041fd4fd423cc34dc35a39acda13d1ec61f0efe766ea1218db54c9fcdfa1e9121840459576465c46578586b67639b3df22a19fdbd2a8ff31bbf601c6152c0598637ea88a75001fa9026b06fb13c913308b98c948b0cbf8d9da8ef52cdf51b6ac65ba59f994f0fac88e7e4601ce3255fbc4a07e5020dcd8b7931dfc1ad016275b6e873227b5bbd8a43e9b4ae05ba375e38e519f3e1ea3d5a482aad0508aa894334ee75226ec236e919c7442278d4a70e592ce8a64e3c029f02ef6f0799052f6f485d22a51c2c35eae02f630b88fdfbc4400594cf9362586d0e722b0a1f16976110f6c6549ed41044156554fb102dcf76b7aa25575886e614f28de49477a22c7dd1bccfb8bf1f220c2d825f9b6dda5a0d4dfb95bdac02e02d3a24f44a16b6c89de12057f0c82d047f3f49f9bedd02a053314727c55026b1dda955f18dba9063b76d18091d1a213e7eb13708fcfda041d95c05db0af0823540b982cfa89622d1969b54d72ec4881d09aa22b98b4883f64898f772ee83d57d67fd32423e5d3660295103ab96d5e4d81cb226a9eb4b8cd2dd1df307afc7681729f1f8f0685151bc048949744f201a33e942398a03587608be7949de85e1869d06588494757b4587d5eb991e0c437634d83eaa22153f4306b2bf163e4554f0e4dc50fc1afdcdf98ede7636ef7a8dfaee4898e83ebe5d6e45a638b976b420cea6927bc103db57fe9a3f659f8d7cab27204697d5e8c8ab5ca7e86d43ecb62cc5210a9123050bcf22fbb62ad1be9008e7f6d78926f4231b161be8d5c79f8b1f9d8195caa594366045a19f7928bd3ff50ae46a1345e451d766e56afcb42418ac737d3145db61c257533a721b5955bf2ebcc711766d1d9d49c34197b5aa534d9d75b99acee6c28775672527cc9d40da42f9a9d2d045adb991f87462537b0168b165e7f3cc22330b4e1be65904f88bbeffc962a750a268b194e284b4be15ee0f5bef97d192319c57f873d0cf0a1ee977c4e13315ee4cf4a158a0a5341ff38e100a10f1be1a0e6bcf2691c8bd9b3248a9a1028b28b6159a10b80547b7c3902ac164cb55267335fd3758d6b17a94addbd58667b7c069bfe37cbffefcf36c5e35cbb8bdc6233606ed71ddcacbe0359ff8f8d252a0112a043e9e09bae73bcbbfa141f25144f549a4211349b2873cdf9c1c3e5f2fe1970b2f90a4643fbc6949ae7005c6eb2fe6f807ea5bf403d4c717cc7ce327ce8faac3a576cf9cb150887db106f1b20ee9f1367aa73444025132c80d9b1b7a91e4e8d4b8a59f9a15ca566ee4629100f4c75338d1c3585a05afd18a5c881b89ffe4992ad52f20bb8fe5425eeff37c31350a2c2a204afee4668910198534b28768f941f44bbce4ebfebc69c68d0d6d5d42492058307b41e7c8da0647cb9a63f4e22db3d4b3e9b75bf96ed6b0a2d20011b83c7d21b67deb726409d10147df4adb98a4976ffd4955ad61853ac47323cd6c137e0044fe256eb237c4e89c7a5a7941ed85f4cd581c1cc4d47d7b0663d54de9c72f010d44f20c8788996d62ab2a3f4ce099dded78627e818f68bfe656504d0d05c25d680f0af892fe7f2208c72b2b3ce721b7cce0d085b8abec420af47299a858c910ddd8a135e288678b6a2c410fd9b8e673183a9dc24a6ffb270a5788bab90c27bf9e68ff05e54bb5437f1c2457abf56edaa91d23aabf3f70ac95ae75348f07212a748c977683f5f2009ba4af2238f846808947cd94c2260e3eca6cd2c22840f3b838c6c3225c0116790717675056f7152975f5fa1d4a6c2b2d7149244bc9ecd5f9d617cf27c3424273df3c51d1c9746f9d1f8a6802ddf718c7e6ff473b3a736a36c90c5531c98e308f49adeaf8ae9f396c5d39af8e1f577be4ec2a8a648a33aba003291742ae9d9218bd4f0d764074efe516a765aa01cf405cfd8d7c8f0a92171d13dabfbb45330a0d6dc22bd6a4b4c63c1d5b8bbae79ff1db704e92d3d9030a57ceaa62ae50749c21d1f3ed54ec5879f3250c66baf0d9b4233b0b7e43511eae2027494de784d1acdab31695e7ea9aa332df2f1d534591a4fee1ff21eb42cbdc66d2837927ae83f6887902919d030ea1f4dffb5c2437d47e6fc192a6613112f98cfb307c11a71368d63c55884d641d29d870de665d481657856d69a868551e5a4dfb494e4422fa3da58a0954ae3bae75f0cf05488aa7b8849163d2a89306d39089bd6a795c795717225d2ba1de9423b56e8285e1313075f7f71c571b383ae7cf81acc88b8746e96dc3a0768e8f56b7f77053ecd0733c1d7442cb8f5f2f3e8ce201ab8492d80e0ba051a4dcd85827af39870a5d206d2cda6dde70818f97fa12c50b2a42ba3df2bc888e45dac7d4c16ef7d7bfeac73782ddff9285b731d71c1b6987381708fe338a3716de654abb33faec9ba889c7df76ed819321036392edbce80b31da27b051b4b3bdb61d1a6ec274839957a31921c39ad6018cfb9c49f5dc2f8fcd71214ebc9f6fe88c1292701a179611b79902c671924a633dc51031598bccc8416fe44b98fd59d6a191c1545db3f8f35b1ee3fd839396c353ff4de3b56cd8fa8d668bcc70a9b910460304e19b5d6429d17b0f3b728785d19f2fedda1f97dbee3555a83d3246feff0e73a7623f4011357796e5c5e37206df0cc4b2586c2cb1cd982314a3b58e91438f2d6128939e1a018c139760cf26d38740ec0802cb91e5f2835f8ef9eb5d69b77c5b8a3e37337f1244c9d0c9956ea164a8d03f52186d0f0af0d72d65c524f6ace1933d825c0c00702eadc11acd83e734a44af4455d4b08006658451d0280eaef655cea0857a3e90556bd950f40438033fc48e0e361dcdc5243ba5179a66fbca7f57a4088926fcf448c342c221860c29af40a65e38eb847bd5b058087982e6d0d89c3bcfacbfcceabe75eb329dd4dec4bc5c37d14203a2acb86c44692818a2c1fd5f59c40e25751a8e5d98ab3a0ff098ab2ec6435f484da5f6a4d8cb65eeb5dc237177d41e749604cbc9bb2f05399cc6c68b6dbfc80899e0c7ec5eb08b0212790e86172fe06e22d80d2d0bdcc5c3a2ff52637b077fc3427d77c056010c7d65920a2e2caac26710078786490bf7fd354761e8793c525f6c52beac05117b2f32241db376f960a0fed62f7d14a59833967b23c40c26c0f3e1dbc04c175df266dd58c018c932bf486c2125d96b561e7705f6b70e4e4e42b1cbf134810fb87cbd8c1d60eb42db24269a48c3d0ae1d44795f2426f37516ca3fbe7076b95226fac5f87a1003eb599ee7b43e03712d4f76519c19e10ed569ab7b3f7f0860f0f04de910ba268e0224f88b3c3727e9ff61a2d578ba90b623f921d11d72f2a1728475300d7859d456c7e5d8aa691f86d140e48a95e8b874758c6ddb401a1bc90d75bedad607dfe3a1b39b0798ce92b62c36e9c56f47b802645285adfecaae75e9d2e66155a65f82b195bc5606df9427b40e2a84da7e85090bcda34026f35ce20a1c3067ed262f9b5f9c315372c4cb2c0863499b9d23f169d8fdbb2cbdd75860c84ffe8148ce6dfad69560a194f99cfac3234f5f9f51678199f6ecdea894561ec9090cf5137dbb70b131c17aa3ef3dd18ea90f66d3d6ab64e06361f4164a5535a70b6f93e42e3e59cb9ad78a47c15a53cafefe393842bec047402d4e68bba387c2fe788500926eb0af5ae4e90b95ebe1b1e5f485ec4f7fb49c3841c5506073cc0199c79ea0f81235bead1f1ec566353563940a815abdb8ff338fb36a547f19778e4ac3cb5a6d85f344214c39c6ff8f06fcab4a9d9f936316b4e4b63db3503bd61f544f8c866ca612c67378fbc88d28472024e2d6f900d526c611de0afbfc846df219fcdf61fdf0fcde2a423945f1bd18120f55cd2db4b29d5b27a5ca333ab02add93665b15aca90998b86bdd04ca04633d8e13a0809b32e9015659a21e0bbaf2fccfa1b5f2a97f932b5b5dfce5301ba02ac007423c746635ad03912dcc619b43e309d9428af089225d41045fca45c869db3f3f060f08f24a808b8eb865080d72b0bc65db91f95b88f207899a6f8d950fdee1757e7bb8a0bcfef20cafda4016fb9a2da280a34d3bc190c15edc0d133122e9451327c2c7eb874b89edde8e3c1f885b5e5902fb6bc0a458d17768a857f147c7059c5fe43c7c5a5def9c8cb9ce6080f749955a57c521663bac6ff375db3a3a37c12ac7461623ca0be844966dba2e9acb9554f04f53d52bedacea88731a8355aed7a391c8197265894c06825360bbcb8dd1ea2cd40c985450f62f3d99c6f0dc60c759d5a3cdaf0e5b1e656aa8b33fee3624ef6846e01ee37ebeac5f82b3336e0126547c3377b38b61ce9c83f0421225bc5a27f5696b10c6d1de5604f2988ea4a62da477657c5a621f196ec13623a590b9d9c088d57c", 0x1000, 0x6}, {&(0x7f0000002580)="0203d195001c042cf97af47edee5312fc6ab5e19ebd689fc372852eec06caf9f1812a4a5a99476574fb21c25f1b674266348d82d59d9f8550121b621221334a0e98fea865a979245ba2b08e58620df234cdfb4453f8b9cf152ec2bb542d9a821a5b01266ebcf82aad67abe9f7c71bf54e8a73bd4ff60cbbf584be2772a060afca3ef922fd617afad085209baa1163e078d92129f72a3feff4d0db686d586cc82e367b776d76e8abf38234c380734e38ed49d", 0xb2}, {&(0x7f0000002640)="df7681d4192ef7d0fb601218fbe9691c06e4f55dc9a85b06212688fd06b579247491b6a307e175ae5a2535122855aa1b086bed76a98a3ea2c26b380d88ba240f85f21a8bf6738c3b87", 0x49, 0x80}, {&(0x7f00000026c0)="1f39834b", 0x4, 0x200}], 0x4, &(0x7f00000027c0)={[{@utf8}, {@numtail}, {@uni_xlate}, {@nonumtail}, {@utf8no}], [{@uid_eq={'uid', 0x3d, 0xee00}}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}, {@fsname={'fsname', 0x3d, '(+[-{.'}}, {@permit_directio}, {@uid_lt={'uid<', 0xee01}}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}]}) fchmod(r2, 0x121) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000002880)={{0x1, 0x1, 0x18, r2, {0x101}}, './file0\x00'}) sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000002a40)={&(0x7f00000028c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000002a00)={&(0x7f0000002900)={0xc8, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_MESH_SETUP={0x8, 0x70, [@NL80211_MESH_SETUP_USERSPACE_AUTH={0x4}]}, @NL80211_ATTR_HANDLE_DFS={0x4}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_HANDLE_DFS={0x4}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x3e0}, @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0xc}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x113}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x89dc}], @NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_ELEMENT_TTL={0x5, 0xf, 0x7}]}, @NL80211_ATTR_MESH_SETUP={0x5c, 0x70, [@NL80211_MESH_SETUP_USERSPACE_AUTH={0x4}, @NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL={0x5, 0x1, 0x1}, @NL80211_MESH_SETUP_IE={0x42, 0x3, "b4ad83e0d19edf022352f6519bc1439029cceb88a45f8085fed8f4346504112c836fd28d7b407ff140c3f062220694c2fdf49f4f55171775a86c45b93f7e"}, @NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC={0x5, 0x2, 0x1}]}]}, 0xc8}, 0x1, 0x0, 0x0, 0x4004000}, 0x800) ioctl$TIOCVHANGUP(r1, 0x5437, 0x0) ioctl$KDGETMODE(r0, 0x4b3b, &(0x7f0000002a80)) sendmsg$NL80211_CMD_GET_MPP(r3, &(0x7f0000002bc0)={&(0x7f0000002ac0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000002b80)={&(0x7f0000002b00)={0x7c, 0x0, 0x43a2714b2c0cf1fc, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x7c}, 0x1, 0x0, 0x0, 0x80}, 0x4010) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r3, 0xc018937e, &(0x7f0000002c00)={{0x1, 0x1, 0x18, 0xffffffffffffffff, @in_args={0x1}}, './file0\x00'}) r5 = openat(r4, &(0x7f0000002c40)='./file0\x00', 0x62a902, 0x12) lsetxattr$trusted_overlay_redirect(&(0x7f0000002c80)='./file0\x00', &(0x7f0000002cc0), &(0x7f0000002d00)='./file0\x00', 0x8, 0x3) write$binfmt_misc(r5, &(0x7f0000002d40)={'syz0', "a5339260e74eb62d6faf4076a54943e2c47056a4b195f8d758db15ad9edbb1a7be11638501528b7de6683243d756aa2e56e912c51fa032b3bc859535d4b7435dc235d51e3c34eb3ad69cf686cdfa54bae2d2d9b2f01ffa17825723a92375203123013b24339f67b4e6a0ae09381429640bc548483335a3248ba308e9faf22bf9e0d4e488505c40bd0c27c4100c4a1f678a8952a8661fb39712dae822a4df4d34de241db7c026ca37d369f0878f83fc791996f7d1abb7d81006f3508fc57556fe0323e1dc3369a089f001b63ca8f3d794ee7e01c5de11be6743eee94aad87383b5926afccfdfe"}, 0xea) 17:14:44 executing program 2: prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, 0xffffffffffffffff) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x5, 0x5}}, './file0\x00'}) r1 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000080)='./file0/file0\x00', 0xffffffffffffd491, 0x4, &(0x7f0000000300)=[{&(0x7f00000000c0)="26bf5f096285d3415ab1bfbc5934100f72f73213a139d3b43eb34ccb292d29cdbaed4b1b933ba17e9e2174bef7bc42e77a2b781ccf879e328efe2aad45c4eda9234931c0b3936ca0b12ae85d0224fd945178a451250b42633a1ecb254e7bb609ea0028e5812ae83f5df0d617e25d1831431baae3c2768434e5890242111511dae652d1eb0230c27bef2b2410c970d2ad0b3ade35540ca0d13d86c95a86aa6f0ba5", 0xa1, 0x8}, {&(0x7f0000000180)="cdc9873f342e71fbe375391469540d473f3e1c81c85dd1d484fea10c2981badb112404fed9e926cc3b06b67d29811fe2de4fdc846d7483269fc911d5", 0x3c, 0x6}, {&(0x7f00000001c0)="8d6b37fb54f67b68c4f9936ff44a023f06ab9758d498fb1dd6d4bee3a6434a7e952aa0825ace2132c1fd4446585194f7e3a82b6294f58da82b4f84873eeea4d72222704903761b3f51fb603ec9d5a1c5e52c53a5f34b2ef2f33445472a0785fb3cdca8f2d4ecabefc8b14d8b12f2d2", 0x6f, 0x28}, {&(0x7f0000000240)="3fc78e93194fb114afc93f1530538aa72941eda54b3a2502d9b59bbf5c89c5c87c864d8cf0c7f99f138e85c984869d0cce0e610c6b8259608b8e384e79c8ec897955368d37d251e11eeb7eafc0caf3d0da314cb709bed2ed2d1a42f443f093abad1ae8ddec82c1a1405d7177060c4e3b2ea67b8cef9e431845fba106d5aeeb7002c347a8d1e1544b8a8d5d42c1ed8e9110ea042759b9b7011fc8f4b2ff1ce934c6974d40d7539ca77f41fd3d5890177683aec190ec29", 0xb6, 0x8}], 0x80000, &(0x7f0000000380)={[{@numtail}, {@iocharset={'iocharset', 0x3d, 'cp437'}}], [{@subj_user={'subj_user', 0x3d, '.'}}]}) socket$inet_tcp(0x2, 0x1, 0x0) r2 = fsmount(r0, 0x0, 0x0) ioctl$RNDADDTOENTCNT(r2, 0x40045201, &(0x7f00000003c0)=0xffff0000) mkdirat(r0, &(0x7f0000000400)='./file0/file1\x00', 0x31) r3 = syz_io_uring_complete(0x0) ioctl$NS_GET_OWNER_UID(r0, 0xb704, &(0x7f0000000480)=0x0) fchownat(r3, &(0x7f0000000440)='./file0\x00', r4, 0x0, 0x1000) setsockopt$inet_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, &(0x7f00000004c0)=0x7, 0x4) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f0000000500)={{0x1, 0x1, 0x18, r0}, './file1\x00'}) r5 = syz_open_dev$ptys(0xc, 0x3, 0x1) ioctl$FAT_IOCTL_GET_ATTRIBUTES(r5, 0x80047210, &(0x7f0000000540)) r6 = socket$nl_sock_diag(0x10, 0x3, 0x4) ioctl$FAT_IOCTL_GET_VOLUME_ID(r6, 0x80047213, &(0x7f0000000580)) openat(r1, &(0x7f00000005c0)='./file1\x00', 0x400, 0x4) semctl$SETALL(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000600)=[0x3, 0x2, 0x3]) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r2, 0xc0189378, &(0x7f0000000640)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {r5}}, './file0\x00'}) ioctl$sock_inet_SIOCADDRT(r7, 0x890b, &(0x7f00000006c0)={0x0, {0x2, 0x4e20, @rand_addr=0x64010100}, {0x2, 0x4e23, @local}, {0x2, 0x4e24, @loopback}, 0xa0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000680)='vlan1\x00', 0xffffffff, 0x3, 0x6}) 17:14:44 executing program 4: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$BTRFS_IOC_LOGICAL_INO(r0, 0xc0389424, &(0x7f0000000080)={0x1, 0x10, '\x00', 0x1, &(0x7f0000000040)=[0x0, 0x0]}) r1 = fsmount(0xffffffffffffffff, 0x0, 0x8) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f00000000c0)={r0, 0xfff, 0x2, 0x8}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'ip6erspan0\x00', 0x0}) r4 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000140), 0x4040, 0x0) sync_file_range(r4, 0xd2, 0x2, 0x1) ioctl$TUNGETIFF(r2, 0x800454d2, &(0x7f0000000180)={'bridge_slave_0\x00'}) r5 = ioctl$NS_GET_PARENT(r1, 0xb702, 0x0) finit_module(r5, &(0x7f00000001c0)=',.\x00', 0x3) write$vga_arbiter(r1, &(0x7f0000000200)=@target={'target ', {'PCI:', '1', ':', '1c', ':', '1', '.', '16'}}, 0x15) write(r4, &(0x7f0000000240)="ce4646376406eda7e3241b988568cdacf21badfdff4b07a0b1feefd1d672086ab4d3b6b895145860c05d246f4cfc250d0b1b912b9c9f7fc6996f4183941c5c2913376b8175de90f7c657a88130ec91745f343dddae2e9250f856100de3b32de083259d92eb87b3fe6bbba7785fb400b28a114d84077c224985d77236dc149f5d2bebb28d634be1a44682954c9f24", 0x8e) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup.net/syz0\x00', 0x200002, 0x0) sendfile(r6, r7, &(0x7f0000000340)=0x2d75, 0xaffd) r8 = syz_mount_image$iso9660(&(0x7f0000000380), &(0x7f00000003c0)='./file0\x00', 0x1, 0x2, &(0x7f00000004c0)=[{&(0x7f0000000400)="5e336a234963711466cdbfb81c16eac8a9cb3622591154aa3da1923884cf8897a1999dda710d69cf3f1a6120c60cc463cbb07fc39e96f4b5ebe6f0", 0x3b, 0x7}, {&(0x7f0000000440)="38aa97d5ea9c2633dab9a33bcee12665d02e6086c4f422357624bae5084cc429349b9582525d2e2803ac0583a166a97b9dd226b526ed3aa877a060b6e98532b9e549", 0x42}], 0x80028, &(0x7f0000000500)={[{@check_strict}, {}, {@uid={'uid', 0x3d, 0xee01}}, {@nojoliet}], [{@appraise_type}, {@audit}, {@subj_role={'subj_role', 0x3d, ':'}}, {@hash}, {@seclabel}, {@permit_directio}, {@fowner_eq={'fowner', 0x3d, 0xffffffffffffffff}}, {@subj_type={'subj_type', 0x3d, '.'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@fscontext={'fscontext', 0x3d, 'user_u'}}]}) mknodat(r8, &(0x7f0000000600)='./file0\x00', 0x1022, 0xa5) ioctl$sock_inet6_SIOCDELRT(r2, 0x890c, &(0x7f0000000640)={@mcast2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3ff, 0xf6, 0x2, 0x200, 0x8, 0x4040100, r3}) openat(0xffffffffffffff9c, &(0x7f00000006c0)='./file0\x00', 0x0, 0x161) sendmsg$NL80211_CMD_DEL_PMKSA(r1, &(0x7f0000000800)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000007c0)={&(0x7f0000000740)={0x6c, 0x0, 0x400, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x7ff, 0x5b}}}}, [@NL80211_ATTR_PMK={0x14, 0xfe, "d5f7e99dcca32a0e3ff8e412cab172fe"}, @NL80211_ATTR_PMKID={0x14, 0x55, "7c317c11ec246d5d0c139a63e3094733"}, @NL80211_ATTR_PMKID={0x14, 0x55, "90ad2ecba8d37a8f2d13a353b899d620"}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x22}]}, 0x6c}, 0x1, 0x0, 0x0, 0xc1}, 0x0) 17:14:44 executing program 3: read$snapshot(0xffffffffffffffff, &(0x7f0000000000)=""/214, 0xd6) ioctl$INCFS_IOC_GET_FILLED_BLOCKS(0xffffffffffffffff, 0x80286722, &(0x7f00000001c0)={&(0x7f0000000100)=""/149, 0x95, 0x8e, 0x1ff}) r0 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r0, 0x8008330e, &(0x7f0000000200)) r1 = openat$cgroup_ro(r0, &(0x7f0000000240)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000600)={0xa4, 0x0, &(0x7f0000000440)=[@decrefs, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f00000002c0)={@fda={0x66646185, 0x3, 0x1, 0x6}, @fda={0x66646185, 0x0, 0x0, 0xd}, @ptr={0x70742a85, 0x1, &(0x7f0000000280), 0x0, 0x2, 0x3b}}, &(0x7f0000000340)={0x0, 0x20, 0x40}}, 0x400}, @release={0x40046306, 0x3}, @transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000380)={@flat=@weak_handle={0x77682a85, 0x1105, 0x1}, @flat=@weak_handle={0x77682a85, 0x101, 0x3}, @flat=@weak_handle={0x77682a85, 0x100, 0x1}}, &(0x7f0000000400)={0x0, 0x18, 0x30}}}, @exit_looper], 0xf5, 0x0, &(0x7f0000000500)="9d962e1ad6929bbd235f001c68e2f2d09cd140c69b672852b0f66b2cca0219c1cec50ffefa4e935ada2ffd47d50ee199e797e4b067a8699e646c7891b914c179e67acbe1ae836696c6c2d75659842043f1a029d384bb4e107df15cc03a031d78817b38bb326f63f19d64c513b6d115fd10cd3ad2e5db00b18d82212e84c490f643ec94db3d08ea70a139960fb8bca39376bf3159701bcc4a6f77ef73fa7872be3edced12135fc97c6eab92be886e43e61a822175ba557dfc54e9ab1d3f43eb29da160b94fda8896dc91a15caf3500d3a6790c42977b565285b8df9e4993c730d982fa51704d228d421407bd61176b4fe4da914c0ba"}) r2 = signalfd4(r0, &(0x7f0000000640)={[0x3]}, 0x8, 0x80000) ioctl$SNAPSHOT_CREATE_IMAGE(r2, 0x40043311, &(0x7f0000000680)) getpeername$unix(r0, &(0x7f00000006c0), &(0x7f0000000740)=0x6e) io_uring_enter(r2, 0x13e2, 0xfcc3, 0x0, &(0x7f0000000780), 0x8) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r2, 0xc018937a, &(0x7f00000007c0)={{0x1, 0x1, 0x18, r0, {0x3}}, './file0\x00'}) readv(r3, &(0x7f0000000d40)=[{&(0x7f0000000800)=""/224, 0xe0}, {&(0x7f0000000900)=""/172, 0xac}, {&(0x7f00000009c0)=""/146, 0x92}, {&(0x7f0000000a80)=""/154, 0x9a}, {&(0x7f0000000b40)=""/232, 0xe8}, {&(0x7f0000000c40)=""/155, 0x9b}, {&(0x7f0000000d00)=""/29, 0x1d}], 0x7) openat2(r3, &(0x7f0000000dc0)='./file0\x00', &(0x7f0000000e00)={0x40900, 0x9, 0x1e}, 0x18) ioctl$FAT_IOCTL_SET_ATTRIBUTES(r3, 0x40047211, &(0x7f0000000e40)=0x12) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000fc0)=@IORING_OP_STATX={0x15, 0x2, 0x0, r1, &(0x7f0000000e80), &(0x7f0000000f80)='./file0\x00', 0x100, 0x4000}, 0x0) r4 = open(&(0x7f0000001000)='./file0\x00', 0x101002, 0x185) close(r4) ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r4, 0x80083313, &(0x7f0000001040)) syncfs(r1) io_uring_register$IORING_REGISTER_PROBE(0xffffffffffffffff, 0x8, &(0x7f00000010c0)={0x0, 0x0, 0x0, '\x00', [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}]}, 0x1e) [ 65.221208] audit: type=1400 audit(1664817284.092:6): avc: denied { execmem } for pid=286 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 17:14:44 executing program 5: sendmsg$AUDIT_DEL_RULE(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000004c0)={&(0x7f0000000040)={0x454, 0x3f4, 0x4, 0x70bd2b, 0x25dfdbfc, {0x0, 0x2, 0x33, [0xb8c7, 0x5fb3, 0x2, 0x5, 0x1f, 0x372, 0x800, 0x9, 0x1000000, 0x7f, 0x0, 0x0, 0x0, 0x4, 0x4, 0x0, 0x4, 0xffff, 0x9, 0x665066eb, 0x8, 0x850, 0x7, 0xf70, 0x7fff, 0x26, 0x80, 0x9, 0x4, 0x4, 0x401, 0x4, 0xffff, 0x101, 0x9, 0x7, 0x48000, 0xc387, 0x5, 0x9, 0x94c, 0x9, 0x6, 0x2, 0x8, 0xfffffffc, 0x3, 0xffffffff, 0x3, 0x1, 0x6, 0x453d, 0x8, 0x0, 0x9, 0x9, 0x80e, 0x9, 0x3, 0x6, 0x7937, 0x3, 0x9, 0x3], [0xffff, 0x7ff, 0x7fffffff, 0x401, 0x4, 0x8, 0x100, 0x400, 0x81, 0xbe9, 0x53, 0x44, 0xffffffff, 0x401, 0x9, 0x1c0000, 0x1, 0x200, 0x8e, 0x5, 0x5, 0x3, 0x10000, 0x9, 0xffffffff, 0x7, 0x0, 0xf0, 0x5, 0xf22, 0x6, 0x6, 0x3ef, 0x7c, 0x6, 0x9b4, 0x6, 0x8, 0x10001, 0xfff, 0x5, 0x5, 0x7, 0x80000000, 0x0, 0x80000000, 0x8, 0x1a, 0x23, 0x6, 0x1, 0x4, 0x9, 0x7fff, 0x101, 0x200, 0xfd75, 0x2, 0x1, 0x200, 0x80000001, 0x1f, 0x3, 0x761], [0x80000000, 0x9, 0x7, 0x0, 0x8, 0x101, 0x2, 0x0, 0x9, 0x1f, 0x5, 0x0, 0x4, 0x5, 0x5aa, 0x7, 0x1, 0x1, 0x6, 0x1ff, 0x7, 0x8, 0x7, 0xff, 0x0, 0xe20, 0x7, 0x2da, 0x0, 0x8001, 0x2, 0x0, 0xdbde, 0x1, 0x2, 0x2, 0xfffffffa, 0x22, 0x100, 0x7, 0x61aa, 0x400, 0x0, 0x9, 0x1, 0x8, 0x9, 0x8, 0x9, 0x8000, 0x4, 0x9, 0x596, 0x101, 0x1, 0x6, 0x800, 0x7, 0xb3c, 0xf20, 0x9, 0x3, 0x4], [0x0, 0x1, 0x1ea, 0x4, 0x9, 0x8, 0x336, 0x6, 0x80000000, 0x5, 0x36b, 0x1ff, 0x1, 0x4, 0x9, 0x3, 0x3, 0x80000001, 0x9, 0xdd, 0x5, 0x8, 0x9, 0xfffffffa, 0x0, 0x6, 0x8000, 0x4, 0x32, 0x20, 0x1, 0x6, 0x8e3, 0x6, 0x9a, 0xffffffff, 0x1, 0x10001, 0x8, 0x4, 0xf0e, 0x3f, 0x0, 0x0, 0x400000, 0x5, 0x7, 0xe5d, 0x40, 0x8, 0x90a, 0x5, 0x3d5, 0xad, 0x5, 0x7e, 0x0, 0x4, 0xb0d, 0x2, 0x7f, 0x10001, 0x1, 0x6], 0x32, ['\x00', '[\x00', '@n{[\x00', '\x00', '[$/+^*[(.:\x7f&#%%-*[%\'!\x00', '{{\x00', 'U&^\x00', '@#:*\xdf&+]-{\\\x00']}, ["", "", "", "", "", ""]}, 0x454}, 0x1, 0x0, 0x0, 0x4}, 0x91) sendmsg$NL80211_CMD_SET_QOS_MAP(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x19af9eafe6d26d14}, 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x48, 0x0, 0x10, 0x70bd27, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_QOS_MAP={0x10, 0xc7, {[{0x7d, 0x3}, {0x81}], "3229a8046e37bd0b"}}, @NL80211_ATTR_QOS_MAP={0x24, 0xc7, {[{0x8b, 0x5}, {0x7f}, {0x4, 0x3}, {0x7, 0x1}, {0x7f, 0x6}, {0x20, 0x4}, {0x3, 0xff}, {0x3f, 0x6}, {0xfc, 0x5}, {0x4, 0x4}, {}, {0x1, 0x4}], "139ae1beaa64a74b"}}]}, 0x48}, 0x1, 0x0, 0x0, 0x8010}, 0x800) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000680)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) sendmsg$TIPC_NL_NET_SET(r0, &(0x7f0000000a00)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000009c0)={&(0x7f0000000700)={0x288, 0x0, 0x100, 0x70bd26, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0x144, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e23, @remote}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0x7ba, @loopback, 0x9}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0xfffffff7, @ipv4={'\x00', '\xff\xff', @local}, 0xfffffffe}}, {0x14, 0x2, @in={0x2, 0x4e20, @empty}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x8, @mcast1, 0x8}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0xc88e, @remote, 0x2}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x1ff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10001}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x2, @mcast1, 0xcab7}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_SOCK={0x18, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x81}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x10001}]}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0xfffffff8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x80000000}]}, @TIPC_NLA_NODE={0x104, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x3f, 0x4, {'gcm(aes)\x00', 0x17, "c48d7eafc3455514e74402026288ee69aab1654146dee0"}}, @TIPC_NLA_NODE_ID={0xb6, 0x3, "0dfce5c91c5098f8a4425500c01c7c807dd931379020b2bbd63f38054eff1b2c20512e23f4199bedd17ca58a12c36200447dfa2980f39d208114773e7190a05b7e5eb80f56adf73a93579bfe783a97b53f48dbcfa4353747a2856b2ad3444f726d39019c03df20e1d259bbf128f46f0601f4475d8c15743537e0b88dddbf94d385672696ec76e5577c8de790d361720dcd9696b1a7421c635b9e5327d892b277f089c8dd78ded78ebc7d30a7bfe7a2eeacf5"}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7f}]}]}, 0x288}, 0x1, 0x0, 0x0, 0x8080}, 0x4c801) sendmsg$NL80211_CMD_PROBE_CLIENT(r0, &(0x7f0000000b40)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000b00)={&(0x7f0000000a80)={0x74, 0x0, 0x200, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x1, 0x60}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}]}, 0x74}, 0x1, 0x0, 0x0, 0x40841}, 0x1) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000bc0), 0xffffffffffffffff) sendmsg$IEEE802154_LIST_PHY(0xffffffffffffffff, &(0x7f0000000c80)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000c40)={&(0x7f0000000c00)={0x14, r1, 0x200, 0x70bd2c, 0x25dfdbfe, {}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4010}, 0xc040) r2 = syz_mount_image$nfs4(&(0x7f0000000cc0), &(0x7f0000000d00)='./file0\x00', 0x6c8d, 0x5, &(0x7f0000000f40)=[{&(0x7f0000000d40)="d66382cc2cf544c53efd0048a019628267d0966dab9746b306adbd", 0x1b, 0x80000000}, {&(0x7f0000000d80)="c710711c4e63bd6bb062d7891c21108dba009baf9a8ffaa10e8c28c86eea8aa7bdeaf61fb8beedd06ec4f874418576cc", 0x30, 0x7}, {&(0x7f0000000dc0)="5a87d96610f2badb3e5623b2012c085612ba90b7b88cb90544e6686ead9212c2b144744a154a0fa4ea4e007df7d8ad242d2e213cb582f38f5e875407ab1beb02b492b33b6208edb3427ac46c5af40a4d180d240f323d4a7d8730b73ccbe14d7bd510b41b0b4212cda5860b5c0e2375ec63452bb1137ca991e14a4427fd54195472ea6be746a12dc5961eefe269d51bfae0aaf64e3c0705740a08cf166b89c2af1ea6985d933322f6733dc6074cbbccd1b8cbf79ca1b1870ac4e99051e21866", 0xbf, 0x7fff}, {&(0x7f0000000e80)="75453a54c3e3ad6ca5af89401ab7a43c1a44d408734fb0e958404bb0932f8bd3549f7723df9ddabb017883dd7d3e03e3dbb1f17fc69ab7849d842b8f148aad85205b4e076cd7f0ad10", 0x49, 0x7fff}, {&(0x7f0000000f00)="4ce8c5ed5207fc97bdd99b32978e0a7b", 0x10, 0xca}], 0x2000440, &(0x7f0000000fc0)={[{':&\xba*'}, {'\x00'}, {'[$/+^*[(.:\x7f&#%%-*[%\'!\x00'}, {'#\x94'}, {'*.'}, {'[\x00'}, {']'}, {'[\x00'}], [{@fsuuid={'fsuuid', 0x3d, {[0x31, 0x34, 0x38, 0x64, 0x64, 0x62, 0x31, 0x36], 0x2d, [0x0, 0x66, 0x38, 0x39], 0x2d, [0x37, 0x30, 0x37, 0x5d], 0x2d, [0x38, 0x39, 0x61, 0x35], 0x2d, [0x63, 0x64, 0x66, 0x34, 0x33, 0x31, 0x35]}}}, {@fsuuid={'fsuuid', 0x3d, {[0x65, 0x62, 0x31, 0x64, 0x1fd2a1a4d4758108, 0x35, 0x31, 0x65], 0x2d, [0x33, 0x36, 0x39, 0x31], 0x2d, [0x61, 0x38, 0x32, 0xb], 0x2d, [0x32, 0x34, 0x63, 0x33], 0x2d, [0x30, 0x79, 0x61, 0x33, 0x39, 0x39, 0x64, 0x30]}}}, {@fsname={'fsname', 0x3d, ']$)'}}]}) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x3, 0x8010, r2, 0xa0475000) r3 = accept(r0, &(0x7f0000001080)=@ethernet={0x0, @broadcast}, &(0x7f0000001100)=0x80) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001180), r0) sendmsg$ETHTOOL_MSG_EEE_GET(r3, &(0x7f0000001300)={&(0x7f0000001140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000012c0)={&(0x7f00000011c0)={0xc4, r4, 0x200, 0x70bd25, 0x25dfdbff, {}, [@HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'virt_wifi0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x80, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_team\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6erspan0\x00'}]}]}, 0xc4}, 0x1, 0x0, 0x0, 0x840}, 0x80000) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001380), r3) sendmsg$NL80211_CMD_START_P2P_DEVICE(0xffffffffffffffff, &(0x7f0000001440)={&(0x7f0000001340)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001400)={&(0x7f00000013c0)={0x14, r5, 0x800, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @void}}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4042005}, 0x800) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc018937e, &(0x7f0000001480)={{0x1, 0x1, 0x18, r0, @out_args}, './file0\x00'}) sendmsg$OSF_MSG_REMOVE(r6, &(0x7f0000001ec0)={&(0x7f00000014c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000001e80)={&(0x7f0000001500)={0x964, 0x1, 0x5, 0x401, 0x0, 0x0, {0x5, 0x0, 0x5}, [{{0x254, 0x1, {{0x2, 0xac}, 0x3, 0x8, 0xebd, 0x7f, 0x1f, 'syz1\x00', "a98aace5a3a9989f5550c21a551d1d82da57068fae9ef286d30002a91358a0c6", "11239432e8503b449a7526616d1f0820a484772903647e6fecd97a0b710ae69d", [{0x8, 0x5, {0x0, 0x7}}, {0x80, 0x80, {0x0, 0xb94b}}, {0x3, 0x2, {0xe5a91afe43f1de43, 0xffff}}, {0x3, 0x5f4, {0x1, 0xd}}, {0xfff7, 0xa4c, {0x0, 0x4}}, {0x4, 0x0, {0x2}}, {0x0, 0x4, {0x0, 0x4}}, {0x5, 0x5, {0x0, 0x1}}, {0x0, 0xf86, {0x2, 0x80000001}}, {0x0, 0x6, {0x3, 0x2}}, {0x8000, 0x9}, {0x8001, 0x4, {0x3, 0x6}}, {0xff8e, 0x101, {0x1, 0x100}}, {0x4a56, 0x4, {0x0, 0x6b}}, {0x7f}, {0x9, 0x89, {0x3, 0x4}}, {0x6, 0xbeb, {0x3, 0x8}}, {0x9, 0x6, {0x3, 0x40000}}, {0x8, 0x9, {0x1, 0x8}}, {0x9, 0x2, {0x3, 0x8001}}, {0xfff, 0x8, {0x7ff23e3a5ff6750f, 0xa42e}}, {0x800, 0x2, {0x1, 0x7}}, {0x1f, 0x7, {0x2, 0x1}}, {0xfffd, 0x2, {0x3, 0x9}}, {0x1b, 0x5, {0x0, 0xffffffff}}, {0x2, 0x3e6, {0x1, 0x3}}, {0x80, 0x1f, {0x1, 0xf35}}, {0x9, 0x2, {0x1, 0x9}}, {0x75, 0x7fff, {0x1, 0x1000}}, {0x0, 0x6, {0x3, 0x401}}, {0x6, 0xa0, {0x3}}, {0x79, 0xa347, {0x3}}, {0x1, 0xff01, {0x2, 0xe0}}, {0x69f6, 0x1, {0x1, 0x98e}}, {0x3, 0xfff, {0x3, 0x7}}, {0x8, 0x3, {0x3, 0x200}}, {0x2, 0x7ff, {0x1, 0x1}}, {0xc77e, 0x8001, {0x0, 0x6}}, {0x7, 0x9a7f, {0x1, 0x5}}, {0xfc01, 0x8, {0x3, 0x10001}}]}}}, {{0x254, 0x1, {{0x3, 0x81}, 0x2, 0x13, 0xff, 0x20, 0x1e, 'syz1\x00', "544979982f1e046965ab297f111ce2114244f4683d3883ced187ea965e447008", "3d253ced0055d59bac403bfa90cf1d9fb271586260464de6741f73f2fc06e0eb", [{0x5, 0x401, {0x1, 0x5898}}, {0xfffc, 0x1d, {0x1, 0x1}}, {0xfffd, 0x4, {0x0, 0xdae7}}, {0x4, 0x0, {0x2, 0x401}}, {0x200, 0x0, {0x3, 0x400}}, {0x0, 0xc, {0x2, 0x7}}, {0xffff, 0x9, {0x2, 0x1}}, {0x0, 0x7, {0x0, 0x8f71}}, {0x800, 0xe, {0x3, 0x1}}, {0x2, 0x8, {0x0, 0x6}}, {0x1ff, 0x0, {0x0, 0x4}}, {0x3, 0x8000, {0x2, 0x7816}}, {0x4, 0x52c, {0x4, 0x7}}, {0x3, 0x5, {0x2, 0x54e1}}, {0x4, 0xca, {0x0, 0x7f}}, {0xbb, 0xfff, {0x2, 0x666}}, {0xfff, 0x1, {0x2, 0x470}}, {0xa, 0xffff, {0x2}}, {0x60, 0xfc01, {0x3, 0xfff}}, {0x8, 0x8, {0x3, 0x2087}}, {0x5, 0x4, {0x2, 0x8}}, {0x4, 0x4, {0x0, 0xe7d}}, {0xfff, 0x8, {0x1, 0x8}}, {0x0, 0x4, {0x1, 0xe70}}, {0x3, 0x7, {0x2, 0x49}}, {0x4e, 0x3f, {0x0, 0x7}}, {0x3, 0x36f4, {0x2, 0x6}}, {0x2, 0x7, {0x0, 0x4}}, {0x8, 0x1ff, {0x3, 0xedcb}}, {0x80, 0x9, {0x3, 0x25}}, {0x0, 0x8, {0x1, 0x81}}, {0x1, 0x4, {0x1, 0x768}}, {0xffff, 0x3, {0x1, 0xffffffff}}, {0x6, 0xfff7, {0x0, 0x8001}}, {0x3, 0x40, {0x1, 0xe0}}, {0xea, 0x7f, {0x2, 0x2ffa}}, {0xffff, 0xfff9, {0x1, 0x1}}, {0x20, 0xffe0, {0x2, 0xba0}}, {0x1f, 0xd3cb, {0x1, 0xec}}, {0x5, 0x1}]}}}, {{0x254, 0x1, {{0x0, 0x4ac}, 0x29, 0x5, 0x0, 0x8001, 0x27, 'syz1\x00', "874580db39a4df12870221657146125e302505b28c76ccb99bf5b97c6b210dd7", "b15bc479eb8490d42e6ba30b6a61b35671444898f245ba7794973e896295bcc4", [{0x8001, 0x5a, {0x0, 0xf2}}, {0xfff7, 0xfcc5, {0x2, 0xfffffffa}}, {0x100, 0xfff9, {0x1, 0x8}}, {0x2, 0xb8d, {0x0, 0x6}}, {0x652a, 0x3800, {0x3, 0x9}}, {0x219e, 0x200, {0x0, 0x5}}, {0xff, 0x2, {0x3, 0x400}}, {0xffff, 0xf000, {0x3, 0x6}}, {0xfc, 0xffff, {0x0, 0xe0000}}, {0x3, 0x5, {0x2, 0x8}}, {0x81, 0x6, {0x2, 0x24}}, {0x5, 0x872, {0x3, 0x7ff}}, {0x1, 0x5, {0x0, 0x5}}, {0x9, 0x401, {0x0, 0xcb4}}, {0x6, 0x2, {0x3, 0x101}}, {0x6, 0x101, {0x3}}, {0xed62, 0x2, {0x0, 0xb086}}, {0x91, 0x8, {0x2, 0x4}}, {0x5b, 0x1ff, {0x1, 0x6}}, {0x5, 0xffff, {0x3, 0x5095}}, {0x1, 0x8, {0x1, 0x2}}, {0xffff, 0x3, {0x0, 0x1}}, {0x5, 0x1, {0x3, 0x1}}, {0x1, 0x6, {0x0, 0x3}}, {0x1, 0x10e, {0x0, 0x4}}, {0x6, 0x80, {0x3, 0x1}}, {0x1, 0x0, {0x2, 0x41d}}, {0x2, 0xf001, {0x0, 0x6}}, {0x2, 0x1, {0x1, 0x8f3}}, {0x0, 0x26, {0x0, 0x5}}, {0x3, 0x573, {0x3, 0x80000000}}, {0x1, 0x8, {0x3, 0x101}}, {0x8000, 0x8, {0x0, 0xb9}}, {0xdd, 0x3ff, {0x3, 0x8}}, {0x81, 0x7, {0x3, 0x3}}, {0x4, 0x9fec, {0x3, 0x100}}, {0x0, 0x81, {0x2, 0x3}}, {0x8, 0x1f, {0x2, 0x2000}}, {0x6, 0x3, {0x3, 0x2}}, {0x4, 0x7fff, {0x1, 0xffffffff}}]}}}, {{0x254, 0x1, {{0x3, 0x4}, 0x5, 0x0, 0x9, 0x9, 0xe, 'syz0\x00', "a5d7f17898177de63b35cf7b7c653d6bcc2c9507727f95bce1de302a0fb1d03a", "b3b4e84ae8ee8a45f9533eb2fc10870e15067c9e7e5042a5dd99575f2bf7b472", [{0x7fff, 0x5, {0x1, 0x6}}, {0x96c, 0x0, {0x3, 0x81}}, {0xfa5, 0xfff, {0x0, 0x5}}, {0x9, 0x7, {0x2, 0x2}}, {0x7, 0x3, {0x0, 0x1}}, {0x2, 0x8, {0x0, 0x100}}, {0x1f, 0x2, {0x60413ab925fa4276, 0x3}}, {0x5eb, 0x6, {0x3, 0x200}}, {0xff, 0x0, {0x1, 0x1}}, {0x92, 0x4, {0x0, 0x8}}, {0xffff, 0xfff8}, {0x8, 0x3, {0x1, 0x9}}, {0x1, 0x9, {0x3, 0x7ff}}, {0xd123, 0xffff, {0x0, 0x3ff}}, {0x8, 0xffff, {0x1, 0x5}}, {0x0, 0x8000, {0x2, 0xffffff81}}, {0x6, 0xfffd, {0x3, 0x6}}, {0xffff, 0x2, {0x3, 0x9}}, {0x7cb, 0xe80, {0x2, 0x9}}, {0x6, 0x5, {0x3, 0x40}}, {0x0, 0x40, {0xd1fe4c3f4229c892, 0x401}}, {0x2, 0x8, {0x2}}, {0x1, 0x2, {0x3, 0x7}}, {0x4, 0x2, {0x3, 0x47}}, {0x2, 0x9, {0x0, 0x9182f715}}, {0xfff8, 0xa7c, {0x2, 0x8}}, {0x1, 0x5, {0x0, 0x80}}, {0x4, 0x0, {0x3, 0x7f}}, {0x4, 0x2, {0x3, 0x7}}, {0x4, 0xefa, {0x3, 0x9ef9}}, {0x3, 0x2, {0x1, 0x5}}, {0xd5b2, 0x6, {0x3, 0x80000001}}, {0x6, 0x1, {0x0, 0xffffff80}}, {0x6, 0x4, {0x3, 0x9}}, {0x5, 0x100, {0x3, 0x5628}}, {0x7, 0x5, {0x0, 0x7f}}, {0x1, 0x12f, {0x0, 0xffffffff}}, {0x8, 0x2, {0x0, 0xffb9}}, {0x1000, 0x4, {0x3, 0x6}}, {0x1, 0x7fff, {0x2, 0x1}}]}}}]}, 0x964}, 0x1, 0x0, 0x0, 0x20000000}, 0x4044) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_DISASSOCIATE_REQ(r7, &(0x7f0000001fc0)={&(0x7f0000001f00)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000001f80)={&(0x7f0000001f40)={0x2c, 0x0, 0x20, 0x70bd27, 0x25dfdbfe, {}, [@IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xffff}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa2}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xfffe}]}, 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x4411) syz_genetlink_get_family_id$ethtool(&(0x7f0000002000), r6) sendmsg$DEVLINK_CMD_TRAP_GET(r6, &(0x7f00000021c0)={&(0x7f0000002040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000002180)={&(0x7f0000002080)={0xc4, 0x0, 0x400, 0x70bd2a, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}]}, 0xc4}, 0x1, 0x0, 0x0, 0x8c00}, 0x4) 17:14:44 executing program 7: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x8000]}, 0x8, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x48, 0x0, 0x300, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0xa274, 0x3b}}}}, [@NL80211_ATTR_MESH_SETUP={0x28, 0x70, [@NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC={0x5, 0x6, 0x1}, @NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL={0x5, 0x1, 0x1}, @NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC={0x5, 0x6, 0x1}, @NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC={0x5, 0x6, 0x1}, @NL80211_MESH_SETUP_USERSPACE_MPM={0x4}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4008851}, 0x20000000) r1 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000180)='.pending_reads\x00', 0x151200, 0x8) sendmsg$NL80211_CMD_SET_KEY(r1, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x28, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_KEY_SEQ={0x11, 0xa, "7f6190dcfb2ffbac17c5af6bba"}]}, 0x28}, 0x1, 0x0, 0x0, 0x24000090}, 0x24000090) sendmsg$TIPC_NL_MON_GET(r1, &(0x7f0000000500)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x1b8, 0x0, 0x200, 0x70bd2a, 0x25dfdbfc, {}, [@TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x80000000}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x5}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xd4c5}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x8}]}, @TIPC_NLA_MEDIA={0x20, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_SOCK={0xf4, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7fff}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}, @TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x443}]}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x3ae}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x4}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_SOCK_CON={0x4c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xc73}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x101}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3ff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x400}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1f}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x70000000}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xcba5}, @TIPC_NLA_SOCK_CON={0x4c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7fab}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1}, @TIPC_NLA_CON_NODE={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xff}, @TIPC_NLA_CON_FLAG={0x8}]}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x200000}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xf8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x2}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7f}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xffff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x1000}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x10001}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x10}, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), r0) sendmsg$NL80211_CMD_SET_NOACK_MAP(r0, &(0x7f0000000640)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x1012000}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x40, r2, 0xc00, 0x70bd27, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x8001, 0x61}}}}, [@NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x5}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x1000}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x81}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x3}]}, 0x40}, 0x1, 0x0, 0x0, 0x4044041}, 0x801) sendmsg$NL80211_CMD_RELOAD_REGDB(r0, &(0x7f0000000740)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x14, r2, 0x4, 0x70bd26, 0x25dfdbfb, {}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4041}, 0x20040800) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000007c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_GET_MPP(r0, &(0x7f0000000880)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0xfbc3802059d9948}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)={0x40, r2, 0x200, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0xff, 0x1b}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x40}}, 0x2000000) sendmsg$AUDIT_TTY_SET(r1, &(0x7f0000000980)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x18, 0x3f9, 0x400, 0x70bd27, 0x25dfdbff, {}, ["", ""]}, 0x18}, 0x1, 0x0, 0x0, 0x8002000}, 0x4) r4 = openat$incfs(r0, &(0x7f00000009c0)='.pending_reads\x00', 0x800, 0xc8) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a40), r1) sendmsg$NL80211_CMD_ASSOCIATE(r4, &(0x7f0000000b40)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000b00)={&(0x7f0000000a80)={0x58, r5, 0x20, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x7c48, 0x79}}}}, [@NL80211_ATTR_HT_CAPABILITY={0x1e, 0x1f, {0x300, 0x3, 0x5, 0x0, {0x1000, 0x7, 0x0, 0x1f, 0x0, 0x1, 0x0, 0x1}, 0x300, 0x3, 0x9}}, @NL80211_ATTR_VHT_CAPABILITY={0x10, 0x9d, {0xc000000, {0xb95, 0x2, 0x3, 0x8001}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x4080}, 0x80) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000bc0), r0) sendmsg$NL80211_CMD_CONNECT(r4, &(0x7f0000000d00)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000c00)={0xbc, r6, 0x400, 0x70bd25, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x7, 0x14}}}}, [@NL80211_ATTR_BSS_SELECT={0x1c, 0xe3, 0x0, 0x1, [@NL80211_BSS_SELECT_ATTR_RSSI_ADJUST={0x6, 0x3, {0xb, 0x1f}}, @NL80211_BSS_SELECT_ATTR_BAND_PREF={0x8, 0x2, 0x3}, @NL80211_BSS_SELECT_ATTR_RSSI={0x4}, @NL80211_BSS_SELECT_ATTR_RSSI={0x4}]}, @NL80211_ATTR_USE_MFP={0x8}, @NL80211_ATTR_IE={0x77, 0x2a, [@mesh_config={0x71, 0x7, {0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x2, 0x1}}, @preq={0x82, 0x57, @ext={{0x1, 0x1, 0x1}, 0x80, 0xe0, 0x7ff, @device_b, 0x1, @device_b, 0x3, 0xe7, 0x5, [{{}, @device_b, 0x1}, {{}, @broadcast, 0x3ff}, {{0x1, 0x0, 0x1}, @broadcast, 0x20}, {{}, @device_b, 0x2}, {{0x1}, @broadcast, 0x4}]}}, @mesh_config={0x71, 0x7, {0x1, 0x0, 0x0, 0x0, 0x2, 0x7, 0x40}}, @gcr_ga={0xbd, 0x6, @broadcast}]}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8080}, 0x2001) r7 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000d80), 0x80, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000d40), r7) r8 = accept(0xffffffffffffffff, &(0x7f0000000dc0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4={""/10, ""/2, @initdev}}}}, &(0x7f0000000e40)=0x80) sendmsg$NL80211_CMD_SET_NOACK_MAP(r8, &(0x7f0000000f00)={&(0x7f0000000e80)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000ec0)={0xfffffffffffffffd}, 0x1, 0x0, 0x0, 0x4080}, 0x4000000) 17:14:44 executing program 6: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x1, 0x6c}, @l2cap_cid_signaling={{0x68}, [@l2cap_info_req={{0xa, 0x3f, 0x2}, {0x200}}, @l2cap_conn_rsp={{0x3, 0x5, 0x8}, {0x9, 0x80, 0x4, 0x4}}, @l2cap_conn_rsp={{0x3, 0x8, 0x8}, {0x0, 0xf6, 0x3f, 0x8}}, @l2cap_cmd_rej_unk={{0x1, 0x81, 0x2}, {0xa}}, @l2cap_conf_req={{0x4, 0x3, 0x34}, {0x6, 0xff, [@l2cap_conf_efs={0x6, 0x10, {0x2, 0x1, 0x5, 0x1f, 0x0, 0xcf87}}, @l2cap_conf_ews={0x7, 0x2, 0x58d1}, @l2cap_conf_flushto={0x2, 0x2, 0x4}, @l2cap_conf_mtu={0x1, 0x2, 0x2}, @l2cap_conf_efs={0x6, 0x10, {0x80, 0x2, 0x1f, 0x4, 0x8001, 0x9}}]}}, @l2cap_create_chan_rsp={{0xd, 0x81, 0x8}, {0x4, 0x6, 0x4, 0x4}}]}}, 0x71) syz_emit_vhci(&(0x7f0000000080)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) syz_emit_vhci(&(0x7f00000000c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000100)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x2, 0xc}, @l2cap_cid_signaling={{0x8}, [@l2cap_disconn_rsp={{0x7, 0x9e, 0x4}, {0x6, 0xffff}}]}}, 0x11) syz_emit_vhci(&(0x7f0000000140)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x3, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_rsp={{0x7, 0x1, 0x4}, {0x3, 0x1}}}}, 0x11) syz_emit_vhci(&(0x7f0000000180)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f00000001c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0x37}, @l2cap_cid_signaling={{0x33}, [@l2cap_disconn_req={{0x6, 0x40, 0x4}, {0x3, 0x400}}, @l2cap_cmd_rej_unk={{0x1, 0x40, 0x2}, {0x40}}, @l2cap_move_chan_cfm={{0x10, 0x20, 0x4}, {0xcf, 0x1}}, @l2cap_move_chan_rsp={{0xf, 0x1f, 0x4}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x8, 0x8}, {0x4, 0x8f5, 0x7, 0x8}}, @l2cap_create_chan_req={{0xc, 0x1, 0x5}, {0x3f, 0x8, 0x61}}]}}, 0x3c) syz_emit_vhci(&(0x7f0000000200)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x2f}, "3a7ff73c182d94a1f7e4c7767df610b4e8fe4965bceaa2d02bb70db54a4fdc494453a3ee057acf1b6543442838ab82"}, 0x33) syz_emit_vhci(&(0x7f0000000240)=@HCI_EVENT_PKT={0x4, @hci_ev_role_change={{0x12, 0x8}, {0x0, @any, 0x7}}}, 0xb) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x0, 0x1, 0x411}}}, 0x7) syz_emit_vhci(&(0x7f00000002c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x3, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_req={{0x14, 0x81, 0xa}, {0x8, 0x4984, 0x9, 0x3d3, 0x2}}}}, 0x17) syz_emit_vhci(&(0x7f0000000300)=@HCI_EVENT_PKT={0x4, @hci_ev_mode_change={{0x14, 0x6}, {0x40, 0xc9}}}, 0x9) syz_emit_vhci(&(0x7f0000000340)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_req={{0x14, 0x3, 0xa}, {0xb1, 0x3, 0x7f, 0x0, 0xff7e}}}}, 0x17) syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f0000000440)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x1, 0xc8, 0x2}}}, 0x7) syz_emit_vhci(&(0x7f0000000480)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x1, 0x17}, @l2cap_cid_signaling={{0x13}, [@l2cap_conf_req={{0x4, 0x3, 0x8}, {0x7, 0x1, [@l2cap_conf_mtu={0x1, 0x2, 0x8}]}}, @l2cap_move_chan_req={{0xe, 0x2, 0x3}, {0x101, 0x8}}]}}, 0x1c) syz_emit_vhci(&(0x7f00000004c0)=@HCI_SCODATA_PKT={0x3, {0x0, 0x16}, "d721bbb6145231745a230dd0a63f120ebcfd8d27184f"}, 0x1a) syz_emit_vhci(&(0x7f0000000500)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xec}, "6f94c463ce62198a928a8f852a49d55122e79bc0ca352a8263e7bab7a994bc674d6042429aa03970822269323524f03772081fc3a81b0db413d4d47619ddde1de32cf33f0e4f6b5699cd5cf153acabe8c0852241339e5103a8299bbf422a48214a45662d3cc4fb626738f3b0c94441af736cbccc2bc4d1cd7fcab99010c1623bc2d9b223b8c37260b42046c2695461a85934babb53cc1af743c36bb54fd42711c89707659ab303d138e268ab9f3ead5c0db975fb58ee25cc099d4583fb31b0c67c42574652d07ce12db018a6e45d99648b59ed5158632dcf8f5dab121753c653e3f2bedc4aebf32cc08280b7"}, 0xf0) [ 66.555246] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 66.568467] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 66.569805] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 66.577267] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 66.578486] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 66.583771] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 66.596179] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 66.598607] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 66.600037] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 66.604784] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 66.607192] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 66.608503] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 66.609550] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 66.612805] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 66.615462] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 66.616725] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 66.618570] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 66.619876] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 66.628741] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 66.631187] Bluetooth: hci0: HCI_REQ-0x0c1a [ 66.632778] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 66.634465] Bluetooth: hci1: HCI_REQ-0x0c1a [ 66.651526] Bluetooth: hci2: HCI_REQ-0x0c1a [ 66.676772] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 66.686648] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 66.689680] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 66.689932] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 66.692123] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 66.693314] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 66.695606] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 66.699944] Bluetooth: hci3: HCI_REQ-0x0c1a [ 66.703534] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 66.716998] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 66.718592] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 66.724045] Bluetooth: hci4: HCI_REQ-0x0c1a [ 66.730893] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 66.732911] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 66.734721] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 66.740091] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 66.744076] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 66.746120] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 66.747768] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 66.749111] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 66.750843] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 66.757008] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 66.758964] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 66.760253] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 66.765934] Bluetooth: hci5: HCI_REQ-0x0c1a [ 66.773807] Bluetooth: hci7: HCI_REQ-0x0c1a [ 68.694706] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 68.694893] Bluetooth: hci1: command 0x0409 tx timeout [ 68.695663] Bluetooth: hci2: command 0x0409 tx timeout [ 68.696450] Bluetooth: hci0: command 0x0409 tx timeout [ 68.758566] Bluetooth: hci4: command 0x0409 tx timeout [ 68.758734] Bluetooth: hci3: command 0x0409 tx timeout [ 68.822669] Bluetooth: hci7: command 0x0409 tx timeout [ 68.823202] Bluetooth: hci5: command 0x0409 tx timeout [ 70.742500] Bluetooth: hci2: command 0x041b tx timeout [ 70.743265] Bluetooth: hci1: command 0x041b tx timeout [ 70.744128] Bluetooth: hci0: command 0x041b tx timeout [ 70.806767] Bluetooth: hci4: command 0x041b tx timeout [ 70.807837] Bluetooth: hci3: command 0x041b tx timeout [ 70.870501] Bluetooth: hci5: command 0x041b tx timeout [ 70.871231] Bluetooth: hci7: command 0x041b tx timeout [ 71.516801] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 71.518878] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 71.521691] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 71.525657] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 71.527869] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 71.529515] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 71.534559] Bluetooth: hci6: HCI_REQ-0x0c1a [ 72.790593] Bluetooth: hci0: command 0x040f tx timeout [ 72.790669] Bluetooth: hci1: command 0x040f tx timeout [ 72.791442] Bluetooth: hci2: command 0x040f tx timeout [ 72.854788] Bluetooth: hci3: command 0x040f tx timeout [ 72.855557] Bluetooth: hci4: command 0x040f tx timeout [ 72.918500] Bluetooth: hci7: command 0x040f tx timeout [ 72.919257] Bluetooth: hci5: command 0x040f tx timeout [ 73.558490] Bluetooth: hci6: command 0x0409 tx timeout [ 74.838481] Bluetooth: hci2: command 0x0419 tx timeout [ 74.840094] Bluetooth: hci1: command 0x0419 tx timeout [ 74.840995] Bluetooth: hci0: command 0x0419 tx timeout [ 74.902890] Bluetooth: hci4: command 0x0419 tx timeout [ 74.903795] Bluetooth: hci3: command 0x0419 tx timeout [ 74.966584] Bluetooth: hci5: command 0x0419 tx timeout [ 74.967472] Bluetooth: hci7: command 0x0419 tx timeout [ 75.606543] Bluetooth: hci6: command 0x041b tx timeout [ 77.654560] Bluetooth: hci6: command 0x040f tx timeout [ 79.702581] Bluetooth: hci6: command 0x0419 tx timeout [ 122.934534] Bluetooth: Wrong link type (-22) [ 122.934983] Bluetooth: hci3: link tx timeout [ 122.935421] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 122.956541] Bluetooth: Unexpected continuation frame (len 18) [ 122.969932] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 122.973740] Bluetooth: Unexpected continuation frame (len 18) 17:15:41 executing program 6: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x1, 0x6c}, @l2cap_cid_signaling={{0x68}, [@l2cap_info_req={{0xa, 0x3f, 0x2}, {0x200}}, @l2cap_conn_rsp={{0x3, 0x5, 0x8}, {0x9, 0x80, 0x4, 0x4}}, @l2cap_conn_rsp={{0x3, 0x8, 0x8}, {0x0, 0xf6, 0x3f, 0x8}}, @l2cap_cmd_rej_unk={{0x1, 0x81, 0x2}, {0xa}}, @l2cap_conf_req={{0x4, 0x3, 0x34}, {0x6, 0xff, [@l2cap_conf_efs={0x6, 0x10, {0x2, 0x1, 0x5, 0x1f, 0x0, 0xcf87}}, @l2cap_conf_ews={0x7, 0x2, 0x58d1}, @l2cap_conf_flushto={0x2, 0x2, 0x4}, @l2cap_conf_mtu={0x1, 0x2, 0x2}, @l2cap_conf_efs={0x6, 0x10, {0x80, 0x2, 0x1f, 0x4, 0x8001, 0x9}}]}}, @l2cap_create_chan_rsp={{0xd, 0x81, 0x8}, {0x4, 0x6, 0x4, 0x4}}]}}, 0x71) syz_emit_vhci(&(0x7f0000000080)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) syz_emit_vhci(&(0x7f00000000c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000100)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x2, 0xc}, @l2cap_cid_signaling={{0x8}, [@l2cap_disconn_rsp={{0x7, 0x9e, 0x4}, {0x6, 0xffff}}]}}, 0x11) syz_emit_vhci(&(0x7f0000000140)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x3, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_rsp={{0x7, 0x1, 0x4}, {0x3, 0x1}}}}, 0x11) syz_emit_vhci(&(0x7f0000000180)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f00000001c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0x37}, @l2cap_cid_signaling={{0x33}, [@l2cap_disconn_req={{0x6, 0x40, 0x4}, {0x3, 0x400}}, @l2cap_cmd_rej_unk={{0x1, 0x40, 0x2}, {0x40}}, @l2cap_move_chan_cfm={{0x10, 0x20, 0x4}, {0xcf, 0x1}}, @l2cap_move_chan_rsp={{0xf, 0x1f, 0x4}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x8, 0x8}, {0x4, 0x8f5, 0x7, 0x8}}, @l2cap_create_chan_req={{0xc, 0x1, 0x5}, {0x3f, 0x8, 0x61}}]}}, 0x3c) syz_emit_vhci(&(0x7f0000000200)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x2f}, "3a7ff73c182d94a1f7e4c7767df610b4e8fe4965bceaa2d02bb70db54a4fdc494453a3ee057acf1b6543442838ab82"}, 0x33) syz_emit_vhci(&(0x7f0000000240)=@HCI_EVENT_PKT={0x4, @hci_ev_role_change={{0x12, 0x8}, {0x0, @any, 0x7}}}, 0xb) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x0, 0x1, 0x411}}}, 0x7) syz_emit_vhci(&(0x7f00000002c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x3, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_req={{0x14, 0x81, 0xa}, {0x8, 0x4984, 0x9, 0x3d3, 0x2}}}}, 0x17) syz_emit_vhci(&(0x7f0000000300)=@HCI_EVENT_PKT={0x4, @hci_ev_mode_change={{0x14, 0x6}, {0x40, 0xc9}}}, 0x9) syz_emit_vhci(&(0x7f0000000340)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_req={{0x14, 0x3, 0xa}, {0xb1, 0x3, 0x7f, 0x0, 0xff7e}}}}, 0x17) syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f0000000440)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x1, 0xc8, 0x2}}}, 0x7) syz_emit_vhci(&(0x7f0000000480)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x1, 0x17}, @l2cap_cid_signaling={{0x13}, [@l2cap_conf_req={{0x4, 0x3, 0x8}, {0x7, 0x1, [@l2cap_conf_mtu={0x1, 0x2, 0x8}]}}, @l2cap_move_chan_req={{0xe, 0x2, 0x3}, {0x101, 0x8}}]}}, 0x1c) syz_emit_vhci(&(0x7f00000004c0)=@HCI_SCODATA_PKT={0x3, {0x0, 0x16}, "d721bbb6145231745a230dd0a63f120ebcfd8d27184f"}, 0x1a) syz_emit_vhci(&(0x7f0000000500)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xec}, "6f94c463ce62198a928a8f852a49d55122e79bc0ca352a8263e7bab7a994bc674d6042429aa03970822269323524f03772081fc3a81b0db413d4d47619ddde1de32cf33f0e4f6b5699cd5cf153acabe8c0852241339e5103a8299bbf422a48214a45662d3cc4fb626738f3b0c94441af736cbccc2bc4d1cd7fcab99010c1623bc2d9b223b8c37260b42046c2695461a85934babb53cc1af743c36bb54fd42711c89707659ab303d138e268ab9f3ead5c0db975fb58ee25cc099d4583fb31b0c67c42574652d07ce12db018a6e45d99648b59ed5158632dcf8f5dab121753c653e3f2bedc4aebf32cc08280b7"}, 0xf0) [ 122.978649] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 123.179555] Bluetooth: Unexpected continuation frame (len 18) 17:15:42 executing program 6: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x1, 0x6c}, @l2cap_cid_signaling={{0x68}, [@l2cap_info_req={{0xa, 0x3f, 0x2}, {0x200}}, @l2cap_conn_rsp={{0x3, 0x5, 0x8}, {0x9, 0x80, 0x4, 0x4}}, @l2cap_conn_rsp={{0x3, 0x8, 0x8}, {0x0, 0xf6, 0x3f, 0x8}}, @l2cap_cmd_rej_unk={{0x1, 0x81, 0x2}, {0xa}}, @l2cap_conf_req={{0x4, 0x3, 0x34}, {0x6, 0xff, [@l2cap_conf_efs={0x6, 0x10, {0x2, 0x1, 0x5, 0x1f, 0x0, 0xcf87}}, @l2cap_conf_ews={0x7, 0x2, 0x58d1}, @l2cap_conf_flushto={0x2, 0x2, 0x4}, @l2cap_conf_mtu={0x1, 0x2, 0x2}, @l2cap_conf_efs={0x6, 0x10, {0x80, 0x2, 0x1f, 0x4, 0x8001, 0x9}}]}}, @l2cap_create_chan_rsp={{0xd, 0x81, 0x8}, {0x4, 0x6, 0x4, 0x4}}]}}, 0x71) syz_emit_vhci(&(0x7f0000000080)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) syz_emit_vhci(&(0x7f00000000c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000100)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x2, 0xc}, @l2cap_cid_signaling={{0x8}, [@l2cap_disconn_rsp={{0x7, 0x9e, 0x4}, {0x6, 0xffff}}]}}, 0x11) syz_emit_vhci(&(0x7f0000000140)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x3, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_rsp={{0x7, 0x1, 0x4}, {0x3, 0x1}}}}, 0x11) syz_emit_vhci(&(0x7f0000000180)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f00000001c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0x37}, @l2cap_cid_signaling={{0x33}, [@l2cap_disconn_req={{0x6, 0x40, 0x4}, {0x3, 0x400}}, @l2cap_cmd_rej_unk={{0x1, 0x40, 0x2}, {0x40}}, @l2cap_move_chan_cfm={{0x10, 0x20, 0x4}, {0xcf, 0x1}}, @l2cap_move_chan_rsp={{0xf, 0x1f, 0x4}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x8, 0x8}, {0x4, 0x8f5, 0x7, 0x8}}, @l2cap_create_chan_req={{0xc, 0x1, 0x5}, {0x3f, 0x8, 0x61}}]}}, 0x3c) syz_emit_vhci(&(0x7f0000000200)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x2f}, "3a7ff73c182d94a1f7e4c7767df610b4e8fe4965bceaa2d02bb70db54a4fdc494453a3ee057acf1b6543442838ab82"}, 0x33) syz_emit_vhci(&(0x7f0000000240)=@HCI_EVENT_PKT={0x4, @hci_ev_role_change={{0x12, 0x8}, {0x0, @any, 0x7}}}, 0xb) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x0, 0x1, 0x411}}}, 0x7) syz_emit_vhci(&(0x7f00000002c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x3, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_req={{0x14, 0x81, 0xa}, {0x8, 0x4984, 0x9, 0x3d3, 0x2}}}}, 0x17) syz_emit_vhci(&(0x7f0000000300)=@HCI_EVENT_PKT={0x4, @hci_ev_mode_change={{0x14, 0x6}, {0x40, 0xc9}}}, 0x9) syz_emit_vhci(&(0x7f0000000340)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_req={{0x14, 0x3, 0xa}, {0xb1, 0x3, 0x7f, 0x0, 0xff7e}}}}, 0x17) syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f0000000440)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x1, 0xc8, 0x2}}}, 0x7) syz_emit_vhci(&(0x7f0000000480)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x1, 0x17}, @l2cap_cid_signaling={{0x13}, [@l2cap_conf_req={{0x4, 0x3, 0x8}, {0x7, 0x1, [@l2cap_conf_mtu={0x1, 0x2, 0x8}]}}, @l2cap_move_chan_req={{0xe, 0x2, 0x3}, {0x101, 0x8}}]}}, 0x1c) syz_emit_vhci(&(0x7f00000004c0)=@HCI_SCODATA_PKT={0x3, {0x0, 0x16}, "d721bbb6145231745a230dd0a63f120ebcfd8d27184f"}, 0x1a) syz_emit_vhci(&(0x7f0000000500)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xec}, "6f94c463ce62198a928a8f852a49d55122e79bc0ca352a8263e7bab7a994bc674d6042429aa03970822269323524f03772081fc3a81b0db413d4d47619ddde1de32cf33f0e4f6b5699cd5cf153acabe8c0852241339e5103a8299bbf422a48214a45662d3cc4fb626738f3b0c94441af736cbccc2bc4d1cd7fcab99010c1623bc2d9b223b8c37260b42046c2695461a85934babb53cc1af743c36bb54fd42711c89707659ab303d138e268ab9f3ead5c0db975fb58ee25cc099d4583fb31b0c67c42574652d07ce12db018a6e45d99648b59ed5158632dcf8f5dab121753c653e3f2bedc4aebf32cc08280b7"}, 0xf0) [ 123.182537] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 123.280003] Bluetooth: Unexpected continuation frame (len 18) 17:15:42 executing program 6: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x1, 0x6c}, @l2cap_cid_signaling={{0x68}, [@l2cap_info_req={{0xa, 0x3f, 0x2}, {0x200}}, @l2cap_conn_rsp={{0x3, 0x5, 0x8}, {0x9, 0x80, 0x4, 0x4}}, @l2cap_conn_rsp={{0x3, 0x8, 0x8}, {0x0, 0xf6, 0x3f, 0x8}}, @l2cap_cmd_rej_unk={{0x1, 0x81, 0x2}, {0xa}}, @l2cap_conf_req={{0x4, 0x3, 0x34}, {0x6, 0xff, [@l2cap_conf_efs={0x6, 0x10, {0x2, 0x1, 0x5, 0x1f, 0x0, 0xcf87}}, @l2cap_conf_ews={0x7, 0x2, 0x58d1}, @l2cap_conf_flushto={0x2, 0x2, 0x4}, @l2cap_conf_mtu={0x1, 0x2, 0x2}, @l2cap_conf_efs={0x6, 0x10, {0x80, 0x2, 0x1f, 0x4, 0x8001, 0x9}}]}}, @l2cap_create_chan_rsp={{0xd, 0x81, 0x8}, {0x4, 0x6, 0x4, 0x4}}]}}, 0x71) syz_emit_vhci(&(0x7f0000000080)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) syz_emit_vhci(&(0x7f00000000c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000100)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x2, 0xc}, @l2cap_cid_signaling={{0x8}, [@l2cap_disconn_rsp={{0x7, 0x9e, 0x4}, {0x6, 0xffff}}]}}, 0x11) syz_emit_vhci(&(0x7f0000000140)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x3, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_rsp={{0x7, 0x1, 0x4}, {0x3, 0x1}}}}, 0x11) syz_emit_vhci(&(0x7f0000000180)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f00000001c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0x37}, @l2cap_cid_signaling={{0x33}, [@l2cap_disconn_req={{0x6, 0x40, 0x4}, {0x3, 0x400}}, @l2cap_cmd_rej_unk={{0x1, 0x40, 0x2}, {0x40}}, @l2cap_move_chan_cfm={{0x10, 0x20, 0x4}, {0xcf, 0x1}}, @l2cap_move_chan_rsp={{0xf, 0x1f, 0x4}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x8, 0x8}, {0x4, 0x8f5, 0x7, 0x8}}, @l2cap_create_chan_req={{0xc, 0x1, 0x5}, {0x3f, 0x8, 0x61}}]}}, 0x3c) syz_emit_vhci(&(0x7f0000000200)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x2f}, "3a7ff73c182d94a1f7e4c7767df610b4e8fe4965bceaa2d02bb70db54a4fdc494453a3ee057acf1b6543442838ab82"}, 0x33) syz_emit_vhci(&(0x7f0000000240)=@HCI_EVENT_PKT={0x4, @hci_ev_role_change={{0x12, 0x8}, {0x0, @any, 0x7}}}, 0xb) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x0, 0x1, 0x411}}}, 0x7) syz_emit_vhci(&(0x7f00000002c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x3, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_req={{0x14, 0x81, 0xa}, {0x8, 0x4984, 0x9, 0x3d3, 0x2}}}}, 0x17) syz_emit_vhci(&(0x7f0000000300)=@HCI_EVENT_PKT={0x4, @hci_ev_mode_change={{0x14, 0x6}, {0x40, 0xc9}}}, 0x9) syz_emit_vhci(&(0x7f0000000340)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_req={{0x14, 0x3, 0xa}, {0xb1, 0x3, 0x7f, 0x0, 0xff7e}}}}, 0x17) syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f0000000440)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x1, 0xc8, 0x2}}}, 0x7) syz_emit_vhci(&(0x7f0000000480)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x1, 0x17}, @l2cap_cid_signaling={{0x13}, [@l2cap_conf_req={{0x4, 0x3, 0x8}, {0x7, 0x1, [@l2cap_conf_mtu={0x1, 0x2, 0x8}]}}, @l2cap_move_chan_req={{0xe, 0x2, 0x3}, {0x101, 0x8}}]}}, 0x1c) syz_emit_vhci(&(0x7f00000004c0)=@HCI_SCODATA_PKT={0x3, {0x0, 0x16}, "d721bbb6145231745a230dd0a63f120ebcfd8d27184f"}, 0x1a) syz_emit_vhci(&(0x7f0000000500)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xec}, "6f94c463ce62198a928a8f852a49d55122e79bc0ca352a8263e7bab7a994bc674d6042429aa03970822269323524f03772081fc3a81b0db413d4d47619ddde1de32cf33f0e4f6b5699cd5cf153acabe8c0852241339e5103a8299bbf422a48214a45662d3cc4fb626738f3b0c94441af736cbccc2bc4d1cd7fcab99010c1623bc2d9b223b8c37260b42046c2695461a85934babb53cc1af743c36bb54fd42711c89707659ab303d138e268ab9f3ead5c0db975fb58ee25cc099d4583fb31b0c67c42574652d07ce12db018a6e45d99648b59ed5158632dcf8f5dab121753c653e3f2bedc4aebf32cc08280b7"}, 0xf0) [ 123.282776] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 123.370762] Bluetooth: Unexpected continuation frame (len 18) 17:15:42 executing program 6: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x1, 0x6c}, @l2cap_cid_signaling={{0x68}, [@l2cap_info_req={{0xa, 0x3f, 0x2}, {0x200}}, @l2cap_conn_rsp={{0x3, 0x5, 0x8}, {0x9, 0x80, 0x4, 0x4}}, @l2cap_conn_rsp={{0x3, 0x8, 0x8}, {0x0, 0xf6, 0x3f, 0x8}}, @l2cap_cmd_rej_unk={{0x1, 0x81, 0x2}, {0xa}}, @l2cap_conf_req={{0x4, 0x3, 0x34}, {0x6, 0xff, [@l2cap_conf_efs={0x6, 0x10, {0x2, 0x1, 0x5, 0x1f, 0x0, 0xcf87}}, @l2cap_conf_ews={0x7, 0x2, 0x58d1}, @l2cap_conf_flushto={0x2, 0x2, 0x4}, @l2cap_conf_mtu={0x1, 0x2, 0x2}, @l2cap_conf_efs={0x6, 0x10, {0x80, 0x2, 0x1f, 0x4, 0x8001, 0x9}}]}}, @l2cap_create_chan_rsp={{0xd, 0x81, 0x8}, {0x4, 0x6, 0x4, 0x4}}]}}, 0x71) syz_emit_vhci(&(0x7f0000000080)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) syz_emit_vhci(&(0x7f00000000c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000100)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x2, 0xc}, @l2cap_cid_signaling={{0x8}, [@l2cap_disconn_rsp={{0x7, 0x9e, 0x4}, {0x6, 0xffff}}]}}, 0x11) syz_emit_vhci(&(0x7f0000000140)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x3, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_rsp={{0x7, 0x1, 0x4}, {0x3, 0x1}}}}, 0x11) syz_emit_vhci(&(0x7f0000000180)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f00000001c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0x37}, @l2cap_cid_signaling={{0x33}, [@l2cap_disconn_req={{0x6, 0x40, 0x4}, {0x3, 0x400}}, @l2cap_cmd_rej_unk={{0x1, 0x40, 0x2}, {0x40}}, @l2cap_move_chan_cfm={{0x10, 0x20, 0x4}, {0xcf, 0x1}}, @l2cap_move_chan_rsp={{0xf, 0x1f, 0x4}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x8, 0x8}, {0x4, 0x8f5, 0x7, 0x8}}, @l2cap_create_chan_req={{0xc, 0x1, 0x5}, {0x3f, 0x8, 0x61}}]}}, 0x3c) syz_emit_vhci(&(0x7f0000000200)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x2f}, "3a7ff73c182d94a1f7e4c7767df610b4e8fe4965bceaa2d02bb70db54a4fdc494453a3ee057acf1b6543442838ab82"}, 0x33) syz_emit_vhci(&(0x7f0000000240)=@HCI_EVENT_PKT={0x4, @hci_ev_role_change={{0x12, 0x8}, {0x0, @any, 0x7}}}, 0xb) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x0, 0x1, 0x411}}}, 0x7) syz_emit_vhci(&(0x7f00000002c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x3, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_req={{0x14, 0x81, 0xa}, {0x8, 0x4984, 0x9, 0x3d3, 0x2}}}}, 0x17) syz_emit_vhci(&(0x7f0000000300)=@HCI_EVENT_PKT={0x4, @hci_ev_mode_change={{0x14, 0x6}, {0x40, 0xc9}}}, 0x9) syz_emit_vhci(&(0x7f0000000340)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_req={{0x14, 0x3, 0xa}, {0xb1, 0x3, 0x7f, 0x0, 0xff7e}}}}, 0x17) syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f0000000440)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x1, 0xc8, 0x2}}}, 0x7) syz_emit_vhci(&(0x7f0000000480)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x1, 0x17}, @l2cap_cid_signaling={{0x13}, [@l2cap_conf_req={{0x4, 0x3, 0x8}, {0x7, 0x1, [@l2cap_conf_mtu={0x1, 0x2, 0x8}]}}, @l2cap_move_chan_req={{0xe, 0x2, 0x3}, {0x101, 0x8}}]}}, 0x1c) syz_emit_vhci(&(0x7f00000004c0)=@HCI_SCODATA_PKT={0x3, {0x0, 0x16}, "d721bbb6145231745a230dd0a63f120ebcfd8d27184f"}, 0x1a) [ 123.373081] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 123.478118] Bluetooth: Unexpected continuation frame (len 18) 17:15:42 executing program 6: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x1, 0x6c}, @l2cap_cid_signaling={{0x68}, [@l2cap_info_req={{0xa, 0x3f, 0x2}, {0x200}}, @l2cap_conn_rsp={{0x3, 0x5, 0x8}, {0x9, 0x80, 0x4, 0x4}}, @l2cap_conn_rsp={{0x3, 0x8, 0x8}, {0x0, 0xf6, 0x3f, 0x8}}, @l2cap_cmd_rej_unk={{0x1, 0x81, 0x2}, {0xa}}, @l2cap_conf_req={{0x4, 0x3, 0x34}, {0x6, 0xff, [@l2cap_conf_efs={0x6, 0x10, {0x2, 0x1, 0x5, 0x1f, 0x0, 0xcf87}}, @l2cap_conf_ews={0x7, 0x2, 0x58d1}, @l2cap_conf_flushto={0x2, 0x2, 0x4}, @l2cap_conf_mtu={0x1, 0x2, 0x2}, @l2cap_conf_efs={0x6, 0x10, {0x80, 0x2, 0x1f, 0x4, 0x8001, 0x9}}]}}, @l2cap_create_chan_rsp={{0xd, 0x81, 0x8}, {0x4, 0x6, 0x4, 0x4}}]}}, 0x71) syz_emit_vhci(&(0x7f0000000080)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) syz_emit_vhci(&(0x7f00000000c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000100)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x2, 0xc}, @l2cap_cid_signaling={{0x8}, [@l2cap_disconn_rsp={{0x7, 0x9e, 0x4}, {0x6, 0xffff}}]}}, 0x11) syz_emit_vhci(&(0x7f0000000140)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x3, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_rsp={{0x7, 0x1, 0x4}, {0x3, 0x1}}}}, 0x11) syz_emit_vhci(&(0x7f0000000180)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f00000001c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0x37}, @l2cap_cid_signaling={{0x33}, [@l2cap_disconn_req={{0x6, 0x40, 0x4}, {0x3, 0x400}}, @l2cap_cmd_rej_unk={{0x1, 0x40, 0x2}, {0x40}}, @l2cap_move_chan_cfm={{0x10, 0x20, 0x4}, {0xcf, 0x1}}, @l2cap_move_chan_rsp={{0xf, 0x1f, 0x4}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x8, 0x8}, {0x4, 0x8f5, 0x7, 0x8}}, @l2cap_create_chan_req={{0xc, 0x1, 0x5}, {0x3f, 0x8, 0x61}}]}}, 0x3c) syz_emit_vhci(&(0x7f0000000200)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x2f}, "3a7ff73c182d94a1f7e4c7767df610b4e8fe4965bceaa2d02bb70db54a4fdc494453a3ee057acf1b6543442838ab82"}, 0x33) syz_emit_vhci(&(0x7f0000000240)=@HCI_EVENT_PKT={0x4, @hci_ev_role_change={{0x12, 0x8}, {0x0, @any, 0x7}}}, 0xb) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x0, 0x1, 0x411}}}, 0x7) syz_emit_vhci(&(0x7f00000002c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x3, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_req={{0x14, 0x81, 0xa}, {0x8, 0x4984, 0x9, 0x3d3, 0x2}}}}, 0x17) syz_emit_vhci(&(0x7f0000000300)=@HCI_EVENT_PKT={0x4, @hci_ev_mode_change={{0x14, 0x6}, {0x40, 0xc9}}}, 0x9) syz_emit_vhci(&(0x7f0000000340)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_req={{0x14, 0x3, 0xa}, {0xb1, 0x3, 0x7f, 0x0, 0xff7e}}}}, 0x17) syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f0000000440)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x1, 0xc8, 0x2}}}, 0x7) syz_emit_vhci(&(0x7f0000000480)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x1, 0x17}, @l2cap_cid_signaling={{0x13}, [@l2cap_conf_req={{0x4, 0x3, 0x8}, {0x7, 0x1, [@l2cap_conf_mtu={0x1, 0x2, 0x8}]}}, @l2cap_move_chan_req={{0xe, 0x2, 0x3}, {0x101, 0x8}}]}}, 0x1c) [ 123.485850] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 123.580601] Bluetooth: Unexpected continuation frame (len 18) 17:15:42 executing program 6: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x1, 0x6c}, @l2cap_cid_signaling={{0x68}, [@l2cap_info_req={{0xa, 0x3f, 0x2}, {0x200}}, @l2cap_conn_rsp={{0x3, 0x5, 0x8}, {0x9, 0x80, 0x4, 0x4}}, @l2cap_conn_rsp={{0x3, 0x8, 0x8}, {0x0, 0xf6, 0x3f, 0x8}}, @l2cap_cmd_rej_unk={{0x1, 0x81, 0x2}, {0xa}}, @l2cap_conf_req={{0x4, 0x3, 0x34}, {0x6, 0xff, [@l2cap_conf_efs={0x6, 0x10, {0x2, 0x1, 0x5, 0x1f, 0x0, 0xcf87}}, @l2cap_conf_ews={0x7, 0x2, 0x58d1}, @l2cap_conf_flushto={0x2, 0x2, 0x4}, @l2cap_conf_mtu={0x1, 0x2, 0x2}, @l2cap_conf_efs={0x6, 0x10, {0x80, 0x2, 0x1f, 0x4, 0x8001, 0x9}}]}}, @l2cap_create_chan_rsp={{0xd, 0x81, 0x8}, {0x4, 0x6, 0x4, 0x4}}]}}, 0x71) syz_emit_vhci(&(0x7f0000000080)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) syz_emit_vhci(&(0x7f00000000c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000100)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x2, 0xc}, @l2cap_cid_signaling={{0x8}, [@l2cap_disconn_rsp={{0x7, 0x9e, 0x4}, {0x6, 0xffff}}]}}, 0x11) syz_emit_vhci(&(0x7f0000000140)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x3, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_rsp={{0x7, 0x1, 0x4}, {0x3, 0x1}}}}, 0x11) syz_emit_vhci(&(0x7f0000000180)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f00000001c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0x37}, @l2cap_cid_signaling={{0x33}, [@l2cap_disconn_req={{0x6, 0x40, 0x4}, {0x3, 0x400}}, @l2cap_cmd_rej_unk={{0x1, 0x40, 0x2}, {0x40}}, @l2cap_move_chan_cfm={{0x10, 0x20, 0x4}, {0xcf, 0x1}}, @l2cap_move_chan_rsp={{0xf, 0x1f, 0x4}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x8, 0x8}, {0x4, 0x8f5, 0x7, 0x8}}, @l2cap_create_chan_req={{0xc, 0x1, 0x5}, {0x3f, 0x8, 0x61}}]}}, 0x3c) syz_emit_vhci(&(0x7f0000000200)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x2f}, "3a7ff73c182d94a1f7e4c7767df610b4e8fe4965bceaa2d02bb70db54a4fdc494453a3ee057acf1b6543442838ab82"}, 0x33) syz_emit_vhci(&(0x7f0000000240)=@HCI_EVENT_PKT={0x4, @hci_ev_role_change={{0x12, 0x8}, {0x0, @any, 0x7}}}, 0xb) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x0, 0x1, 0x411}}}, 0x7) syz_emit_vhci(&(0x7f00000002c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x3, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_req={{0x14, 0x81, 0xa}, {0x8, 0x4984, 0x9, 0x3d3, 0x2}}}}, 0x17) syz_emit_vhci(&(0x7f0000000300)=@HCI_EVENT_PKT={0x4, @hci_ev_mode_change={{0x14, 0x6}, {0x40, 0xc9}}}, 0x9) syz_emit_vhci(&(0x7f0000000340)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_req={{0x14, 0x3, 0xa}, {0xb1, 0x3, 0x7f, 0x0, 0xff7e}}}}, 0x17) syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f0000000440)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x1, 0xc8, 0x2}}}, 0x7) [ 123.686284] Bluetooth: Unexpected continuation frame (len 18) 17:15:42 executing program 6: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x1, 0x6c}, @l2cap_cid_signaling={{0x68}, [@l2cap_info_req={{0xa, 0x3f, 0x2}, {0x200}}, @l2cap_conn_rsp={{0x3, 0x5, 0x8}, {0x9, 0x80, 0x4, 0x4}}, @l2cap_conn_rsp={{0x3, 0x8, 0x8}, {0x0, 0xf6, 0x3f, 0x8}}, @l2cap_cmd_rej_unk={{0x1, 0x81, 0x2}, {0xa}}, @l2cap_conf_req={{0x4, 0x3, 0x34}, {0x6, 0xff, [@l2cap_conf_efs={0x6, 0x10, {0x2, 0x1, 0x5, 0x1f, 0x0, 0xcf87}}, @l2cap_conf_ews={0x7, 0x2, 0x58d1}, @l2cap_conf_flushto={0x2, 0x2, 0x4}, @l2cap_conf_mtu={0x1, 0x2, 0x2}, @l2cap_conf_efs={0x6, 0x10, {0x80, 0x2, 0x1f, 0x4, 0x8001, 0x9}}]}}, @l2cap_create_chan_rsp={{0xd, 0x81, 0x8}, {0x4, 0x6, 0x4, 0x4}}]}}, 0x71) syz_emit_vhci(&(0x7f0000000080)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) syz_emit_vhci(&(0x7f00000000c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000100)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x2, 0xc}, @l2cap_cid_signaling={{0x8}, [@l2cap_disconn_rsp={{0x7, 0x9e, 0x4}, {0x6, 0xffff}}]}}, 0x11) syz_emit_vhci(&(0x7f0000000140)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x3, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_rsp={{0x7, 0x1, 0x4}, {0x3, 0x1}}}}, 0x11) syz_emit_vhci(&(0x7f0000000180)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f00000001c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0x37}, @l2cap_cid_signaling={{0x33}, [@l2cap_disconn_req={{0x6, 0x40, 0x4}, {0x3, 0x400}}, @l2cap_cmd_rej_unk={{0x1, 0x40, 0x2}, {0x40}}, @l2cap_move_chan_cfm={{0x10, 0x20, 0x4}, {0xcf, 0x1}}, @l2cap_move_chan_rsp={{0xf, 0x1f, 0x4}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x8, 0x8}, {0x4, 0x8f5, 0x7, 0x8}}, @l2cap_create_chan_req={{0xc, 0x1, 0x5}, {0x3f, 0x8, 0x61}}]}}, 0x3c) syz_emit_vhci(&(0x7f0000000200)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x2f}, "3a7ff73c182d94a1f7e4c7767df610b4e8fe4965bceaa2d02bb70db54a4fdc494453a3ee057acf1b6543442838ab82"}, 0x33) syz_emit_vhci(&(0x7f0000000240)=@HCI_EVENT_PKT={0x4, @hci_ev_role_change={{0x12, 0x8}, {0x0, @any, 0x7}}}, 0xb) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x0, 0x1, 0x411}}}, 0x7) syz_emit_vhci(&(0x7f00000002c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x3, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_req={{0x14, 0x81, 0xa}, {0x8, 0x4984, 0x9, 0x3d3, 0x2}}}}, 0x17) syz_emit_vhci(&(0x7f0000000300)=@HCI_EVENT_PKT={0x4, @hci_ev_mode_change={{0x14, 0x6}, {0x40, 0xc9}}}, 0x9) syz_emit_vhci(&(0x7f0000000340)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_req={{0x14, 0x3, 0xa}, {0xb1, 0x3, 0x7f, 0x0, 0xff7e}}}}, 0x17) syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) [ 123.799576] Bluetooth: Unexpected continuation frame (len 18) 17:15:42 executing program 6: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x1, 0x6c}, @l2cap_cid_signaling={{0x68}, [@l2cap_info_req={{0xa, 0x3f, 0x2}, {0x200}}, @l2cap_conn_rsp={{0x3, 0x5, 0x8}, {0x9, 0x80, 0x4, 0x4}}, @l2cap_conn_rsp={{0x3, 0x8, 0x8}, {0x0, 0xf6, 0x3f, 0x8}}, @l2cap_cmd_rej_unk={{0x1, 0x81, 0x2}, {0xa}}, @l2cap_conf_req={{0x4, 0x3, 0x34}, {0x6, 0xff, [@l2cap_conf_efs={0x6, 0x10, {0x2, 0x1, 0x5, 0x1f, 0x0, 0xcf87}}, @l2cap_conf_ews={0x7, 0x2, 0x58d1}, @l2cap_conf_flushto={0x2, 0x2, 0x4}, @l2cap_conf_mtu={0x1, 0x2, 0x2}, @l2cap_conf_efs={0x6, 0x10, {0x80, 0x2, 0x1f, 0x4, 0x8001, 0x9}}]}}, @l2cap_create_chan_rsp={{0xd, 0x81, 0x8}, {0x4, 0x6, 0x4, 0x4}}]}}, 0x71) syz_emit_vhci(&(0x7f0000000080)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) syz_emit_vhci(&(0x7f00000000c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000100)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x2, 0xc}, @l2cap_cid_signaling={{0x8}, [@l2cap_disconn_rsp={{0x7, 0x9e, 0x4}, {0x6, 0xffff}}]}}, 0x11) syz_emit_vhci(&(0x7f0000000140)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x3, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_rsp={{0x7, 0x1, 0x4}, {0x3, 0x1}}}}, 0x11) syz_emit_vhci(&(0x7f0000000180)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f00000001c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0x37}, @l2cap_cid_signaling={{0x33}, [@l2cap_disconn_req={{0x6, 0x40, 0x4}, {0x3, 0x400}}, @l2cap_cmd_rej_unk={{0x1, 0x40, 0x2}, {0x40}}, @l2cap_move_chan_cfm={{0x10, 0x20, 0x4}, {0xcf, 0x1}}, @l2cap_move_chan_rsp={{0xf, 0x1f, 0x4}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x8, 0x8}, {0x4, 0x8f5, 0x7, 0x8}}, @l2cap_create_chan_req={{0xc, 0x1, 0x5}, {0x3f, 0x8, 0x61}}]}}, 0x3c) syz_emit_vhci(&(0x7f0000000200)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x2f}, "3a7ff73c182d94a1f7e4c7767df610b4e8fe4965bceaa2d02bb70db54a4fdc494453a3ee057acf1b6543442838ab82"}, 0x33) syz_emit_vhci(&(0x7f0000000240)=@HCI_EVENT_PKT={0x4, @hci_ev_role_change={{0x12, 0x8}, {0x0, @any, 0x7}}}, 0xb) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x0, 0x1, 0x411}}}, 0x7) syz_emit_vhci(&(0x7f00000002c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x3, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_req={{0x14, 0x81, 0xa}, {0x8, 0x4984, 0x9, 0x3d3, 0x2}}}}, 0x17) syz_emit_vhci(&(0x7f0000000300)=@HCI_EVENT_PKT={0x4, @hci_ev_mode_change={{0x14, 0x6}, {0x40, 0xc9}}}, 0x9) syz_emit_vhci(&(0x7f0000000340)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_req={{0x14, 0x3, 0xa}, {0xb1, 0x3, 0x7f, 0x0, 0xff7e}}}}, 0x17) syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(&(0x7f00000003c0)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) [ 123.970102] Bluetooth: Unexpected continuation frame (len 18) [ 124.419630] loop0: detected capacity change from 0 to 264192 [ 124.430253] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22 [ 124.466544] loop0: detected capacity change from 0 to 264192 [ 124.481263] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22 [ 124.592947] loop2: detected capacity change from 0 to 264192 [ 124.612744] loop2: detected capacity change from 0 to 264192 [ 125.193697] loop5: detected capacity change from 0 to 264192 [ 125.195878] ======================================================= [ 125.195878] WARNING: The mand mount option has been deprecated and [ 125.195878] and is ignored by this kernel. Remove the mand [ 125.195878] option from the mount to silence this warning. [ 125.195878] ======================================================= [ 125.213567] nfs4: Unknown parameter ':&º*' [ 125.247079] loop5: detected capacity change from 0 to 264192 [ 125.249661] nfs4: Unknown parameter ':&º*' [ 127.901977] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 127.904711] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 127.907191] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 127.908898] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 127.909927] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 127.910688] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 127.914370] Bluetooth: hci0: HCI_REQ-0x0c1a [ 127.967798] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 127.968966] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 127.971082] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 127.974489] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 127.975585] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 127.977095] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 127.983999] Bluetooth: hci5: HCI_REQ-0x0c1a [ 128.244772] audit: type=1400 audit(1664817347.114:7): avc: denied { write } for pid=3941 comm="syz-executor.4" name="task" dev="proc" ino=14660 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir permissive=1 [ 128.247781] audit: type=1400 audit(1664817347.118:8): avc: denied { add_name } for pid=3941 comm="syz-executor.4" name="3942" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir permissive=1 [ 128.249231] audit: type=1400 audit(1664817347.118:9): avc: denied { create } for pid=3941 comm="syz-executor.4" name="3942" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:kernel_t:s0 tclass=file permissive=1 [ 129.943125] Bluetooth: hci0: command 0x0409 tx timeout [ 130.006508] Bluetooth: hci5: command 0x0409 tx timeout [ 130.071503] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 131.990480] Bluetooth: hci0: command 0x041b tx timeout [ 132.054503] Bluetooth: hci5: command 0x041b tx timeout [ 132.444003] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 132.445433] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 132.446186] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 132.450708] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 132.451896] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 132.452723] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 132.457037] Bluetooth: hci7: HCI_REQ-0x0c1a [ 134.039484] Bluetooth: hci0: command 0x040f tx timeout [ 134.102471] Bluetooth: hci5: command 0x040f tx timeout [ 134.486600] Bluetooth: hci7: command 0x0409 tx timeout [ 136.086472] Bluetooth: hci0: command 0x0419 tx timeout [ 136.150711] Bluetooth: hci5: command 0x0419 tx timeout [ 136.534487] Bluetooth: hci7: command 0x041b tx timeout [ 138.582565] Bluetooth: hci7: command 0x040f tx timeout [ 140.630503] Bluetooth: hci7: command 0x0419 tx timeout [ 154.500171] audit: type=1400 audit(1664817373.371:10): avc: denied { open } for pid=5291 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 154.503349] audit: type=1400 audit(1664817373.371:11): avc: denied { kernel } for pid=5291 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 17:16:27 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x0, 0x12) sendfile(0xffffffffffffffff, r0, 0x0, 0x0) r1 = getpid() pidfd_open(r1, 0x0) r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$sock_inet_tcp_SIOCINQ(r2, 0x541b, 0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x20, 0x0, 0x20, 0x1, 0x0, 0x6afb, 0xd6c00, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x5, 0x0, @perf_config_ext={0x2a847df9, 0x9}, 0x4800, 0x8, 0x7, 0x9, 0x1, 0x6, 0x3, 0x0, 0x5, 0x0, 0x91f3}, r1, 0xc, r2, 0x9) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000200)=ANY=[@ANYBLOB, @ANYRES32=0xffffffffffffffff, @ANYBLOB='B\x00\x00\x00\x00\x00\x00\x00./file1']) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffc}, 0x0, 0x0, 0xf523}, 0x0, 0xffffffffffffffff, r3, 0x0) fallocate(0xffffffffffffffff, 0x20, 0x0, 0x2) perf_event_open(&(0x7f0000000140)={0x4, 0x80, 0x1, 0x1f, 0xec, 0x1, 0x0, 0x4, 0xa0053, 0x11, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x401, 0x1}, 0x0, 0x800, 0xffffff84, 0x0, 0xed2, 0x101, 0x1, 0x0, 0x0, 0x0, 0x6287}, 0x0, 0x0, 0xffffffffffffffff, 0x3) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$EXT4_IOC_CHECKPOINT(r4, 0x4004662b, &(0x7f0000000340)) setsockopt$inet6_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4) ioctl$BTRFS_IOC_SET_FEATURES(0xffffffffffffffff, 0x40309439, &(0x7f0000000240)={0x0, 0x0, 0xa}) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fallocate(r5, 0xb, 0x200, 0x101) 17:16:27 executing program 1: r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_RATE_SET(r1, &(0x7f0000000a00)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000009c0)={&(0x7f0000000880)={0x12c, 0x0, 0x2, 0x70bd2a, 0x25dfdbfc, {}, [@DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0xb82}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xc0, 0xa9, @random="07f8ec6e295e95d45c01170e760432ec95b813b38eef0c1b8f19a559b20dea9373c71831708f9a7fe3a570bc5426b06d4cba683cfa3553fc69f1a2dd881ff85f0240dd1289418e45d857c44f5edff3ba01cd832365c5a50cb615b8e4574ed119c5c14550c4745eb6ac6e3dfc5ca1e1da2a2d6505a4912d7919e766eb276aa59f6b0269afee408f42af20daf18e8860a22c986daae077d7d474a4acb4704647fcd56f890ba6cf06bba806344ddd7aab91de598a0a4cf21bd316f33230"}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x80000000}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xe}]}, 0x12c}, 0x1, 0x0, 0x0, 0x20000001}, 0x4044400) open_by_handle_at(r0, &(0x7f0000000280)=ANY=[@ANYRESDEC=r0], 0x202000) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x41) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000080)={0x0, 0x0, 0x0, 'queue1\x00'}) preadv(r0, &(0x7f0000000040)=[{&(0x7f0000000180)=""/220, 0xdc}, {&(0x7f0000000340)=""/221, 0xdd}], 0x2, 0x6f, 0x2) write$sndseq(r2, &(0x7f0000000140)=[{0x5, 0x0, 0x0, 0x0, @tick, {}, {}, @control}], 0xfffffdcd) 17:16:27 executing program 5: openat$vcs(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000540), 0x0, 0x0) ioctl$BTRFS_IOC_FS_INFO(r0, 0x8400941f, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000980)='net/protocols\x00') syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) truncate(&(0x7f0000002b40)='./file0\x00', 0x0) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c) openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x20) 17:16:27 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x65, &(0x7f0000000000)=0x80000001, 0x4) getsockopt$inet6_int(r0, 0x29, 0x3e, 0x0, &(0x7f0000000100)) 17:16:27 executing program 3: perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0xc6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) r0 = epoll_create(0x4) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000240)={0xa0002000}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) dup2(0xffffffffffffffff, r0) r3 = dup(r2) write$binfmt_elf32(r3, &(0x7f0000000600)={{0x7f, 0x45, 0x4c, 0x46, 0x3f, 0x9, 0x4, 0x2, 0x1, 0x3, 0x6, 0x1, 0x1a4, 0x38, 0x33c, 0x8, 0xfa0, 0x20, 0x1, 0x1e5, 0x1, 0x7}, [{0x70000000, 0x1000, 0x40, 0x8, 0x8, 0x7fff, 0x0, 0x2}], "d56046d0e61ab2fe05828ddba87db63eaa8c887c44b413221e33da4ce5f798ebb2482cd6e31100aed52dc056e7c5bec71b1b13868f849f5d973c88049ca315df424a2b0ed634eeeb767f7b90b6679c3cd5f7ca3d62f0f538a8afa7e0a34429ce4489f980f05cca177cb1322d44", ['\x00', '\x00', '\x00', '\x00']}, 0x4c5) r4 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r5 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x4000, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1000002, 0x401a012, r5, 0x0) ioctl$TCSETS(r5, 0x5402, &(0x7f0000000040)={0x800, 0x0, 0x5, 0x300000, 0xb, "aa62c8d0939b88115cce2d8a56e80a6a763106"}) r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) sendmmsg(r6, &(0x7f00000078c0)=[{{&(0x7f0000000300)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}}}, 0x80, 0x0}}, {{&(0x7f0000000500)=@in={0x2, 0x0, @private}, 0x80, &(0x7f0000001a00)=[{&(0x7f0000000580)="fa8be386f01942f93dd1381c8193aca4d81d10c445c850ff3b37465a781732ab8aece0f79bdc947d5e4fc267646ecb9ad0a1a43c0c5cde50a564b709ee37f4456f0261509f82462e6caabf9916d7693e5cd666368866c04f62f84e4fbe839bc999cde731a4b01fabb96f47f8a54d191a9d", 0x71}], 0x1}}], 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000140)='attr/current\x00') pread64(r6, &(0x7f0000000300)=""/230, 0xe6, 0x2) ioctl$PERF_EVENT_IOC_DISABLE(r4, 0x2401, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) 17:16:27 executing program 7: getrlimit(0x0, &(0x7f0000000000)) syz_mount_image$iso9660(&(0x7f00000004c0), &(0x7f0000000500)='./file0\x00', 0x0, 0x0, &(0x7f0000000540), 0x1000, &(0x7f0000000580)={[{@block}, {@nojoliet}, {@iocharset={'iocharset', 0x3d, 'maccroatian'}}], [{@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}]}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, 0x0, 0x40000) syz_mount_image$iso9660(&(0x7f0000000900), &(0x7f0000000940)='./file0\x00', 0x0, 0x0, &(0x7f0000000c80)=[{&(0x7f0000000980)="f697a01728c898b5b20e9a55ed5e974d29cd4e857d9e930518d74b0fcb112225cf73555bbaa7c5ef8873e9b564380a38af87", 0x32, 0x2}, {&(0x7f0000000a00)="489d5452", 0x4, 0x5}, {&(0x7f0000000a40)="61da49d52233c9dd38fdeaecb6e6f7da6483dc1e226dbf82f0c632dcbf8bd32135919ed6b6331605345fa41d7474d4437bdb71f27916cc9f38ec0fb16e242e9d356bd33ad248c09117f30ae7bdd3934bfa4ccb60b75dc8b30d116fa2acb483bc9a4dafc3c121e577a0295aedb2f3142a433756325bd2fe5c999212c08fece1ad5c5ecf6c4d055894299bde85352539b3942f5c9b331f664b12e413cf781d68afac5fb1a7", 0xa4, 0x100000000}, {&(0x7f0000000b00)="5905152cc6e86e4efe5c8c60f3f57c26fed7c697ec0969a375b2acef5edbf6d452c597d7b2262a38870495ac4e50a6c1258f2931fdb165bc394080e27af0ee97760d88339a966a061c34967212f9645f58e4a0ad6191fb36079725b950b20c2649db81b1ad3fd3883e5615ee0f647bdea7297844127c37146570b844d009da4f74b674a740d92ac085ef3ea9cd4354c6b484de07b293df0e4806056ea9e5d8bcf42d274e581b924c24e82fb9f66821316e4b0c4569daf9bd1520f404cba66e4ae7a04afcd9760b813f32a156c7d0e7e9324fd209dafe", 0xd6, 0x2}, {&(0x7f0000000c00)="f0e81f56566b451bcd6f6c72e4e5a17254e82cf7f167032e775faa1ac42d28576749590d45b22574dd64b49c2d0b2a9eeb23029e7629b96770b9a75642fc140ccd13a2b51d0f757da757736ddae057381fa5011447401475998dbd3ba36cf9a2e5f1beeaed28dee40c4cbbaa98d8", 0x6e, 0x3}], 0x2200000, &(0x7f0000000d00)={[{@hide}, {@gid={'gid', 0x3d, 0xee00}}], [{@subj_type={'subj_type', 0x3d, '#+{/:'}}, {@pcr}, {@subj_user={'subj_user', 0x3d, '-#'}}, {@subj_type={'subj_type', 0x3d, 'ip6tnl0\x00'}}]}) ioctl$TCSBRKP(0xffffffffffffffff, 0x5425, 0x0) syz_mount_image$iso9660(&(0x7f0000000e00), &(0x7f0000000e40)='./file0\x00', 0x0, 0x4, &(0x7f0000002140)=[{0x0}, {0x0}, {&(0x7f0000001000)}, {0x0}], 0x10000, &(0x7f0000002200)={[{@overriderock}, {@utf8}, {@map_normal}, {@map_acorn}]}) sendmsg$ETHTOOL_MSG_LINKINFO_GET(0xffffffffffffffff, 0x0, 0x800) r0 = getpid() pidfd_open(r0, 0x0) prlimit64(r0, 0x4, &(0x7f0000000040)={0x80000001, 0x3}, 0x0) 17:16:27 executing program 6: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x1, 0x6c}, @l2cap_cid_signaling={{0x68}, [@l2cap_info_req={{0xa, 0x3f, 0x2}, {0x200}}, @l2cap_conn_rsp={{0x3, 0x5, 0x8}, {0x9, 0x80, 0x4, 0x4}}, @l2cap_conn_rsp={{0x3, 0x8, 0x8}, {0x0, 0xf6, 0x3f, 0x8}}, @l2cap_cmd_rej_unk={{0x1, 0x81, 0x2}, {0xa}}, @l2cap_conf_req={{0x4, 0x3, 0x34}, {0x6, 0xff, [@l2cap_conf_efs={0x6, 0x10, {0x2, 0x1, 0x5, 0x1f, 0x0, 0xcf87}}, @l2cap_conf_ews={0x7, 0x2, 0x58d1}, @l2cap_conf_flushto={0x2, 0x2, 0x4}, @l2cap_conf_mtu={0x1, 0x2, 0x2}, @l2cap_conf_efs={0x6, 0x10, {0x80, 0x2, 0x1f, 0x4, 0x8001, 0x9}}]}}, @l2cap_create_chan_rsp={{0xd, 0x81, 0x8}, {0x4, 0x6, 0x4, 0x4}}]}}, 0x71) syz_emit_vhci(&(0x7f0000000080)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) syz_emit_vhci(&(0x7f00000000c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000100)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x2, 0xc}, @l2cap_cid_signaling={{0x8}, [@l2cap_disconn_rsp={{0x7, 0x9e, 0x4}, {0x6, 0xffff}}]}}, 0x11) syz_emit_vhci(&(0x7f0000000140)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x3, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_rsp={{0x7, 0x1, 0x4}, {0x3, 0x1}}}}, 0x11) syz_emit_vhci(&(0x7f0000000180)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f00000001c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0x37}, @l2cap_cid_signaling={{0x33}, [@l2cap_disconn_req={{0x6, 0x40, 0x4}, {0x3, 0x400}}, @l2cap_cmd_rej_unk={{0x1, 0x40, 0x2}, {0x40}}, @l2cap_move_chan_cfm={{0x10, 0x20, 0x4}, {0xcf, 0x1}}, @l2cap_move_chan_rsp={{0xf, 0x1f, 0x4}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x8, 0x8}, {0x4, 0x8f5, 0x7, 0x8}}, @l2cap_create_chan_req={{0xc, 0x1, 0x5}, {0x3f, 0x8, 0x61}}]}}, 0x3c) syz_emit_vhci(&(0x7f0000000200)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x2f}, "3a7ff73c182d94a1f7e4c7767df610b4e8fe4965bceaa2d02bb70db54a4fdc494453a3ee057acf1b6543442838ab82"}, 0x33) syz_emit_vhci(&(0x7f0000000240)=@HCI_EVENT_PKT={0x4, @hci_ev_role_change={{0x12, 0x8}, {0x0, @any, 0x7}}}, 0xb) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x0, 0x1, 0x411}}}, 0x7) syz_emit_vhci(&(0x7f00000002c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x3, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_req={{0x14, 0x81, 0xa}, {0x8, 0x4984, 0x9, 0x3d3, 0x2}}}}, 0x17) syz_emit_vhci(&(0x7f0000000300)=@HCI_EVENT_PKT={0x4, @hci_ev_mode_change={{0x14, 0x6}, {0x40, 0xc9}}}, 0x9) syz_emit_vhci(&(0x7f0000000340)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_req={{0x14, 0x3, 0xa}, {0xb1, 0x3, 0x7f, 0x0, 0xff7e}}}}, 0x17) syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) 17:16:27 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x200683, 0x33) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) clone3(&(0x7f0000000640)={0x123363500, &(0x7f00000000c0), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',access=any,cache=none,debug=0']) [ 168.291142] ------------[ cut here ]------------ [ 168.291171] [ 168.291175] ====================================================== [ 168.291180] WARNING: possible circular locking dependency detected [ 168.291185] 6.0.0-rc7-next-20220930 #1 Not tainted [ 168.291195] ------------------------------------------------------ [ 168.291199] syz-executor.2/5298 is trying to acquire lock: [ 168.291208] ffffffff853faab8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 168.291261] [ 168.291261] but task is already holding lock: [ 168.291265] ffff88800fbbb020 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 168.291301] [ 168.291301] which lock already depends on the new lock. [ 168.291301] [ 168.291305] [ 168.291305] the existing dependency chain (in reverse order) is: [ 168.291310] [ 168.291310] -> #3 (&ctx->lock){....}-{2:2}: [ 168.291329] _raw_spin_lock+0x2a/0x40 [ 168.291344] __perf_event_task_sched_out+0x53b/0x18d0 [ 168.291360] __schedule+0xedd/0x2470 [ 168.291379] schedule+0xda/0x1b0 [ 168.291401] exit_to_user_mode_prepare+0x114/0x1a0 [ 168.291418] syscall_exit_to_user_mode+0x19/0x40 [ 168.291436] do_syscall_64+0x48/0x90 [ 168.291460] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 168.291478] [ 168.291478] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 168.291496] _raw_spin_lock_nested+0x30/0x40 [ 168.291511] raw_spin_rq_lock_nested+0x1e/0x30 [ 168.291529] task_fork_fair+0x63/0x4d0 [ 168.291552] sched_cgroup_fork+0x3d0/0x540 [ 168.291572] copy_process+0x4183/0x6e20 [ 168.291586] kernel_clone+0xe7/0x890 [ 168.291599] user_mode_thread+0xad/0xf0 [ 168.291613] rest_init+0x24/0x250 [ 168.291630] arch_call_rest_init+0xf/0x14 [ 168.291654] start_kernel+0x4c6/0x4eb [ 168.291675] secondary_startup_64_no_verify+0xe0/0xeb [ 168.291694] [ 168.291694] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 168.291713] _raw_spin_lock_irqsave+0x39/0x60 [ 168.291728] try_to_wake_up+0xab/0x1930 [ 168.291746] up+0x75/0xb0 [ 168.291765] __up_console_sem+0x6e/0x80 [ 168.291787] console_unlock+0x46a/0x590 [ 168.291808] do_con_write+0xc05/0x1d50 [ 168.291823] con_write+0x21/0x40 [ 168.291835] n_tty_write+0x4d4/0xfe0 [ 168.291852] file_tty_write.constprop.0+0x455/0x8a0 [ 168.291868] vfs_write+0x9c3/0xd90 [ 168.291890] ksys_write+0x127/0x250 [ 168.291911] do_syscall_64+0x3b/0x90 [ 168.291934] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 168.291951] [ 168.291951] -> #0 ((console_sem).lock){....}-{2:2}: [ 168.291970] __lock_acquire+0x2a02/0x5e70 [ 168.291993] lock_acquire+0x1a2/0x530 [ 168.292015] _raw_spin_lock_irqsave+0x39/0x60 [ 168.292029] down_trylock+0xe/0x70 [ 168.292050] __down_trylock_console_sem+0x3b/0xd0 [ 168.292072] vprintk_emit+0x16b/0x560 [ 168.292094] vprintk+0x84/0xa0 [ 168.292116] _printk+0xba/0xf1 [ 168.292131] report_bug.cold+0x72/0xab [ 168.292153] handle_bug+0x3c/0x70 [ 168.292176] exc_invalid_op+0x14/0x50 [ 168.292199] asm_exc_invalid_op+0x16/0x20 [ 168.292216] group_sched_out.part.0+0x2c7/0x460 [ 168.292240] ctx_sched_out+0x8f1/0xc10 [ 168.292266] __perf_event_task_sched_out+0x6d0/0x18d0 [ 168.292283] __schedule+0xedd/0x2470 [ 168.292302] schedule+0xda/0x1b0 [ 168.292320] exit_to_user_mode_prepare+0x114/0x1a0 [ 168.292335] syscall_exit_to_user_mode+0x19/0x40 [ 168.292352] do_syscall_64+0x48/0x90 [ 168.292375] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 168.292392] [ 168.292392] other info that might help us debug this: [ 168.292392] [ 168.292395] Chain exists of: [ 168.292395] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 168.292395] [ 168.292416] Possible unsafe locking scenario: [ 168.292416] [ 168.292419] CPU0 CPU1 [ 168.292422] ---- ---- [ 168.292426] lock(&ctx->lock); [ 168.292433] lock(&rq->__lock); [ 168.292442] lock(&ctx->lock); [ 168.292451] lock((console_sem).lock); [ 168.292459] [ 168.292459] *** DEADLOCK *** [ 168.292459] [ 168.292461] 2 locks held by syz-executor.2/5298: [ 168.292470] #0: ffff88806cf37e98 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 168.292511] #1: ffff88800fbbb020 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 168.292547] [ 168.292547] stack backtrace: [ 168.292551] CPU: 1 PID: 5298 Comm: syz-executor.2 Not tainted 6.0.0-rc7-next-20220930 #1 [ 168.292568] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 168.292579] Call Trace: [ 168.292583] [ 168.292589] dump_stack_lvl+0x8b/0xb3 [ 168.292614] check_noncircular+0x263/0x2e0 [ 168.292637] ? format_decode+0x26c/0xb50 [ 168.292659] ? print_circular_bug+0x450/0x450 [ 168.292682] ? simple_strtoul+0x30/0x30 [ 168.292704] ? format_decode+0x26c/0xb50 [ 168.292728] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 168.292752] __lock_acquire+0x2a02/0x5e70 [ 168.292782] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 168.292813] lock_acquire+0x1a2/0x530 [ 168.292835] ? down_trylock+0xe/0x70 [ 168.292859] ? lock_release+0x750/0x750 [ 168.292887] ? vprintk+0x84/0xa0 [ 168.292912] _raw_spin_lock_irqsave+0x39/0x60 [ 168.292927] ? down_trylock+0xe/0x70 [ 168.292949] down_trylock+0xe/0x70 [ 168.292971] ? vprintk+0x84/0xa0 [ 168.292994] __down_trylock_console_sem+0x3b/0xd0 [ 168.293018] vprintk_emit+0x16b/0x560 [ 168.293044] vprintk+0x84/0xa0 [ 168.293068] _printk+0xba/0xf1 [ 168.293084] ? record_print_text.cold+0x16/0x16 [ 168.293105] ? report_bug.cold+0x66/0xab [ 168.293130] ? group_sched_out.part.0+0x2c7/0x460 [ 168.293155] report_bug.cold+0x72/0xab [ 168.293181] handle_bug+0x3c/0x70 [ 168.293205] exc_invalid_op+0x14/0x50 [ 168.293230] asm_exc_invalid_op+0x16/0x20 [ 168.293248] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 168.293276] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 0b 18 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 168.293291] RSP: 0018:ffff88801ab37c48 EFLAGS: 00010006 [ 168.293304] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 168.293314] RDX: ffff88803ff01ac0 RSI: ffffffff81565dc7 RDI: 0000000000000005 [ 168.293325] RBP: ffff888040bc0000 R08: 0000000000000005 R09: 0000000000000001 [ 168.293335] R10: 0000000000000000 R11: ffffffff865b405b R12: ffff88800fbbb000 [ 168.293345] R13: ffff88806cf3d2c0 R14: ffffffff8547d000 R15: 0000000000000002 [ 168.293360] ? group_sched_out.part.0+0x2c7/0x460 [ 168.293388] ? group_sched_out.part.0+0x2c7/0x460 [ 168.293415] ctx_sched_out+0x8f1/0xc10 [ 168.293442] __perf_event_task_sched_out+0x6d0/0x18d0 [ 168.293462] ? lock_is_held_type+0xd7/0x130 [ 168.293481] ? __perf_cgroup_move+0x160/0x160 [ 168.293495] ? set_next_entity+0x304/0x550 [ 168.293520] ? update_curr+0x267/0x740 [ 168.293545] ? lock_is_held_type+0xd7/0x130 [ 168.293565] __schedule+0xedd/0x2470 [ 168.293588] ? io_schedule_timeout+0x150/0x150 [ 168.293611] ? rcu_read_lock_sched_held+0x3e/0x80 [ 168.293639] schedule+0xda/0x1b0 [ 168.293660] exit_to_user_mode_prepare+0x114/0x1a0 [ 168.293677] syscall_exit_to_user_mode+0x19/0x40 [ 168.293695] do_syscall_64+0x48/0x90 [ 168.293720] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 168.293738] RIP: 0033:0x7f7f475f6b19 [ 168.293749] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 168.293764] RSP: 002b:00007f7f44b6c218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 168.293780] RAX: 0000000000000001 RBX: 00007f7f47709f68 RCX: 00007f7f475f6b19 [ 168.293792] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7f47709f6c [ 168.293804] RBP: 00007f7f47709f60 R08: 000000000000000e R09: 0000000000000000 [ 168.293814] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f7f47709f6c [ 168.293824] R13: 00007fffec4937bf R14: 00007f7f44b6c300 R15: 0000000000022000 [ 168.293841] [ 168.356998] WARNING: CPU: 1 PID: 5298 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 168.357742] Modules linked in: [ 168.358007] CPU: 1 PID: 5298 Comm: syz-executor.2 Not tainted 6.0.0-rc7-next-20220930 #1 [ 168.358647] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 168.359534] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 168.359982] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 0b 18 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 168.361411] RSP: 0018:ffff88801ab37c48 EFLAGS: 00010006 [ 168.361844] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 168.362432] RDX: ffff88803ff01ac0 RSI: ffffffff81565dc7 RDI: 0000000000000005 [ 168.362998] RBP: ffff888040bc0000 R08: 0000000000000005 R09: 0000000000000001 [ 168.363559] R10: 0000000000000000 R11: ffffffff865b405b R12: ffff88800fbbb000 [ 168.364124] R13: ffff88806cf3d2c0 R14: ffffffff8547d000 R15: 0000000000000002 [ 168.364692] FS: 00007f7f44b6c700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 168.365331] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 168.365789] CR2: 00007f2c399ff718 CR3: 000000001d9f4000 CR4: 0000000000350ee0 [ 168.366363] Call Trace: [ 168.366577] [ 168.366766] ctx_sched_out+0x8f1/0xc10 [ 168.367088] __perf_event_task_sched_out+0x6d0/0x18d0 [ 168.367502] ? lock_is_held_type+0xd7/0x130 [ 168.367852] ? __perf_cgroup_move+0x160/0x160 [ 168.368214] ? set_next_entity+0x304/0x550 [ 168.368562] ? update_curr+0x267/0x740 [ 168.368881] ? lock_is_held_type+0xd7/0x130 [ 168.369230] __schedule+0xedd/0x2470 [ 168.369543] ? io_schedule_timeout+0x150/0x150 [ 168.369926] ? rcu_read_lock_sched_held+0x3e/0x80 [ 168.370362] schedule+0xda/0x1b0 [ 168.370659] exit_to_user_mode_prepare+0x114/0x1a0 [ 168.371071] syscall_exit_to_user_mode+0x19/0x40 [ 168.371471] do_syscall_64+0x48/0x90 [ 168.371799] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 168.372239] RIP: 0033:0x7f7f475f6b19 [ 168.372558] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 168.374002] RSP: 002b:00007f7f44b6c218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 168.374591] RAX: 0000000000000001 RBX: 00007f7f47709f68 RCX: 00007f7f475f6b19 [ 168.375153] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7f47709f6c [ 168.375738] RBP: 00007f7f47709f60 R08: 000000000000000e R09: 0000000000000000 [ 168.376327] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f7f47709f6c [ 168.376917] R13: 00007fffec4937bf R14: 00007f7f44b6c300 R15: 0000000000022000 [ 168.377517] [ 168.377721] irq event stamp: 414 [ 168.378015] hardirqs last enabled at (413): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 168.378762] hardirqs last disabled at (414): [] __schedule+0x1225/0x2470 [ 168.379442] softirqs last enabled at (0): [] copy_process+0x1e15/0x6e20 [ 168.380128] softirqs last disabled at (0): [<0000000000000000>] 0x0 [ 168.380638] ---[ end trace 0000000000000000 ]--- [ 168.399775] audit: type=1400 audit(1664817387.270:12): avc: denied { block_suspend } for pid=5308 comm="syz-executor.3" capability=36 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [ 168.406955] Bluetooth: Unexpected continuation frame (len 18) 17:16:27 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f00000003c0), 0x8}, 0x1022, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r0, 0x0, 0x100000) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x2000, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r2) socket$nl_generic(0x10, 0x3, 0x10) r3 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000000)={@dev}, 0x14) getsockname$packet(r2, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000200)=0x14) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r1, 0x89fb, &(0x7f0000000240)={'ip6gre0\x00', &(0x7f0000000300)={'syztnl2\x00', 0x0, 0x4, 0xfe, 0x40, 0x5, 0x32, @ipv4={'\x00', '\xff\xff', @local}, @initdev={0xfe, 0x88, '\x00', 0x2, 0x0}, 0x7, 0x7800, 0x10001}}) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000380)=0x8) socket$nl_audit(0x10, 0x3, 0x9) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000000)={@dev={0xfe, 0x80, '\x00', 0xfd}}, 0x14) r4 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2080000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000400)={0x3, 0x80, 0x6, 0x5, 0x1, 0x3f, 0x0, 0x3ff, 0x50000, 0x4, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3b, 0x1, @perf_config_ext={0x1, 0x7fff}, 0xa8, 0x1, 0x20, 0x0, 0x0, 0x7fffffff, 0x9, 0x0, 0x4, 0x0, 0xdeb}, 0x0, 0x3, r4, 0x3) [ 168.448335] ISOFS: Unable to identify CD-ROM format. [ 168.449405] hrtimer: interrupt took 15539 ns 17:16:27 executing program 1: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x18, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf4655fdaf4655f0100ffff53ef010001000000d9f4655f000000000000000001000000000000000b0000000002000028020000028400001b0000000000000000000000000000000000000073797a6b616c6c6572000000000000002f746d702f73797a2d696d61676567656e37313539353330323300"/192, 0xc0, 0x400}, {&(0x7f0000010100)="0000000000000000000000006a641059655a4e10bf1130ee7fdbd1e0010000000c00000000000000d9f4655f00"/64, 0x40, 0x4e0}, {&(0x7f0000010200)="00000000000000000000000000000000000000000000000000000000200020000100000000000000000000000000000000000000000000003000000000000000", 0x40, 0x540}, {&(0x7f0000010300)="02000000030000000400000066000f000300040000000000000000000f007f5c", 0x20, 0x800}, {&(0x7f0000010400)="ffffff03000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000d9f4655fd9f4655fd9f4655f00"/4128, 0x1020, 0x1000}, {&(0x7f0000011500)="ed41000000080000d9f4655fdaf4655fdaf4655f00000000000004000400000000000000050000000c00"/64, 0x40, 0x2200}, {&(0x7f0000011600)="200000007412ab416fda1428af310c9a5262aa199c46017412ab511c000000d9", 0x20, 0x2280}, {&(0x7f0000011700)="c041000000380000d9f4655fd9f4655fd9f4655f00000000000002001c00000000000000000000000d0000000e0000000f0000001000000011000000120000001300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000d9f4655f000000000000000000000000000002ea00"/192, 0xc0, 0x3400}, {&(0x7f0000011800)="ed4100003c000000daf4655fdaf4655fdaf4655f0000000000000200000000000000001003000000020000000d0000001000050166696c65300000000e0000002800050766696c653100000000000000000000000000000000000000000000000000000002010b1b000000000000000000000000000000000000000000000000200000007412ab417412ab417412ab41daf4655f7412ab410000000000000000000002ea04070000000000000000000000000000646174610000000000000000", 0xc0, 0x3600}, {&(0x7f0000011900)="ed8100001a040000daf4655fdaf4655fdaf4655f000000000000010004000000000000000100000014000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000039c34d38000000000000000000000000000000000000000000000000200000007412ab417412ab417412ab41daf4655f7412ab410000000000000000", 0xa0, 0x3800}, {&(0x7f0000011a00)="ffa1000026000000daf4655fdaf4655fdaf4655f00000000000001000000000000000000010000002f746d702f73797a2d696d61676567656e3731353935333032332f66696c65302f66696c65300000000000000000000000000000000000000000000026908b44000000000000000000000000000000000000000000000000200000007412ab417412ab417412ab41daf4655f7412ab410000000000000000", 0xa0, 0x3a00}, {&(0x7f0000011b00)="ed8100000a000000daf4655fdaf4655fdaf4655f000000000000010000000000000000100100000073797a6b616c6c6572730000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000aa02805e000000000000000000000000000000000000000000000000200000007412ab417412ab417412ab41daf4655f7412ab410000000000000000000002ea040700000000000000000000000000006461746106015401000000000600000000000000786174747231000006014c0100000000060000000000000078617474723200"/256, 0x100, 0x3c00}, {&(0x7f0000011c00)="0000000000000000000000000000000078617474723200007861747472310000ed81000028230000daf4655fdaf4655fdaf4655f0000000000000200140000000000000001000000150000001600000017000000180000001900000000000000000000000000000000000000000000000000000000000000000000000000000000000000cb34f3d3000000000000000000000000000000000000000000000000200000007412ab417412ab417412ab41daf4655f7412ab410000000000000000", 0xc0, 0x3de0}, {&(0x7f0000011d00)="ed81000064000000daf4655fdaf4655fdaf4655f000000000000010000000000000000100100000073797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c91b90e27000000000000000000000000000000000000000000000000200000007412ab417412ab417412ab41daf4655f7412ab410000000000000000000002ea04073401000000002800000000000000646174610000000000000000", 0xc0, 0x4000}, {&(0x7f0000011e00)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00lersyzkallersyzkallersyzkallersyzkallers', 0x40, 0x41c0}, {&(0x7f0000011f00)="020000000c0001022e000000020000000c0002022e2e00000b00000014000a026c6f73742b666f756e6400000c0000001000050266696c65300000000f0000001000050166696c6531000000100000001000050166696c6532000000100000001000050166696c6533000000110000009407090166696c652e636f6c64000000", 0x80, 0x6000}, {&(0x7f0000012000)="0b0000000c0001022e000000020000000c0002022e2e000000000000e8070000", 0x20, 0x6800}, {&(0x7f0000012100)='\x00\x00\x00\x00\x00\b\x00'/32, 0x20, 0x7000}, {&(0x7f0000012200)='\x00\x00\x00\x00\x00\b\x00'/32, 0x20}, {&(0x7f0000012300)='\x00\x00\x00\x00\x00\b\x00'/32, 0x20, 0x8000}, {&(0x7f0000012400)='\x00\x00\x00\x00\x00\b\x00'/32, 0x20, 0x8800}, {&(0x7f0000012500)='\x00\x00\x00\x00\x00\b\x00'/32, 0x20, 0x9000}, {&(0x7f0000012600)='\x00\x00\x00\x00\x00\b\x00'/32, 0x20, 0x9800}, {&(0x7f0000012700)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0xa000}], 0x0, &(0x7f0000012c00)) mount(&(0x7f0000000040)=@nullb, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0)='f2fs\x00', 0x1200000, &(0x7f0000000140)='$\x00') 17:16:27 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000200)={&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f0000000000)=""/250, 0xfa, 0x0, &(0x7f0000000100)=""/211, 0xd3}, &(0x7f0000000240)=0x40) sendmsg$NL80211_CMD_LEAVE_IBSS(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x14, 0x0, 0x100, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @void}}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x200140c0}, 0x21) recvfrom$unix(0xffffffffffffffff, &(0x7f0000000380)=""/172, 0xac, 0x12100, 0x0, 0x0) getsockopt$bt_sco_SCO_CONNINFO(r0, 0x11, 0x2, &(0x7f0000000440)=""/5, &(0x7f0000000480)=0x5) r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$sock_inet_tcp_SIOCINQ(r1, 0x541b, 0x0) connect$bt_sco(r1, &(0x7f0000000680)={0x1f, @none}, 0x8) socket$inet6(0xa, 0x80000, 0xda42) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_MPATH(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x10400010}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x20, r2, 0x400, 0x70bd29, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x640, 0x19}}}}}, 0x20}}, 0xc010) connect$bt_sco(r0, &(0x7f0000000640), 0x8) fork() fork() ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000a00)) [ 168.489140] loop1: detected capacity change from 0 to 512 17:16:27 executing program 6: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x1, 0x6c}, @l2cap_cid_signaling={{0x68}, [@l2cap_info_req={{0xa, 0x3f, 0x2}, {0x200}}, @l2cap_conn_rsp={{0x3, 0x5, 0x8}, {0x9, 0x80, 0x4, 0x4}}, @l2cap_conn_rsp={{0x3, 0x8, 0x8}, {0x0, 0xf6, 0x3f, 0x8}}, @l2cap_cmd_rej_unk={{0x1, 0x81, 0x2}, {0xa}}, @l2cap_conf_req={{0x4, 0x3, 0x34}, {0x6, 0xff, [@l2cap_conf_efs={0x6, 0x10, {0x2, 0x1, 0x5, 0x1f, 0x0, 0xcf87}}, @l2cap_conf_ews={0x7, 0x2, 0x58d1}, @l2cap_conf_flushto={0x2, 0x2, 0x4}, @l2cap_conf_mtu={0x1, 0x2, 0x2}, @l2cap_conf_efs={0x6, 0x10, {0x80, 0x2, 0x1f, 0x4, 0x8001, 0x9}}]}}, @l2cap_create_chan_rsp={{0xd, 0x81, 0x8}, {0x4, 0x6, 0x4, 0x4}}]}}, 0x71) syz_emit_vhci(&(0x7f0000000080)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) syz_emit_vhci(&(0x7f00000000c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000100)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x2, 0xc}, @l2cap_cid_signaling={{0x8}, [@l2cap_disconn_rsp={{0x7, 0x9e, 0x4}, {0x6, 0xffff}}]}}, 0x11) syz_emit_vhci(&(0x7f0000000140)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x3, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_rsp={{0x7, 0x1, 0x4}, {0x3, 0x1}}}}, 0x11) syz_emit_vhci(&(0x7f0000000180)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f00000001c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0x37}, @l2cap_cid_signaling={{0x33}, [@l2cap_disconn_req={{0x6, 0x40, 0x4}, {0x3, 0x400}}, @l2cap_cmd_rej_unk={{0x1, 0x40, 0x2}, {0x40}}, @l2cap_move_chan_cfm={{0x10, 0x20, 0x4}, {0xcf, 0x1}}, @l2cap_move_chan_rsp={{0xf, 0x1f, 0x4}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x8, 0x8}, {0x4, 0x8f5, 0x7, 0x8}}, @l2cap_create_chan_req={{0xc, 0x1, 0x5}, {0x3f, 0x8, 0x61}}]}}, 0x3c) syz_emit_vhci(&(0x7f0000000200)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x2f}, "3a7ff73c182d94a1f7e4c7767df610b4e8fe4965bceaa2d02bb70db54a4fdc494453a3ee057acf1b6543442838ab82"}, 0x33) syz_emit_vhci(&(0x7f0000000240)=@HCI_EVENT_PKT={0x4, @hci_ev_role_change={{0x12, 0x8}, {0x0, @any, 0x7}}}, 0xb) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x0, 0x1, 0x411}}}, 0x7) syz_emit_vhci(&(0x7f00000002c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x3, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_req={{0x14, 0x81, 0xa}, {0x8, 0x4984, 0x9, 0x3d3, 0x2}}}}, 0x17) syz_emit_vhci(&(0x7f0000000300)=@HCI_EVENT_PKT={0x4, @hci_ev_mode_change={{0x14, 0x6}, {0x40, 0xc9}}}, 0x9) syz_emit_vhci(&(0x7f0000000340)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_req={{0x14, 0x3, 0xa}, {0xb1, 0x3, 0x7f, 0x0, 0xff7e}}}}, 0x17) syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) 17:16:27 executing program 5: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x1, 0x6c}, @l2cap_cid_signaling={{0x68}, [@l2cap_info_req={{0xa, 0x3f, 0x2}, {0x200}}, @l2cap_conn_rsp={{0x3, 0x5, 0x8}, {0x9, 0x80, 0x4, 0x4}}, @l2cap_conn_rsp={{0x3, 0x8, 0x8}, {0x0, 0xf6, 0x3f, 0x8}}, @l2cap_cmd_rej_unk={{0x1, 0x81, 0x2}, {0xa}}, @l2cap_conf_req={{0x4, 0x3, 0x34}, {0x6, 0xff, [@l2cap_conf_efs={0x6, 0x10, {0x2, 0x1, 0x5, 0x1f, 0x0, 0xcf87}}, @l2cap_conf_ews={0x7, 0x2, 0x58d1}, @l2cap_conf_flushto={0x2, 0x2, 0x4}, @l2cap_conf_mtu={0x1, 0x2, 0x2}, @l2cap_conf_efs={0x6, 0x10, {0x80, 0x2, 0x1f, 0x4, 0x8001, 0x9}}]}}, @l2cap_create_chan_rsp={{0xd, 0x81, 0x8}, {0x4, 0x6, 0x4, 0x4}}]}}, 0x71) syz_emit_vhci(&(0x7f0000000080)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) syz_emit_vhci(&(0x7f00000000c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000100)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x2, 0xc}, @l2cap_cid_signaling={{0x8}, [@l2cap_disconn_rsp={{0x7, 0x9e, 0x4}, {0x6, 0xffff}}]}}, 0x11) syz_emit_vhci(&(0x7f0000000140)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x3, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_rsp={{0x7, 0x1, 0x4}, {0x3, 0x1}}}}, 0x11) syz_emit_vhci(&(0x7f0000000180)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f00000001c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0x37}, @l2cap_cid_signaling={{0x33}, [@l2cap_disconn_req={{0x6, 0x40, 0x4}, {0x3, 0x400}}, @l2cap_cmd_rej_unk={{0x1, 0x40, 0x2}, {0x40}}, @l2cap_move_chan_cfm={{0x10, 0x20, 0x4}, {0xcf, 0x1}}, @l2cap_move_chan_rsp={{0xf, 0x1f, 0x4}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x8, 0x8}, {0x4, 0x8f5, 0x7, 0x8}}, @l2cap_create_chan_req={{0xc, 0x1, 0x5}, {0x3f, 0x8, 0x61}}]}}, 0x3c) syz_emit_vhci(&(0x7f0000000200)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x2f}, "3a7ff73c182d94a1f7e4c7767df610b4e8fe4965bceaa2d02bb70db54a4fdc494453a3ee057acf1b6543442838ab82"}, 0x33) syz_emit_vhci(&(0x7f0000000240)=@HCI_EVENT_PKT={0x4, @hci_ev_role_change={{0x12, 0x8}, {0x0, @any, 0x7}}}, 0xb) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x0, 0x1, 0x411}}}, 0x7) syz_emit_vhci(&(0x7f00000002c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x3, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_req={{0x14, 0x81, 0xa}, {0x8, 0x4984, 0x9, 0x3d3, 0x2}}}}, 0x17) syz_emit_vhci(&(0x7f0000000300)=@HCI_EVENT_PKT={0x4, @hci_ev_mode_change={{0x14, 0x6}, {0x40, 0xc9}}}, 0x9) syz_emit_vhci(&(0x7f0000000340)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_req={{0x14, 0x3, 0xa}, {0xb1, 0x3, 0x7f, 0x0, 0xff7e}}}}, 0x17) syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) [ 168.529756] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 168.547441] EXT4-fs (loop1): unmounting filesystem. [ 168.568975] Bluetooth: Unexpected continuation frame (len 18) 17:16:27 executing program 1: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x18, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000daf4655fdaf4655f0100ffff53ef010001000000d9f4655f000000000000000001000000000000000b0000000002000028020000028400001b0000000000000000000000000000000000000073797a6b616c6c6572000000000000002f746d702f73797a2d696d61676567656e37313539353330323300"/192, 0xc0, 0x400}, {&(0x7f0000010100)="0000000000000000000000006a641059655a4e10bf1130ee7fdbd1e0010000000c00000000000000d9f4655f00"/64, 0x40, 0x4e0}, {&(0x7f0000010200)="00000000000000000000000000000000000000000000000000000000200020000100000000000000000000000000000000000000000000003000000000000000", 0x40, 0x540}, {&(0x7f0000010300)="02000000030000000400000066000f000300040000000000000000000f007f5c", 0x20, 0x800}, {&(0x7f0000010400)="ffffff03000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000d9f4655fd9f4655fd9f4655f00"/4128, 0x1020, 0x1000}, {&(0x7f0000011500)="ed41000000080000d9f4655fdaf4655fdaf4655f00000000000004000400000000000000050000000c00"/64, 0x40, 0x2200}, {&(0x7f0000011600)="200000007412ab416fda1428af310c9a5262aa199c46017412ab511c000000d9", 0x20, 0x2280}, {&(0x7f0000011700)="c041000000380000d9f4655fd9f4655fd9f4655f00000000000002001c00000000000000000000000d0000000e0000000f0000001000000011000000120000001300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000d9f4655f000000000000000000000000000002ea00"/192, 0xc0, 0x3400}, {&(0x7f0000011800)="ed4100003c000000daf4655fdaf4655fdaf4655f0000000000000200000000000000001003000000020000000d0000001000050166696c65300000000e0000002800050766696c653100000000000000000000000000000000000000000000000000000002010b1b000000000000000000000000000000000000000000000000200000007412ab417412ab417412ab41daf4655f7412ab410000000000000000000002ea04070000000000000000000000000000646174610000000000000000", 0xc0, 0x3600}, {&(0x7f0000011900)="ed8100001a040000daf4655fdaf4655fdaf4655f000000000000010004000000000000000100000014000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000039c34d38000000000000000000000000000000000000000000000000200000007412ab417412ab417412ab41daf4655f7412ab410000000000000000", 0xa0, 0x3800}, {&(0x7f0000011a00)="ffa1000026000000daf4655fdaf4655fdaf4655f00000000000001000000000000000000010000002f746d702f73797a2d696d61676567656e3731353935333032332f66696c65302f66696c65300000000000000000000000000000000000000000000026908b44000000000000000000000000000000000000000000000000200000007412ab417412ab417412ab41daf4655f7412ab410000000000000000", 0xa0, 0x3a00}, {&(0x7f0000011b00)="ed8100000a000000daf4655fdaf4655fdaf4655f000000000000010000000000000000100100000073797a6b616c6c6572730000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000aa02805e000000000000000000000000000000000000000000000000200000007412ab417412ab417412ab41daf4655f7412ab410000000000000000000002ea040700000000000000000000000000006461746106015401000000000600000000000000786174747231000006014c0100000000060000000000000078617474723200"/256, 0x100, 0x3c00}, {&(0x7f0000011c00)="0000000000000000000000000000000078617474723200007861747472310000ed81000028230000daf4655fdaf4655fdaf4655f0000000000000200140000000000000001000000150000001600000017000000180000001900000000000000000000000000000000000000000000000000000000000000000000000000000000000000cb34f3d3000000000000000000000000000000000000000000000000200000007412ab417412ab417412ab41daf4655f7412ab410000000000000000", 0xc0, 0x3de0}, {&(0x7f0000011d00)="ed81000064000000daf4655fdaf4655fdaf4655f000000000000010000000000000000100100000073797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c91b90e27000000000000000000000000000000000000000000000000200000007412ab417412ab417412ab41daf4655f7412ab410000000000000000000002ea04073401000000002800000000000000646174610000000000000000", 0xc0, 0x4000}, {&(0x7f0000011e00)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00lersyzkallersyzkallersyzkallersyzkallers', 0x40, 0x41c0}, {&(0x7f0000011f00)="020000000c0001022e000000020000000c0002022e2e00000b00000014000a026c6f73742b666f756e6400000c0000001000050266696c65300000000f0000001000050166696c6531000000100000001000050166696c6532000000100000001000050166696c6533000000110000009407090166696c652e636f6c64000000", 0x80, 0x6000}, {&(0x7f0000012000)="0b0000000c0001022e000000020000000c0002022e2e000000000000e8070000", 0x20, 0x6800}, {&(0x7f0000012100)='\x00\x00\x00\x00\x00\b\x00'/32, 0x20, 0x7000}, {&(0x7f0000012200)='\x00\x00\x00\x00\x00\b\x00'/32, 0x20}, {&(0x7f0000012300)='\x00\x00\x00\x00\x00\b\x00'/32, 0x20, 0x8000}, {&(0x7f0000012400)='\x00\x00\x00\x00\x00\b\x00'/32, 0x20, 0x8800}, {&(0x7f0000012500)='\x00\x00\x00\x00\x00\b\x00'/32, 0x20, 0x9000}, {&(0x7f0000012600)='\x00\x00\x00\x00\x00\b\x00'/32, 0x20, 0x9800}, {&(0x7f0000012700)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0xa000}], 0x0, &(0x7f0000012c00)) mount(&(0x7f0000000040)=@nullb, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0)='f2fs\x00', 0x1200000, &(0x7f0000000140)='$\x00') [ 168.612783] loop1: detected capacity change from 0 to 512 [ 168.617481] Bluetooth: Wrong link type (-22) [ 168.618455] Bluetooth: hci4: link tx timeout [ 168.619161] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa 17:16:27 executing program 6: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x1, 0x6c}, @l2cap_cid_signaling={{0x68}, [@l2cap_info_req={{0xa, 0x3f, 0x2}, {0x200}}, @l2cap_conn_rsp={{0x3, 0x5, 0x8}, {0x9, 0x80, 0x4, 0x4}}, @l2cap_conn_rsp={{0x3, 0x8, 0x8}, {0x0, 0xf6, 0x3f, 0x8}}, @l2cap_cmd_rej_unk={{0x1, 0x81, 0x2}, {0xa}}, @l2cap_conf_req={{0x4, 0x3, 0x34}, {0x6, 0xff, [@l2cap_conf_efs={0x6, 0x10, {0x2, 0x1, 0x5, 0x1f, 0x0, 0xcf87}}, @l2cap_conf_ews={0x7, 0x2, 0x58d1}, @l2cap_conf_flushto={0x2, 0x2, 0x4}, @l2cap_conf_mtu={0x1, 0x2, 0x2}, @l2cap_conf_efs={0x6, 0x10, {0x80, 0x2, 0x1f, 0x4, 0x8001, 0x9}}]}}, @l2cap_create_chan_rsp={{0xd, 0x81, 0x8}, {0x4, 0x6, 0x4, 0x4}}]}}, 0x71) syz_emit_vhci(&(0x7f0000000080)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) syz_emit_vhci(&(0x7f00000000c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000100)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x2, 0xc}, @l2cap_cid_signaling={{0x8}, [@l2cap_disconn_rsp={{0x7, 0x9e, 0x4}, {0x6, 0xffff}}]}}, 0x11) syz_emit_vhci(&(0x7f0000000140)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x3, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_rsp={{0x7, 0x1, 0x4}, {0x3, 0x1}}}}, 0x11) syz_emit_vhci(&(0x7f0000000180)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f00000001c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0x37}, @l2cap_cid_signaling={{0x33}, [@l2cap_disconn_req={{0x6, 0x40, 0x4}, {0x3, 0x400}}, @l2cap_cmd_rej_unk={{0x1, 0x40, 0x2}, {0x40}}, @l2cap_move_chan_cfm={{0x10, 0x20, 0x4}, {0xcf, 0x1}}, @l2cap_move_chan_rsp={{0xf, 0x1f, 0x4}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x8, 0x8}, {0x4, 0x8f5, 0x7, 0x8}}, @l2cap_create_chan_req={{0xc, 0x1, 0x5}, {0x3f, 0x8, 0x61}}]}}, 0x3c) syz_emit_vhci(&(0x7f0000000200)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x2f}, "3a7ff73c182d94a1f7e4c7767df610b4e8fe4965bceaa2d02bb70db54a4fdc494453a3ee057acf1b6543442838ab82"}, 0x33) syz_emit_vhci(&(0x7f0000000240)=@HCI_EVENT_PKT={0x4, @hci_ev_role_change={{0x12, 0x8}, {0x0, @any, 0x7}}}, 0xb) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x0, 0x1, 0x411}}}, 0x7) syz_emit_vhci(&(0x7f00000002c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x3, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_req={{0x14, 0x81, 0xa}, {0x8, 0x4984, 0x9, 0x3d3, 0x2}}}}, 0x17) syz_emit_vhci(&(0x7f0000000300)=@HCI_EVENT_PKT={0x4, @hci_ev_mode_change={{0x14, 0x6}, {0x40, 0xc9}}}, 0x9) syz_emit_vhci(&(0x7f0000000340)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_req={{0x14, 0x3, 0xa}, {0xb1, 0x3, 0x7f, 0x0, 0xff7e}}}}, 0x17) [ 168.628638] Bluetooth: Unexpected continuation frame (len 18) [ 168.635308] ISOFS: Unable to identify CD-ROM format. [ 168.638720] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 168.641203] audit: type=1400 audit(1664817387.512:13): avc: denied { write } for pid=5308 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 168.661955] Bluetooth: Unexpected continuation frame (len 18) 17:16:27 executing program 5: syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x1, 0x6c}, @l2cap_cid_signaling={{0x68}, [@l2cap_info_req={{0xa, 0x3f, 0x2}, {0x200}}, @l2cap_conn_rsp={{0x3, 0x5, 0x8}, {0x9, 0x80, 0x4, 0x4}}, @l2cap_conn_rsp={{0x3, 0x8, 0x8}, {0x0, 0xf6, 0x3f, 0x8}}, @l2cap_cmd_rej_unk={{0x1, 0x81, 0x2}, {0xa}}, @l2cap_conf_req={{0x4, 0x3, 0x34}, {0x6, 0xff, [@l2cap_conf_efs={0x6, 0x10, {0x2, 0x1, 0x5, 0x1f, 0x0, 0xcf87}}, @l2cap_conf_ews={0x7, 0x2, 0x58d1}, @l2cap_conf_flushto={0x2, 0x2, 0x4}, @l2cap_conf_mtu={0x1, 0x2, 0x2}, @l2cap_conf_efs={0x6, 0x10, {0x80, 0x2, 0x1f, 0x4, 0x8001, 0x9}}]}}, @l2cap_create_chan_rsp={{0xd, 0x81, 0x8}, {0x4, 0x6, 0x4, 0x4}}]}}, 0x71) syz_emit_vhci(&(0x7f0000000080)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) syz_emit_vhci(&(0x7f00000000c0)=@HCI_VENDOR_PKT, 0x2) syz_emit_vhci(&(0x7f0000000100)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x2, 0xc}, @l2cap_cid_signaling={{0x8}, [@l2cap_disconn_rsp={{0x7, 0x9e, 0x4}, {0x6, 0xffff}}]}}, 0x11) syz_emit_vhci(&(0x7f0000000140)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x3, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_rsp={{0x7, 0x1, 0x4}, {0x3, 0x1}}}}, 0x11) syz_emit_vhci(&(0x7f0000000180)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) syz_emit_vhci(&(0x7f00000001c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0x37}, @l2cap_cid_signaling={{0x33}, [@l2cap_disconn_req={{0x6, 0x40, 0x4}, {0x3, 0x400}}, @l2cap_cmd_rej_unk={{0x1, 0x40, 0x2}, {0x40}}, @l2cap_move_chan_cfm={{0x10, 0x20, 0x4}, {0xcf, 0x1}}, @l2cap_move_chan_rsp={{0xf, 0x1f, 0x4}, {0x2}}, @l2cap_create_chan_rsp={{0xd, 0x8, 0x8}, {0x4, 0x8f5, 0x7, 0x8}}, @l2cap_create_chan_req={{0xc, 0x1, 0x5}, {0x3f, 0x8, 0x61}}]}}, 0x3c) syz_emit_vhci(&(0x7f0000000200)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x2f}, "3a7ff73c182d94a1f7e4c7767df610b4e8fe4965bceaa2d02bb70db54a4fdc494453a3ee057acf1b6543442838ab82"}, 0x33) syz_emit_vhci(&(0x7f0000000240)=@HCI_EVENT_PKT={0x4, @hci_ev_role_change={{0x12, 0x8}, {0x0, @any, 0x7}}}, 0xb) syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x0, 0x1, 0x411}}}, 0x7) syz_emit_vhci(&(0x7f00000002c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x3, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_req={{0x14, 0x81, 0xa}, {0x8, 0x4984, 0x9, 0x3d3, 0x2}}}}, 0x17) syz_emit_vhci(&(0x7f0000000300)=@HCI_EVENT_PKT={0x4, @hci_ev_mode_change={{0x14, 0x6}, {0x40, 0xc9}}}, 0x9) syz_emit_vhci(&(0x7f0000000340)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_req={{0x14, 0x3, 0xa}, {0xb1, 0x3, 0x7f, 0x0, 0xff7e}}}}, 0x17) syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) [ 168.723771] Bluetooth: Wrong link type (-22) [ 168.724925] Bluetooth: hci4: link tx timeout [ 168.725527] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 168.729365] Bluetooth: Unexpected continuation frame (len 18) [ 168.732298] EXT4-fs (loop1): unmounting filesystem. [ 170.646465] Bluetooth: hci7: command 0x0405 tx timeout VM DIAGNOSIS: 17:16:27 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=0000000000000001 RCX=ffffffff84274587 RDX=ffffed100d9e6fd1 RSI=0000000000000004 RDI=ffff88806cf37e80 RBP=ffff88806cf37e80 RSP=ffff88801aac7a98 R8 =0000000000000000 R9 =ffff88806cf37e83 R10=ffffed100d9e6fd0 R11=0000000000000001 R12=0000000000000003 R13=ffffed100d9e6fd0 R14=0000000000000001 R15=1ffff11003558f54 RIP=ffffffff84274604 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555555695400 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f629c7155e0 CR3=000000001a9c0000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM04=0000000000000000 0000000000000000 0000000000000000 00000000000000ff YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=000000000000006c RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff823bb0f1 RDI=ffffffff8765a9a0 RBP=ffffffff8765a960 RSP=ffff88801ab37690 R8 =0000000000000001 R9 =000000000000000a R10=000000000000006c R11=0000000000000001 R12=000000000000006c R13=ffffffff8765a960 R14=0000000000000010 R15=ffffffff823bb0e0 RIP=ffffffff823bb149 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f7f44b6c700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f2c399ff718 CR3=000000001d9f4000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007f7f476dd7c0 00007f7f476dd7c8 YMM02=0000000000000000 0000000000000000 00007f7f476dd7e0 00007f7f476dd7c0 YMM03=0000000000000000 0000000000000000 00007f7f476dd7c8 00007f7f476dd7c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000