Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:1816' (ECDSA) to the list of known hosts. 2022/10/05 22:16:33 fuzzer started 2022/10/05 22:16:34 dialing manager at localhost:37193 syzkaller login: [ 35.661913] cgroup: Unknown subsys name 'net' [ 35.750706] cgroup: Unknown subsys name 'rlimit' 2022/10/05 22:16:48 syscalls: 2215 2022/10/05 22:16:48 code coverage: enabled 2022/10/05 22:16:48 comparison tracing: enabled 2022/10/05 22:16:48 extra coverage: enabled 2022/10/05 22:16:48 setuid sandbox: enabled 2022/10/05 22:16:48 namespace sandbox: enabled 2022/10/05 22:16:48 Android sandbox: enabled 2022/10/05 22:16:48 fault injection: enabled 2022/10/05 22:16:48 leak checking: enabled 2022/10/05 22:16:48 net packet injection: enabled 2022/10/05 22:16:48 net device setup: enabled 2022/10/05 22:16:48 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/10/05 22:16:48 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/10/05 22:16:48 USB emulation: enabled 2022/10/05 22:16:48 hci packet injection: enabled 2022/10/05 22:16:48 wifi device emulation: failed to parse kernel version (6.0.0-next-20221005) 2022/10/05 22:16:48 802.15.4 emulation: enabled 2022/10/05 22:16:48 fetching corpus: 50, signal 23219/25005 (executing program) 2022/10/05 22:16:48 fetching corpus: 100, signal 33227/36584 (executing program) 2022/10/05 22:16:48 fetching corpus: 150, signal 40973/45771 (executing program) 2022/10/05 22:16:48 fetching corpus: 200, signal 49246/55323 (executing program) 2022/10/05 22:16:48 fetching corpus: 250, signal 52489/59929 (executing program) 2022/10/05 22:16:48 fetching corpus: 300, signal 56155/64850 (executing program) 2022/10/05 22:16:49 fetching corpus: 350, signal 66566/75993 (executing program) 2022/10/05 22:16:49 fetching corpus: 400, signal 71500/81881 (executing program) 2022/10/05 22:16:49 fetching corpus: 450, signal 74401/85818 (executing program) 2022/10/05 22:16:49 fetching corpus: 500, signal 75952/88463 (executing program) 2022/10/05 22:16:49 fetching corpus: 550, signal 79828/93191 (executing program) 2022/10/05 22:16:49 fetching corpus: 600, signal 82574/96833 (executing program) 2022/10/05 22:16:49 fetching corpus: 650, signal 85193/100307 (executing program) 2022/10/05 22:16:49 fetching corpus: 700, signal 87918/103852 (executing program) 2022/10/05 22:16:50 fetching corpus: 750, signal 90832/107527 (executing program) 2022/10/05 22:16:50 fetching corpus: 800, signal 92356/109897 (executing program) 2022/10/05 22:16:50 fetching corpus: 850, signal 94371/112654 (executing program) 2022/10/05 22:16:50 fetching corpus: 900, signal 95832/114938 (executing program) 2022/10/05 22:16:50 fetching corpus: 950, signal 97605/117452 (executing program) 2022/10/05 22:16:50 fetching corpus: 1000, signal 100010/120411 (executing program) 2022/10/05 22:16:50 fetching corpus: 1050, signal 102837/123666 (executing program) 2022/10/05 22:16:50 fetching corpus: 1100, signal 104247/125777 (executing program) 2022/10/05 22:16:50 fetching corpus: 1150, signal 105668/127858 (executing program) 2022/10/05 22:16:50 fetching corpus: 1200, signal 108038/130714 (executing program) 2022/10/05 22:16:51 fetching corpus: 1250, signal 110583/133560 (executing program) 2022/10/05 22:16:51 fetching corpus: 1300, signal 111710/135365 (executing program) 2022/10/05 22:16:51 fetching corpus: 1350, signal 113165/137321 (executing program) 2022/10/05 22:16:51 fetching corpus: 1400, signal 114602/139229 (executing program) 2022/10/05 22:16:51 fetching corpus: 1450, signal 116540/141502 (executing program) 2022/10/05 22:16:51 fetching corpus: 1500, signal 117828/143272 (executing program) 2022/10/05 22:16:51 fetching corpus: 1550, signal 119693/145378 (executing program) 2022/10/05 22:16:51 fetching corpus: 1600, signal 121192/147282 (executing program) 2022/10/05 22:16:51 fetching corpus: 1650, signal 121977/148625 (executing program) 2022/10/05 22:16:51 fetching corpus: 1700, signal 122989/150081 (executing program) 2022/10/05 22:16:52 fetching corpus: 1750, signal 124548/151931 (executing program) 2022/10/05 22:16:52 fetching corpus: 1800, signal 125245/153219 (executing program) 2022/10/05 22:16:52 fetching corpus: 1850, signal 127959/155720 (executing program) 2022/10/05 22:16:52 fetching corpus: 1900, signal 129033/157149 (executing program) 2022/10/05 22:16:52 fetching corpus: 1950, signal 130514/158826 (executing program) 2022/10/05 22:16:52 fetching corpus: 2000, signal 131285/160023 (executing program) 2022/10/05 22:16:52 fetching corpus: 2050, signal 132338/161360 (executing program) 2022/10/05 22:16:52 fetching corpus: 2100, signal 134216/163146 (executing program) 2022/10/05 22:16:52 fetching corpus: 2150, signal 135267/164447 (executing program) 2022/10/05 22:16:53 fetching corpus: 2200, signal 136029/165511 (executing program) 2022/10/05 22:16:53 fetching corpus: 2250, signal 137384/166959 (executing program) 2022/10/05 22:16:53 fetching corpus: 2300, signal 137891/167875 (executing program) 2022/10/05 22:16:53 fetching corpus: 2350, signal 138907/169094 (executing program) 2022/10/05 22:16:53 fetching corpus: 2400, signal 139879/170252 (executing program) 2022/10/05 22:16:53 fetching corpus: 2450, signal 142120/172031 (executing program) 2022/10/05 22:16:53 fetching corpus: 2500, signal 142992/173084 (executing program) 2022/10/05 22:16:53 fetching corpus: 2550, signal 143850/174102 (executing program) 2022/10/05 22:16:53 fetching corpus: 2600, signal 145402/175408 (executing program) 2022/10/05 22:16:53 fetching corpus: 2650, signal 146135/176327 (executing program) 2022/10/05 22:16:54 fetching corpus: 2700, signal 146769/177184 (executing program) 2022/10/05 22:16:54 fetching corpus: 2750, signal 148329/178480 (executing program) 2022/10/05 22:16:54 fetching corpus: 2800, signal 149065/179356 (executing program) 2022/10/05 22:16:54 fetching corpus: 2850, signal 150540/180564 (executing program) 2022/10/05 22:16:54 fetching corpus: 2900, signal 151769/181627 (executing program) 2022/10/05 22:16:54 fetching corpus: 2950, signal 152327/182434 (executing program) 2022/10/05 22:16:54 fetching corpus: 3000, signal 154287/183771 (executing program) 2022/10/05 22:16:54 fetching corpus: 3050, signal 155387/184695 (executing program) 2022/10/05 22:16:54 fetching corpus: 3100, signal 156380/185552 (executing program) 2022/10/05 22:16:55 fetching corpus: 3150, signal 157470/186444 (executing program) 2022/10/05 22:16:55 fetching corpus: 3200, signal 159147/187525 (executing program) 2022/10/05 22:16:55 fetching corpus: 3250, signal 159857/188194 (executing program) 2022/10/05 22:16:55 fetching corpus: 3300, signal 160934/188999 (executing program) 2022/10/05 22:16:55 fetching corpus: 3350, signal 161827/189729 (executing program) 2022/10/05 22:16:55 fetching corpus: 3400, signal 162343/190323 (executing program) 2022/10/05 22:16:55 fetching corpus: 3450, signal 163197/191004 (executing program) 2022/10/05 22:16:55 fetching corpus: 3500, signal 164256/191773 (executing program) 2022/10/05 22:16:56 fetching corpus: 3550, signal 165367/192485 (executing program) 2022/10/05 22:16:56 fetching corpus: 3600, signal 166401/193154 (executing program) 2022/10/05 22:16:56 fetching corpus: 3650, signal 167153/193736 (executing program) 2022/10/05 22:16:56 fetching corpus: 3700, signal 167793/194300 (executing program) 2022/10/05 22:16:56 fetching corpus: 3750, signal 168399/194822 (executing program) 2022/10/05 22:16:56 fetching corpus: 3800, signal 168973/195345 (executing program) 2022/10/05 22:16:56 fetching corpus: 3850, signal 169318/195754 (executing program) 2022/10/05 22:16:56 fetching corpus: 3900, signal 169801/196211 (executing program) 2022/10/05 22:16:56 fetching corpus: 3950, signal 170678/196752 (executing program) 2022/10/05 22:16:56 fetching corpus: 4000, signal 171815/197303 (executing program) 2022/10/05 22:16:57 fetching corpus: 4050, signal 172788/197811 (executing program) 2022/10/05 22:16:57 fetching corpus: 4100, signal 173378/198259 (executing program) 2022/10/05 22:16:57 fetching corpus: 4150, signal 173953/198664 (executing program) 2022/10/05 22:16:57 fetching corpus: 4200, signal 174481/199065 (executing program) 2022/10/05 22:16:57 fetching corpus: 4250, signal 175212/199481 (executing program) 2022/10/05 22:16:57 fetching corpus: 4300, signal 175997/199943 (executing program) 2022/10/05 22:16:57 fetching corpus: 4350, signal 177013/200365 (executing program) 2022/10/05 22:16:57 fetching corpus: 4400, signal 177386/200700 (executing program) 2022/10/05 22:16:57 fetching corpus: 4450, signal 177666/201020 (executing program) 2022/10/05 22:16:58 fetching corpus: 4500, signal 177925/201285 (executing program) 2022/10/05 22:16:58 fetching corpus: 4550, signal 178836/201636 (executing program) 2022/10/05 22:16:58 fetching corpus: 4600, signal 179539/201987 (executing program) 2022/10/05 22:16:58 fetching corpus: 4650, signal 180096/202278 (executing program) 2022/10/05 22:16:58 fetching corpus: 4700, signal 180741/202574 (executing program) 2022/10/05 22:16:58 fetching corpus: 4750, signal 181225/202837 (executing program) 2022/10/05 22:16:58 fetching corpus: 4800, signal 181891/203105 (executing program) 2022/10/05 22:16:58 fetching corpus: 4850, signal 182303/203314 (executing program) 2022/10/05 22:16:58 fetching corpus: 4900, signal 182764/203549 (executing program) 2022/10/05 22:16:58 fetching corpus: 4950, signal 183796/203852 (executing program) 2022/10/05 22:16:59 fetching corpus: 5000, signal 184144/204076 (executing program) 2022/10/05 22:16:59 fetching corpus: 5050, signal 184541/204278 (executing program) 2022/10/05 22:16:59 fetching corpus: 5100, signal 184874/204370 (executing program) 2022/10/05 22:16:59 fetching corpus: 5150, signal 185559/204373 (executing program) 2022/10/05 22:16:59 fetching corpus: 5200, signal 186239/204408 (executing program) 2022/10/05 22:16:59 fetching corpus: 5250, signal 186681/204461 (executing program) 2022/10/05 22:16:59 fetching corpus: 5253, signal 186693/204461 (executing program) 2022/10/05 22:16:59 fetching corpus: 5253, signal 186693/204461 (executing program) 2022/10/05 22:17:02 starting 8 fuzzer processes 22:17:02 executing program 0: r0 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$KDGETLED(r0, 0x4b31, &(0x7f0000000000)) ioctl$TCSBRKP(r0, 0x5425, 0x2) ioctl$PIO_UNISCRNMAP(r0, 0x4b6a, &(0x7f0000000040)="abab01fa6a08774fedc216f1b13810c2ab73445502783c93") ioctl$TIOCMGET(r0, 0x5415, &(0x7f0000000080)) ioctl$TIOCMSET(r0, 0x5418, &(0x7f00000000c0)=0x2) ioctl$KDGKBMODE(r0, 0x4b44, &(0x7f0000000100)) fremovexattr(r0, &(0x7f0000000140)=@known='trusted.overlay.redirect\x00') ioctl$BTRFS_IOC_QGROUP_LIMIT(r0, 0x8030942b, &(0x7f0000000180)={0x3ff, {0xc, 0x9a, 0x40, 0x4, 0xe42}}) r1 = dup3(r0, r0, 0x80000) ioctl$KDSETMODE(r1, 0x4b3a, 0x0) ioctl$TIOCSLCKTRMIOS(r0, 0x5457, &(0x7f00000001c0)) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f0000000200)={{0x1, 0x1, 0x18, r1, {0xee00}}, './file0\x00'}) ioctl$VT_RESIZE(r2, 0x5609, &(0x7f0000000240)={0x4, 0x1ff, 0x2}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r2, 0xc08c5335, &(0x7f0000000280)={0x4, 0x10001, 0x1, 'queue1\x00', 0x546}) ioctl$AUTOFS_IOC_SETTIMEOUT(0xffffffffffffffff, 0x80049367, &(0x7f0000000340)=0x6) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000380), 0x488000, 0x0) ioctl$TIOCSERGETLSR(r3, 0x5459, &(0x7f00000003c0)) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r2, 0xc0189373, &(0x7f0000000400)={{0x1, 0x1, 0x18, r0, {0x74}}, './file0\x00'}) sendmsg$BATADV_CMD_TP_METER(r4, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x3c, 0x0, 0x300, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x400c0}, 0x0) 22:17:02 executing program 2: keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) 22:17:02 executing program 1: write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000000)={{0xcc, 0x2, 0x40, 0x2c3, 0x2e6, 0x9, 0x9d}, "4a3fb8ae7b9d3831e12823e7274489474746facc7a3d2906db1d801a7070bd109fe3dddcd874338109814b72dbbfbd1a47828a1a6ff4645c2e84a91b2079f4cef6", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x961) ioctl$HIDIOCGRDESCSIZE(0xffffffffffffffff, 0x80044801, &(0x7f0000000980)) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000009c0), 0x482400, 0x0) write$hidraw(r0, &(0x7f0000000a00)="42809423f650a50138dcc86a2d55771334ce895a4ebbb877d410a12476a940fee4e100f6fad08d59393b4eb794df3affda8f0fa135a4e303d3c28f404efdbe02219cbf7679dd986119146f22ae3f6e4d490d4ce68a7bbb8e688ba07cdd6afd34788d40aeac1f1d67535f89facfbcc4f474035ebc3b41481e155723c2d634f67cc3e880a1638849e68dc60cf4da393cfa5e6d79779eb5971a67a50ec44da9873fa740180fe47aa19b172b8dc0e94c975cff8b37e502b74087342bb24d0aa9909add0f54d619cee4504ecd0cc02cad9f11dafd85eed91323", 0xd7) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000b80)={&(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000b00)="e30ce4aaec8f38c87856a5e9da4490e96ad1aa34b46baae2979f9e78fce8944eb8328b96e0647cf95c671c9482c58d55382729682755c6cd2d71319e4633d14c7287cf73996c700e8c4f548d536d24f42632e5518155473ee34c70", 0x5b, r0}, 0x68) r1 = syz_open_dev$vcsn(&(0x7f0000000c00), 0x80000000, 0x400000) ioctl$HIDIOCGFEATURE(r1, 0xc0404807, &(0x7f0000000c40)={0x0, "46af8ef0c880c6d655f53f0598fed731827914e466dda654587cdd7558f4036a2329ddcfb51d7c86b9601cf250f8a6f447a05340f8ef17968630751ece49d7fe"}) pipe2(&(0x7f0000000cc0)={0xffffffffffffffff}, 0x84000) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000d00)) finit_module(r1, &(0x7f0000000d40)='/dev/vcs\x00', 0x2) r3 = syz_open_dev$vcsn(&(0x7f0000000d80), 0xda2, 0x0) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000002140), 0x200000, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r1, 0xc0189378, &(0x7f0000002180)={{0x1, 0x1, 0x18, r3, {r4}}, './file0\x00'}) ioctl$SNAPSHOT_FREE(r5, 0x3305) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000004fc0)=[{{&(0x7f00000021c0)=@abs, 0x6e, &(0x7f0000003340)=[{&(0x7f0000002240)=""/4096, 0x1000}, {&(0x7f0000003240)=""/208, 0xd0}], 0x2}}, {{&(0x7f0000003380)=@abs, 0x6e, &(0x7f0000004580)=[{&(0x7f0000003400)=""/193, 0xc1}, {&(0x7f0000003500)=""/127, 0x7f}, {&(0x7f0000003580)=""/4096, 0x1000}], 0x3, &(0x7f00000045c0)=[@cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x50}}, {{&(0x7f0000004640)=@abs, 0x6e, &(0x7f00000049c0)=[{&(0x7f00000046c0)=""/111, 0x6f}, {&(0x7f0000004740)=""/138, 0x8a}, {&(0x7f0000004800)=""/121, 0x79}, {&(0x7f0000004880)=""/196, 0xc4}, {&(0x7f0000004980)=""/29, 0x1d}], 0x5, &(0x7f0000004a40)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x68}}, {{&(0x7f0000004ac0), 0x6e, &(0x7f0000004b80)=[{&(0x7f0000004b40)=""/41, 0x29}], 0x1}}, {{&(0x7f0000004bc0), 0x6e, &(0x7f0000004f00)=[{&(0x7f0000004c40)=""/153, 0x99}, {&(0x7f0000004d00)=""/120, 0x78}, {&(0x7f0000004d80)=""/116, 0x74}, {&(0x7f0000004e00)=""/228, 0xe4}], 0x4, &(0x7f0000004f40)=[@rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x58}}], 0x5, 0x0, &(0x7f0000005100)) openat(r6, &(0x7f0000005140)='./file0\x00', 0x220401, 0x14) recvmmsg(r7, &(0x7f000000dfc0)=[{{0x0, 0x0, &(0x7f0000005480)=[{&(0x7f0000005180)=""/4, 0x4}, {&(0x7f00000051c0)=""/8, 0x8}, {&(0x7f0000005200)=""/219, 0xdb}, {&(0x7f0000005300)=""/118, 0x76}, {&(0x7f0000005380)=""/189, 0xbd}, {&(0x7f0000005440)=""/9, 0x9}], 0x6, &(0x7f0000005500)=""/4096, 0x1000}, 0x9}, {{&(0x7f0000006500)=@l2tp={0x2, 0x0, @loopback}, 0x80, &(0x7f0000007680)=[{&(0x7f0000006580)=""/39, 0x27}, {&(0x7f00000065c0)=""/184, 0xb8}, {&(0x7f0000006680)=""/4096, 0x1000}], 0x3, &(0x7f00000076c0)=""/76, 0x4c}, 0x7}, {{&(0x7f0000007740)=@ax25={{0x3, @default}, [@bcast, @netrom, @default, @rose, @bcast, @remote, @rose, @rose]}, 0x80, &(0x7f0000007a40)=[{&(0x7f00000077c0)=""/220, 0xdc}, {&(0x7f00000078c0)=""/238, 0xee}, {&(0x7f00000079c0)=""/73, 0x49}], 0x3, &(0x7f0000007a80)=""/146, 0x92}, 0x6}, {{&(0x7f0000007b40)=@alg, 0x80, &(0x7f000000a040)=[{&(0x7f0000007bc0)=""/4096, 0x1000}, {&(0x7f0000008bc0)=""/162, 0xa2}, {&(0x7f0000008c80)=""/72, 0x48}, {&(0x7f0000008d00)=""/4096, 0x1000}, {&(0x7f0000009d00)=""/119, 0x77}, {&(0x7f0000009d80)=""/15, 0xf}, {&(0x7f0000009dc0)=""/77, 0x4d}, {&(0x7f0000009e40)=""/242, 0xf2}, {&(0x7f0000009f40)=""/96, 0x60}, {&(0x7f0000009fc0)=""/127, 0x7f}], 0xa, &(0x7f000000a100)=""/41, 0x29}, 0x38}, {{&(0x7f000000a140)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80, &(0x7f000000b6c0)=[{&(0x7f000000a1c0)=""/172, 0xac}, {&(0x7f000000a280)=""/97, 0x61}, {&(0x7f000000a300)=""/4096, 0x1000}, {&(0x7f000000b300)=""/207, 0xcf}, {&(0x7f000000b400)=""/12, 0xc}, {&(0x7f000000b440)=""/138, 0x8a}, {&(0x7f000000b500)=""/95, 0x5f}, {&(0x7f000000b580)=""/250, 0xfa}, {&(0x7f000000b680)}], 0x9, &(0x7f000000b780)=""/4096, 0x1000}, 0xe7e5}, {{&(0x7f000000c780), 0x80, &(0x7f000000ca00)=[{&(0x7f000000c800)=""/61, 0x3d}, {&(0x7f000000c840)=""/93, 0x5d}, {&(0x7f000000c8c0)=""/11, 0xb}, {&(0x7f000000c900)=""/223, 0xdf}], 0x4, &(0x7f000000ca40)=""/233, 0xe9}, 0x1}, {{&(0x7f000000cb40)=@x25={0x9, @remote}, 0x80, &(0x7f000000ce80)=[{&(0x7f000000cbc0)=""/75, 0x4b}, {&(0x7f000000cc40)=""/216, 0xd8}, {&(0x7f000000cd40)=""/49, 0x31}, {&(0x7f000000cd80)=""/124, 0x7c}, {&(0x7f000000ce00)=""/108, 0x6c}], 0x5}, 0x2}, {{&(0x7f000000cf00)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f000000df80)=[{&(0x7f000000cf80)=""/4096, 0x1000}], 0x1}, 0x4}], 0x8, 0x100, 0x0) r8 = epoll_create1(0x80000) ioctl$INCFS_IOC_GET_FILLED_BLOCKS(r8, 0x80286722, &(0x7f000000e2c0)={&(0x7f000000e1c0)=""/216, 0xd8, 0x5}) ioctl$INCFS_IOC_GET_FILLED_BLOCKS(0xffffffffffffffff, 0x80286722, &(0x7f000000e380)={&(0x7f000000e300)=""/83, 0x53, 0x2, 0x1b}) 22:17:02 executing program 3: r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vxcan0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCDELPRL(0xffffffffffffffff, 0x89f6, &(0x7f0000000140)={'syztnl2\x00', &(0x7f00000000c0)={'syztnl1\x00', 0x0, 0x29, 0x1, 0x80, 0x43c, 0x20, @empty, @dev={0xfe, 0x80, '\x00', 0x40}, 0x700, 0x8000, 0x8, 0xfff}}) sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000180)={0x1e0, r0, 0x300, 0x70bd2d, 0x25dfdbfe, {}, [@HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}]}, @HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'caif0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'xfrm0\x00'}]}, @HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_macvtap\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x88, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'sit0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}]}]}, 0x1e0}, 0x1, 0x0, 0x0, 0x800}, 0x80) r3 = dup(0xffffffffffffffff) sendmsg$BATADV_CMD_TP_METER_CANCEL(r3, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x64, 0x0, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x81}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xfffff25b}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x3}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x6}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xb62}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x9}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x800}]}, 0x64}, 0x1, 0x0, 0x0, 0x40000}, 0x20004810) sendmsg$BATADV_CMD_SET_HARDIF(r3, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x44, 0x0, 0x0, 0x70bd25, 0x25dfdbfd, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_GW_SEL_CLASS={0x8}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x7}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r2}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x9}]}, 0x44}, 0x1, 0x0, 0x0, 0x2000c040}, 0x804) sendmsg$TIPC_NL_MON_SET(r3, &(0x7f00000009c0)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000980)={&(0x7f00000006c0)={0x2a4, 0x0, 0x200, 0x70bd26, 0x25dfdbfd, {}, [@TIPC_NLA_NET={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x7f}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xe48}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}]}, @TIPC_NLA_NET={0x30, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x101}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x1}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x8}]}, @TIPC_NLA_NODE={0xc, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x401}]}, @TIPC_NLA_NODE={0x4c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x46, 0x4, {'gcm(aes)\x00', 0x1e, "552970373a167dce17a315b7bb82f6f2f9347e52a3d56c6c5723b1888bb2"}}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY={0x3e, 0x4, {'gcm(aes)\x00', 0x16, "bc9ada3cc370be1d017c58d5ec039c434756a5c50188"}}, @TIPC_NLA_NODE_KEY={0x3f, 0x4, {'gcm(aes)\x00', 0x17, "8f169fd8d05f4610421f732057ae0c0ba39a70a5388036"}}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xcc}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x2}]}, @TIPC_NLA_BEARER={0x9c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x40, @private2={0xfc, 0x2, '\x00', 0x1}, 0x100}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0xfffffc00, @dev={0xfe, 0x80, '\x00', 0x34}, 0x3}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0x8, @empty, 0x100}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x4c, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7}}}}]}, @TIPC_NLA_BEARER={0xac, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x10001}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7ae4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x20}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'eth', 0x3a, 'sit0\x00'}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_NAME={0x11, 0x1, @l2={'eth', 0x3a, 'macvlan1\x00'}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x5}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}]}, 0x2a4}, 0x1, 0x0, 0x0, 0x40040044}, 0x8801) setsockopt$inet6_udp_int(r3, 0x11, 0x0, &(0x7f0000000a00)=0x8000, 0x4) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r3, 0xc0189374, &(0x7f0000000a40)={{0x1, 0x1, 0x18, r3, {0xba}}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r4, 0xc0189378, &(0x7f0000000a80)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {r3}}, './file0\x00'}) getsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000ac0)={{{@in=@dev, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in=@private}}, &(0x7f0000000bc0)=0xe8) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r5, 0x89f8, &(0x7f0000000c80)={'syztnl1\x00', &(0x7f0000000c00)={'ip6gre0\x00', r6, 0x4, 0x40, 0x80, 0xe964, 0x0, @private0, @local, 0x1, 0x20, 0x8000, 0x1}}) sendmsg$AUDIT_DEL_RULE(r4, &(0x7f0000001180)={&(0x7f0000000cc0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000001140)={&(0x7f0000000d00)={0x428, 0x3f4, 0x100, 0x70bd2d, 0x25dfdbfb, {0x4, 0x0, 0xf, [0x407, 0x7f, 0x5cc2a2bc, 0x1d2, 0x0, 0x9, 0x7, 0x0, 0x7, 0x3, 0xc823, 0x1, 0x0, 0x3b7, 0x1ff, 0x7ff, 0x8, 0x6, 0x7, 0x40000000, 0xcb0, 0x7f, 0x5, 0xd424, 0x8, 0xba2, 0x0, 0x2, 0xffffffff, 0x9, 0x4, 0x6, 0xffff, 0x1, 0x3, 0x0, 0xfffffff8, 0x3, 0x1, 0x8, 0x2, 0x3, 0x400, 0x7, 0x4, 0x3, 0xfffffb4f, 0x5, 0x800, 0x3, 0x7, 0x8, 0x3, 0x0, 0x2, 0x98, 0x5, 0x6, 0x7, 0x47b5, 0xfffffffa, 0x200, 0xfff, 0x3], [0x3e0, 0x8, 0x3, 0x1ff, 0x80, 0x10001, 0x2, 0x0, 0x7ff, 0x4080000, 0x0, 0x3, 0x7f, 0x8, 0x6, 0x8, 0xff, 0x9, 0x200, 0x5, 0xffffffe1, 0xffffffff, 0x0, 0x7ff, 0x6, 0xa9b3, 0x3, 0x3037, 0x3, 0xfffffe00, 0x7, 0x101, 0x8, 0x3ff, 0x4, 0x0, 0x6, 0x20, 0x3, 0x557c, 0x8000, 0x6, 0x6, 0x88c, 0x5, 0x100, 0x3, 0x6c4, 0x3f, 0x9, 0x7f, 0xffff8001, 0xe16, 0x48b2, 0xe331, 0x7, 0xfffffffb, 0xca, 0x101, 0x6, 0x3195, 0x4, 0x1, 0x8000], [0xfffffffa, 0x9, 0xee5c, 0x7ff, 0x5, 0xfffeffff, 0x9, 0x4, 0x7, 0x7, 0x6, 0x7fffffff, 0x81, 0xfe4, 0xffffffc3, 0x5, 0x200, 0x3f, 0x9, 0xdad, 0x9, 0xff, 0xc8f4, 0x1, 0x800, 0x9, 0x7fffffff, 0x9, 0xd94, 0x9, 0x9, 0x0, 0x2, 0x81, 0x4, 0x5, 0xffff8000, 0x3152, 0x7, 0x100, 0x8, 0x6, 0x6, 0x8c, 0x8, 0x9, 0x57c2, 0x0, 0xffffffff, 0x3, 0xffffffff, 0x7ff, 0x9, 0x7, 0x1000, 0x2, 0x1, 0x8001, 0x6, 0x0, 0x3ff, 0x81, 0x400, 0x80], [0x0, 0x3, 0x3f, 0x7cce, 0x80, 0x5e7, 0x1, 0x7fffffff, 0x0, 0x9, 0x3, 0x5, 0x2, 0x673, 0x5, 0x1, 0x5, 0x0, 0xfff, 0x401, 0x7ff, 0x8, 0x2e, 0x10001, 0x8, 0x2, 0x1, 0x5, 0x80000000, 0x7, 0x2f, 0x6a2, 0x55b, 0x5, 0x0, 0x8000, 0x9, 0x3ff, 0x2, 0x0, 0x7, 0x81, 0x100, 0x81, 0x8, 0x8, 0x7fff, 0x4, 0x4, 0xca6, 0xffff0001, 0x1, 0x1ff, 0xffffff80, 0x1ff, 0x5, 0x0, 0x81, 0x8, 0x7ff, 0x9, 0x81, 0x3205973b, 0x200], 0x8, ['ip6gre0\x00']}, ["", "", "", "", "", ""]}, 0x428}, 0x1, 0x0, 0x0, 0x3}, 0x4004000) socketpair(0xa, 0xa, 0x0, &(0x7f00000011c0)={0xffffffffffffffff}) setsockopt$inet6_udp_int(r7, 0x11, 0x65, &(0x7f0000001200)=0x2, 0x4) syz_io_uring_setup(0x23a5, &(0x7f0000001240)={0x0, 0xb1df, 0x4, 0x3, 0x3a4, 0x0, r3}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f00000012c0)=0x0, &(0x7f0000001300)) syz_io_uring_submit(r8, 0x0, &(0x7f0000001380)=@IORING_OP_LINK_TIMEOUT={0xf, 0x3, 0x0, 0x0, 0x0, &(0x7f0000001340)={0x77359400}, 0x1, 0x1}, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r3, 0xc018937a, &(0x7f00000013c0)={{0x1, 0x1, 0x18, r7, {0x1}}, './file0/file0\x00'}) sendmsg$TIPC_NL_LINK_GET(r9, &(0x7f00000015c0)={&(0x7f0000001400)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000001580)={&(0x7f0000001480)={0xe4, 0x0, 0x2, 0x70bd28, 0x25dfdbfc, {}, [@TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x6}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xffffffff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x8001}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x401}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7fffffff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3f}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x6}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1ff}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x21b5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}]}, @TIPC_NLA_MON={0x24, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x10001}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7f}]}, @TIPC_NLA_BEARER={0x50, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1}, @TIPC_NLA_BEARER_NAME={0xf, 0x1, @l2={'ib', 0x3a, 'ip6tnl0\x00'}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffff8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4a0c9dbf}]}]}]}, 0xe4}, 0x1, 0x0, 0x0, 0x80}, 0x1) [ 63.826216] audit: type=1400 audit(1665008222.390:6): avc: denied { execmem } for pid=288 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 22:17:02 executing program 4: sendmsg$TIPC_NL_SOCK_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000380)={&(0x7f0000000040)={0x318, 0x0, 0x0, 0x70bd28, 0x25dfdbfd, {}, [@TIPC_NLA_NODE={0x1b8, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ID={0xd4, 0x3, "2739dfb653d9d099554c43a36d7714b79bc3303f81749df11d98af4dd72a8bf11d483bc4d8a0dc7b73463d5ce443dee84c775cefdaba3236ae7479ffbcaf88e401c90fbb3d4e938ff17f9a1fc1693810a073aed40417d865e360b685d92126bd22f3dee9cb28d5420068d4d8efd7529c1f4021ffc8454ee8197379e98de7746d3398417f5501b1b24376928290e32c8e159e876989b00d37bfc34e65a367f42ae863c5415ade630b73f253452a7b33cb201173717a5d9e979c14c61808345f649d3442d5a3eb567b1b2f6f9f3d6402c7"}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_NODE_KEY={0x41, 0x4, {'gcm(aes)\x00', 0x19, "3385c035714ff8b7269e1d1ca6d754d59b38598d21b64052e6"}}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xffff1836}, @TIPC_NLA_NODE_KEY={0x3e, 0x4, {'gcm(aes)\x00', 0x16, "24abec2367745b05ba07e814613b8c3a5bec3bc223e2"}}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "6ab8f9d58c854acc3f8dfcc16bfe8c7a2e0682c493c0ce7a73b6f3f3b3674235dcf2b69f"}}]}, @TIPC_NLA_NODE={0x64, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1ff}, @TIPC_NLA_NODE_KEY={0x45, 0x4, {'gcm(aes)\x00', 0x1d, "cfd5dc1b3aefc4f3a8e23be69f74275dd22fbf956bea8319df14186262"}}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_NODE={0xb0, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ID={0xaa, 0x3, "003ec65a4ca7de86b63d9b6153e0d0ce79a382205bfeb78d6cd83c13053e1c5b0b29df7bacbfe7462c0864f9f40334b06ae7c5d57d8c949f678bb378ba45acd5ed7e430f49892af5654f9d45ab11142299988c7d600f56638af404c5086fe23b8914c2897fc91830e38e435176312ada8edde2b39159cf9a77769979f35ce66019ac6adf728f1c3f685fe2ceb554371e12e016be03143978eb71eaa9e9a6621668517cc308a1"}]}, @TIPC_NLA_SOCK={0x38, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x6}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x51747f22}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0xf3c}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x200}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x318}, 0x1, 0x0, 0x0, 0x1}, 0x2001) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000440)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_WOWLAN(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x30, 0x0, 0x300, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x1, 0x1b}, @val={0x8, 0x3, r0}, @val={0xc, 0x99, {0x5, 0x9}}}}, ["", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x4000890}, 0x20000001) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000580), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x4c, r1, 0x8, 0x70bd2d, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x9}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1f}, @BATADV_ATTR_ORIG_INTERVAL={0x8}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x60a9}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x9}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000801}, 0x4000001) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000700), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_ORIGINATORS(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x24, r2, 0x300, 0x70bd27, 0x25dfdbfe, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0xc4) sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000880)={&(0x7f0000000840)={0x2c, 0x0, 0x8, 0x70bd2d, 0x25dfdbfc, {}, [@IEEE802154_ATTR_LLSEC_SECLEVELS={0x5, 0x35, 0x3}, @IEEE802154_ATTR_LLSEC_SECLEVELS={0x5, 0x35, 0x24}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x80) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CALIPSO_C_REMOVE(r3, &(0x7f00000009c0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x3c, 0x0, 0x800, 0x70bd2d, 0x25dfdbfc, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc5749b37564615f8}, 0x10) sendmsg$NL80211_CMD_DEAUTHENTICATE(0xffffffffffffffff, &(0x7f0000000ac0)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a40)={0x34, 0x0, 0x800, 0x70bd2c, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r0}, @val={0xc, 0x99, {0x4ce41657, 0x10}}}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x1}, @NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x400}, 0x20000140) sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000bc0)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000b80)={&(0x7f0000000b40)={0x24, 0x3, 0x6, 0x301, 0x0, 0x0, {0x1, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x8845}, 0x1) sendmsg$NL802154_CMD_SET_CCA_MODE(r3, &(0x7f0000000d00)={&(0x7f0000000c00)={0x10, 0x0, 0x0, 0x67e6c2c8f76e77ff}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000c40)={0x44, 0x0, 0x200, 0x70bd25, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x7}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_CCA_MODE={0x8, 0xc, 0x3}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000811}, 0x0) ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f0000000d40)={'wpan4\x00'}) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000d80)={{0x1, 0x1, 0x18, 0xffffffffffffffff, @out_args}, './file0\x00'}) sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(r4, &(0x7f0000001000)={&(0x7f0000000dc0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000fc0)={&(0x7f0000000e00)={0x188, 0x0, 0x20, 0x70bd2c, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x956}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x4}}, {@pci={{0x8}, {0x11}}, {0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x6}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3f}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x1ff}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1}}, {@pci={{0x8}, {0x11}}, {0x8}}]}, 0x188}, 0x1, 0x0, 0x0, 0x4000004}, 0x4) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000001080), r4) sendmsg$DEVLINK_CMD_PORT_SPLIT(r4, &(0x7f0000001200)={&(0x7f0000001040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000011c0)={&(0x7f00000010c0)={0xf8, r5, 0x400, 0x70bd2d, 0x25dfdbfb, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0x9, 0x4}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0x9, 0x2}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0x9, 0x6}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0x9, 0x2}}]}, 0xf8}, 0x1, 0x0, 0x0, 0xc000}, 0x40054) sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f0000001300)={&(0x7f0000001240)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000012c0)={&(0x7f0000001280)={0x40, 0x3, 0x6, 0x101, 0x0, 0x0, {0x1, 0x0, 0x9}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x410c1}, 0x10) lstat(&(0x7f0000001340)='./file0\x00', 0x0) 22:17:02 executing program 5: ioctl$SNDRV_TIMER_IOCTL_INFO(0xffffffffffffffff, 0x80e85411, &(0x7f0000000000)=""/209) fsetxattr$trusted_overlay_origin(0xffffffffffffffff, &(0x7f0000000100), &(0x7f0000000140), 0x2, 0x2) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='environ\x00') r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r0, 0xc0189374, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1, {0x6}}, './file0\x00'}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r0) sendmsg$NL80211_CMD_PROBE_MESH_LINK(r2, &(0x7f0000000880)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000840)={&(0x7f0000000280)={0x584, r3, 0x100, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_FRAME={0x29, 0x33, @mgmt_frame=@action={@with_ht={{{0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x1, 0x1}, {0x6}, @device_b, @device_b, @from_mac, {0x6}}, @ver_80211n={0x0, 0x5, 0x0, 0x0, 0x0, 0x3, 0x1}}, @addba_resp={0x3, 0x1, {0x0, 0x2c, {0x0, 0x0, 0xb, 0x3c0}, 0x1ff}}}}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_FRAME={0x14, 0x33, @ctrl_frame=@rts={{}, {}, @device_b, @device_b}}, @NL80211_ATTR_FRAME={0x50e, 0x33, @data_frame={@qos_no_ht={{@type11={{0x0, 0x2, 0x9, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1}, {0x1f}, @device_a, @device_a, @device_a, {0x5, 0x5}, @device_b}, {0x0, 0x1, 0x3, 0x0, 0x81}}, {@type00={{0x0, 0x2, 0xb, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, {0x4}, @device_a, @device_b, @initial, {0x1, 0xb8}}, {0x0, 0x1, 0x1, 0x1, 0x9}}}, @a_msdu=[{@device_b, @broadcast, 0x34, "bc03061b01bb53bc5ced35049ecb0985e3700e57a799d453a603d173fe61192de6bfc06344e29906311c0fc57821f930ee189384"}, {@broadcast, @device_a, 0xdc, "e5e8c03282dd37d9591c0c84cac15b3488de388a11d8b06a0fdb262f5bb6d9328bcebe51f6b8e31da688042010c6bfc01b27e59884395575675202802fbb1e34933735814ac7eaab38659674df4349083aba2161dfa620c0ceb966b6e112faf49bdbee2982d376b5c00435b5a8a675b3b165a67b311bcc7bebb9cbcb372d6014c059ebafef02ff89e088132a1ab36ec70ac406a8f934837b370ffe6dd7f50c6a0d229b88942a5a9854050542d55e46cab836643c1d5d91794ba7b49ffb1e38cb0e11f319660e63e89e7db254fcc10833dae6e798caf4b4c47b84b811"}, {@device_a, @broadcast, 0x92, "316cbf39909df84d87f864e350475b96c3bdbd5c3ce277fb05299fc25f61e19195b963861bf10356581ff51befe8c40a3582028e2eb781073072d3136b916528875c6fae6f34adae8a25a16328a9ac9c7533c22b44a319101a9b42b2b2893078489185f490055ae9f8bfc79e422acba1a320a97460595eb1bb0f0f83f0c9f9f4ee3c1376b8e4b975804dc68f712e85046100"}, {@device_b, @device_b, 0xd, "5786aff93a4c84a71fa0a8a187"}, {@broadcast, @broadcast, 0x55, "5c80bfd8ad8875140f3d02233337eb34840924bbb2d2c79d1bbaf5fc397147ce5f936f8722c4e65ada45763ad32e1f88b2afda17d25ffbfd6c6157881465c79b36ba846d1d39a3e145b659b0c573365de9b7df481c"}, {@device_b, @device_a, 0x8f, "5b6ac41b3c697293993764838895933a79488ffde7df5e54c3aa0824616b8318ed82646e771b17e10ce304ed3588d9c3ada255a1aa1ecb93b08f5ecb3f462450cdfcc2ebba8722322d27cfc87f9a2c2527793352a4bb0532bf76b7cfac7e0f7495db582a62da735e7ddbb8e3a63f3dc0b27e247f1dee6ded83b4611f0fb361d6a286ab39b37abd3fdad1de2551d72c"}, {@device_b, @device_a, 0x26, "22f3949bafa97d68a3b953c2b2f6682c4fb3e08ad009000b44c246854126c177da7150eed68b"}, {@broadcast, @device_a, 0xbf, "aa965905edcf6b9c81a9644d6dc3ec8ce9fefb6015bd072bae8540a66a7bbd9fd4845d18ecef9432553d5a5650cb84c5a2799e7c2403ff1f92676de8e582dd938f9135b9583aa6fb4a87036a4d1026cbb930898fee3f534c67e06a8f44ce91ab301ccfa3a32751ede4a02922f0d2dc97d0c0354b13deba1ecfb7dd2b1ccffc477bf32abb063d4028d01f8f719891a6262ebc1bc1b087663f3f33ee6677f35ab007ec5fb8162ca02bb469160fbd1266703cccd1d1bdcf2567041221dd3c9a74"}, {@device_a, @broadcast, 0xce, "7028d5760d6308729d262a45366364d13e2c40e4ec91534662434dd9339c26bd20d3d07dba3d13d126153f2e8785dd3b0b465fcd7bcc83bb893bbd0bd80a35b7c6d1c4690fb674ce66a8ade4e0540ab95f4b8027ac912c541667b8dbc8fc74b344ce3287787514b2d4ef801f9f84cd8f254375432c8f8adffd706b2c662a9b038622f0547c132645966df7f2a2cc9458ec8f26db7f53acbf1c1fd8c4e7742585c95f8722abfb50f2b208b5ec8576920977d147da9f947b40f450ced9043117bd5f79a556548a3b4a485673dd8d32"}]}}]}, 0x584}, 0x1, 0x0, 0x0, 0x20004010}, 0x48004) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r2, 0xc018937c, &(0x7f00000008c0)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r4, &(0x7f00000009c0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x1c, r3, 0x800, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, ["", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000801}, 0x800) sendmsg$NL80211_CMD_GET_POWER_SAVE(r1, &(0x7f0000000ac0)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a40)={0x20, r3, 0x100, 0x70bd2c, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x6, 0x71}}}}, ["", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0xc000}, 0x90) sendmsg$NL80211_CMD_REGISTER_BEACONS(r4, &(0x7f0000000bc0)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000b80)={&(0x7f0000000b40)={0x28, r3, 0x100, 0x70bd2c, 0x25dfdbfc, {{}, {@void, @val={0x8}, @val={0xc, 0x99, {0x3f, 0x67}}}}, ["", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x48000) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000c40), r2) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r4, &(0x7f0000000d40)={&(0x7f0000000c00)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000d00)={&(0x7f0000000c80)={0x44, r5, 0x200, 0x70bd2d, 0x25dfdbfe, {}, [@ETHTOOL_A_PRIVFLAGS_FLAGS={0x4}, @ETHTOOL_A_PRIVFLAGS_HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x801) sendmsg$TIPC_NL_MEDIA_SET(r4, &(0x7f00000011c0)={&(0x7f0000000d80)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000001180)={&(0x7f0000000dc0)={0x3a4, 0x0, 0x100, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_NODE={0xcc, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ID={0xb9, 0x3, "30cda97fd939b138b7813be474be37961909755703aabb9e75aaee8e470e3d73b4c26e4f312ca2d9e93c77a57b9beda6335eb2b3154ae307098ec4178bcf031bd8343b02f412d1d40e6cc179527383c5e275a652e4540a2f1bb6d66830309cc39baa5ee28a8519ea8f55c0e8bb7fc17cd4dcb951a7453171846969a447d08f04e3c24f4e559ec071be2a3e13ba253290a3fe9ffc0ace00586c2f9f587c669b4ec92a92b070bc53e5bc915bf0ccf969a92f53f1c81f"}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_BEARER={0x50, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x45b}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x800}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x1ff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}]}, @TIPC_NLA_NET={0x54, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x15200000000}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x4}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xc1608c7}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x1}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x1}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xffffffff}]}, @TIPC_NLA_MON={0x1c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffffffc}]}, @TIPC_NLA_MEDIA={0x40, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}]}]}, @TIPC_NLA_BEARER={0xf0, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x4}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x1, @mcast1, 0x6}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0xffffffff, @loopback, 0x8}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @empty}, 0x3f}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0xa40, @empty, 0x80000001}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x0, @local, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0x7, @dev={0xfe, 0x80, '\x00', 0x12}, 0x9}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1000}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_BEARER={0xc0, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x80}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x6f, @mcast2, 0x1}}, {0x14, 0x2, @in={0x2, 0x4e21, @multicast1}}}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x366b}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffc}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e23, @multicast1}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3d}}, 0x794c5fc1}}}}]}]}, 0x3a4}, 0x1, 0x0, 0x0, 0x10040041}, 0x20004800) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r4, &(0x7f0000001580)={&(0x7f0000001200)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000001540)={&(0x7f0000001240)={0x2d0, 0x0, 0x20, 0x70bd2d, 0x25dfdbfd, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x8}, {0x6, 0x16, 0x3}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x6}, {0x8, 0xb, 0x6}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0xb686}, {0x6}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x2}, {0x8, 0xb, 0x52}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x7}, {0x6, 0x16, 0x400}, {0x5}, {0x6, 0x11, 0x1}, {0x8, 0xb, 0x8}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x5}, {0x6, 0x16, 0xd2}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x4}, {0x8, 0xb, 0x8}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0xbd7}, {0x6, 0x16, 0x3}, {0x5}, {0x6, 0x11, 0x40}, {0x8, 0xb, 0x4}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x4}, {0x6, 0x16, 0x1}, {0x5}, {0x6, 0x11, 0x4}, {0x8, 0xb, 0x5}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x1000}, {0x6, 0x16, 0x4}, {0x5}, {0x6, 0x11, 0x5}, {0x8, 0xb, 0x1ff}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0xcd2a}, {0x6, 0x16, 0x7}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x6}, {0x8, 0xb, 0xffffffff}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x62ef}, {0x6, 0x16, 0x3}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x2}, {0x8}}]}, 0x2d0}, 0x1, 0x0, 0x0, 0x4}, 0x24004901) r6 = syz_genetlink_get_family_id$SEG6(&(0x7f0000001600), r0) sendmsg$SEG6_CMD_SETHMAC(r0, &(0x7f00000016c0)={&(0x7f00000015c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000001680)={&(0x7f0000001640)={0x40, r6, 0x200, 0x70bd2d, 0x25dfdbfc, {}, [@SEG6_ATTR_ALGID={0x5, 0x6, 0x5}, @SEG6_ATTR_DST={0x14, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0xabe0}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x4001}, 0x40048c0) r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000001740), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000001800)={&(0x7f0000001700)={0x10, 0x0, 0x0, 0x97c5bec28b46e41d}, 0xc, &(0x7f00000017c0)={&(0x7f0000001780)={0x3c, r7, 0x200, 0x70bd2d, 0x25dfdbfc, {{}, {}, {0x20, 0x17, {0x17, 0x400, @l2={'eth', 0x3a, 'bond_slave_0\x00'}}}}, ["", "", "", "", ""]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000004}, 0x4004) 22:17:02 executing program 7: prctl$PR_CAPBSET_DROP(0x18, 0x17) prctl$PR_CAPBSET_DROP(0x18, 0x15) prctl$PR_CAPBSET_DROP(0x18, 0x7) prctl$PR_CAPBSET_DROP(0x18, 0x16) prctl$PR_CAPBSET_DROP(0x18, 0x7) prctl$PR_CAPBSET_DROP(0x18, 0x1d) prctl$PR_CAPBSET_DROP(0x18, 0x9) prctl$PR_CAPBSET_DROP(0x18, 0xb) prctl$PR_CAPBSET_DROP(0x18, 0x1f) prctl$PR_CAPBSET_DROP(0x18, 0x4) prctl$PR_CAPBSET_DROP(0x18, 0x18) prctl$PR_CAPBSET_DROP(0x18, 0x24) prctl$PR_CAPBSET_DROP(0x18, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x9) prctl$PR_CAPBSET_DROP(0x18, 0x13) prctl$PR_CAPBSET_DROP(0x18, 0x1c) prctl$PR_CAPBSET_DROP(0x18, 0x1c) prctl$PR_CAPBSET_DROP(0x18, 0x18) prctl$PR_CAPBSET_DROP(0x18, 0x22) prctl$PR_CAPBSET_DROP(0x18, 0x27) 22:17:02 executing program 6: ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCDELPRL(0xffffffffffffffff, 0x89f6, &(0x7f0000000280)={'syztnl0\x00', &(0x7f0000000200)={'ip6_vti0\x00', 0x0, 0x4, 0xe3, 0x51, 0x8, 0x0, @private0, @private2, 0x10, 0x7800, 0x4, 0x6}}) ioctl$sock_ipv6_tunnel_SIOCGETPRL(0xffffffffffffffff, 0x89f4, &(0x7f0000000340)={'syztnl2\x00', &(0x7f00000002c0)={'syztnl2\x00', 0x0, 0x4, 0x20, 0x80, 0x1aa, 0x0, @remote, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7800, 0x8, 0x7ff, 0x8001}}) getsockname$packet(0xffffffffffffffff, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f00000003c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'team0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, &(0x7f0000000580)={'syztnl1\x00', &(0x7f0000000500)={'syztnl0\x00', 0x0, 0x4, 0x3f, 0x4f, 0x40, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}, @private0={0xfc, 0x0, '\x00', 0x1}, 0x20, 0x7800, 0x401, 0x9}}) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(0xffffffffffffffff, 0x89fb, &(0x7f00000038c0)={'ip6tnl0\x00', &(0x7f0000003840)={'syztnl2\x00', 0x0, 0x29, 0xec, 0x8, 0x1, 0x10, @dev={0xfe, 0x80, '\x00', 0xa}, @loopback, 0x8, 0x8000, 0x9, 0x9}}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000003980)={'ip6_vti0\x00', &(0x7f0000003900)={'ip6gre0\x00', 0x0, 0x4, 0x81, 0x9, 0x2, 0x28, @loopback, @loopback, 0x8000, 0x80, 0x80000000, 0x2}}) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000039c0)={'vxcan0\x00', 0x0}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000003a00)={@ipv4={""/10, ""/2, @initdev}, 0x0}, &(0x7f0000003a40)=0x14) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000003b00)={'ip6gre0\x00', &(0x7f0000003a80)={'ip6gre0\x00', 0x0, 0x29, 0xff, 0x3, 0xf32c, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @private1={0xfc, 0x1, '\x00', 0x1}, 0x700, 0x8, 0x4, 0x6}}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000004640)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000004600)={&(0x7f0000003b40)={0xa88, 0x0, 0x200, 0x70bd29, 0x25dfdbfb, {}, [{{0x8}, {0x1c4, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8, 0x6, r0}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r1}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}]}}, {{0x8, 0x1, r2}, {0x164, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x101}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x4ce5}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x81}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}, {{0x8}, {0xa0, 0x2, 0x0, 0x1, [{0x64, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x34, 0x4, [{0x2, 0x8, 0x1, 0x800}, {0x8, 0x2, 0xf7, 0x912}, {0x3f, 0x3, 0x9, 0x3}, {0x78, 0x5, 0x5a, 0xfff}, {0x9, 0x80, 0x5b, 0xeb}, {0x3, 0x4, 0x3f, 0x7}]}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7f}}}]}}, {{0x8, 0x1, r3}, {0x130, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8, 0x6, r4}}}]}}, {{0x8}, {0x280, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x3c, 0x1, @name={{0x24}, {0x5}, {0xb, 0x4, 'random\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r5}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r6}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xb4c}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x5c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x2c, 0x4, [{0x2, 0x5, 0x7, 0x8}, {0x8, 0x2f, 0x1, 0x1}, {0x1, 0xd8, 0x6, 0x37}, {0x0, 0x71, 0x9, 0x2}, {0x8, 0xb6, 0x3f, 0xffff}]}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x1800000}}, {0x8}}}]}}, {{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x800}}, {0x8, 0x6, r7}}}]}}, {{0x8}, {0x80, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xba7}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r8}}}]}}, {{0x8}, {0xf0, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8fc7}}}]}}, {{0x8, 0x1, r9}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}]}}, {{0x8}, {0xb8, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r10}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xffffffc0}}, {0x8}}}]}}]}, 0xa88}, 0x1, 0x0, 0x0, 0x40801}, 0x44040) r11 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$F2FS_IOC_MOVE_RANGE(r11, 0xc020f509, &(0x7f0000004680)={r11, 0x0, 0x1b, 0xfffffffffffff11c}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r12, 0x89f3, &(0x7f0000004740)={'syztnl0\x00', &(0x7f00000046c0)={'sit0\x00', r10, 0x4, 0x40, 0x20, 0x3ff, 0x8, @private1, @private2, 0x20, 0x80, 0x4, 0x495}}) r13 = openat$incfs(r12, &(0x7f0000004780)='.pending_reads\x00', 0x8000, 0x110) r14 = accept4(r13, &(0x7f00000047c0)=@ethernet={0x0, @link_local}, &(0x7f0000004840)=0x80, 0x80800) ioctl$F2FS_IOC_MOVE_RANGE(r14, 0xc020f509, &(0x7f0000004880)={r11, 0xa764, 0x401}) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r14, 0x89f0, &(0x7f0000004940)={'ip6gre0\x00', &(0x7f00000048c0)={'syztnl2\x00', r8, 0x29, 0xff, 0x4, 0xffff, 0x0, @empty, @remote, 0x80, 0x7800, 0x1, 0x7}}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r15, 0x89f1, &(0x7f0000004a00)={'gre0\x00', &(0x7f0000004980)={'ip_vti0\x00', r16, 0x80, 0x80, 0x1, 0x7fffffff, {{0xe, 0x4, 0x0, 0x5, 0x38, 0x68, 0x0, 0x7, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0x2f}, @rand_addr=0x64010101, {[@generic={0x83, 0xe, "61757279281bef81bfd94d52"}, @lsrr={0x83, 0x7, 0x3e, [@broadcast]}, @rr={0x7, 0xf, 0xdc, [@empty, @loopback, @multicast1]}]}}}}}) [ 65.207287] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 65.209403] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 65.213254] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 65.222970] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 65.226224] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 65.228907] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 65.235267] Bluetooth: hci0: HCI_REQ-0x0c1a [ 65.258489] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 65.261580] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 65.263001] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 65.264835] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 65.264929] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 65.266298] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 65.269324] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 65.269808] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 65.271882] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 65.273879] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 65.276244] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 65.278718] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 65.281778] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 65.283645] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 65.284852] Bluetooth: hci1: HCI_REQ-0x0c1a [ 65.291700] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 65.292732] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 65.293679] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 65.298602] Bluetooth: hci2: HCI_REQ-0x0c1a [ 65.333447] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 65.336734] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 65.338662] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 65.340780] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 65.345655] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 65.345682] Bluetooth: hci3: HCI_REQ-0x0c1a [ 65.347995] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 65.349772] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 65.355714] Bluetooth: hci4: HCI_REQ-0x0c1a [ 65.366251] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 65.374672] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 65.379148] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 65.386825] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 65.390189] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 65.392528] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 65.396967] Bluetooth: hci5: HCI_REQ-0x0c1a [ 67.285043] Bluetooth: hci0: command 0x0409 tx timeout [ 67.348063] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 67.349594] Bluetooth: hci2: command 0x0409 tx timeout [ 67.350450] Bluetooth: hci1: command 0x0409 tx timeout [ 67.351350] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 67.411561] Bluetooth: hci5: command 0x0409 tx timeout [ 67.412542] Bluetooth: hci4: command 0x0409 tx timeout [ 67.413342] Bluetooth: hci3: command 0x0409 tx timeout [ 69.332131] Bluetooth: hci0: command 0x041b tx timeout [ 69.396302] Bluetooth: hci1: command 0x041b tx timeout [ 69.397033] Bluetooth: hci2: command 0x041b tx timeout [ 69.459616] Bluetooth: hci3: command 0x041b tx timeout [ 69.460250] Bluetooth: hci4: command 0x041b tx timeout [ 69.460898] Bluetooth: hci5: command 0x041b tx timeout [ 70.554663] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 70.556137] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 70.557041] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 70.560026] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 70.561384] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 70.562555] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 70.610681] Bluetooth: hci6: HCI_REQ-0x0c1a [ 71.379465] Bluetooth: hci0: command 0x040f tx timeout [ 71.443473] Bluetooth: hci2: command 0x040f tx timeout [ 71.443868] Bluetooth: hci1: command 0x040f tx timeout [ 71.507517] Bluetooth: hci5: command 0x040f tx timeout [ 71.507891] Bluetooth: hci4: command 0x040f tx timeout [ 71.508245] Bluetooth: hci3: command 0x040f tx timeout [ 72.659500] Bluetooth: hci6: command 0x0409 tx timeout [ 72.851477] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 73.427519] Bluetooth: hci0: command 0x0419 tx timeout [ 73.491552] Bluetooth: hci1: command 0x0419 tx timeout [ 73.491949] Bluetooth: hci2: command 0x0419 tx timeout [ 73.555487] Bluetooth: hci3: command 0x0419 tx timeout [ 73.555872] Bluetooth: hci4: command 0x0419 tx timeout [ 73.556245] Bluetooth: hci5: command 0x0419 tx timeout [ 74.707466] Bluetooth: hci6: command 0x041b tx timeout [ 75.353211] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 75.355321] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 75.356112] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 75.358086] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 75.359846] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 75.360917] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 75.365195] Bluetooth: hci7: HCI_REQ-0x0c1a [ 76.755495] Bluetooth: hci6: command 0x040f tx timeout [ 77.459521] Bluetooth: hci7: command 0x0409 tx timeout [ 78.803538] Bluetooth: hci6: command 0x0419 tx timeout [ 79.507462] Bluetooth: hci7: command 0x041b tx timeout [ 81.555530] Bluetooth: hci7: command 0x040f tx timeout [ 83.603490] Bluetooth: hci7: command 0x0419 tx timeout 22:17:55 executing program 1: r0 = syz_io_uring_setup(0x49de, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup3(r4, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000140)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r5, 0x0, 0x0}, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000100)="f1f35daf8662fa2b867d301fa3f34ce1480936d2ce99d73e45", 0x19}, {&(0x7f0000000180)="ebda2e4eee7cee3ccf34eefbd2f60bf31f63a9f071dcba2115a9eeb34282a04e99c65e411b23f9ab93976fad60b1b2ff8e0c32220adeed823e81dabe91b533256911d51c03f324e3b78aee3d36c83ab86d7d53d821696bfa06826abbeca81976e41dbb31e34ffad96b7c7d821ec38ed5a0ce551a3f462e9f25a425ce70c88b99c9e425b58e61ceea4aeb1b88874507b442fa2565ae3afeb36482753c939264e3c022adb92c8b39217f7d351543d5e28c685b3919af5843a5bc109778186b69bc5c504d125abee18f19ce33544f5074aa4d845c2e9f303de5536dd7e67ac17863", 0xe0}, {&(0x7f0000000280)="1e2ee39d30a847a6634fc9edb878fef5d72e3c011d2e24dc4a46c600e3738333e8b5b2ebec81988d281149139ee8a225099e2ef3c5478c22d8054e28421ba5b2e1d0d2d8e59c9a62e8e369b35e0695ea08c8cdac45dfedc6f7f0386940ead9e4b810a75931be41dda7f377ad0f22efff83734c154e634a7cc83e8f23397614e934f3ffdf5ea7c924f1c93594c6d5302233edb05e7d8eb955c6753fc8ef2f724e92c20a702dc1d1a64d3b89286fd8761506812f0d20f5ac3b099f260ed729d106796c3892601389", 0xc7}, {&(0x7f0000000380)="9b81b1", 0x3}], 0x4, 0x0, 0x0, 0x4040020}, 0x20048855) io_uring_enter(r0, 0x58df, 0x0, 0x0, 0x0, 0x0) 22:17:55 executing program 1: ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000000)={0x2, 'bond_slave_0\x00', {0xdf2d}, 0x3}) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) sendmsg$NL80211_CMD_SET_MPATH(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x44, 0x0, 0x200, 0x70bd2c, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x80000000, 0xa}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x44}}, 0x40010) clone3(&(0x7f00000003c0)={0x18000000, &(0x7f00000001c0)=0xffffffffffffffff, &(0x7f0000000200), &(0x7f0000000240)=0x0, {0x9}, &(0x7f0000000280)=""/21, 0x15, &(0x7f00000002c0)=""/181, &(0x7f0000000380)=[0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0x3, {r0}}, 0x58) r3 = signalfd4(r1, &(0x7f0000000440)={[0x1f]}, 0x8, 0x0) r4 = syz_io_uring_setup(0x1c0, &(0x7f00000006c0)={0x0, 0x0, 0x20}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000400000/0xc00000)=nil, &(0x7f0000000740), &(0x7f0000000780)) r5 = gettid() r6 = gettid() kcmp(r5, r6, 0x1, 0xffffffffffffffff, 0xffffffffffffffff) fcntl$getownex(r4, 0x10, &(0x7f00000005c0)={0x0, 0x0}) r8 = gettid() r9 = gettid() kcmp(r8, r9, 0x1, 0xffffffffffffffff, 0xffffffffffffffff) r10 = gettid() r11 = gettid() kcmp(r10, r11, 0x1, 0xffffffffffffffff, 0xffffffffffffffff) clone3(&(0x7f0000000640)={0xb800, &(0x7f0000000480), &(0x7f00000004c0), &(0x7f0000000500), {0x17}, &(0x7f0000000540), 0x0, &(0x7f0000000580)=""/12, &(0x7f0000000600)=[r6, 0xffffffffffffffff, r2, r2, r7, r8, r10, r2], 0x8, {r3}}, 0x58) gettid() 22:17:56 executing program 1: syz_io_uring_setup(0x14eb, &(0x7f0000000280)={0x0, 0xa393}, &(0x7f0000005000/0x3000)=nil, &(0x7f0000002000/0x4000)=nil, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) setsockopt$sock_int(r1, 0x1, 0x48, &(0x7f0000000000), 0x4) ioctl$BTRFS_IOC_SYNC(r1, 0x9408, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xc1eb, 0x7}, 0x1200, 0x7fe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) fallocate(r3, 0x0, 0x0, 0x87ffffc) pwritev2(r2, &(0x7f0000000300)=[{&(0x7f0000000180)="3c05886344f6c1676463474261a3cd71268afe038e7d96f46fea5246194a21c0bca49aab4882c5e4b508f5caf019902800cc407c31ecca2126ec616e9ef51561c11fb6d5ad0dc0c03998e37daae333db1252ad0d6b210c26dc017bcd9eb7b3773f1ab930713c646093f3efac450fcd793d65bfca217cf1d1be3971f4b8bee2b4fd3876a9b065f04ff62603f3cffe0e3ead48226b756653faf696165c00c54890e8d4590f8c08e761926d1a367f7adaff0cd7a0a804aae86072e3866492eabdfbbf60d4a310dfda9cb5f679ca00946a01dd39236d72f2aa56bb3d9d47c042843926cfff2164e5df0e048b3a8d", 0xec}], 0x1, 0x6, 0x2, 0xf) ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, &(0x7f0000000140)={0x0, 0x200}) [ 117.770558] audit: type=1400 audit(1665008276.334:7): avc: denied { open } for pid=3660 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 117.772245] audit: type=1400 audit(1665008276.335:8): avc: denied { kernel } for pid=3660 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 117.793335] ------------[ cut here ]------------ [ 117.793356] [ 117.793360] ====================================================== [ 117.793363] WARNING: possible circular locking dependency detected [ 117.793368] 6.0.0-next-20221005 #1 Not tainted [ 117.793374] ------------------------------------------------------ [ 117.793377] syz-executor.1/3661 is trying to acquire lock: [ 117.793383] ffffffff853faaf8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 117.793425] [ 117.793425] but task is already holding lock: [ 117.793428] ffff88800ed11c20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 117.793454] [ 117.793454] which lock already depends on the new lock. [ 117.793454] [ 117.793457] [ 117.793457] the existing dependency chain (in reverse order) is: [ 117.793460] [ 117.793460] -> #3 (&ctx->lock){....}-{2:2}: [ 117.793473] _raw_spin_lock+0x2a/0x40 [ 117.793485] __perf_event_task_sched_out+0x53b/0x18d0 [ 117.793496] __schedule+0xedd/0x2470 [ 117.793511] preempt_schedule_common+0x45/0xc0 [ 117.793526] __cond_resched+0x17/0x30 [ 117.793541] __mutex_lock+0xa3/0x14d0 [ 117.793557] __do_sys_perf_event_open+0x1eec/0x32c0 [ 117.793568] do_syscall_64+0x3b/0x90 [ 117.793577] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 117.793591] [ 117.793591] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 117.793604] _raw_spin_lock_nested+0x30/0x40 [ 117.793615] raw_spin_rq_lock_nested+0x1e/0x30 [ 117.793629] task_fork_fair+0x63/0x4d0 [ 117.793645] sched_cgroup_fork+0x3d0/0x540 [ 117.793659] copy_process+0x4183/0x6e20 [ 117.793670] kernel_clone+0xe7/0x890 [ 117.793679] user_mode_thread+0xad/0xf0 [ 117.793690] rest_init+0x24/0x250 [ 117.793702] arch_call_rest_init+0xf/0x14 [ 117.793721] start_kernel+0x4c6/0x4eb [ 117.793738] secondary_startup_64_no_verify+0xe0/0xeb [ 117.793752] [ 117.793752] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 117.793765] _raw_spin_lock_irqsave+0x39/0x60 [ 117.793776] try_to_wake_up+0xab/0x1930 [ 117.793790] up+0x75/0xb0 [ 117.793804] __up_console_sem+0x6e/0x80 [ 117.793820] console_unlock+0x46a/0x590 [ 117.793835] do_con_write+0xc05/0x1d50 [ 117.793846] con_write+0x21/0x40 [ 117.793855] n_tty_write+0x4d4/0xfe0 [ 117.793868] file_tty_write.constprop.0+0x455/0x8a0 [ 117.793879] vfs_write+0x9c3/0xd90 [ 117.793895] ksys_write+0x127/0x250 [ 117.793911] do_syscall_64+0x3b/0x90 [ 117.793920] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 117.793933] [ 117.793933] -> #0 ((console_sem).lock){....}-{2:2}: [ 117.793947] __lock_acquire+0x2a02/0x5e70 [ 117.793963] lock_acquire+0x1a2/0x530 [ 117.793979] _raw_spin_lock_irqsave+0x39/0x60 [ 117.793990] down_trylock+0xe/0x70 [ 117.794006] __down_trylock_console_sem+0x3b/0xd0 [ 117.794022] vprintk_emit+0x16b/0x560 [ 117.794038] vprintk+0x84/0xa0 [ 117.794053] _printk+0xba/0xf1 [ 117.794065] report_bug.cold+0x72/0xab [ 117.794082] handle_bug+0x3c/0x70 [ 117.794091] exc_invalid_op+0x14/0x50 [ 117.794100] asm_exc_invalid_op+0x16/0x20 [ 117.794113] group_sched_out.part.0+0x2c7/0x460 [ 117.794130] ctx_sched_out+0x8f1/0xc10 [ 117.794147] __perf_event_task_sched_out+0x6d0/0x18d0 [ 117.794158] __schedule+0xedd/0x2470 [ 117.794172] preempt_schedule_common+0x45/0xc0 [ 117.794188] __cond_resched+0x17/0x30 [ 117.794202] __mutex_lock+0xa3/0x14d0 [ 117.794218] __do_sys_perf_event_open+0x1eec/0x32c0 [ 117.794229] do_syscall_64+0x3b/0x90 [ 117.794238] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 117.794251] [ 117.794251] other info that might help us debug this: [ 117.794251] [ 117.794254] Chain exists of: [ 117.794254] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 117.794254] [ 117.794268] Possible unsafe locking scenario: [ 117.794268] [ 117.794270] CPU0 CPU1 [ 117.794273] ---- ---- [ 117.794275] lock(&ctx->lock); [ 117.794280] lock(&rq->__lock); [ 117.794286] lock(&ctx->lock); [ 117.794292] lock((console_sem).lock); [ 117.794298] [ 117.794298] *** DEADLOCK *** [ 117.794298] [ 117.794300] 2 locks held by syz-executor.1/3661: [ 117.794306] #0: ffff88806cf37e98 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 117.794336] #1: ffff88800ed11c20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 117.794362] [ 117.794362] stack backtrace: [ 117.794365] CPU: 1 PID: 3661 Comm: syz-executor.1 Not tainted 6.0.0-next-20221005 #1 [ 117.794378] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.794384] Call Trace: [ 117.794387] [ 117.794392] dump_stack_lvl+0x8b/0xb3 [ 117.794411] check_noncircular+0x263/0x2e0 [ 117.794428] ? format_decode+0x26c/0xb50 [ 117.794445] ? print_circular_bug+0x450/0x450 [ 117.794463] ? simple_strtoul+0x30/0x30 [ 117.794478] ? __lockdep_reset_lock+0x180/0x180 [ 117.794496] ? format_decode+0x26c/0xb50 [ 117.794514] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 117.794540] __lock_acquire+0x2a02/0x5e70 [ 117.794562] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 117.794584] lock_acquire+0x1a2/0x530 [ 117.794601] ? down_trylock+0xe/0x70 [ 117.794620] ? lock_release+0x750/0x750 [ 117.794652] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 117.794673] ? vprintk+0x84/0xa0 [ 117.794692] _raw_spin_lock_irqsave+0x39/0x60 [ 117.794704] ? down_trylock+0xe/0x70 [ 117.794721] down_trylock+0xe/0x70 [ 117.794738] ? vprintk+0x84/0xa0 [ 117.794755] __down_trylock_console_sem+0x3b/0xd0 [ 117.794773] vprintk_emit+0x16b/0x560 [ 117.794790] ? lock_downgrade+0x6d0/0x6d0 [ 117.794808] vprintk+0x84/0xa0 [ 117.794826] _printk+0xba/0xf1 [ 117.794838] ? record_print_text.cold+0x16/0x16 [ 117.794853] ? hrtimer_try_to_cancel+0x163/0x2c0 [ 117.794867] ? lock_downgrade+0x6d0/0x6d0 [ 117.794885] ? report_bug.cold+0x66/0xab [ 117.794904] ? group_sched_out.part.0+0x2c7/0x460 [ 117.794923] report_bug.cold+0x72/0xab [ 117.794942] handle_bug+0x3c/0x70 [ 117.794952] exc_invalid_op+0x14/0x50 [ 117.794963] asm_exc_invalid_op+0x16/0x20 [ 117.794977] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 117.794998] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 2b 08 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 117.795010] RSP: 0018:ffff88803b757978 EFLAGS: 00010006 [ 117.795019] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 117.795026] RDX: ffff88803f878000 RSI: ffffffff81566da7 RDI: 0000000000000005 [ 117.795034] RBP: ffff88803f9285c8 R08: 0000000000000005 R09: 0000000000000001 [ 117.795041] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800ed11c00 [ 117.795048] R13: ffff88806cf3d2c0 R14: ffffffff8547c9a0 R15: 0000000000000002 [ 117.795059] ? group_sched_out.part.0+0x2c7/0x460 [ 117.795079] ? group_sched_out.part.0+0x2c7/0x460 [ 117.795099] ctx_sched_out+0x8f1/0xc10 [ 117.795119] __perf_event_task_sched_out+0x6d0/0x18d0 [ 117.795133] ? lock_is_held_type+0xd7/0x130 [ 117.795148] ? __perf_cgroup_move+0x160/0x160 [ 117.795158] ? set_next_entity+0x304/0x550 [ 117.795176] ? update_curr+0x267/0x740 [ 117.795195] ? lock_is_held_type+0xd7/0x130 [ 117.795210] __schedule+0xedd/0x2470 [ 117.795228] ? io_schedule_timeout+0x150/0x150 [ 117.795244] ? find_held_lock+0x2c/0x110 [ 117.795260] ? lock_is_held_type+0xd7/0x130 [ 117.795274] ? __cond_resched+0x17/0x30 [ 117.795290] preempt_schedule_common+0x45/0xc0 [ 117.795308] __cond_resched+0x17/0x30 [ 117.795323] __mutex_lock+0xa3/0x14d0 [ 117.795341] ? lock_is_held_type+0xd7/0x130 [ 117.795354] ? __do_sys_perf_event_open+0x1eec/0x32c0 [ 117.795368] ? mutex_lock_io_nested+0x1310/0x1310 [ 117.795386] ? lock_release+0x3b2/0x750 [ 117.795403] ? __up_read+0x192/0x730 [ 117.795418] ? up_write+0x520/0x520 [ 117.795435] __do_sys_perf_event_open+0x1eec/0x32c0 [ 117.795451] ? perf_compat_ioctl+0x130/0x130 [ 117.795462] ? xfd_validate_state+0x59/0x180 [ 117.795485] ? syscall_enter_from_user_mode+0x1d/0x50 [ 117.795499] ? syscall_enter_from_user_mode+0x1d/0x50 [ 117.795516] do_syscall_64+0x3b/0x90 [ 117.795526] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 117.795540] RIP: 0033:0x7f2e3aabfb19 [ 117.795548] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 117.795559] RSP: 002b:00007f2e38035188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 117.795569] RAX: ffffffffffffffda RBX: 00007f2e3abd2f60 RCX: 00007f2e3aabfb19 [ 117.795577] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000280 [ 117.795584] RBP: 00007f2e3ab19f6d R08: 0000000000000000 R09: 0000000000000000 [ 117.795592] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 117.795599] R13: 00007ffc38c3619f R14: 00007f2e38035300 R15: 0000000000022000 [ 117.795611] [ 117.854897] WARNING: CPU: 1 PID: 3661 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 117.855534] Modules linked in: [ 117.855754] CPU: 1 PID: 3661 Comm: syz-executor.1 Not tainted 6.0.0-next-20221005 #1 [ 117.856277] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 117.856834] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 117.857208] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 2b 08 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 117.858435] RSP: 0018:ffff88803b757978 EFLAGS: 00010006 [ 117.858813] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 117.859298] RDX: ffff88803f878000 RSI: ffffffff81566da7 RDI: 0000000000000005 [ 117.859781] RBP: ffff88803f9285c8 R08: 0000000000000005 R09: 0000000000000001 [ 117.860264] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800ed11c00 [ 117.860750] R13: ffff88806cf3d2c0 R14: ffffffff8547c9a0 R15: 0000000000000002 [ 117.861235] FS: 00007f2e38035700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 117.861786] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 117.862186] CR2: 00007fb9960f9620 CR3: 000000001ac66000 CR4: 0000000000350ee0 [ 117.862675] Call Trace: [ 117.862857] [ 117.863021] ctx_sched_out+0x8f1/0xc10 [ 117.863304] __perf_event_task_sched_out+0x6d0/0x18d0 [ 117.863664] ? lock_is_held_type+0xd7/0x130 [ 117.863959] ? __perf_cgroup_move+0x160/0x160 [ 117.864268] ? set_next_entity+0x304/0x550 [ 117.864570] ? update_curr+0x267/0x740 [ 117.864845] ? lock_is_held_type+0xd7/0x130 [ 117.865151] __schedule+0xedd/0x2470 [ 117.865421] ? io_schedule_timeout+0x150/0x150 [ 117.865741] ? find_held_lock+0x2c/0x110 [ 117.866026] ? lock_is_held_type+0xd7/0x130 [ 117.866329] ? __cond_resched+0x17/0x30 [ 117.866615] preempt_schedule_common+0x45/0xc0 [ 117.866941] __cond_resched+0x17/0x30 [ 117.867214] __mutex_lock+0xa3/0x14d0 [ 117.867489] ? lock_is_held_type+0xd7/0x130 [ 117.867790] ? __do_sys_perf_event_open+0x1eec/0x32c0 [ 117.868149] ? mutex_lock_io_nested+0x1310/0x1310 [ 117.868491] ? lock_release+0x3b2/0x750 [ 117.868774] ? __up_read+0x192/0x730 [ 117.869045] ? up_write+0x520/0x520 [ 117.869308] __do_sys_perf_event_open+0x1eec/0x32c0 [ 117.869658] ? perf_compat_ioctl+0x130/0x130 [ 117.869966] ? xfd_validate_state+0x59/0x180 [ 117.870285] ? syscall_enter_from_user_mode+0x1d/0x50 [ 117.870659] ? syscall_enter_from_user_mode+0x1d/0x50 [ 117.871020] do_syscall_64+0x3b/0x90 [ 117.871281] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 117.871639] RIP: 0033:0x7f2e3aabfb19 [ 117.871897] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 117.873129] RSP: 002b:00007f2e38035188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 117.873649] RAX: ffffffffffffffda RBX: 00007f2e3abd2f60 RCX: 00007f2e3aabfb19 [ 117.874142] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000280 [ 117.874639] RBP: 00007f2e3ab19f6d R08: 0000000000000000 R09: 0000000000000000 [ 117.875123] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 117.875610] R13: 00007ffc38c3619f R14: 00007f2e38035300 R15: 0000000000022000 [ 117.876111] [ 117.876282] irq event stamp: 2194 [ 117.876521] hardirqs last enabled at (2193): [] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 117.877200] hardirqs last disabled at (2194): [] __schedule+0x1225/0x2470 [ 117.877770] softirqs last enabled at (1394): [] sk_setsockopt+0x368/0x3650 [ 117.878358] softirqs last disabled at (1392): [] release_sock+0x1b/0x1b0 [ 117.878946] ---[ end trace 0000000000000000 ]--- 22:17:56 executing program 1: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) fallocate(r0, 0x0, 0x0, 0x87ffffc) r1 = syz_open_pts(r0, 0x0) fallocate(r1, 0x5, 0x3ff, 0x80000001) 22:17:56 executing program 1: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) fallocate(r0, 0x0, 0x0, 0x87ffffc) r1 = syz_open_pts(r0, 0x0) fallocate(r1, 0x5, 0x3ff, 0x80000001) 22:17:56 executing program 1: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo\x00') r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0) ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f00000004c0)=0x1) fchownat(r0, &(0x7f0000000040)='./file0/file0/file0\x00', 0x0, 0x0, 0x0) 22:17:56 executing program 1: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sysvipc/msg\x00', 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x11, r0, 0x10000000) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) recvfrom(r1, &(0x7f0000000100)=""/156, 0x9c, 0x0, 0x0, 0x0) close_range(r0, r1, 0x2) 22:17:57 executing program 2: keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) keyctl$session_to_parent(0x12) VM DIAGNOSIS: 22:17:56 Registers: info registers vcpu 0 RAX=0000004dc31b6de4 RBX=0000000000000000 RCX=00000000000006e0 RDX=000000000000004d RSI=ffff88806ce27140 RDI=0000000000054a0c RBP=ffff88806ce27140 RSP=ffff88806ce09ed8 R8 =0000000000000007 R9 =0000000000000000 R10=00000000000f23fa R11=0000000000000001 R12=0000000000054a0c R13=0000000000000000 R14=0000000000000000 R15=ffff88806ce2a640 RIP=ffffffff810f3071 RFL=00000017 [----APC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f3ea824e310 CR3=000000003f27a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=6461657268747062696c2f756e672d78 XMM02=00302e6f732e6461657268747062696c XMM03=2f756e672d78756e696c2d34365f3638 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000061 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff823bda91 RDI=ffffffff8765c9a0 RBP=ffffffff8765c960 RSP=ffff88803b7573c0 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000061 R11=0000000000000001 R12=0000000000000061 R13=ffffffff8765c960 R14=0000000000000010 R15=ffffffff823bda80 RIP=ffffffff823bdae9 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f2e38035700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fb9960f9620 CR3=000000001ac66000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00ffffffffffff0000000000000000 XMM01=0100010001000000ffffffffffffffff XMM02=0500050005000000455441564952505f XMM03=0000000000000000000000564952505f XMM04=00030005000500050005000000455441 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000