syzkaller login: [ 43.943962] sshd (243) used greatest stack depth: 24104 bytes left Warning: Permanently added '[localhost]:30235' (ECDSA) to the list of known hosts. 2022/09/27 16:30:32 fuzzer started 2022/09/27 16:30:33 dialing manager at localhost:38881 [ 46.318083] cgroup: Unknown subsys name 'net' [ 46.421070] cgroup: Unknown subsys name 'rlimit' 2022/09/27 16:30:47 syscalls: 2215 2022/09/27 16:30:47 code coverage: enabled 2022/09/27 16:30:47 comparison tracing: enabled 2022/09/27 16:30:47 extra coverage: enabled 2022/09/27 16:30:47 setuid sandbox: enabled 2022/09/27 16:30:47 namespace sandbox: enabled 2022/09/27 16:30:47 Android sandbox: enabled 2022/09/27 16:30:47 fault injection: enabled 2022/09/27 16:30:47 leak checking: enabled 2022/09/27 16:30:47 net packet injection: enabled 2022/09/27 16:30:47 net device setup: enabled 2022/09/27 16:30:47 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/27 16:30:47 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/27 16:30:47 USB emulation: enabled 2022/09/27 16:30:47 hci packet injection: enabled 2022/09/27 16:30:47 wifi device emulation: failed to parse kernel version (6.0.0-rc6-next-20220923) 2022/09/27 16:30:47 802.15.4 emulation: enabled 2022/09/27 16:30:47 fetching corpus: 50, signal 28065/29852 (executing program) 2022/09/27 16:30:48 fetching corpus: 100, signal 38025/41457 (executing program) 2022/09/27 16:30:48 fetching corpus: 150, signal 46547/51559 (executing program) 2022/09/27 16:30:48 fetching corpus: 200, signal 52892/59361 (executing program) 2022/09/27 16:30:48 fetching corpus: 250, signal 57167/65126 (executing program) 2022/09/27 16:30:48 fetching corpus: 300, signal 64532/73740 (executing program) 2022/09/27 16:30:48 fetching corpus: 350, signal 66620/77277 (executing program) 2022/09/27 16:30:48 fetching corpus: 400, signal 74465/86166 (executing program) 2022/09/27 16:30:48 fetching corpus: 450, signal 77092/90090 (executing program) 2022/09/27 16:30:48 fetching corpus: 500, signal 81549/95704 (executing program) 2022/09/27 16:30:48 fetching corpus: 550, signal 84746/100078 (executing program) 2022/09/27 16:30:48 fetching corpus: 600, signal 88013/104428 (executing program) 2022/09/27 16:30:49 fetching corpus: 650, signal 90618/108180 (executing program) 2022/09/27 16:30:49 fetching corpus: 700, signal 93404/112047 (executing program) 2022/09/27 16:30:49 fetching corpus: 750, signal 94908/114733 (executing program) 2022/09/27 16:30:49 fetching corpus: 800, signal 97040/117972 (executing program) 2022/09/27 16:30:49 fetching corpus: 850, signal 99628/121557 (executing program) 2022/09/27 16:30:49 fetching corpus: 900, signal 102019/125027 (executing program) 2022/09/27 16:30:49 fetching corpus: 950, signal 104013/128015 (executing program) 2022/09/27 16:30:49 fetching corpus: 1000, signal 105676/130725 (executing program) 2022/09/27 16:30:49 fetching corpus: 1050, signal 107883/133851 (executing program) 2022/09/27 16:30:49 fetching corpus: 1100, signal 109893/136719 (executing program) 2022/09/27 16:30:49 fetching corpus: 1150, signal 111781/139513 (executing program) 2022/09/27 16:30:50 fetching corpus: 1200, signal 112811/141600 (executing program) 2022/09/27 16:30:50 fetching corpus: 1250, signal 114430/144149 (executing program) 2022/09/27 16:30:50 fetching corpus: 1300, signal 116032/146614 (executing program) 2022/09/27 16:30:50 fetching corpus: 1350, signal 116852/148451 (executing program) 2022/09/27 16:30:50 fetching corpus: 1400, signal 118509/150912 (executing program) 2022/09/27 16:30:50 fetching corpus: 1450, signal 119693/153001 (executing program) 2022/09/27 16:30:50 fetching corpus: 1500, signal 120914/155105 (executing program) 2022/09/27 16:30:50 fetching corpus: 1550, signal 123661/158435 (executing program) 2022/09/27 16:30:50 fetching corpus: 1600, signal 124921/160569 (executing program) 2022/09/27 16:30:51 fetching corpus: 1650, signal 126605/162963 (executing program) 2022/09/27 16:30:51 fetching corpus: 1700, signal 127118/164418 (executing program) 2022/09/27 16:30:51 fetching corpus: 1750, signal 128260/166379 (executing program) 2022/09/27 16:30:51 fetching corpus: 1800, signal 130160/168882 (executing program) 2022/09/27 16:30:51 fetching corpus: 1850, signal 130964/170519 (executing program) 2022/09/27 16:30:51 fetching corpus: 1900, signal 132750/172874 (executing program) 2022/09/27 16:30:51 fetching corpus: 1950, signal 133588/174534 (executing program) 2022/09/27 16:30:51 fetching corpus: 2000, signal 136049/177310 (executing program) 2022/09/27 16:30:51 fetching corpus: 2050, signal 137176/179109 (executing program) 2022/09/27 16:30:51 fetching corpus: 2100, signal 138049/180778 (executing program) 2022/09/27 16:30:52 fetching corpus: 2150, signal 140807/183635 (executing program) 2022/09/27 16:30:52 fetching corpus: 2200, signal 141635/185159 (executing program) 2022/09/27 16:30:52 fetching corpus: 2250, signal 142622/186808 (executing program) 2022/09/27 16:30:52 fetching corpus: 2300, signal 144235/188845 (executing program) 2022/09/27 16:30:52 fetching corpus: 2350, signal 145734/190787 (executing program) 2022/09/27 16:30:52 fetching corpus: 2400, signal 147240/192703 (executing program) 2022/09/27 16:30:52 fetching corpus: 2450, signal 147931/194094 (executing program) 2022/09/27 16:30:52 fetching corpus: 2500, signal 149043/195770 (executing program) 2022/09/27 16:30:53 fetching corpus: 2550, signal 149798/197162 (executing program) 2022/09/27 16:30:53 fetching corpus: 2600, signal 150608/198580 (executing program) 2022/09/27 16:30:53 fetching corpus: 2650, signal 151698/200169 (executing program) 2022/09/27 16:30:53 fetching corpus: 2700, signal 153040/201851 (executing program) 2022/09/27 16:30:53 fetching corpus: 2750, signal 154256/203544 (executing program) 2022/09/27 16:30:53 fetching corpus: 2800, signal 155507/205149 (executing program) 2022/09/27 16:30:53 fetching corpus: 2850, signal 156459/206604 (executing program) 2022/09/27 16:30:53 fetching corpus: 2900, signal 157131/207910 (executing program) 2022/09/27 16:30:53 fetching corpus: 2950, signal 158616/209634 (executing program) 2022/09/27 16:30:54 fetching corpus: 3000, signal 159081/210785 (executing program) 2022/09/27 16:30:54 fetching corpus: 3050, signal 159906/212088 (executing program) 2022/09/27 16:30:54 fetching corpus: 3100, signal 160772/213414 (executing program) 2022/09/27 16:30:54 fetching corpus: 3150, signal 161401/214613 (executing program) 2022/09/27 16:30:54 fetching corpus: 3200, signal 162274/215946 (executing program) 2022/09/27 16:30:54 fetching corpus: 3250, signal 163242/217324 (executing program) 2022/09/27 16:30:54 fetching corpus: 3300, signal 163885/218497 (executing program) 2022/09/27 16:30:54 fetching corpus: 3350, signal 165088/219924 (executing program) 2022/09/27 16:30:55 fetching corpus: 3400, signal 166220/221388 (executing program) 2022/09/27 16:30:55 fetching corpus: 3450, signal 167124/222629 (executing program) 2022/09/27 16:30:55 fetching corpus: 3500, signal 167889/223787 (executing program) 2022/09/27 16:30:55 fetching corpus: 3550, signal 168453/224852 (executing program) 2022/09/27 16:30:55 fetching corpus: 3600, signal 169387/226077 (executing program) 2022/09/27 16:30:55 fetching corpus: 3650, signal 170189/227254 (executing program) 2022/09/27 16:30:55 fetching corpus: 3700, signal 170732/228296 (executing program) 2022/09/27 16:30:55 fetching corpus: 3750, signal 171603/229453 (executing program) 2022/09/27 16:30:55 fetching corpus: 3800, signal 172726/230721 (executing program) 2022/09/27 16:30:56 fetching corpus: 3850, signal 173830/231951 (executing program) 2022/09/27 16:30:56 fetching corpus: 3900, signal 174358/232934 (executing program) 2022/09/27 16:30:56 fetching corpus: 3950, signal 175370/234100 (executing program) 2022/09/27 16:30:56 fetching corpus: 4000, signal 175788/235034 (executing program) 2022/09/27 16:30:56 fetching corpus: 4050, signal 176218/235999 (executing program) 2022/09/27 16:30:56 fetching corpus: 4100, signal 176684/236932 (executing program) 2022/09/27 16:30:56 fetching corpus: 4150, signal 177261/237899 (executing program) 2022/09/27 16:30:56 fetching corpus: 4200, signal 177677/238796 (executing program) 2022/09/27 16:30:56 fetching corpus: 4250, signal 178645/239968 (executing program) 2022/09/27 16:30:56 fetching corpus: 4300, signal 179366/240971 (executing program) 2022/09/27 16:30:56 fetching corpus: 4350, signal 180288/242044 (executing program) 2022/09/27 16:30:56 fetching corpus: 4400, signal 180816/242945 (executing program) 2022/09/27 16:30:57 fetching corpus: 4450, signal 181783/243981 (executing program) 2022/09/27 16:30:57 fetching corpus: 4500, signal 182346/244857 (executing program) 2022/09/27 16:30:57 fetching corpus: 4550, signal 183199/245843 (executing program) 2022/09/27 16:30:57 fetching corpus: 4600, signal 183738/246771 (executing program) 2022/09/27 16:30:57 fetching corpus: 4650, signal 184773/247787 (executing program) 2022/09/27 16:30:57 fetching corpus: 4700, signal 185429/248639 (executing program) 2022/09/27 16:30:57 fetching corpus: 4750, signal 185863/249369 (executing program) 2022/09/27 16:30:57 fetching corpus: 4800, signal 186282/250182 (executing program) 2022/09/27 16:30:57 fetching corpus: 4850, signal 186649/251002 (executing program) 2022/09/27 16:30:58 fetching corpus: 4900, signal 187131/251820 (executing program) 2022/09/27 16:30:58 fetching corpus: 4950, signal 187680/252618 (executing program) 2022/09/27 16:30:58 fetching corpus: 5000, signal 188422/253516 (executing program) 2022/09/27 16:30:58 fetching corpus: 5050, signal 189210/254380 (executing program) 2022/09/27 16:30:58 fetching corpus: 5100, signal 190074/255269 (executing program) 2022/09/27 16:30:58 fetching corpus: 5150, signal 191239/256233 (executing program) 2022/09/27 16:30:58 fetching corpus: 5200, signal 191708/256968 (executing program) 2022/09/27 16:30:58 fetching corpus: 5250, signal 192087/257672 (executing program) 2022/09/27 16:30:59 fetching corpus: 5300, signal 192556/258436 (executing program) 2022/09/27 16:30:59 fetching corpus: 5350, signal 192934/259143 (executing program) 2022/09/27 16:30:59 fetching corpus: 5400, signal 193857/259954 (executing program) 2022/09/27 16:30:59 fetching corpus: 5450, signal 194240/260623 (executing program) 2022/09/27 16:30:59 fetching corpus: 5500, signal 194505/261268 (executing program) 2022/09/27 16:30:59 fetching corpus: 5550, signal 195438/262012 (executing program) 2022/09/27 16:30:59 fetching corpus: 5600, signal 195714/262685 (executing program) 2022/09/27 16:30:59 fetching corpus: 5650, signal 196884/263490 (executing program) 2022/09/27 16:30:59 fetching corpus: 5700, signal 197374/264218 (executing program) 2022/09/27 16:31:00 fetching corpus: 5750, signal 198117/264929 (executing program) 2022/09/27 16:31:00 fetching corpus: 5800, signal 198431/265582 (executing program) 2022/09/27 16:31:00 fetching corpus: 5850, signal 198863/266224 (executing program) 2022/09/27 16:31:00 fetching corpus: 5900, signal 199144/266865 (executing program) 2022/09/27 16:31:00 fetching corpus: 5950, signal 199844/267545 (executing program) 2022/09/27 16:31:00 fetching corpus: 6000, signal 200236/268142 (executing program) 2022/09/27 16:31:00 fetching corpus: 6050, signal 201052/268857 (executing program) 2022/09/27 16:31:00 fetching corpus: 6100, signal 201779/269505 (executing program) 2022/09/27 16:31:01 fetching corpus: 6150, signal 202205/270083 (executing program) 2022/09/27 16:31:01 fetching corpus: 6200, signal 202902/270630 (executing program) 2022/09/27 16:31:01 fetching corpus: 6250, signal 203707/271285 (executing program) 2022/09/27 16:31:01 fetching corpus: 6300, signal 204124/271863 (executing program) 2022/09/27 16:31:01 fetching corpus: 6350, signal 204476/272443 (executing program) 2022/09/27 16:31:01 fetching corpus: 6400, signal 205265/273025 (executing program) 2022/09/27 16:31:01 fetching corpus: 6450, signal 205598/273588 (executing program) 2022/09/27 16:31:01 fetching corpus: 6500, signal 205926/274150 (executing program) 2022/09/27 16:31:01 fetching corpus: 6550, signal 206776/274781 (executing program) 2022/09/27 16:31:01 fetching corpus: 6600, signal 207282/275336 (executing program) 2022/09/27 16:31:01 fetching corpus: 6650, signal 207534/275860 (executing program) 2022/09/27 16:31:02 fetching corpus: 6700, signal 208170/276412 (executing program) 2022/09/27 16:31:02 fetching corpus: 6750, signal 208689/276910 (executing program) 2022/09/27 16:31:02 fetching corpus: 6800, signal 209216/277404 (executing program) 2022/09/27 16:31:02 fetching corpus: 6850, signal 209510/277926 (executing program) 2022/09/27 16:31:02 fetching corpus: 6900, signal 210175/278232 (executing program) 2022/09/27 16:31:02 fetching corpus: 6950, signal 210525/278292 (executing program) 2022/09/27 16:31:02 fetching corpus: 7000, signal 211016/278304 (executing program) 2022/09/27 16:31:02 fetching corpus: 7050, signal 211675/278306 (executing program) 2022/09/27 16:31:02 fetching corpus: 7100, signal 211953/278306 (executing program) 2022/09/27 16:31:03 fetching corpus: 7150, signal 212346/278306 (executing program) 2022/09/27 16:31:03 fetching corpus: 7200, signal 212638/278308 (executing program) 2022/09/27 16:31:03 fetching corpus: 7250, signal 213306/278376 (executing program) 2022/09/27 16:31:03 fetching corpus: 7300, signal 213733/278376 (executing program) 2022/09/27 16:31:03 fetching corpus: 7350, signal 214464/278376 (executing program) 2022/09/27 16:31:03 fetching corpus: 7400, signal 215026/278376 (executing program) 2022/09/27 16:31:03 fetching corpus: 7450, signal 215570/278376 (executing program) 2022/09/27 16:31:03 fetching corpus: 7500, signal 216442/278387 (executing program) 2022/09/27 16:31:04 fetching corpus: 7550, signal 216825/278387 (executing program) 2022/09/27 16:31:04 fetching corpus: 7600, signal 217348/278395 (executing program) 2022/09/27 16:31:04 fetching corpus: 7650, signal 217711/278396 (executing program) 2022/09/27 16:31:04 fetching corpus: 7700, signal 217886/278396 (executing program) 2022/09/27 16:31:04 fetching corpus: 7750, signal 218171/278396 (executing program) 2022/09/27 16:31:04 fetching corpus: 7768, signal 218235/278421 (executing program) 2022/09/27 16:31:04 fetching corpus: 7768, signal 218235/278421 (executing program) 2022/09/27 16:31:07 starting 8 fuzzer processes 16:31:07 executing program 0: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/clients\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, {0x6}}, './file0\x00'}) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) preadv(r2, &(0x7f0000002440)=[{&(0x7f0000000080)=""/135, 0x87}, {&(0x7f0000000140)=""/4096, 0x1000}, {&(0x7f0000001140)=""/4096, 0x1000}, {&(0x7f0000002140)=""/60, 0x3c}, {&(0x7f0000002180)=""/72, 0x48}, {&(0x7f0000002200)=""/251, 0xfb}, {&(0x7f0000002300)=""/149, 0x95}, {&(0x7f00000023c0)}, {&(0x7f0000002400)=""/11, 0xb}], 0x9, 0x23, 0x8) r3 = mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2, 0x4010, r0, 0x10000000) syz_io_uring_submit(0x0, r3, &(0x7f0000002500)=@IORING_OP_FSYNC={0x3, 0x1, 0x0, @fd=r0, 0x0, 0x0, 0x0, 0x1}, 0x7) ioctl$AUTOFS_IOC_EXPIRE(r0, 0x810c9365, &(0x7f0000002540)={{0x2, 0x101}, 0x100, './file0\x00'}) ioctl$BLKGETSIZE(r1, 0x1260, &(0x7f0000002680)) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r1, 0xc018937c, &(0x7f00000026c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x1}}, './file0\x00'}) getpeername(r1, &(0x7f0000002700)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @empty}}}, &(0x7f0000002780)=0x80) accept4$bt_l2cap(r5, &(0x7f00000027c0)={0x1f, 0x0, @none}, &(0x7f0000002800)=0xe, 0x80800) r6 = dup2(r4, r0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r6, 0xc0189374, &(0x7f0000002840)={{0x1, 0x1, 0x18, r4, {0x7fff}}, './file0\x00'}) ioctl$BLKROSET(r6, 0x125d, &(0x7f0000002880)=0x7) clock_gettime(0x0, &(0x7f0000008800)={0x0, 0x0}) recvmmsg$unix(r5, &(0x7f0000008640)=[{{&(0x7f00000028c0), 0x6e, &(0x7f0000003d40)=[{&(0x7f0000002940)=""/123, 0x7b}, {&(0x7f00000029c0)=""/112, 0x70}, {&(0x7f0000002a40)=""/184, 0xb8}, {&(0x7f0000002b00)=""/180, 0xb4}, {&(0x7f0000002bc0)=""/79, 0x4f}, {&(0x7f0000002c40)=""/182, 0xb6}, {&(0x7f0000002d00)=""/30, 0x1e}, {&(0x7f0000002d40)=""/4096, 0x1000}], 0x8, &(0x7f0000003dc0)=[@rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x180}}, {{&(0x7f0000003f40)=@abs, 0x6e, &(0x7f0000004540)=[{&(0x7f0000003fc0)=""/231, 0xe7}, {&(0x7f00000040c0)=""/14, 0xe}, {&(0x7f0000004100)=""/44, 0x2c}, {&(0x7f0000004140)}, {&(0x7f0000004180)=""/73, 0x49}, {&(0x7f0000004200)=""/223, 0xdf}, {&(0x7f0000004300)=""/176, 0xb0}, {&(0x7f00000043c0)=""/89, 0x59}, {&(0x7f0000004440)=""/205, 0xcd}], 0x9, &(0x7f0000004600)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xa8}}, {{&(0x7f00000046c0), 0x6e, &(0x7f0000004980)=[{&(0x7f0000004740)=""/178, 0xb2}, {&(0x7f0000004800)=""/106, 0x6a}, {&(0x7f0000004880)=""/250, 0xfa}], 0x3, &(0x7f00000049c0)=[@rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}], 0xc8}}, {{0x0, 0x0, &(0x7f0000004bc0)=[{&(0x7f0000004ac0)=""/82, 0x52}, {&(0x7f0000004b40)=""/82, 0x52}], 0x2}}, {{&(0x7f0000004c00)=@abs, 0x6e, &(0x7f0000005d40)=[{&(0x7f0000004c80)=""/4096, 0x1000}, {&(0x7f0000005c80)=""/59, 0x3b}, {&(0x7f0000005cc0)=""/74, 0x4a}], 0x3}}, {{&(0x7f0000005d80), 0x6e, &(0x7f0000006080)=[{&(0x7f0000005e00)=""/93, 0x5d}, {&(0x7f0000005e80)=""/121, 0x79}, {&(0x7f0000005f00)=""/185, 0xb9}, {&(0x7f0000005fc0)=""/176, 0xb0}], 0x4, &(0x7f00000060c0)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x68}}, {{&(0x7f0000006140)=@abs, 0x6e, &(0x7f0000008540)=[{&(0x7f00000061c0)=""/191, 0xbf}, {&(0x7f0000006280)=""/14, 0xe}, {&(0x7f00000062c0)=""/4096, 0x1000}, {&(0x7f00000072c0)=""/12, 0xc}, {&(0x7f0000007300)=""/4096, 0x1000}, {&(0x7f0000008300)=""/173, 0xad}, {&(0x7f00000083c0)=""/12, 0xc}, {&(0x7f0000008400)=""/62, 0x3e}, {&(0x7f0000008440)=""/211, 0xd3}], 0x9, &(0x7f0000008600)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x20}}], 0x7, 0x40010160, &(0x7f0000008840)={r7, r8+10000000}) pwritev(r10, &(0x7f0000008c40)=[{&(0x7f0000008880)="f8b12a8bf65053b2d6116a8f91b766de81a6458c7ec26350cc871073175d7d3bf11bfe736c08dc469857d366a50bbc462df6a76c16b9982ed8f7dd5bdf6d995b9c156ee714986729dcccc7043321eac639781403e3cd066d512269f87e2d6e1d5cb4d237b5a78dd5452478c8eb2a304833aebfe6b0cc554c912260bafce04279b4ac1407fb84102ce71408d58bede4f78e91bc130fa1aad66ae2157aafb7cace63c8d9c700b73b95470de44fb0c5567a237b815a2eb0286ce4af8e1852dd8d2d5b99ce5599c000decfa0fc", 0xcb}, {&(0x7f0000008980)="8e67e898d30d006838ed4127ae19165b4c17bb4c25a17f932cc82ec4cba2e0598c8947280efb08672ffc52ba9a7816c23d275b9314156dfaca78e432eb6271bcac61281c57e21304ffd9d1b531ed496a666e87ff36b0d28d660ea45da7bc729fcbc4dd4ca46a5c99929109826b032a415a", 0x71}, {&(0x7f0000008a00)="79327b217f22a0b6ae119c3a8022cb2ab7a9b9be9750fd2a06c5f934086402afd5c2e12ef9536c33c04de2e3284fd389cd1bc310137a5d3bb5a06d67b476b86feb772e828197bbe0ac15710bbc60acc70fb77b508badd946ce9bbfbcea84851f02053f6b46b4eec1ed0c610934d9f16cf5e225063c36dfc91cc4c74c7504597c9876273fae8c342d4df8c647f46dd7c0c0d6deb4b3b0168168d4ec1bda89dc03f67968ad3d180fd6a4e5d8b1fb176ac6be774f6e949551dcf177d3eb32c8300f73", 0xc1}, {&(0x7f0000008b00)="251494bb6df72df83c7fd3140311c592e48d53e2c3e32e745e93009e4f17678013f844ca1027fa706acddd37ad8492de020a4d2a187bcec485eaa7b365e2303ba65df9a1efbcc6151ed0e28d91d695a55d9e8ad2a285f0970578d3f5b5aefa0d706e6168b9987c5f128a0a473b5484447ec6da7da7d8ab5f1f196ad1fc3a249f56abd131a25aac29aee16c60db0131c6b15a8f983c8c820a6759751bae2450e37a6879a04b02bcaa8324fc9a23e6d346d998d758ba6b39cf27908ec3a4aa89b2db825b579108eff894a8b2196349437c8c3fae95e8", 0xd5}, {&(0x7f0000008c00)="c0a819ecc7bc5beee1", 0x9}], 0x5, 0x0, 0x20) write$P9_RREADDIR(r6, &(0x7f0000008cc0)={0x87, 0x29, 0x1, {0x5, [{{0x8, 0x4, 0x3}, 0x7, 0x3, 0x7, './file0'}, {{0x0, 0x3, 0x7}, 0x7, 0x8, 0x7, './file0'}, {{0x1, 0x2, 0x3}, 0x101, 0x9, 0x7, './file0'}, {{0x0, 0x0, 0x6}, 0x9, 0x20, 0x7, './file1'}]}}, 0x87) sendmsg$SEG6_CMD_DUMPHMAC(r9, &(0x7f0000008e40)={&(0x7f0000008d80)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000008e00)={&(0x7f0000008dc0)={0x24, 0x0, 0x709, 0x70bd27, 0x25dfdbfb, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0xaa11}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x81}, 0x800) ioctl$FS_IOC_SETFSLABEL(r11, 0x41009432, &(0x7f0000008e80)="61c7726ae731b25dd17c71ccd625b3c56cc0e2a5c0faf3edb12fbfd2db2891e1c8ff7637121b9a07c928fd58d978495185778735962450402e46b84a224c13fdbdb87c2bc5d8bcd77e5ff2ecd87a289aad54f90dc08fa0e407237edd8620f8436f74ccb4858b48febc83108e68096891b5ed712495586388a02ff9cde4423f49c6f22a0c33ba51736dafabd137c58aede4f69f4d3bfe09defd60cbb0cbf16c9479132a011dfafce2bad78f4934bd27fc804f7323b4c39a70cc7a00283adcbe75535594e04c19e1a4494f18cd0f26e148929374c3737051fb6e7b89cc179603081148fe6b606ba4281f84dbaef49fc1587c1fa4e05ce72d64bdeedf891e4df426") 16:31:07 executing program 1: ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000000)={0x0, 0x6, 0x3, 0x1}) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(0xffffffffffffffff, 0x80489439, &(0x7f0000000400)) r0 = accept$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x0, @dev}, &(0x7f00000004c0)=0x10) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) setsockopt$inet_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f0000000500)=@gcm_128={{0x303}, "968b3bac824e8bb2", "1b7728a3d601f9471cc6282a4d4bffef", "14909bf8", "288c1ad12ea7f610"}, 0x28) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, &(0x7f0000000540)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, 0x0}}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000940)={r1, 0x2, 0x5}) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000d40), 0x10000, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000d80)={0x0, 0x0, 0x0}, &(0x7f0000000dc0)=0xc) r6 = getuid() fchown(r0, r6, r5) newfstatat(0xffffffffffffff9c, &(0x7f0000000e40)='./file0\x00', &(0x7f0000000e80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x6000) lchown(&(0x7f0000000e00)='./file0\x00', r4, r7) getsockopt$IP_VS_SO_GET_DESTS(r3, 0x0, 0x484, &(0x7f0000000f00)=""/151, &(0x7f0000000fc0)=0x97) readv(r3, &(0x7f0000001500)=[{&(0x7f0000001000)=""/155, 0x9b}, {&(0x7f00000010c0)=""/90, 0x5a}, {&(0x7f0000001140)=""/60, 0x3c}, {&(0x7f0000001180)=""/184, 0xb8}, {&(0x7f0000001240)=""/231, 0xe7}, {&(0x7f0000001340)=""/152, 0x98}, {&(0x7f0000001400)=""/96, 0x60}, {&(0x7f0000001480)=""/99, 0x63}], 0x8) r8 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000001580), 0x40000, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r8, 0x0, 0x2a, &(0x7f00000015c0)={0x61e2, {{0x2, 0x4e22, @multicast1}}}, 0x88) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000001680)={r2, 0x100000001, 0xfff}) bind$unix(0xffffffffffffffff, &(0x7f0000001ac0)=@file={0x1, './file0\x00'}, 0x6e) 16:31:07 executing program 2: ioctl$F2FS_IOC_DEFRAGMENT(0xffffffffffffffff, 0xc010f508, &(0x7f0000000000)={0x5, 0x38000000000}) r0 = syz_open_dev$vcsa(&(0x7f0000000040), 0x9, 0xa0401) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000080)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) ioctl$HIDIOCGCOLLECTIONINDEX(0xffffffffffffffff, 0x40184810, &(0x7f00000000c0)={0x3, 0x100, 0x7, 0xd1, 0x2, 0x1ff}) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r0, 0x50009418, &(0x7f00000001c0)={{r0}, 0x0, 0x1c, @inherit={0x98, &(0x7f0000000100)={0x1, 0xa, 0x9, 0x3f, {0x28, 0x536, 0x4, 0x1f, 0x8001}, [0x8, 0x8afa, 0xffffffff, 0x100000000, 0x3, 0x9, 0x2, 0x81, 0x8, 0x0]}}, @subvolid=0x8}) write$binfmt_script(r0, &(0x7f00000011c0)={'#! ', './file0', [{0x20, '/dev/vcsa#\x00'}], 0xa, "95e144c09673ff5694e5e113ec949f5f00549359aed390d93c88485a665e15c065b2fdbf81928798a5b2f9b2806048b812d38977ea3b6f876e2e0144380395e130c18faf58cafce066bd8a2332de5e704cf0b846cd26d9fb1469072b58153794fb720fd799ea85d61c98f310540c9bde87eb2af8188bdc76a2c88b94732831d669ff990ab8292d0051077a49b52eed76ded8303f6205e80347df31ccfb46"}, 0xb5) r2 = memfd_secret(0x0) execveat(r2, &(0x7f0000001280)='./file0\x00', &(0x7f00000013c0)=[&(0x7f00000012c0)='&\\\x00', &(0x7f0000001300)='/dev/vcsa#\x00', &(0x7f0000001340)='![^%.#\x00', &(0x7f0000001380)='$\x00'], &(0x7f00000015c0)=[&(0x7f0000001400)='\\\x00', &(0x7f0000001440)='/dev/vcsa#\x00', &(0x7f0000001480)='/dev/vcsa#\x00', &(0x7f00000014c0)='!\'@\x00', &(0x7f0000001500)='#! ', &(0x7f0000001540)='/dev/vcsa#\x00', &(0x7f0000001580)='/dev/vcsa#\x00'], 0x1000) getsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f0000001600)=0x81, &(0x7f0000001640)=0x4) fchmodat(r2, &(0x7f0000001680)='./file0\x00', 0x122) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_SET_DEST(r3, &(0x7f0000001800)={&(0x7f00000016c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000017c0)={&(0x7f0000001700)={0x90, 0x0, 0x800, 0x70bd2d, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1ff}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x20}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_WEIGHT={0x8}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e23}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x1}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x250bd2fa}]}, @IPVS_CMD_ATTR_DAEMON={0x28, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'gretap0\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0x64010100}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x400}]}, 0x90}, 0x1, 0x0, 0x0, 0x4000090}, 0x48000) fdatasync(r2) r4 = epoll_create(0x9) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000001840)={{0x1, 0x1, 0x18, r4}, './file0\x00'}) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x100000a, 0x1010, r1, 0x8000000) syz_io_uring_setup(0x2bed, &(0x7f0000001880)={0x0, 0x9a7b, 0x10, 0x1, 0x398, 0x0, r5}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ff8000/0x6000)=nil, &(0x7f0000001900), &(0x7f0000001940)=0x0) syz_io_uring_submit(r6, r7, &(0x7f0000001a40)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2000, @fd=r5, 0x7ff, &(0x7f0000001980)=""/133, 0x85, 0x1, 0x1}, 0x4) syz_genetlink_get_family_id$mptcp(&(0x7f0000001a80), r0) ioctl$BTRFS_IOC_DEV_INFO(r4, 0xd000941e, &(0x7f0000001ac0)={0x0, "224471ba92d31c190afbf980b81b9088"}) 16:31:07 executing program 3: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_READY(r0, 0xc0189376, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x6}}, './file0\x00'}) r2 = openat$sr(0xffffffffffffff9c, &(0x7f0000000080), 0xa200, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r2, 0xc0189378, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r1, {r0}}, './file0\x00'}) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000100), 0x4) listxattr(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=""/127, 0x7f) r4 = openat(r1, &(0x7f0000000200)='./file0\x00', 0x280003, 0xd3) r5 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000240), 0x801, 0x0) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000004, 0x20010, r5, 0xf46d4000) r6 = openat(r2, &(0x7f0000000280)='./file0\x00', 0x6608e6cbf36505e0, 0x103) r7 = openat(r6, &(0x7f00000002c0)='./file0\x00', 0xc000, 0x100) pwrite64(r3, &(0x7f0000000300)="ddf60ecfc16664cfa70d062fb7b4243c31490a01e1df65505bc95e8e2eed6dfee1770e19bae77db6be566b", 0x2b, 0x3ff) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000340)='\x00', &(0x7f0000000380)='/proc/cpuinfo\x00', 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r3, 0xc018937c, &(0x7f00000003c0)={{0x1, 0x1, 0x18, r7, {0x2}}, './file1\x00'}) r9 = socket$unix(0x1, 0x1, 0x0) getpeername(r9, &(0x7f0000000400), &(0x7f0000000480)=0x80) r10 = openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/schedstat\x00', 0x0, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r10, 0x6, 0x23, &(0x7f0000000600)={&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, &(0x7f0000000500), 0x0, 0x1, &(0x7f0000000540)=""/145, 0x91}, &(0x7f0000000640)=0x40) syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), r4) fsmount(r8, 0x0, 0x73) 16:31:07 executing program 4: ioctl$BLKSECTGET(0xffffffffffffffff, 0x1267, &(0x7f0000000000)) ioctl$BLKPBSZGET(0xffffffffffffffff, 0x127b, &(0x7f0000000040)) r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKRESETZONE(r0, 0x40101283, &(0x7f0000000080)={0x9}) ioctl$IOC_PR_CLEAR(r0, 0x401070cd, &(0x7f00000000c0)={0x1f}) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000100), &(0x7f0000000140)={'U+'}, 0x16, 0x2) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r0, 0xc0096616, &(0x7f0000000180)={0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f00000001c0)={0xff, 0x4, 0x0, [{0x5, 0x8, 0x7f, 0x2, 0xf8, 0x5, 0x3}, {0x0, 0x8000, 0x8001, 0x80, 0x6, 0x40, 0x4}, {0x10001, 0x401, 0x1, 0x3f, 0x1f, 0xc9, 0x1f}, {0xffffffffffff0000, 0x0, 0x1, 0x40, 0x6, 0x7c, 0x4}]}) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000300)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) fcntl$setpipe(r1, 0x407, 0x0) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000340), 0x10000) fcntl$setpipe(r2, 0x407, 0xfffffffffffffffa) recvmsg$unix(r0, &(0x7f00000005c0)={&(0x7f0000000380), 0x6e, &(0x7f0000000480)=[{&(0x7f0000000400)=""/92, 0x5c}], 0x1, &(0x7f00000004c0)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x100}, 0x10040) ioctl$BLKROSET(r5, 0x125d, &(0x7f0000000600)) r6 = syz_open_dev$loop(&(0x7f0000000640), 0x80000000, 0x0) ioctl$BLKROGET(r6, 0x125e, &(0x7f0000000680)) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0) syz_genetlink_get_family_id$mptcp(&(0x7f00000006c0), r3) fcntl$F_GET_FILE_RW_HINT(r3, 0x40d, &(0x7f0000000700)) ioctl$sock_inet_SIOCGIFDSTADDR(r4, 0x8917, &(0x7f0000000740)={'gretap0\x00', {0x2, 0x0, @private}}) [ 80.581314] audit: type=1400 audit(1664296267.539:6): avc: denied { execmem } for pid=285 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 16:31:07 executing program 5: r0 = fsmount(0xffffffffffffffff, 0x1, 0x7f) sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x4, 0x1, 0x401, 0x0, 0x0, {0x2, 0x0, 0x4}, ["", "", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4c000}, 0x10) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x70, 0x3, 0x1, 0x301, 0x0, 0x0, {0xa, 0x0, 0x6}, [@CTA_NAT_SRC={0x3c, 0x6, 0x0, 0x1, [@CTA_NAT_V4_MAXIP={0x8, 0x2, @multicast1}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @rand_addr=0x64010100}, @CTA_NAT_V6_MINIP={0x14, 0x4, @remote}, @CTA_NAT_V6_MINIP={0x14, 0x4, @local}]}, @CTA_TUPLE_MASTER={0x20, 0xe, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) r1 = openat$cgroup_ro(r0, &(0x7f0000000240)='cpuacct.usage_all\x00', 0x0, 0x0) ioctl$CDROMSUBCHNL(r1, 0x530b, &(0x7f0000000280)={0x1, 0x96, 0x6, 0x0, 0x60, 0x6, @msf={0x1f, 0x1b, 0x4}, @msf={0x2, 0x40, 0x3}}) fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f00000002c0)='mand\x00', 0x0, 0x0) r2 = open_tree(r1, &(0x7f0000000300)='./file0\x00', 0x80900) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000380), r1) sendmsg$IPVS_CMD_SET_CONFIG(r2, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x24, r3, 0x10, 0x70bd2c, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}]}, 0x24}, 0x1, 0x0, 0x0, 0x4004}, 0x0) sendmsg$DEVLINK_CMD_TRAP_SET(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x58, 0x0, 0x200, 0x70bd2a, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}]}, 0x58}, 0x1, 0x0, 0x0, 0x41}, 0x40891) r4 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f00000005c0), &(0x7f0000000600)=0x4) r5 = openat$cgroup_ro(r0, &(0x7f0000000640)='cpuset.effective_cpus\x00', 0x0, 0x0) sendmsg$IPVS_CMD_GET_INFO(r5, &(0x7f0000000800)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x1020000}, 0xc, &(0x7f00000007c0)={&(0x7f00000006c0)={0xc4, r3, 0x200, 0x70bd29, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DAEMON={0x5c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x7f}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x12}}}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @remote}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0xd}}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth0_virt_wifi\x00'}]}, @IPVS_CMD_ATTR_SERVICE={0x24, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x72}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0xb}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x25, 0x8}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}]}, 0xc4}, 0x1, 0x0, 0x0, 0x20008080}, 0x80) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r5, 0x89f6, &(0x7f00000008c0)={'ip6gre0\x00', &(0x7f0000000840)={'syztnl0\x00', 0x0, 0x2f, 0x0, 0x3f, 0x800, 0x22, @private0={0xfc, 0x0, '\x00', 0x1}, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8, 0x7800, 0x4, 0x8000}}) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000900)={r6, 0x1, 0x6, @broadcast}, 0x10) ioctl$AUTOFS_DEV_IOCTL_FAIL(r0, 0xc0189377, &(0x7f0000000940)={{0x1, 0x1, 0x18, r4, {0x8, 0x672}}, './file0\x00'}) fcntl$F_SET_RW_HINT(r7, 0x40c, &(0x7f0000000980)=0x5) ioctl$INCFS_IOC_PERMIT_FILL(r0, 0x40046721, &(0x7f00000009c0)={r4}) sendmsg$TIPC_CMD_SET_LINK_PRI(r0, &(0x7f0000000b00)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a40)={0x68, 0x0, 0x2, 0x70bd26, 0x25dfdbfd, {{}, {}, {0x4c, 0x18, {0x674, @link='syz1\x00'}}}, ["", "", "", "", "", "", "", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x4042052}, 0x24048111) 16:31:07 executing program 6: sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000040)={0x30c, 0x6, 0x7, 0x401, 0x70bd27, 0x25dfdbfb, {0x5, 0x0, 0x9}, [@nested={0x288, 0x58, 0x0, 0x1, [@generic="347a4c65192f695958cbc81d002e30ca49cd7385bbd04c46a8ade5fb95eed68bfeba04d1460e6c36808403ef10f6c3db9e8cc813d52764ef8d33e7bf55180a01ba76dc0bed73ea0218fbda1880d2b8940683fe92db9a324bb926f7d0ff25b3d20cacde97cc7eb5de4b58cf8c622cabb1cb4031a6fdbbc069cc29ed60046bc79fdc3a0e2df0309c2d8f2f8245f2d8128ee92e28ecaf5f0f6ce62a00b4170f4954ce7343bec815a9b7afb8205c18744ad9b1537aad077b209fd05c3e1141db7812f99c235425870b2f6e287faac71aed2d5928b3d7a2567ff05d7c4e2f178ddfb7300ca819b8b2d7fe9a", @typed={0x4, 0x79}, @typed={0x53, 0x7d, 0x0, 0x0, @binary="a4cd9216834393cac6b1e344def2e418f39a07d7d6b960559bcedce94fbbbd97033727657f6f26901748e2e597ad84bfe380016230e3646221994bd9490102f771dac7ee9e9baa86e4d1cc693c8469"}, @generic="a8d3b919e8ceb3b8b6bfcf1bb9378d3328fa33919aa8656559a3350e12fca0794f5c2deca2e5fe8d668879984b4b891fb8eb", @typed={0x8, 0x7a, 0x0, 0x0, @uid=0xffffffffffffffff}, @typed={0x8, 0xf, 0x0, 0x0, @pid=0xffffffffffffffff}, @generic="61693e4b3e946defa8ddccfa73604eed47e41aca32246bd35db6b7ccfbe29ef8a8ee22ddccc7ceef1ff8c99903a3c6587067d17895e4218a87d0755b995d13dcf148634b51e1333f42d2e7097853837d2cc87008e01429930363bf5e20b19005e4719a3bfb30b0f7d7f7fa894baa0a56c1c15ed2712457d4aaae8738eb8138bdac2f173c67a375b3f826660ed1cfa6892d84d6a6851d6d7db4901f51c11d868eac01d96f73444e9438770a74ba01e488e982b46676e90bfbc6d4e74ab217802c3b7ba068ffdf3a19238f226826a61f692ae9447b487c257d3e6c23af7e838a56795ea1fc3ad9bc0678416268104f93549318af4e78a96fb6c5eef3ca83", @generic="f1420c36"]}, @generic="f2e18388ba7b942de7f42a89ec3c7c0a0a77ab3ea17f94449fdb33fe4d583462217f6bd81dad25991ebe0b5cf7503511d1dc27edd2ef441fc7e1e47c0e223f9fdfbeaf67d0579ab95d0c03019a539b5a4732e22aa6fd2a344490", @typed={0x14, 0x83, 0x0, 0x0, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}}]}, 0x30c}}, 0x40) ioctl$VFAT_IOCTL_READDIR_SHORT(0xffffffffffffffff, 0x82307202, &(0x7f0000000400)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) r0 = gettid() r1 = fork() r2 = getpid() recvmmsg$unix(0xffffffffffffffff, &(0x7f0000006100)=[{{&(0x7f00000007c0)=@abs, 0x6e, &(0x7f0000000b00)=[{&(0x7f0000000840)=""/196, 0xc4}, {&(0x7f0000000940)=""/200, 0xc8}, {&(0x7f0000000a40)=""/79, 0x4f}, {&(0x7f0000000ac0)=""/58, 0x3a}], 0x4, &(0x7f0000000b40)=[@cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0}}}], 0x60}}, {{&(0x7f0000000bc0)=@abs, 0x6e, &(0x7f00000021c0)=[{&(0x7f0000000c40)=""/4096, 0x1000}, {&(0x7f0000001c40)=""/111, 0x6f}, {&(0x7f0000001cc0)=""/133, 0x85}, {&(0x7f0000001d80)=""/234, 0xea}, {&(0x7f0000001e80)=""/235, 0xeb}, {&(0x7f0000001f80)=""/103, 0x67}, {&(0x7f0000002000)=""/18, 0x12}, {&(0x7f0000002040)=""/77, 0x4d}, {&(0x7f00000020c0)=""/217, 0xd9}], 0x9, &(0x7f0000002280)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xa8}}, {{&(0x7f0000002340)=@abs, 0x6e, &(0x7f0000002580)=[{&(0x7f00000023c0)=""/13, 0xd}, {&(0x7f0000002400)=""/196, 0xc4}, {&(0x7f0000002500)=""/113, 0x71}], 0x3}}, {{&(0x7f00000025c0)=@abs, 0x6e, &(0x7f0000005a40)=[{&(0x7f0000002640)=""/4096, 0x1000}, {&(0x7f0000003640)=""/227, 0xe3}, {&(0x7f0000003740)=""/217, 0xd9}, {&(0x7f0000003840)=""/4096, 0x1000}, {&(0x7f0000004840)=""/117, 0x75}, {&(0x7f00000048c0)=""/41, 0x29}, {&(0x7f0000004900)=""/4096, 0x1000}, {&(0x7f0000005900)=""/83, 0x53}, {&(0x7f0000005980)=""/161, 0xa1}], 0x9, &(0x7f0000005b00)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x150}}, {{&(0x7f0000005c80)=@abs, 0x6e, &(0x7f0000006040)=[{&(0x7f0000005d00)=""/49, 0x31}, {&(0x7f0000005d40)=""/104, 0x68}, {&(0x7f0000005dc0)=""/81, 0x51}, {&(0x7f0000005e40)=""/77, 0x4d}, {&(0x7f0000005ec0)=""/192, 0xc0}, {&(0x7f0000005f80)=""/155, 0x9b}], 0x6, &(0x7f00000060c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}}], 0x5, 0x40000060, 0x0) clone3(&(0x7f0000006280)={0x10000000, &(0x7f0000000640), &(0x7f0000000680), &(0x7f00000006c0), {0x2b}, &(0x7f0000000700)=""/2, 0x2, &(0x7f0000000740)=""/126, &(0x7f0000006240)=[0x0, r0, 0xffffffffffffffff, r1, r2, 0xffffffffffffffff, r4], 0x7}, 0x58) io_setup(0x8, &(0x7f0000006300)=0x0) r17 = syz_open_dev$vcsa(&(0x7f0000006380), 0x1, 0x208001) r18 = openat$bsg(0xffffffffffffff9c, &(0x7f00000064c0), 0x4840, 0x0) ioctl$AUTOFS_DEV_IOCTL_READY(r14, 0xc0189376, &(0x7f0000007680)={{0x1, 0x1, 0x18, r8, {0x5}}, './file0\x00'}) r20 = accept4$unix(r10, &(0x7f0000007700)=@abs, &(0x7f0000007780)=0x6e, 0x100000) io_submit(r16, 0x6, &(0x7f00000078c0)=[&(0x7f00000063c0)={0x0, 0x0, 0x0, 0x7, 0x2, r5, &(0x7f0000006340), 0x0, 0x1, 0x0, 0x1, r17}, &(0x7f0000006500)={0x0, 0x0, 0x0, 0x1, 0x1, r9, &(0x7f0000006400)="1049a9d5f4468229ffb4ef634bf6151affb2c88c0f56328e275aabad396dadde97d2cd30b6d6bd7e8df6ac2998a61917562a89dafe68e2b37476fb24ff32b600f2781a4266520c46f51f8860ba2118b68d172c7300901e879a29cbc4215a307904f982042f39f36198d78859a29ccf54641184aa49323d7b6e7e9de3a824a9c3e24dd4e488c8f95f", 0x88, 0x80, 0x0, 0x1, r18}, &(0x7f0000006580)={0x0, 0x0, 0x0, 0x7, 0xb6, r3, &(0x7f0000006540)="cd3c965a93388746b4356bc2dd0a9a601c06ac1bd98b6302a76b03e4c478c704ca35e1d530a6da1ff635f46690fdec423e196a821e18a3dd", 0x38, 0x0, 0x0, 0x3, r12}, &(0x7f0000006640)={0x0, 0x0, 0x0, 0x8, 0x3, r11, &(0x7f00000065c0)="98447e35835e93e0a2341bccac07858b66247f779b9b4933f9cc04f77aba195d8aad3c2d21663d447a7460dbf1d9f7c6d8970a7c1ab03bfc00c0440278bcfda0f5f88d", 0x43, 0x3, 0x0, 0x1, r7}, &(0x7f00000076c0)={0x0, 0x0, 0x0, 0x6, 0x8, r13, &(0x7f0000006680)="751af4bab77d94bec6e67a9d9f8b63d3fed717d5fb2a543a9e5da9d9c36c85862d3a0d49a2f679627381a6c0a0706ed92ccafbd589b4178d5098cd8a1c651348563af60618b2051aa1c81a6c3d23e72426adf3455f54f34d1e9bfd1e8adab7baefd103218a011eda47d876ad8da18d2f8f6b8ffb3502cfba17aea91ff451a059b7a9b39f2d29058ca35278ce95839c275e8918a7b3c8c802895669ba78be108199c5face683074646ee05fad0f292f169193f526347b1d4f57d90a774b2929c91a191ecf14495eca492daa099d80a889adbce9ec3b83ccbb1e19337bce9f9e48f6d55f022a8589af4b2b1c05646baf4f12e6677f5f586382a795aaa1794301fddac5fd62d9b3008d2933357bc173d642e72c1ae633d2bffa10d32c70bc27eb1ef5178da5ec279d55cabde543038e30a7e15db3114325fba89c67e33f9729ca1076fc1e5fe70d5f61bf8e143b09b949bc6dfffdd853ed978de39a28c13a6d4975d193fb2f24604e27fecbce7e3fbd50b826a70344fe081457987e6937e881c4f2b81ef4894295062e275a119600b47c7160507009d7fa659be6368aff1549b807e93c94b208d0cf751d62e2cdbd1f2913655e3dc1d2326556399e863acc055e237d2191e168729588d276f2ad55bf87aa054029730f9ef43118df12f9d4559d814e2635d6ae1f5ecc06679237f9d41a31b9f9e575e36d1ecd2e81ae7a98450ee46adf926e04ebbf88011e3046ebad3cce02d140b87c373eaeca56549bb805ed4aa2c31ef4def9aa56058deeddacb928ac63f78f4aa28c1c96e2a8c7a54618336930c9eb3f440ef5d3d4b0eb7b18fc5d77f683ac498676cdb0e4c5d98bee4c6fbfd661b9b556e8ab5e735e38c84d9e40484de968f659799bec84a8a492eac5437df233f0a53a776a87d93f3e0aa8575af1bdb3f47e3d592256c6f4e42efc13fcd2ab575689bcdc15066400a3c823fc6edeb5dd81f407fc1dee101b816ca774da19e5687fc8c2f10cac2fb04b14db5935ed8f0c1cc7e3372dad367b95e6fff5183e53b8df569c152a978390ada87c707cfc0b67cee89e7721e72370220af50955b4f6b4c84ea558d18cae8d2ebda3c75c9f776005c7ea223a16610c967b70147657e720a05501da0288dc745ff21c608f9a078cb05977abb5c96f3809bd7c4b021f81c2fabacf2c3c68c1ffad2b10f667455097484b98a8909c697f5164be19f9373df4e586fd8703f7e419409afec58e57ebf148ec8716e2bc32a0cef4ef38bc355fda8e551ef7ce65aa6aeca7211b6c25dba64533cb361f07efbd7ed5337268d1eddc13db8b9dbbe1e4da30ede745d069d2a930aa77546af8a18cc2dd356c724072b00ca65555231cb9de9ac129f82d00c0e8ac7ed0d649a52b99e734959f4ced0b84955e5ce96654074811959a7c67788fc4c2b65101b111ce0e90c2f235786638a01ad6b86eec3f49053de02a1f1cbb1234759b800bae0b2b34c7fbc302ebd9c008416d3980aa0c8c54b9eb3bf7bf7c971193b0f4f50c1a67ee6e3348bae2ddc13c625f78d677bb3102700391977cbc186737dd27eef96ae9707946701fdad224e3064d36583092bb99c53c12fbe8fc087dac61bd3c36ce4d39b5f9a0ec10311b09e527e6326de74a207e7bae17e41f2def2530e23b8db10e710f33bf54849ceec7e68a42c00af4b7da3896d291ea5e549a269a51594e9fa6bd661f395704a6cb8c5e869223b2de56d9540f7c76b4bf29daa7661ff042a8c55d7185866d762033b18de7f53b5e22e469a3908bf0900aa10002d3b87e402c49ec760ea9974f13d0e54e7f936708151272d7b4bf60142d44ba9421d2d65cfd5acb72e5540438022492fc388d8db8debb7648a355f8f07be5ddcf25a5672ee087223bb9e15336133576682fc61f8d90ab1597eaa4c5b6ee448f2401d699bd9b2c540c660ce74b7370e1b5dd36f97aa8f8182e1d0eccbe52322aaaf16f706f929e521535518953d01ca9d3ad3cbfc51242ac2bd2592f8717bdcb635dd29cfcdc2053defac6b03666e227a9f55d1ea44fb0bc9c2029279ad43436127f32d35d7373083ff7b0cbc827523a202422555032b9e75865e4c8aff0971378e69c75dfe57f25cd444838ac149ab82fc65dee56ec12b20592a0f29351c779e5591e15424de0623fd703f3c17ee6b5db8d717460240779da5e547a0021bc0090c5d3fe5fa9a2d54f0c2131a086de5161e977f6f316dcf58c9cdd8204f9ead010cc0fd633e477a3abdd42a2e6fcff7b3c2c0f0bbb362999b8d53549ccc5d8f72db93177305b9f3cd889201c2bef8e5e66dc6fc3d807a06934378529a35da7e57c36e9e505a6dcbf14f21ffaa57f5b7497e372197dfbe6583e502d1105eae1b05ac7a349da2c01b0e0738c3c0c49531f2adb334a582edf90567092426c4fcd1a05d1e356888ebf29020d3f04fabfb73a8349d76365180d384551f398c8d1a5ff9cdd6059239d6b6fe0f852f4f9cafa7d3a5f18095c2a05fda07c5c2c58d903c0e91201eb9f645d22e5c5e7248f8119ad0327192909f92818f91168ed5216180d502ce7bf1407e26d9814b65820ccad1b8623e986dcb682f6e5cc83d6f1ca6186b881dab99eb8744d7a120953a238ab78b805076df9174e1a3336cdd3ac88fc024ff4ab4f3804229fa8616d845d9cab2677c020398c43cd76f097ea344a70aa228038b3ccc133d2124e893cbe2bc7efa31e0ac4a1c3c11c25636aea10758b5c2b993d4aa0fa041e221120a463243a6149e020e630da8541999b8539432a51d878210175f0e58482ebf66357ddb5dc3183f83bcb5eff81a7ee4711d9fe562de9622cf2ba46f5046b236e96db4668e47b78add89d256c664a97413a28d90bb6965ddb0dfb15e67c7de4f8662c93933b01acb54630a63a4f21fa430fed82f9c3b72c2c36fa779d7c026710a9dd3014a5513831728137f2ceee3bd27ddc6549b8df26012398c96b5bdc503b2d042fea8c82914c156f30a5b16a79e01a059da569b290d1d71a4abbd9798df1372a8f51933dd78fc0690b743f7efcfefcdc6ea61a9c3cec4abe80e22e181d8311c98bba29c20b0cf82ea6e29d285eae2c0b41b81598ff702de1f7853a64c802a60cd10c74079857a84906d6239ed6f847697129fc328e031197178c79c11a22bba26533b8b03e5491c54ef886edb6237c8dfb3b5dc2aebae121d004db40bbe0670b7f7db2a181459e0c3742dc5ca9749ba7e0304a95d53f502277526d172a0bce7735225fd6c0390e575343c50dd4548aa998e36056067d989db934fa7924078313e741b1fe3b750499608faab548b90342a502b9a5ed1691cca5d55d3dcf332471d52f43351a861a2df4f371597ccc975a5d08ed4d6ca34e000f9503d4503fc73f941ebe17b6b8ea002444e4f2729f59247da66aa08e0377807d1257ac1711b455fc3a5335235fd5d09b376525fee906e7bb551baf7a8de6b1cd5e57eaa371b87fae7a638e5105789bda0ed35598fed079b9590877568d02f7810bf9c3463865cbc60dd423a94e234b245a5aefb2b10cf0edd5dddb3177085d8681ca993c3f5f3ab8c22a00e0b87e83e4912100a426cb77800bd9dd3abf903e063c60fe6dc919ffcc1b919375f62680fcfd9407b3b04411a186fbd7f7c2aeff3dd8c5b10337ac675f7514e44e4248f79c3adbe9c035e1816a142b132a2e2f4a8f64face24de9449ab8a7d3152c6b4b7380b1ff57e0a5bfe7d8cc5a11027822f1371705551e3f82bed990a9902b2d3f43b5eb6fd175f2c493958d6ea44ecb2619da1464c021c7d8a3823f7a3d10185ae734b01927f95ed199eb51a7a3646f79e3bf713b5612cee35d148d8acfc8ffc17577fc9d0cbbd765524172cf35f2820c257b4886146cf2960cb4c97df0717f60d6cc18af6c14214d371e1aa1010f30da42e53737873c47b98ab1697e9e829a6ae4023aa2948684ba0f3ce5a2a710d9976091ff6e9034a329c83f5127235e30896152ada36f7b5328a28c94d1f96878e3d0c75bfae296f52a9445a37392c8887fcf7c4c57cd480c4a7a3bc37c29e2f6319fc777b96c9274060fe1cb6ad59c83a678d6cc1a442bf86757af51f5371a2e82c09a6234a004c819021dd6286da1f7fd673d97e45a9dc8c910e4eef11179b4f8c2836d7da049a73148beb561260488613f148568f05055e238cf2c8e4ba63cd2b83d089d0c6a406c249e2eb34005173ec92ad508f81f9864c3ebf9544504b900bac5b531a1092fd0b74e32fe2ab492844063ba7fb01a0f4a70635ed25e37e987420c36ea1077697100ec516cd70e6c4a8db9378716279ab37edc6c61176cfdb730d970e4d9a01e8f91a565cab30e9a97485dd748fe8d3c3ecf68b6c69ff37db8aa20fed206e5c80f997fdedf76ebad3b29866657260365f3f7f223568b134e60e7ec25d02bc34bb7d69cebd187a1db348aa1d781fbc949fc16cd8faf06cea0741a3ed6b2f6d5bbf53900b88954a9822e52a9dadd6fa445e22171db45a49891fbdae388a827c5544ec0722333d536092ecc7041f9810e51cde28b7ff804090921578ec167a6d9a4f0aae0a241aaa6e1a0536a3c607db22a3844e0f83fc5c8380875d0202a2727a2474e5485997f7233fcc6a63586a793cdc36644ace73cf5eabc5e54d87a9187f2b2ccafdd8bf26682c0bc02156ed37f48f36c5283f4d146784009fee48d99d51ae7d7fc673c3a173e633f3d768d90b11570c11474abbd350ac00290d3fbb5e12338e398d6b7381f645474b2c06af638230f2db410efdeb7b5e01050bdfd836dbce0a56160c1e9257e3273129eca56b08d5ae4cc4f82e261494bc68a1077b69ef3122b67e4a2fd375811d6b7d2462e49fe6e71ddd2b1f1cd8d62f5bea4bd7454deea37d4f57e0e2d186178174b55f0241fce7a83ee5d16db77a8e64429be8c051461bfbde6458497bf71f823990593af40fc9ffce5e95bc939b24ac5aeec6545cb3c461b1955e1bdb59f360dc47ab7eff0c32c2d559703347b06802423e5d05ed506821ba5c2ebb55729d0d3cdc8daf76a2b81e92e29222f394b0dc49f21c923eb7d818b05c409e875417adf07dcad2249ded3d150bc30e327f938e46f1786c081dcbf0402af505fc94b33bd009405c52b93ac326b34ef1196a650bbace0e25fb933eb7f10f7ee3af2439947e7d4151e212bcd11c2882ed6dcbf0be407786a75301f004a96f2918cf891999dc30ef4f2ddc27ae23e84a67afff232d599e92be64997de40ad49ad9ef8b6e96c05cac0ea48d6dc5b3b70815c9df05d9de767194bdbf66b566575fef200024acdc62577d5f12b3f3f5cfd14350bc9a0ded68feb5f9489fd58863a82edf78c5c15930e80ab27fcae2160bdfe83a98072ceb5ec401c2ec1355f512add1c533776c22da4f4322cb7920203b9dbe4e6bea8a24b74a27fe8150c242ad8d013df9cb54a251cd3f35c206e79cacb9c31f0fb219af92f045f798833596ad03e74dfee9f7e7b16ab5493e8116beb4f954b1c27a00c27921bf877f83389ce5d9b71e252b8761a70503b5315967f73f23e668afc328dd581b920060928345dfc9f5d4a0bec7271a8298fe6013374e654379c5cfb227d8988f0183bc15b419976941adf64b4f33080115ef5674bff307bf1538f1907a75999287dcafe383d1d14a5ff8f0112ec584e179696b0c2aae957d7484dc68c6b358cb47ae81c9323e25a347c46e2717314f4c9e9be1657d01a78080040ed3af0d317536f955fc1a39f6eeb06e51197be14b6106fdaa94523ac780654b5497ba070a9aa08a3dc6588579", 0x1000, 0x1ff, 0x0, 0x2, r19}, &(0x7f0000007880)={0x0, 0x0, 0x0, 0x0, 0x6, r20, &(0x7f00000077c0)="dd4f2998623f9e161a2e08cd4bcf0174797e3a43ba8d4a0ac438deab3a7f5db3a6a82b3f2fed9da78e09edfc74682e04b9a0878bb6ca505462446b400e780a823119f4e1babd803c67678883ac1302051d412efca92d0e66cf71ea6f3972850ff7b6eb759a9980ffac54beb72be8af51a54c2c347b5970b599d7ad4cfd9d7645f6a3a7f923d52fec1a888c5246e79b80b6c40eb03719c66f529b816f0b73a4940bb93f19c3661bafd1410cb78f732bf8f253df1fc563", 0xb6, 0x1, 0x0, 0x2, r15}]) openat(0xffffffffffffffff, &(0x7f0000007900)='./file0\x00', 0x4000, 0x3) r21 = open$dir(&(0x7f0000007940)='./file0\x00', 0x101400, 0x14d) r22 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000007980)=@IORING_OP_CLOSE={0x13, 0x3, 0x0, r21, 0x0, 0x0, 0x0, 0x0, 0x8af91d91f18b197f, {0x0, r22}}, 0x1f) r23 = openat$vcs(0xffffffffffffff9c, &(0x7f00000079c0), 0x0, 0x0) write$eventfd(r23, &(0x7f0000007a00)=0x7, 0x8) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 16:31:07 executing program 7: sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x84, 0x0, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x23}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xe}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0x5}, @handle=@pci={{0x8}, {0x11}}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc}]}, 0x84}, 0x1, 0x0, 0x0, 0xc040}, 0x20008090) r0 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_REMOTE_MNG(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r0, 0x200, 0x70bd29, 0x25dfdbfc, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x200008c0}, 0x0) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, 0x0, 0x100, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8}, @void}}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004080}, 0x14) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$inet(0x2, 0x4, 0x5) sendmsg$TIPC_CMD_GET_BEARER_NAMES(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x1c, r0, 0x200, 0x70bd2a, 0x25dfdbfb, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004000}, 0x4000000) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEAUTHENTICATE(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0xa0010e00}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x34, 0x0, 0x10, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x4, 0x23}}}}, [@NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0xff}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x8000) r3 = openat$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000640)='cpu.pressure\x00', 0x2, 0x0) sendfile(r3, r1, &(0x7f0000000680)=0x6, 0xf73) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000700), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x20, r4, 0x8, 0x70bd2c, 0x25dfdbfd, {}, [@DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0x6}]}, 0x20}, 0x1, 0x0, 0x0, 0x40800}, 0x10) inotify_init1(0x0) recvmmsg(r1, &(0x7f0000000ac0)=[{{&(0x7f0000000800)=@pptp, 0x80, &(0x7f0000000980)=[{&(0x7f0000000880)=""/153, 0x99}, {&(0x7f0000000940)}], 0x2, &(0x7f00000009c0)=""/206, 0xce}, 0xe3df}], 0x1, 0x12102, &(0x7f0000000b00)) r5 = fcntl$getown(r3, 0x9) r6 = openat$null(0xffffffffffffff9c, &(0x7f0000000b80), 0x50102, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000b40), r6) r7 = fork() clone3(&(0x7f0000000dc0)={0x200000000, &(0x7f0000000bc0), &(0x7f0000000c00), &(0x7f0000000c40), {0xd}, &(0x7f0000000c80)=""/100, 0x64, &(0x7f0000000d00)=""/101, &(0x7f0000000d80)=[r7, r5], 0x2, {r6}}, 0x58) [ 81.888457] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 81.890273] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 81.891521] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 81.894107] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 81.895912] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 81.897101] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 81.901915] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 81.903349] Bluetooth: hci2: HCI_REQ-0x0c1a [ 81.906120] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 81.907352] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 81.910137] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 81.911143] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 81.914347] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 81.920526] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 81.927377] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 81.954852] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 81.956023] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 81.956903] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 81.958123] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 81.958947] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 81.959785] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 81.960549] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 81.961295] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 81.961923] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 81.962573] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 81.964198] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 81.966081] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 81.966750] Bluetooth: hci0: HCI_REQ-0x0c1a [ 81.967341] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 81.967802] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 81.975230] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 81.976406] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 81.977554] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 81.983381] Bluetooth: hci1: HCI_REQ-0x0c1a [ 81.984381] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 81.989296] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 81.993575] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 81.996132] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 82.007092] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 82.008269] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 82.009342] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 82.010239] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 82.013724] Bluetooth: hci3: HCI_REQ-0x0c1a [ 82.017814] Bluetooth: hci5: HCI_REQ-0x0c1a [ 82.018762] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 82.019388] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 82.021246] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 82.025600] Bluetooth: hci6: HCI_REQ-0x0c1a [ 82.071989] Bluetooth: hci7: HCI_REQ-0x0c1a [ 83.912620] Bluetooth: hci2: command 0x0409 tx timeout [ 83.975824] Bluetooth: hci0: command 0x0409 tx timeout [ 83.977558] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 84.039917] Bluetooth: hci3: command 0x0409 tx timeout [ 84.041166] Bluetooth: hci6: command 0x0409 tx timeout [ 84.042288] Bluetooth: hci1: command 0x0409 tx timeout [ 84.104853] Bluetooth: hci7: command 0x0409 tx timeout [ 84.105968] Bluetooth: hci5: command 0x0409 tx timeout [ 85.961241] Bluetooth: hci2: command 0x041b tx timeout [ 86.023747] Bluetooth: hci0: command 0x041b tx timeout [ 86.087811] Bluetooth: hci1: command 0x041b tx timeout [ 86.088382] Bluetooth: hci6: command 0x041b tx timeout [ 86.089278] Bluetooth: hci3: command 0x041b tx timeout [ 86.151723] Bluetooth: hci5: command 0x041b tx timeout [ 86.153105] Bluetooth: hci7: command 0x041b tx timeout [ 87.738371] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 87.751975] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 87.764558] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 87.772892] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 87.777860] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 87.781873] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 87.790611] Bluetooth: hci4: HCI_REQ-0x0c1a [ 88.007732] Bluetooth: hci2: command 0x040f tx timeout [ 88.072786] Bluetooth: hci0: command 0x040f tx timeout [ 88.135751] Bluetooth: hci3: command 0x040f tx timeout [ 88.136329] Bluetooth: hci6: command 0x040f tx timeout [ 88.137024] Bluetooth: hci1: command 0x040f tx timeout [ 88.199733] Bluetooth: hci7: command 0x040f tx timeout [ 88.200302] Bluetooth: hci5: command 0x040f tx timeout [ 89.800809] Bluetooth: hci4: command 0x0409 tx timeout [ 90.056722] Bluetooth: hci2: command 0x0419 tx timeout [ 90.120823] Bluetooth: hci0: command 0x0419 tx timeout [ 90.184840] Bluetooth: hci1: command 0x0419 tx timeout [ 90.185460] Bluetooth: hci6: command 0x0419 tx timeout [ 90.186007] Bluetooth: hci3: command 0x0419 tx timeout [ 90.248821] Bluetooth: hci5: command 0x0419 tx timeout [ 90.249383] Bluetooth: hci7: command 0x0419 tx timeout [ 91.847877] Bluetooth: hci4: command 0x041b tx timeout [ 93.896902] Bluetooth: hci4: command 0x040f tx timeout [ 95.944731] Bluetooth: hci4: command 0x0419 tx timeout [ 143.707590] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 143.710822] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 143.713224] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 143.716941] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 143.720238] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 143.723829] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 143.726421] Bluetooth: hci0: HCI_REQ-0x0c1a [ 144.021490] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 144.023709] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 144.026767] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 144.028455] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 144.031064] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 144.032517] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 144.037876] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 144.037905] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 144.045174] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 144.046310] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 144.047815] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 144.049070] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 144.053963] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 144.054707] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 144.056002] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 144.057185] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 144.060470] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 144.060484] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 144.060559] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 144.061669] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 144.064546] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 144.065967] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 144.067018] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 144.067823] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 144.075570] Bluetooth: hci5: HCI_REQ-0x0c1a [ 144.076162] Bluetooth: hci6: HCI_REQ-0x0c1a [ 144.076516] Bluetooth: hci2: HCI_REQ-0x0c1a [ 144.079916] Bluetooth: hci3: HCI_REQ-0x0c1a [ 145.736706] Bluetooth: hci0: command 0x0409 tx timeout [ 145.927685] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 145.992753] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 146.119792] Bluetooth: hci5: command 0x0409 tx timeout [ 146.120446] Bluetooth: hci2: command 0x0409 tx timeout [ 146.120930] Bluetooth: hci6: command 0x0409 tx timeout [ 146.184768] Bluetooth: hci3: command 0x0409 tx timeout [ 147.784741] Bluetooth: hci0: command 0x041b tx timeout [ 148.168720] Bluetooth: hci6: command 0x041b tx timeout [ 148.169167] Bluetooth: hci2: command 0x041b tx timeout [ 148.169524] Bluetooth: hci5: command 0x041b tx timeout [ 148.231736] Bluetooth: hci3: command 0x041b tx timeout [ 148.496941] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 148.498508] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 148.499402] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 148.503328] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 148.522600] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 148.523412] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 148.532588] Bluetooth: hci1: HCI_REQ-0x0c1a [ 149.008488] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 149.009473] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 149.010614] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 149.025752] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 149.026661] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 149.039768] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 149.047442] Bluetooth: hci7: HCI_REQ-0x0c1a [ 149.832722] Bluetooth: hci0: command 0x040f tx timeout [ 150.216705] Bluetooth: hci5: command 0x040f tx timeout [ 150.217141] Bluetooth: hci2: command 0x040f tx timeout [ 150.217498] Bluetooth: hci6: command 0x040f tx timeout [ 150.280718] Bluetooth: hci3: command 0x040f tx timeout [ 150.535721] Bluetooth: hci1: command 0x0409 tx timeout [ 150.791726] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 151.112770] Bluetooth: hci7: command 0x0409 tx timeout [ 151.881241] Bluetooth: hci0: command 0x0419 tx timeout [ 152.264740] Bluetooth: hci6: command 0x0419 tx timeout [ 152.265179] Bluetooth: hci2: command 0x0419 tx timeout [ 152.265731] Bluetooth: hci5: command 0x0419 tx timeout [ 152.328708] Bluetooth: hci3: command 0x0419 tx timeout [ 152.584688] Bluetooth: hci1: command 0x041b tx timeout [ 153.160679] Bluetooth: hci7: command 0x041b tx timeout [ 153.263187] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 153.271153] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 153.273364] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 153.279455] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 153.283720] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 153.285258] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 153.287783] Bluetooth: hci4: HCI_REQ-0x0c1a [ 154.632858] Bluetooth: hci1: command 0x040f tx timeout [ 155.208717] Bluetooth: hci7: command 0x040f tx timeout [ 155.336702] Bluetooth: hci4: command 0x0409 tx timeout [ 156.680729] Bluetooth: hci1: command 0x0419 tx timeout [ 157.255786] Bluetooth: hci7: command 0x0419 tx timeout [ 157.384676] Bluetooth: hci4: command 0x041b tx timeout [ 159.431868] Bluetooth: hci4: command 0x040f tx timeout [ 161.479828] Bluetooth: hci4: command 0x0419 tx timeout 16:32:58 executing program 3: shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil) shmget$private(0x0, 0x1000, 0x0, &(0x7f0000fff000/0x1000)=nil) r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil) shmctl$IPC_SET(r0, 0x1, &(0x7f0000000000)={{0x3, 0x0, 0x0, 0xee01}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}) shmat(0x0, &(0x7f0000ffb000/0x4000)=nil, 0x2000) shmctl$IPC_RMID(0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = shmget$private(0x0, 0x4000, 0x100, &(0x7f0000ffa000/0x4000)=nil) shmat(r1, &(0x7f0000ffb000/0x3000)=nil, 0x5000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x208, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00') shmget(0x1, 0x3000, 0x20, &(0x7f0000ff9000/0x3000)=nil) pread64(r2, &(0x7f00000000c0)=""/98, 0x62, 0x7fff) [ 191.470266] audit: type=1400 audit(1664296378.428:7): avc: denied { open } for pid=6553 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 191.473209] audit: type=1400 audit(1664296378.428:8): avc: denied { kernel } for pid=6553 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 191.487806] ------------[ cut here ]------------ [ 191.487842] [ 191.487848] ====================================================== [ 191.487854] WARNING: possible circular locking dependency detected [ 191.487861] 6.0.0-rc6-next-20220923 #1 Not tainted [ 191.487873] ------------------------------------------------------ [ 191.487879] syz-executor.3/6554 is trying to acquire lock: [ 191.487891] ffffffff853faaf8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 191.487962] [ 191.487962] but task is already holding lock: [ 191.487967] ffff88800ed03020 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 191.488018] [ 191.488018] which lock already depends on the new lock. [ 191.488018] [ 191.488023] [ 191.488023] the existing dependency chain (in reverse order) is: [ 191.488029] [ 191.488029] -> #3 (&ctx->lock){....}-{2:2}: [ 191.488054] _raw_spin_lock+0x2a/0x40 [ 191.488089] __perf_event_task_sched_out+0x53b/0x18d0 [ 191.488112] __schedule+0xedd/0x2470 [ 191.488163] schedule+0xda/0x1b0 [ 191.488186] exit_to_user_mode_prepare+0x114/0x1a0 [ 191.488207] syscall_exit_to_user_mode+0x19/0x40 [ 191.488230] do_syscall_64+0x48/0x90 [ 191.488261] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 191.488283] [ 191.488283] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 191.488308] _raw_spin_lock_nested+0x30/0x40 [ 191.488341] raw_spin_rq_lock_nested+0x1e/0x30 [ 191.488365] task_fork_fair+0x63/0x4d0 [ 191.488395] sched_cgroup_fork+0x3d0/0x540 [ 191.488421] copy_process+0x4183/0x6e20 [ 191.488440] kernel_clone+0xe7/0x890 [ 191.488457] user_mode_thread+0xad/0xf0 [ 191.488476] rest_init+0x24/0x250 [ 191.488496] arch_call_rest_init+0xf/0x14 [ 191.488527] start_kernel+0x4c1/0x4e6 [ 191.488555] secondary_startup_64_no_verify+0xe0/0xeb [ 191.488580] [ 191.488580] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 191.488605] _raw_spin_lock_irqsave+0x39/0x60 [ 191.488638] try_to_wake_up+0xab/0x1930 [ 191.488662] up+0x75/0xb0 [ 191.488687] __up_console_sem+0x6e/0x80 [ 191.488715] console_unlock+0x46a/0x590 [ 191.488744] do_con_write+0xc05/0x1d50 [ 191.488765] con_write+0x21/0x40 [ 191.488784] n_tty_write+0x4d4/0xfe0 [ 191.488808] file_tty_write.constprop.0+0x49c/0x8f0 [ 191.488831] vfs_write+0x9c3/0xd90 [ 191.488863] ksys_write+0x127/0x250 [ 191.488894] do_syscall_64+0x3b/0x90 [ 191.488923] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 191.488946] [ 191.488946] -> #0 ((console_sem).lock){....}-{2:2}: [ 191.488971] __lock_acquire+0x2a02/0x5e70 [ 191.489001] lock_acquire+0x1a2/0x530 [ 191.489030] _raw_spin_lock_irqsave+0x39/0x60 [ 191.489063] down_trylock+0xe/0x70 [ 191.489090] __down_trylock_console_sem+0x3b/0xd0 [ 191.489119] vprintk_emit+0x16b/0x560 [ 191.489148] vprintk+0x84/0xa0 [ 191.489177] _printk+0xba/0xf1 [ 191.489196] report_bug.cold+0x72/0xab [ 191.489225] handle_bug+0x3c/0x70 [ 191.489255] exc_invalid_op+0x14/0x50 [ 191.489285] asm_exc_invalid_op+0x16/0x20 [ 191.489305] group_sched_out.part.0+0x2c7/0x460 [ 191.489325] ctx_sched_out+0x8f1/0xc10 [ 191.489344] __perf_event_task_sched_out+0x6d0/0x18d0 [ 191.489366] __schedule+0xedd/0x2470 [ 191.489390] schedule+0xda/0x1b0 [ 191.489414] exit_to_user_mode_prepare+0x114/0x1a0 [ 191.489433] syscall_exit_to_user_mode+0x19/0x40 [ 191.489456] do_syscall_64+0x48/0x90 [ 191.489485] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 191.489508] [ 191.489508] other info that might help us debug this: [ 191.489508] [ 191.489512] Chain exists of: [ 191.489512] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 191.489512] [ 191.489539] Possible unsafe locking scenario: [ 191.489539] [ 191.489544] CPU0 CPU1 [ 191.489548] ---- ---- [ 191.489552] lock(&ctx->lock); [ 191.489563] lock(&rq->__lock); [ 191.489574] lock(&ctx->lock); [ 191.489586] lock((console_sem).lock); [ 191.489596] [ 191.489596] *** DEADLOCK *** [ 191.489596] [ 191.489600] 2 locks held by syz-executor.3/6554: [ 191.489612] #0: ffff88806ce37d18 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 191.489665] #1: ffff88800ed03020 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 191.489716] [ 191.489716] stack backtrace: [ 191.489720] CPU: 0 PID: 6554 Comm: syz-executor.3 Not tainted 6.0.0-rc6-next-20220923 #1 [ 191.489743] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 191.489758] Call Trace: [ 191.489763] [ 191.489771] dump_stack_lvl+0x8b/0xb3 [ 191.489804] check_noncircular+0x263/0x2e0 [ 191.489834] ? format_decode+0x26c/0xb50 [ 191.489863] ? print_circular_bug+0x450/0x450 [ 191.489894] ? enable_ptr_key_workfn+0x20/0x20 [ 191.489924] ? format_decode+0x26c/0xb50 [ 191.489955] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 191.489987] __lock_acquire+0x2a02/0x5e70 [ 191.490027] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 191.490068] lock_acquire+0x1a2/0x530 [ 191.490098] ? down_trylock+0xe/0x70 [ 191.490129] ? lock_release+0x750/0x750 [ 191.490166] ? vprintk+0x84/0xa0 [ 191.490199] _raw_spin_lock_irqsave+0x39/0x60 [ 191.490234] ? down_trylock+0xe/0x70 [ 191.490262] down_trylock+0xe/0x70 [ 191.490291] ? vprintk+0x84/0xa0 [ 191.490321] __down_trylock_console_sem+0x3b/0xd0 [ 191.490353] vprintk_emit+0x16b/0x560 [ 191.490387] vprintk+0x84/0xa0 [ 191.490419] _printk+0xba/0xf1 [ 191.490439] ? record_print_text.cold+0x16/0x16 [ 191.490468] ? report_bug.cold+0x66/0xab [ 191.490501] ? group_sched_out.part.0+0x2c7/0x460 [ 191.490522] report_bug.cold+0x72/0xab [ 191.490556] handle_bug+0x3c/0x70 [ 191.490587] exc_invalid_op+0x14/0x50 [ 191.490620] asm_exc_invalid_op+0x16/0x20 [ 191.490642] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 191.490667] Code: 5e 41 5f e9 5b bb ef ff e8 56 bb ef ff 65 8b 1d 1b 26 ac 7e 31 ff 89 de e8 f6 b7 ef ff 85 db 0f 84 8a 00 00 00 e8 39 bb ef ff <0f> 0b e9 a5 fe ff ff e8 2d bb ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 191.490688] RSP: 0018:ffff8880364cfc48 EFLAGS: 00010006 [ 191.490705] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 191.490718] RDX: ffff888010221ac0 RSI: ffffffff81564fb7 RDI: 0000000000000005 [ 191.490733] RBP: ffff888008668000 R08: 0000000000000005 R09: 0000000000000001 [ 191.490746] R10: 0000000000000000 R11: ffffffff865b001b R12: ffff88800ed03000 [ 191.490760] R13: ffff88806ce3d140 R14: ffffffff8547d040 R15: 0000000000000002 [ 191.490781] ? group_sched_out.part.0+0x2c7/0x460 [ 191.490805] ? group_sched_out.part.0+0x2c7/0x460 [ 191.490830] ctx_sched_out+0x8f1/0xc10 [ 191.490853] __perf_event_task_sched_out+0x6d0/0x18d0 [ 191.490882] ? lock_is_held_type+0xd7/0x130 [ 191.490906] ? __perf_cgroup_move+0x160/0x160 [ 191.490929] ? set_next_entity+0x304/0x550 [ 191.490961] ? update_curr+0x267/0x740 [ 191.490994] ? lock_is_held_type+0xd7/0x130 [ 191.491020] __schedule+0xedd/0x2470 [ 191.491050] ? io_schedule_timeout+0x150/0x150 [ 191.491079] ? rcu_read_lock_sched_held+0x3e/0x80 [ 191.491116] schedule+0xda/0x1b0 [ 191.491143] exit_to_user_mode_prepare+0x114/0x1a0 [ 191.491165] syscall_exit_to_user_mode+0x19/0x40 [ 191.491189] do_syscall_64+0x48/0x90 [ 191.491221] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 191.491245] RIP: 0033:0x7f478d683b19 [ 191.491259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 191.491280] RSP: 002b:00007f478abf9218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 191.491299] RAX: 0000000000000001 RBX: 00007f478d796f68 RCX: 00007f478d683b19 [ 191.491313] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f478d796f6c [ 191.491327] RBP: 00007f478d796f60 R08: 000000000000000e R09: 0000000000000000 [ 191.491340] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f478d796f6c [ 191.491353] R13: 00007fff78ec1a4f R14: 00007f478abf9300 R15: 0000000000022000 [ 191.491376] [ 191.591646] WARNING: CPU: 0 PID: 6554 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 191.592855] Modules linked in: [ 191.593280] CPU: 0 PID: 6554 Comm: syz-executor.3 Not tainted 6.0.0-rc6-next-20220923 #1 [ 191.594317] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 191.595748] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 191.596458] Code: 5e 41 5f e9 5b bb ef ff e8 56 bb ef ff 65 8b 1d 1b 26 ac 7e 31 ff 89 de e8 f6 b7 ef ff 85 db 0f 84 8a 00 00 00 e8 39 bb ef ff <0f> 0b e9 a5 fe ff ff e8 2d bb ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 191.598775] RSP: 0018:ffff8880364cfc48 EFLAGS: 00010006 [ 191.599459] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 191.600391] RDX: ffff888010221ac0 RSI: ffffffff81564fb7 RDI: 0000000000000005 [ 191.601315] RBP: ffff888008668000 R08: 0000000000000005 R09: 0000000000000001 [ 191.602247] R10: 0000000000000000 R11: ffffffff865b001b R12: ffff88800ed03000 [ 191.603168] R13: ffff88806ce3d140 R14: ffffffff8547d040 R15: 0000000000000002 [ 191.604088] FS: 00007f478abf9700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 191.605132] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 191.605886] CR2: 00007fbdd55326f4 CR3: 000000003dbbe000 CR4: 0000000000350ef0 [ 191.606803] Call Trace: [ 191.607146] [ 191.607449] ctx_sched_out+0x8f1/0xc10 [ 191.607974] __perf_event_task_sched_out+0x6d0/0x18d0 [ 191.608679] ? lock_is_held_type+0xd7/0x130 [ 191.609248] ? __perf_cgroup_move+0x160/0x160 [ 191.609844] ? set_next_entity+0x304/0x550 [ 191.610413] ? update_curr+0x267/0x740 [ 191.610943] ? lock_is_held_type+0xd7/0x130 [ 191.611513] __schedule+0xedd/0x2470 [ 191.612042] ? io_schedule_timeout+0x150/0x150 [ 191.612694] ? rcu_read_lock_sched_held+0x3e/0x80 [ 191.613374] schedule+0xda/0x1b0 [ 191.613857] exit_to_user_mode_prepare+0x114/0x1a0 [ 191.614539] syscall_exit_to_user_mode+0x19/0x40 [ 191.615202] do_syscall_64+0x48/0x90 [ 191.615736] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 191.616460] RIP: 0033:0x7f478d683b19 [ 191.616976] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 191.619433] RSP: 002b:00007f478abf9218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 191.620417] RAX: 0000000000000001 RBX: 00007f478d796f68 RCX: 00007f478d683b19 [ 191.621348] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f478d796f6c [ 191.622266] RBP: 00007f478d796f60 R08: 000000000000000e R09: 0000000000000000 [ 191.623176] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f478d796f6c [ 191.624096] R13: 00007fff78ec1a4f R14: 00007f478abf9300 R15: 0000000000022000 [ 191.625042] [ 191.625351] irq event stamp: 1286 [ 191.625794] hardirqs last enabled at (1285): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 191.626995] hardirqs last disabled at (1286): [] __schedule+0x1225/0x2470 [ 191.628060] softirqs last enabled at (1104): [] __irq_exit_rcu+0x11b/0x180 [ 191.629311] softirqs last disabled at (1099): [] __irq_exit_rcu+0x11b/0x180 [ 191.630519] ---[ end trace 0000000000000000 ]--- [ 191.931646] hrtimer: interrupt took 18535 ns 16:32:59 executing program 3: shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil) shmget$private(0x0, 0x1000, 0x0, &(0x7f0000fff000/0x1000)=nil) r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil) shmctl$IPC_SET(r0, 0x1, &(0x7f0000000000)={{0x3, 0x0, 0x0, 0xee01}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}) shmat(0x0, &(0x7f0000ffb000/0x4000)=nil, 0x2000) shmctl$IPC_RMID(0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = shmget$private(0x0, 0x4000, 0x100, &(0x7f0000ffa000/0x4000)=nil) shmat(r1, &(0x7f0000ffb000/0x3000)=nil, 0x5000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x208, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00') shmget(0x1, 0x3000, 0x20, &(0x7f0000ff9000/0x3000)=nil) pread64(r2, &(0x7f00000000c0)=""/98, 0x62, 0x7fff) 16:32:59 executing program 3: shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil) shmget$private(0x0, 0x1000, 0x0, &(0x7f0000fff000/0x1000)=nil) r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil) shmctl$IPC_SET(r0, 0x1, &(0x7f0000000000)={{0x3, 0x0, 0x0, 0xee01}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}) shmat(0x0, &(0x7f0000ffb000/0x4000)=nil, 0x2000) shmctl$IPC_RMID(0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = shmget$private(0x0, 0x4000, 0x100, &(0x7f0000ffa000/0x4000)=nil) shmat(r1, &(0x7f0000ffb000/0x3000)=nil, 0x5000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x208, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00') shmget(0x1, 0x3000, 0x20, &(0x7f0000ff9000/0x3000)=nil) pread64(r2, &(0x7f00000000c0)=""/98, 0x62, 0x7fff) 16:32:59 executing program 3: shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil) shmget$private(0x0, 0x1000, 0x0, &(0x7f0000fff000/0x1000)=nil) r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil) shmctl$IPC_SET(r0, 0x1, &(0x7f0000000000)={{0x3, 0x0, 0x0, 0xee01}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}) shmat(0x0, &(0x7f0000ffb000/0x4000)=nil, 0x2000) shmctl$IPC_RMID(0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = shmget$private(0x0, 0x4000, 0x100, &(0x7f0000ffa000/0x4000)=nil) shmat(r1, &(0x7f0000ffb000/0x3000)=nil, 0x5000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x208, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00') shmget(0x1, 0x3000, 0x20, &(0x7f0000ff9000/0x3000)=nil) pread64(r2, &(0x7f00000000c0)=""/98, 0x62, 0x7fff) 16:33:00 executing program 3: shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil) shmget$private(0x0, 0x1000, 0x0, &(0x7f0000fff000/0x1000)=nil) r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil) shmctl$IPC_SET(r0, 0x1, &(0x7f0000000000)={{0x3, 0x0, 0x0, 0xee01}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}) shmat(0x0, &(0x7f0000ffb000/0x4000)=nil, 0x2000) shmctl$IPC_RMID(0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = shmget$private(0x0, 0x4000, 0x100, &(0x7f0000ffa000/0x4000)=nil) shmat(r1, &(0x7f0000ffb000/0x3000)=nil, 0x5000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x208, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00') shmget(0x1, 0x3000, 0x20, &(0x7f0000ff9000/0x3000)=nil) pread64(r2, &(0x7f00000000c0)=""/98, 0x62, 0x7fff) VM DIAGNOSIS: 16:32:59 Registers: info registers vcpu 0 RAX=000000000000000a RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822b17e1 RDI=ffffffff87645be0 RBP=ffffffff87645ba0 RSP=ffff8880364cf698 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=000000000000000a R13=ffffffff87645ba0 R14=0000000000000010 R15=ffffffff822b17d0 RIP=ffffffff822b1839 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f478abf9700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fbdd55326f4 CR3=000000003dbbe000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007f478d76a7c0 00007f478d76a7c8 YMM02=0000000000000000 0000000000000000 00007f478d76a7e0 00007f478d76a7c0 YMM03=0000000000000000 0000000000000000 00007f478d76a7c8 00007f478d76a7c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=dffffc0000000000 RBX=ffff8880188d7660 RCX=0000000000000000 RDX=0000000000000000 RSI=ffffffff83257b3f RDI=ffff8880188d766c RBP=0000000000000004 RSP=ffff8880188d7578 R8 =ffffffff85edcf28 R9 =ffffffff85edcf2c R10=ffffed100311aec0 R11=ffff8880188d75d8 R12=ffff8880188d7660 R13=0000000000000000 R14=ffff88800ff85040 R15=ffff888008444dc0 RIP=ffffffff81359e3a RFL=00000213 [----A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fce133c0900 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fce128d2120 CR3=000000000f3a6000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 2b7aa8f067c126a2 6647482f7062c8c1 YMM02=0000000000000000 0000000000000000 00000000000fa7c0 5e5c10884646930b YMM03=0000000000000000 0000000000000000 00000000000faae0 aabf2c55a4f4e763 YMM04=0000000000000000 0000000000000000 e12e5be9440185a8 00000000000ae988 YMM05=0000000000000000 0000000000000000 fb16062efa30068e 000000000013f2f0 YMM06=0000000000000000 0000000000000000 fdcb4a477623d008 000000000013f1a8 YMM07=0000000000000000 0000000000000000 120a3f0baf039be0 000000000013f0e8 YMM08=0000000000000000 0000000000000000 d6ad57d02453f0d2 00000000000fab98 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0020002000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000