Extracting prog: 1h27m1.651843036s
Minimizing prog: 35m22.12410713s
Simplifying prog options: 0s
Extracting C: 24.678172501s
Simplifying C: 14m10.915995272s


24 programs, timeouts [15s 1m40s 6m0s]
extracting reproducer from 24 programs
single: executing 4 programs separately with timeout 15s
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-prctl$PR_SCHED_CORE-sched_setaffinity-openat$hwrng-sendmsg$IPCTNL_MSG_CT_GET-syz_genetlink_get_family_id$batadv-preadv-openat$sysfs-getpgrp-openat$kvm-getsockopt$bt_BT_VOICE-ioctl$KVM_CREATE_VM-syz_init_net_socket$bt_hci-bind$bt_hci-setsockopt$SO_TIMESTAMPING-recvmmsg-socket$unix-socket$unix-sendmsg$NL80211_CMD_SET_PMKSA-syz_emit_vhci-inotify_init1-bpf$MAP_CREATE-mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_procs-write$cgroup_pid-openat$cgroup_int-write$cgroup_subtree-socket$nl_route
detailed listing:
executing program 0:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program did not crash
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sched_setaffinity-read$msr-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-socket$inet6_tcp-setsockopt$inet6_tcp_TCP_MD5SIG-bind$inet6-listen-syz_emit_ethernet-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet6-getsockopt$IP_VS_SO_GET_VERSION-prctl$PR_SCHED_CORE-socket$alg-bind$alg-accept4-setsockopt$ALG_SET_KEY-read$alg-recvmmsg-memfd_create-mmap-fcntl$addseals
detailed listing:
executing program 0:
socket$nl_xfrm(0x10, 0x3, 0x6)
sched_setaffinity(0x0, 0x0, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB], &(0x7f0000000440)='GPL\x00'}, 0x90)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000e00)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x44, 0x0, "e541bd3d3aa6a2bf75e9671e8abcb31c134f3a9db8f52e7300fe6e079f35ac63186c7244fc3b3801e79f15ced9fd7e55d0345bce05c13ed90158fbdeb70322ea3188f81890e3db00"}, 0xd8)
bind$inet6(r1, &(0x7f0000000100), 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f00000002c0)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, {[@mss={0x13, 0x4}, @window={0x3, 0x3}, @sack_perm={0x4, 0x2}, @exp_smc={0xfe, 0x6}, @sack_perm={0x4, 0x2}]}}}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10)
r2 = socket$inet6(0xa, 0x80002, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r2, 0x0, 0x480, &(0x7f0000000040), &(0x7f0000000080)=0x40)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
read$alg(r4, &(0x7f0000000080)=""/16, 0x10)
recvmmsg(r4, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0)
r5 = memfd_create(&(0x7f0000000480)='\xff\x00l\x1e\xa0</\x00\x8eO4._\x14zC\x8a\xe8\xe0u\xe0\xff\xf1\xb2\xfd\xf6nz\x05-]\xc2Vk\xaeky\xd3\x83\xe2\xc7\xd3\xe6M^\x98ox\x14\t\xe9Q1\x1dK\x9a\x045\xd37\xb22\xfdD(\xd2\xdd\xa0\xff\x0f\x00\x00\x00\x00\x00\x00v\n\xd8?]k\x14N\x18\xf4\xc2j\xed6g\xfd\xd2\xd4\xe3\x1f\xa6 \xa0\x8d\xb5\x9aE<2`]<\x8cR\xd69\x0fO\xbf\xc3\xbd\xb0\x96\x90\x91k\x86\x1a\x10\xd2\xf5\x8b\xfc\xf4\xd0[\x12\xf5+\x1aS\x02/Yx\xf2jJb\x97\x9c/\x1f5i\xc6\x861\x9a\xff\xc3\xe7\xbfU\xd5\xac\xccB=\x8f\xfd\x84\xeepQ\x93nn\x0f\xc6\xa9?\xad\x8b~\x96@i=G\x9ft\x1d\xcc\xc6Ys7\x7f\x8ehv\xd3$\x13s\xa0\xbfi\xfaFS\xa9=Xe\xf8tI\x15\x882\x8b\x8e-X\xb8\xf2\x9du\x15S^\xec\xce\xfaf$S\x9f\xe7Ed\n\x84\\ u\xd2\x16\xc1\xa5\xa0\xaa\xe8.i\xc8\x0e\vt\xe2\xf1lA\x93\xdd\xce\x8f$\x06v\xbe\xe7\x95nN\xc5\xaa\x1ev\xc6P\x9c\\G&y\x8bYA\xc3}\xd9\x86[\xb2\xf3\x0f\x90%\xcb\x81\xe8\xea\xbcs\x95\xe9\x8eXH\x19m\xdfOY\xf1E9-\xc8\xe7\x13^+(\x034\x82\xafiOO\x14\x8f^\x8c', 0x7)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1046f51d5689e7af, 0x4d091, r5, 0x0)
fcntl$addseals(r5, 0x409, 0xf)

program did not crash
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$ENABLE_STATS-prctl$PR_SCHED_CORE-getpid-process_vm_readv-open-openat$cgroup_ro-write$binfmt_script-recvmmsg-madvise-sendmsg$NL80211_CMD_GET_KEY-openat$ptmx-mknodat$loop-bpf$MAP_CREATE_CONST_STR-socket$inet_udplite-getsockopt$sock_cred-setreuid-bpf$MAP_CREATE_RINGBUF-bpf$PROG_LOAD-writev-socket$netlink-sendmsg$nl_route-syz_emit_vhci-syz_usb_control_io$hid-io_uring_setup-syz_io_uring_setup-syz_io_uring_submit-openat$vcs-dup-socket$inet6_tcp
detailed listing:
executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), 0x1, 0x0, 0x1})
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0)
dup(r9)
socket$inet6_tcp(0xa, 0x1, 0x0)

program did not crash
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-sched_setaffinity-ioctl$KVM_CREATE_VCPU-dup-ioctl$KVM_SET_MSRS-ioctl$KVM_RUN
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
ioctl$KVM_SET_MSRS(r3, 0x4048aecb, &(0x7f0000000040)=ANY=[])
ioctl$KVM_RUN(r2, 0xae80, 0x0)

program did not crash
single: failed to extract reproducer
bisect: bisecting 24 programs with base timeout 15s
testing program (duration=21s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 7, 12, 2, 3, 7, 1, 3, 4, 15, 26, 30, 30, 2, 29, 4, 7, 9, 6, 7, 30, 5, 22, 29]
detailed listing:
executing program 2:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x58, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'syz_tun\x00'}]}]}]}], {0x14}}, 0x80}}, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000440)={@local, @broadcast, @val={@void}, {@ipv4={0x8864, @tipc={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x21, 0x0, 0x6, 0x0, @rand_addr, @dev}, @name_distributor={{0x28, 0x0, 0x0, 0x0, 0x0, 0xa}}}}}}, 0x0)
executing program 2:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x4, r0})
add_key(0x0, 0x0, &(0x7f0000000340)="143fda06ec07c23fde3cb79ed88031e0525844da66056aa14d12625411d03e53ce8b21eb6a1f226e36e0cac952721ddf616e87e9ffe93ac1e52dd133000344f88e2bd1940b122e4b8bfe75b7064af951aebf4702ad6acc0594005cf451e566a70a32db2041f15744318ba584e6b34cb67ef7e7c0f5b45bb40534e3afdd3909e48f4e3e368043a32ed1c11081d1cbc2d4408637fcc3d9c30aa0f86b4d38219b35ad30cb1f4388f03e1d475300dde6374b94340632c98c8cb13273cece1688495104", 0xc1, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000140)={0x0, 0x40, 0x4, {0x2, @raw_data="3d924b8271394fa4ec01eb92492ff84715d1a004d08b012a7cafe27a5f313d31bbdae50511ca5be6bfe92437ed0d21b5180e375be56b3b9306d7dbb26bf9f22de7ac7681cca450055250217bdf1113b4258293ba4efed33147bda8454dd115bd5ba066ba06f2854cc96db9a98055cbde9fd084a1223ada91ed2e832907a01ab5ee65f997b617f73d1aa5a6dfc47acdc5eb834f8e448469d235e4380cbcc3310200970349a3c1374ffec96177b67caa0656f9664277cadb8597e7d911ad1da457ef9744b0993c57a7"}})
ioctl$vim2m_VIDIOC_PREPARE_BUF(r2, 0xc058565d, &(0x7f00000003c0)=@fd={0x0, 0x2, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "f06e4b56"}, 0x0, 0x4, {}, 0x5c000000})
executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000080)='./file1\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x2, 0x3, 0x0, 0x6, 0x7fffffff})
mkdir(&(0x7f0000000140)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
openat$incfs(0xffffffffffffff9c, &(0x7f0000000140)='.pending_reads\x00', 0x41, 0x0)
executing program 2:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000008280)={&(0x7f0000008200)={0x18, 0x1, 0x9, 0x5, 0x0, 0x0, {}, [@NFCTH_TUPLE={0x4}]}, 0x18}}, 0x0)
executing program 2:
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)={0x14, 0x1a, 0xa01}, 0x14}}, 0x0)
executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
ioctl$KVM_SET_MSRS(r3, 0x4048aecb, &(0x7f0000000040)=ANY=[])
ioctl$KVM_RUN(r2, 0xae80, 0x0)
executing program 3:
syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @local}}}}}, 0x0)
executing program 0:
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)={0x14, 0x1a, 0xa01}, 0x14}}, 0x0)
executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0xbf3a}]}]}, 0x28}}, 0x0)
executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x2, 0x6, &(0x7f0000000180)=ANY=[@ANYBLOB="1802000000000000000000000000000018200000", @ANYRES32=r1, @ANYBLOB="000000000000005d9b000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xd2, &(0x7f0000000040)=""/210}, 0x21)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x20001400)
executing program 3:
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = eventfd(0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000380)=""/138, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000180)={0x0, r2})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c00000010000100000000cb7850fe77a0b0d5be20f8e91a06b57f282228d7addf5e601efcc884e38cfa176cae43329481a82aa025ef3811a6fff2c2e8413c9f1b24b913a3272658af71cce3059324523bce4ec08743e0ac88dcf9c8fee0b938f3e7520885c18271f100"/130, @ANYRES32=0x0, @ANYBLOB="000000000000000014000300626f6e643000000000000000000000000500270006000000"], 0x3c}}, 0x0)
pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000500)={0x1fe}, 0x0, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x20000)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000380)="1800000069006bcd8effffff000000000000", 0x12}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x59, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000540)={'#! ', './file0'}, 0xb)
executing program 1:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), 0x1, 0x0, 0x1})
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0)
dup(r9)
socket$inet6_tcp(0xa, 0x1, 0x0)
executing program 0:
socket$alg(0x26, 0x5, 0x0)
r0 = inotify_init1(0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
open(0x0, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x81, 0x7f, 0x1}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000180)={0x0, 0x0, 0x20}, 0xc)
sendto$inet6(r6, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r7, &(0x7f0000000240)="0093ba7b3600000000000000", 0xc, 0x0, 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="180000002a000900000000000000000004b8fa2c82f5c68dc7b400882b04001a80715d2e7b9d37643fe8dd41d385efbf3a50e6bd7902661593eb14"], 0x18}, 0x1, 0x3000000}, 0x0)
r9 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f00000001c0))
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r4, 0x84, 0x73, 0x0, &(0x7f00000002c0))
ioctl$SNDCTL_DSP_SETFMT(r9, 0xc0045005, &(0x7f0000000040)=0x10000)
read$dsp(r9, &(0x7f00000000c0)=""/108, 0x6c)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000500), &(0x7f0000000540)=ANY=[@ANYBLOB="c225a74940a5d6a3c3c90c7b88ee174ff9f9dd624e5d622d02770234018e407617b3a75752974f76", @ANYRES8=0x0, @ANYRESDEC=r0, @ANYRES32=r1, @ANYRES32=r3, @ANYRES8=r5], 0xf8d, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000008280)={&(0x7f0000008200)={0x18, 0x1, 0x9, 0x5, 0x0, 0x0, {}, [@NFCTH_TUPLE={0x4}]}, 0x18}}, 0x0)
executing program 1:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)
executing program 1:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000140)={0x0, 0x0, 0x20, 0xe7}, &(0x7f00000001c0)=0x18)
executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x1c}}, 0x0)
getsockname(r1, &(0x7f0000000280)=@xdp={0x2c, 0x0, <r2=>0x0}, &(0x7f0000000040)=0x80)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@newlink={0x34, 0x10, 0x581, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}]}, 0x34}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=@bridge_newvlan={0x3c, 0x70, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r2}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x0, 0x600}}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x0, 0x4}}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x0, 0x3}}}]}, 0x3c}, 0x1, 0x5502000000000000}, 0x0)
executing program 0:
socket$kcm(0x2, 0xa, 0x2)
r0 = syz_io_uring_setup(0x7dca, &(0x7f0000000340)={0x0, 0x0, 0x10100}, &(0x7f0000000140), &(0x7f0000000100)=<r1=>0x0)
syz_io_uring_setup(0x1868, &(0x7f00000003c0), &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000180))
syz_io_uring_submit(r2, r1, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r0, 0x184c, 0x0, 0x0, 0x0, 0x0)
r3 = io_uring_setup(0x7058, &(0x7f0000000040))
symlinkat(&(0x7f0000000000)='./file0/file0\x00', 0xffffffffffffffff, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0x18, 0x20000000, r4)
executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
io_uring_setup(0x0, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x2c)
r1 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000040)={{{@in=@local, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x6c}, 0xa, @in6=@loopback, 0x0, 0x4}}, 0xe8)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
executing program 3:
bpf$LINK_GET_NEXT_ID(0x1f, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0xc, &(0x7f0000000080)=ANY=[@ANYBLOB="180200000a00000000000000000000008500000087000000180100002020784200000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f86dd", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
executing program 1:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), 0x1, 0x0, 0x1})
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0)
dup(r9)
socket$inet6_tcp(0xa, 0x1, 0x0)
executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00')
syz_io_uring_setup(0x0, 0x0, 0x0, 0x0)
fchdir(r1)
sendmmsg$unix(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)=@abs={0x1, 0x30}, 0x6e, 0x0}}], 0x1, 0x0)
executing program 0:
socket$nl_xfrm(0x10, 0x3, 0x6)
sched_setaffinity(0x0, 0x0, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB], &(0x7f0000000440)='GPL\x00'}, 0x90)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000e00)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x44, 0x0, "e541bd3d3aa6a2bf75e9671e8abcb31c134f3a9db8f52e7300fe6e079f35ac63186c7244fc3b3801e79f15ced9fd7e55d0345bce05c13ed90158fbdeb70322ea3188f81890e3db00"}, 0xd8)
bind$inet6(r1, &(0x7f0000000100), 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f00000002c0)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, {[@mss={0x13, 0x4}, @window={0x3, 0x3}, @sack_perm={0x4, 0x2}, @exp_smc={0xfe, 0x6}, @sack_perm={0x4, 0x2}]}}}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10)
r2 = socket$inet6(0xa, 0x80002, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r2, 0x0, 0x480, &(0x7f0000000040), &(0x7f0000000080)=0x40)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
read$alg(r4, &(0x7f0000000080)=""/16, 0x10)
recvmmsg(r4, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0)
r5 = memfd_create(&(0x7f0000000480)='\xff\x00l\x1e\xa0</\x00\x8eO4._\x14zC\x8a\xe8\xe0u\xe0\xff\xf1\xb2\xfd\xf6nz\x05-]\xc2Vk\xaeky\xd3\x83\xe2\xc7\xd3\xe6M^\x98ox\x14\t\xe9Q1\x1dK\x9a\x045\xd37\xb22\xfdD(\xd2\xdd\xa0\xff\x0f\x00\x00\x00\x00\x00\x00v\n\xd8?]k\x14N\x18\xf4\xc2j\xed6g\xfd\xd2\xd4\xe3\x1f\xa6 \xa0\x8d\xb5\x9aE<2`]<\x8cR\xd69\x0fO\xbf\xc3\xbd\xb0\x96\x90\x91k\x86\x1a\x10\xd2\xf5\x8b\xfc\xf4\xd0[\x12\xf5+\x1aS\x02/Yx\xf2jJb\x97\x9c/\x1f5i\xc6\x861\x9a\xff\xc3\xe7\xbfU\xd5\xac\xccB=\x8f\xfd\x84\xeepQ\x93nn\x0f\xc6\xa9?\xad\x8b~\x96@i=G\x9ft\x1d\xcc\xc6Ys7\x7f\x8ehv\xd3$\x13s\xa0\xbfi\xfaFS\xa9=Xe\xf8tI\x15\x882\x8b\x8e-X\xb8\xf2\x9du\x15S^\xec\xce\xfaf$S\x9f\xe7Ed\n\x84\\ u\xd2\x16\xc1\xa5\xa0\xaa\xe8.i\xc8\x0e\vt\xe2\xf1lA\x93\xdd\xce\x8f$\x06v\xbe\xe7\x95nN\xc5\xaa\x1ev\xc6P\x9c\\G&y\x8bYA\xc3}\xd9\x86[\xb2\xf3\x0f\x90%\xcb\x81\xe8\xea\xbcs\x95\xe9\x8eXH\x19m\xdfOY\xf1E9-\xc8\xe7\x13^+(\x034\x82\xafiOO\x14\x8f^\x8c', 0x7)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1046f51d5689e7af, 0x4d091, r5, 0x0)
fcntl$addseals(r5, 0x409, 0xf)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
bisect: bisecting 24 programs
bisect: split chunks (needed=false): <24>
bisect: split chunk #0 of len 24 into 3 parts
bisect: testing without sub-chunk 1/3
testing program (duration=19s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 15, 26, 30, 30, 2, 29, 4, 7, 9, 6, 7, 30, 5, 22, 29]
detailed listing:
executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0xbf3a}]}]}, 0x28}}, 0x0)
executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x2, 0x6, &(0x7f0000000180)=ANY=[@ANYBLOB="1802000000000000000000000000000018200000", @ANYRES32=r1, @ANYBLOB="000000000000005d9b000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xd2, &(0x7f0000000040)=""/210}, 0x21)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x20001400)
executing program 3:
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = eventfd(0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000380)=""/138, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000180)={0x0, r2})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c00000010000100000000cb7850fe77a0b0d5be20f8e91a06b57f282228d7addf5e601efcc884e38cfa176cae43329481a82aa025ef3811a6fff2c2e8413c9f1b24b913a3272658af71cce3059324523bce4ec08743e0ac88dcf9c8fee0b938f3e7520885c18271f100"/130, @ANYRES32=0x0, @ANYBLOB="000000000000000014000300626f6e643000000000000000000000000500270006000000"], 0x3c}}, 0x0)
pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000500)={0x1fe}, 0x0, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x20000)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000380)="1800000069006bcd8effffff000000000000", 0x12}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x59, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000540)={'#! ', './file0'}, 0xb)
executing program 1:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), 0x1, 0x0, 0x1})
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0)
dup(r9)
socket$inet6_tcp(0xa, 0x1, 0x0)
executing program 0:
socket$alg(0x26, 0x5, 0x0)
r0 = inotify_init1(0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
open(0x0, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x81, 0x7f, 0x1}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000180)={0x0, 0x0, 0x20}, 0xc)
sendto$inet6(r6, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r7, &(0x7f0000000240)="0093ba7b3600000000000000", 0xc, 0x0, 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="180000002a000900000000000000000004b8fa2c82f5c68dc7b400882b04001a80715d2e7b9d37643fe8dd41d385efbf3a50e6bd7902661593eb14"], 0x18}, 0x1, 0x3000000}, 0x0)
r9 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f00000001c0))
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r4, 0x84, 0x73, 0x0, &(0x7f00000002c0))
ioctl$SNDCTL_DSP_SETFMT(r9, 0xc0045005, &(0x7f0000000040)=0x10000)
read$dsp(r9, &(0x7f00000000c0)=""/108, 0x6c)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000500), &(0x7f0000000540)=ANY=[@ANYBLOB="c225a74940a5d6a3c3c90c7b88ee174ff9f9dd624e5d622d02770234018e407617b3a75752974f76", @ANYRES8=0x0, @ANYRESDEC=r0, @ANYRES32=r1, @ANYRES32=r3, @ANYRES8=r5], 0xf8d, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000008280)={&(0x7f0000008200)={0x18, 0x1, 0x9, 0x5, 0x0, 0x0, {}, [@NFCTH_TUPLE={0x4}]}, 0x18}}, 0x0)
executing program 1:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)
executing program 1:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000140)={0x0, 0x0, 0x20, 0xe7}, &(0x7f00000001c0)=0x18)
executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x1c}}, 0x0)
getsockname(r1, &(0x7f0000000280)=@xdp={0x2c, 0x0, <r2=>0x0}, &(0x7f0000000040)=0x80)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@newlink={0x34, 0x10, 0x581, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}]}, 0x34}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=@bridge_newvlan={0x3c, 0x70, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r2}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x0, 0x600}}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x0, 0x4}}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x0, 0x3}}}]}, 0x3c}, 0x1, 0x5502000000000000}, 0x0)
executing program 0:
socket$kcm(0x2, 0xa, 0x2)
r0 = syz_io_uring_setup(0x7dca, &(0x7f0000000340)={0x0, 0x0, 0x10100}, &(0x7f0000000140), &(0x7f0000000100)=<r1=>0x0)
syz_io_uring_setup(0x1868, &(0x7f00000003c0), &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000180))
syz_io_uring_submit(r2, r1, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r0, 0x184c, 0x0, 0x0, 0x0, 0x0)
r3 = io_uring_setup(0x7058, &(0x7f0000000040))
symlinkat(&(0x7f0000000000)='./file0/file0\x00', 0xffffffffffffffff, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0x18, 0x20000000, r4)
executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
io_uring_setup(0x0, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x2c)
r1 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000040)={{{@in=@local, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x6c}, 0xa, @in6=@loopback, 0x0, 0x4}}, 0xe8)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
executing program 3:
bpf$LINK_GET_NEXT_ID(0x1f, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0xc, &(0x7f0000000080)=ANY=[@ANYBLOB="180200000a00000000000000000000008500000087000000180100002020784200000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f86dd", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
executing program 1:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), 0x1, 0x0, 0x1})
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0)
dup(r9)
socket$inet6_tcp(0xa, 0x1, 0x0)
executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00')
syz_io_uring_setup(0x0, 0x0, 0x0, 0x0)
fchdir(r1)
sendmmsg$unix(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)=@abs={0x1, 0x30}, 0x6e, 0x0}}], 0x1, 0x0)
executing program 0:
socket$nl_xfrm(0x10, 0x3, 0x6)
sched_setaffinity(0x0, 0x0, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB], &(0x7f0000000440)='GPL\x00'}, 0x90)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000e00)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x44, 0x0, "e541bd3d3aa6a2bf75e9671e8abcb31c134f3a9db8f52e7300fe6e079f35ac63186c7244fc3b3801e79f15ced9fd7e55d0345bce05c13ed90158fbdeb70322ea3188f81890e3db00"}, 0xd8)
bind$inet6(r1, &(0x7f0000000100), 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f00000002c0)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, {[@mss={0x13, 0x4}, @window={0x3, 0x3}, @sack_perm={0x4, 0x2}, @exp_smc={0xfe, 0x6}, @sack_perm={0x4, 0x2}]}}}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10)
r2 = socket$inet6(0xa, 0x80002, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r2, 0x0, 0x480, &(0x7f0000000040), &(0x7f0000000080)=0x40)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
read$alg(r4, &(0x7f0000000080)=""/16, 0x10)
recvmmsg(r4, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0)
r5 = memfd_create(&(0x7f0000000480)='\xff\x00l\x1e\xa0</\x00\x8eO4._\x14zC\x8a\xe8\xe0u\xe0\xff\xf1\xb2\xfd\xf6nz\x05-]\xc2Vk\xaeky\xd3\x83\xe2\xc7\xd3\xe6M^\x98ox\x14\t\xe9Q1\x1dK\x9a\x045\xd37\xb22\xfdD(\xd2\xdd\xa0\xff\x0f\x00\x00\x00\x00\x00\x00v\n\xd8?]k\x14N\x18\xf4\xc2j\xed6g\xfd\xd2\xd4\xe3\x1f\xa6 \xa0\x8d\xb5\x9aE<2`]<\x8cR\xd69\x0fO\xbf\xc3\xbd\xb0\x96\x90\x91k\x86\x1a\x10\xd2\xf5\x8b\xfc\xf4\xd0[\x12\xf5+\x1aS\x02/Yx\xf2jJb\x97\x9c/\x1f5i\xc6\x861\x9a\xff\xc3\xe7\xbfU\xd5\xac\xccB=\x8f\xfd\x84\xeepQ\x93nn\x0f\xc6\xa9?\xad\x8b~\x96@i=G\x9ft\x1d\xcc\xc6Ys7\x7f\x8ehv\xd3$\x13s\xa0\xbfi\xfaFS\xa9=Xe\xf8tI\x15\x882\x8b\x8e-X\xb8\xf2\x9du\x15S^\xec\xce\xfaf$S\x9f\xe7Ed\n\x84\\ u\xd2\x16\xc1\xa5\xa0\xaa\xe8.i\xc8\x0e\vt\xe2\xf1lA\x93\xdd\xce\x8f$\x06v\xbe\xe7\x95nN\xc5\xaa\x1ev\xc6P\x9c\\G&y\x8bYA\xc3}\xd9\x86[\xb2\xf3\x0f\x90%\xcb\x81\xe8\xea\xbcs\x95\xe9\x8eXH\x19m\xdfOY\xf1E9-\xc8\xe7\x13^+(\x034\x82\xafiOO\x14\x8f^\x8c', 0x7)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1046f51d5689e7af, 0x4d091, r5, 0x0)
fcntl$addseals(r5, 0x409, 0xf)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/3
testing program (duration=17s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [7, 9, 6, 7, 30, 5, 22, 29]
detailed listing:
executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x1c}}, 0x0)
getsockname(r1, &(0x7f0000000280)=@xdp={0x2c, 0x0, <r2=>0x0}, &(0x7f0000000040)=0x80)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@newlink={0x34, 0x10, 0x581, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}]}, 0x34}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=@bridge_newvlan={0x3c, 0x70, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r2}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x0, 0x600}}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x0, 0x4}}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x0, 0x3}}}]}, 0x3c}, 0x1, 0x5502000000000000}, 0x0)
executing program 0:
socket$kcm(0x2, 0xa, 0x2)
r0 = syz_io_uring_setup(0x7dca, &(0x7f0000000340)={0x0, 0x0, 0x10100}, &(0x7f0000000140), &(0x7f0000000100)=<r1=>0x0)
syz_io_uring_setup(0x1868, &(0x7f00000003c0), &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000180))
syz_io_uring_submit(r2, r1, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r0, 0x184c, 0x0, 0x0, 0x0, 0x0)
r3 = io_uring_setup(0x7058, &(0x7f0000000040))
symlinkat(&(0x7f0000000000)='./file0/file0\x00', 0xffffffffffffffff, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0x18, 0x20000000, r4)
executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
io_uring_setup(0x0, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x2c)
r1 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000040)={{{@in=@local, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x6c}, 0xa, @in6=@loopback, 0x0, 0x4}}, 0xe8)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
executing program 3:
bpf$LINK_GET_NEXT_ID(0x1f, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0xc, &(0x7f0000000080)=ANY=[@ANYBLOB="180200000a00000000000000000000008500000087000000180100002020784200000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f86dd", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
executing program 1:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), 0x1, 0x0, 0x1})
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0)
dup(r9)
socket$inet6_tcp(0xa, 0x1, 0x0)
executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00')
syz_io_uring_setup(0x0, 0x0, 0x0, 0x0)
fchdir(r1)
sendmmsg$unix(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)=@abs={0x1, 0x30}, 0x6e, 0x0}}], 0x1, 0x0)
executing program 0:
socket$nl_xfrm(0x10, 0x3, 0x6)
sched_setaffinity(0x0, 0x0, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB], &(0x7f0000000440)='GPL\x00'}, 0x90)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000e00)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x44, 0x0, "e541bd3d3aa6a2bf75e9671e8abcb31c134f3a9db8f52e7300fe6e079f35ac63186c7244fc3b3801e79f15ced9fd7e55d0345bce05c13ed90158fbdeb70322ea3188f81890e3db00"}, 0xd8)
bind$inet6(r1, &(0x7f0000000100), 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f00000002c0)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, {[@mss={0x13, 0x4}, @window={0x3, 0x3}, @sack_perm={0x4, 0x2}, @exp_smc={0xfe, 0x6}, @sack_perm={0x4, 0x2}]}}}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10)
r2 = socket$inet6(0xa, 0x80002, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r2, 0x0, 0x480, &(0x7f0000000040), &(0x7f0000000080)=0x40)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
read$alg(r4, &(0x7f0000000080)=""/16, 0x10)
recvmmsg(r4, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0)
r5 = memfd_create(&(0x7f0000000480)='\xff\x00l\x1e\xa0</\x00\x8eO4._\x14zC\x8a\xe8\xe0u\xe0\xff\xf1\xb2\xfd\xf6nz\x05-]\xc2Vk\xaeky\xd3\x83\xe2\xc7\xd3\xe6M^\x98ox\x14\t\xe9Q1\x1dK\x9a\x045\xd37\xb22\xfdD(\xd2\xdd\xa0\xff\x0f\x00\x00\x00\x00\x00\x00v\n\xd8?]k\x14N\x18\xf4\xc2j\xed6g\xfd\xd2\xd4\xe3\x1f\xa6 \xa0\x8d\xb5\x9aE<2`]<\x8cR\xd69\x0fO\xbf\xc3\xbd\xb0\x96\x90\x91k\x86\x1a\x10\xd2\xf5\x8b\xfc\xf4\xd0[\x12\xf5+\x1aS\x02/Yx\xf2jJb\x97\x9c/\x1f5i\xc6\x861\x9a\xff\xc3\xe7\xbfU\xd5\xac\xccB=\x8f\xfd\x84\xeepQ\x93nn\x0f\xc6\xa9?\xad\x8b~\x96@i=G\x9ft\x1d\xcc\xc6Ys7\x7f\x8ehv\xd3$\x13s\xa0\xbfi\xfaFS\xa9=Xe\xf8tI\x15\x882\x8b\x8e-X\xb8\xf2\x9du\x15S^\xec\xce\xfaf$S\x9f\xe7Ed\n\x84\\ u\xd2\x16\xc1\xa5\xa0\xaa\xe8.i\xc8\x0e\vt\xe2\xf1lA\x93\xdd\xce\x8f$\x06v\xbe\xe7\x95nN\xc5\xaa\x1ev\xc6P\x9c\\G&y\x8bYA\xc3}\xd9\x86[\xb2\xf3\x0f\x90%\xcb\x81\xe8\xea\xbcs\x95\xe9\x8eXH\x19m\xdfOY\xf1E9-\xc8\xe7\x13^+(\x034\x82\xafiOO\x14\x8f^\x8c', 0x7)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1046f51d5689e7af, 0x4d091, r5, 0x0)
fcntl$addseals(r5, 0x409, 0xf)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program did not crash
bisect: testing without sub-chunk 3/3
testing program (duration=17s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 15, 26, 30, 30, 2, 29, 4]
detailed listing:
executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0xbf3a}]}]}, 0x28}}, 0x0)
executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x2, 0x6, &(0x7f0000000180)=ANY=[@ANYBLOB="1802000000000000000000000000000018200000", @ANYRES32=r1, @ANYBLOB="000000000000005d9b000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xd2, &(0x7f0000000040)=""/210}, 0x21)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x20001400)
executing program 3:
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = eventfd(0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000380)=""/138, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000180)={0x0, r2})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c00000010000100000000cb7850fe77a0b0d5be20f8e91a06b57f282228d7addf5e601efcc884e38cfa176cae43329481a82aa025ef3811a6fff2c2e8413c9f1b24b913a3272658af71cce3059324523bce4ec08743e0ac88dcf9c8fee0b938f3e7520885c18271f100"/130, @ANYRES32=0x0, @ANYBLOB="000000000000000014000300626f6e643000000000000000000000000500270006000000"], 0x3c}}, 0x0)
pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000500)={0x1fe}, 0x0, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x20000)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000380)="1800000069006bcd8effffff000000000000", 0x12}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x59, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000540)={'#! ', './file0'}, 0xb)
executing program 1:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), 0x1, 0x0, 0x1})
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0)
dup(r9)
socket$inet6_tcp(0xa, 0x1, 0x0)
executing program 0:
socket$alg(0x26, 0x5, 0x0)
r0 = inotify_init1(0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
open(0x0, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x81, 0x7f, 0x1}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000180)={0x0, 0x0, 0x20}, 0xc)
sendto$inet6(r6, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r7, &(0x7f0000000240)="0093ba7b3600000000000000", 0xc, 0x0, 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="180000002a000900000000000000000004b8fa2c82f5c68dc7b400882b04001a80715d2e7b9d37643fe8dd41d385efbf3a50e6bd7902661593eb14"], 0x18}, 0x1, 0x3000000}, 0x0)
r9 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f00000001c0))
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r4, 0x84, 0x73, 0x0, &(0x7f00000002c0))
ioctl$SNDCTL_DSP_SETFMT(r9, 0xc0045005, &(0x7f0000000040)=0x10000)
read$dsp(r9, &(0x7f00000000c0)=""/108, 0x6c)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000500), &(0x7f0000000540)=ANY=[@ANYBLOB="c225a74940a5d6a3c3c90c7b88ee174ff9f9dd624e5d622d02770234018e407617b3a75752974f76", @ANYRES8=0x0, @ANYRESDEC=r0, @ANYRES32=r1, @ANYRES32=r3, @ANYRES8=r5], 0xf8d, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000008280)={&(0x7f0000008200)={0x18, 0x1, 0x9, 0x5, 0x0, 0x0, {}, [@NFCTH_TUPLE={0x4}]}, 0x18}}, 0x0)
executing program 1:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)
executing program 1:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000140)={0x0, 0x0, 0x20, 0xe7}, &(0x7f00000001c0)=0x18)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <8>
bisect: split chunk #0 of len 8 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=16s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [30, 2, 29, 4]
detailed listing:
executing program 0:
socket$alg(0x26, 0x5, 0x0)
r0 = inotify_init1(0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
open(0x0, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x81, 0x7f, 0x1}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000180)={0x0, 0x0, 0x20}, 0xc)
sendto$inet6(r6, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r7, &(0x7f0000000240)="0093ba7b3600000000000000", 0xc, 0x0, 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="180000002a000900000000000000000004b8fa2c82f5c68dc7b400882b04001a80715d2e7b9d37643fe8dd41d385efbf3a50e6bd7902661593eb14"], 0x18}, 0x1, 0x3000000}, 0x0)
r9 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f00000001c0))
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r4, 0x84, 0x73, 0x0, &(0x7f00000002c0))
ioctl$SNDCTL_DSP_SETFMT(r9, 0xc0045005, &(0x7f0000000040)=0x10000)
read$dsp(r9, &(0x7f00000000c0)=""/108, 0x6c)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000500), &(0x7f0000000540)=ANY=[@ANYBLOB="c225a74940a5d6a3c3c90c7b88ee174ff9f9dd624e5d622d02770234018e407617b3a75752974f76", @ANYRES8=0x0, @ANYRESDEC=r0, @ANYRES32=r1, @ANYRES32=r3, @ANYRES8=r5], 0xf8d, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000008280)={&(0x7f0000008200)={0x18, 0x1, 0x9, 0x5, 0x0, 0x0, {}, [@NFCTH_TUPLE={0x4}]}, 0x18}}, 0x0)
executing program 1:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)
executing program 1:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000140)={0x0, 0x0, 0x20, 0xe7}, &(0x7f00000001c0)=0x18)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=16s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 15, 26, 30]
detailed listing:
executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0xbf3a}]}]}, 0x28}}, 0x0)
executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x2, 0x6, &(0x7f0000000180)=ANY=[@ANYBLOB="1802000000000000000000000000000018200000", @ANYRES32=r1, @ANYBLOB="000000000000005d9b000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xd2, &(0x7f0000000040)=""/210}, 0x21)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x20001400)
executing program 3:
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = eventfd(0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000380)=""/138, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000180)={0x0, r2})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c00000010000100000000cb7850fe77a0b0d5be20f8e91a06b57f282228d7addf5e601efcc884e38cfa176cae43329481a82aa025ef3811a6fff2c2e8413c9f1b24b913a3272658af71cce3059324523bce4ec08743e0ac88dcf9c8fee0b938f3e7520885c18271f100"/130, @ANYRES32=0x0, @ANYBLOB="000000000000000014000300626f6e643000000000000000000000000500270006000000"], 0x3c}}, 0x0)
pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000500)={0x1fe}, 0x0, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x20000)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000380)="1800000069006bcd8effffff000000000000", 0x12}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x59, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000540)={'#! ', './file0'}, 0xb)
executing program 1:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), 0x1, 0x0, 0x1})
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0)
dup(r9)
socket$inet6_tcp(0xa, 0x1, 0x0)

program did not crash
bisect: split chunks (needed=true): <4>, <4>
bisect: split chunk #0 of len 4 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=16s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [26, 30, 30, 2, 29, 4]
detailed listing:
executing program 3:
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = eventfd(0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000380)=""/138, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000180)={0x0, r2})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c00000010000100000000cb7850fe77a0b0d5be20f8e91a06b57f282228d7addf5e601efcc884e38cfa176cae43329481a82aa025ef3811a6fff2c2e8413c9f1b24b913a3272658af71cce3059324523bce4ec08743e0ac88dcf9c8fee0b938f3e7520885c18271f100"/130, @ANYRES32=0x0, @ANYBLOB="000000000000000014000300626f6e643000000000000000000000000500270006000000"], 0x3c}}, 0x0)
pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000500)={0x1fe}, 0x0, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x20000)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000380)="1800000069006bcd8effffff000000000000", 0x12}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x59, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000540)={'#! ', './file0'}, 0xb)
executing program 1:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), 0x1, 0x0, 0x1})
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0)
dup(r9)
socket$inet6_tcp(0xa, 0x1, 0x0)
executing program 0:
socket$alg(0x26, 0x5, 0x0)
r0 = inotify_init1(0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
open(0x0, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x81, 0x7f, 0x1}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000180)={0x0, 0x0, 0x20}, 0xc)
sendto$inet6(r6, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r7, &(0x7f0000000240)="0093ba7b3600000000000000", 0xc, 0x0, 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="180000002a000900000000000000000004b8fa2c82f5c68dc7b400882b04001a80715d2e7b9d37643fe8dd41d385efbf3a50e6bd7902661593eb14"], 0x18}, 0x1, 0x3000000}, 0x0)
r9 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f00000001c0))
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r4, 0x84, 0x73, 0x0, &(0x7f00000002c0))
ioctl$SNDCTL_DSP_SETFMT(r9, 0xc0045005, &(0x7f0000000040)=0x10000)
read$dsp(r9, &(0x7f00000000c0)=""/108, 0x6c)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000500), &(0x7f0000000540)=ANY=[@ANYBLOB="c225a74940a5d6a3c3c90c7b88ee174ff9f9dd624e5d622d02770234018e407617b3a75752974f76", @ANYRES8=0x0, @ANYRESDEC=r0, @ANYRES32=r1, @ANYRES32=r3, @ANYRES8=r5], 0xf8d, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000008280)={&(0x7f0000008200)={0x18, 0x1, 0x9, 0x5, 0x0, 0x0, {}, [@NFCTH_TUPLE={0x4}]}, 0x18}}, 0x0)
executing program 1:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)
executing program 1:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000140)={0x0, 0x0, 0x20, 0xe7}, &(0x7f00000001c0)=0x18)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=16s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 15, 30, 2, 29, 4]
detailed listing:
executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0xbf3a}]}]}, 0x28}}, 0x0)
executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x2, 0x6, &(0x7f0000000180)=ANY=[@ANYBLOB="1802000000000000000000000000000018200000", @ANYRES32=r1, @ANYBLOB="000000000000005d9b000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xd2, &(0x7f0000000040)=""/210}, 0x21)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x20001400)
executing program 0:
socket$alg(0x26, 0x5, 0x0)
r0 = inotify_init1(0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
open(0x0, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x81, 0x7f, 0x1}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000180)={0x0, 0x0, 0x20}, 0xc)
sendto$inet6(r6, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r7, &(0x7f0000000240)="0093ba7b3600000000000000", 0xc, 0x0, 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="180000002a000900000000000000000004b8fa2c82f5c68dc7b400882b04001a80715d2e7b9d37643fe8dd41d385efbf3a50e6bd7902661593eb14"], 0x18}, 0x1, 0x3000000}, 0x0)
r9 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f00000001c0))
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r4, 0x84, 0x73, 0x0, &(0x7f00000002c0))
ioctl$SNDCTL_DSP_SETFMT(r9, 0xc0045005, &(0x7f0000000040)=0x10000)
read$dsp(r9, &(0x7f00000000c0)=""/108, 0x6c)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000500), &(0x7f0000000540)=ANY=[@ANYBLOB="c225a74940a5d6a3c3c90c7b88ee174ff9f9dd624e5d622d02770234018e407617b3a75752974f76", @ANYRES8=0x0, @ANYRESDEC=r0, @ANYRES32=r1, @ANYRES32=r3, @ANYRES8=r5], 0xf8d, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000008280)={&(0x7f0000008200)={0x18, 0x1, 0x9, 0x5, 0x0, 0x0, {}, [@NFCTH_TUPLE={0x4}]}, 0x18}}, 0x0)
executing program 1:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)
executing program 1:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000140)={0x0, 0x0, 0x20, 0xe7}, &(0x7f00000001c0)=0x18)

program did not crash
bisect: split chunk #1 of len 4 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=16s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 15, 26, 30, 29, 4]
detailed listing:
executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0xbf3a}]}]}, 0x28}}, 0x0)
executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x2, 0x6, &(0x7f0000000180)=ANY=[@ANYBLOB="1802000000000000000000000000000018200000", @ANYRES32=r1, @ANYBLOB="000000000000005d9b000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xd2, &(0x7f0000000040)=""/210}, 0x21)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x20001400)
executing program 3:
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = eventfd(0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000380)=""/138, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000180)={0x0, r2})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c00000010000100000000cb7850fe77a0b0d5be20f8e91a06b57f282228d7addf5e601efcc884e38cfa176cae43329481a82aa025ef3811a6fff2c2e8413c9f1b24b913a3272658af71cce3059324523bce4ec08743e0ac88dcf9c8fee0b938f3e7520885c18271f100"/130, @ANYRES32=0x0, @ANYBLOB="000000000000000014000300626f6e643000000000000000000000000500270006000000"], 0x3c}}, 0x0)
pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000500)={0x1fe}, 0x0, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x20000)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000380)="1800000069006bcd8effffff000000000000", 0x12}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x59, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000540)={'#! ', './file0'}, 0xb)
executing program 1:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), 0x1, 0x0, 0x1})
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0)
dup(r9)
socket$inet6_tcp(0xa, 0x1, 0x0)
executing program 1:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)
executing program 1:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000140)={0x0, 0x0, 0x20, 0xe7}, &(0x7f00000001c0)=0x18)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=16s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 15, 26, 30, 30, 2]
detailed listing:
executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0xbf3a}]}]}, 0x28}}, 0x0)
executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x2, 0x6, &(0x7f0000000180)=ANY=[@ANYBLOB="1802000000000000000000000000000018200000", @ANYRES32=r1, @ANYBLOB="000000000000005d9b000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xd2, &(0x7f0000000040)=""/210}, 0x21)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x20001400)
executing program 3:
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = eventfd(0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000380)=""/138, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000180)={0x0, r2})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c00000010000100000000cb7850fe77a0b0d5be20f8e91a06b57f282228d7addf5e601efcc884e38cfa176cae43329481a82aa025ef3811a6fff2c2e8413c9f1b24b913a3272658af71cce3059324523bce4ec08743e0ac88dcf9c8fee0b938f3e7520885c18271f100"/130, @ANYRES32=0x0, @ANYBLOB="000000000000000014000300626f6e643000000000000000000000000500270006000000"], 0x3c}}, 0x0)
pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000500)={0x1fe}, 0x0, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x20000)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000380)="1800000069006bcd8effffff000000000000", 0x12}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x59, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000540)={'#! ', './file0'}, 0xb)
executing program 1:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), 0x1, 0x0, 0x1})
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0)
dup(r9)
socket$inet6_tcp(0xa, 0x1, 0x0)
executing program 0:
socket$alg(0x26, 0x5, 0x0)
r0 = inotify_init1(0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
open(0x0, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x81, 0x7f, 0x1}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000180)={0x0, 0x0, 0x20}, 0xc)
sendto$inet6(r6, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r7, &(0x7f0000000240)="0093ba7b3600000000000000", 0xc, 0x0, 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="180000002a000900000000000000000004b8fa2c82f5c68dc7b400882b04001a80715d2e7b9d37643fe8dd41d385efbf3a50e6bd7902661593eb14"], 0x18}, 0x1, 0x3000000}, 0x0)
r9 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f00000001c0))
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r4, 0x84, 0x73, 0x0, &(0x7f00000002c0))
ioctl$SNDCTL_DSP_SETFMT(r9, 0xc0045005, &(0x7f0000000040)=0x10000)
read$dsp(r9, &(0x7f00000000c0)=""/108, 0x6c)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000500), &(0x7f0000000540)=ANY=[@ANYBLOB="c225a74940a5d6a3c3c90c7b88ee174ff9f9dd624e5d622d02770234018e407617b3a75752974f76", @ANYRES8=0x0, @ANYRESDEC=r0, @ANYRES32=r1, @ANYRES32=r3, @ANYRES8=r5], 0xf8d, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000008280)={&(0x7f0000008200)={0x18, 0x1, 0x9, 0x5, 0x0, 0x0, {}, [@NFCTH_TUPLE={0x4}]}, 0x18}}, 0x0)

program did not crash
bisect: split chunks (needed=true): <2>, <2>, <2>, <2>
bisect: split chunk #0 of len 2 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=16s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [15, 26, 30, 30, 2, 29, 4]
detailed listing:
executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x2, 0x6, &(0x7f0000000180)=ANY=[@ANYBLOB="1802000000000000000000000000000018200000", @ANYRES32=r1, @ANYBLOB="000000000000005d9b000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xd2, &(0x7f0000000040)=""/210}, 0x21)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x20001400)
executing program 3:
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = eventfd(0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000380)=""/138, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000180)={0x0, r2})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c00000010000100000000cb7850fe77a0b0d5be20f8e91a06b57f282228d7addf5e601efcc884e38cfa176cae43329481a82aa025ef3811a6fff2c2e8413c9f1b24b913a3272658af71cce3059324523bce4ec08743e0ac88dcf9c8fee0b938f3e7520885c18271f100"/130, @ANYRES32=0x0, @ANYBLOB="000000000000000014000300626f6e643000000000000000000000000500270006000000"], 0x3c}}, 0x0)
pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000500)={0x1fe}, 0x0, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x20000)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000380)="1800000069006bcd8effffff000000000000", 0x12}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x59, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000540)={'#! ', './file0'}, 0xb)
executing program 1:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), 0x1, 0x0, 0x1})
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0)
dup(r9)
socket$inet6_tcp(0xa, 0x1, 0x0)
executing program 0:
socket$alg(0x26, 0x5, 0x0)
r0 = inotify_init1(0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
open(0x0, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x81, 0x7f, 0x1}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000180)={0x0, 0x0, 0x20}, 0xc)
sendto$inet6(r6, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r7, &(0x7f0000000240)="0093ba7b3600000000000000", 0xc, 0x0, 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="180000002a000900000000000000000004b8fa2c82f5c68dc7b400882b04001a80715d2e7b9d37643fe8dd41d385efbf3a50e6bd7902661593eb14"], 0x18}, 0x1, 0x3000000}, 0x0)
r9 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f00000001c0))
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r4, 0x84, 0x73, 0x0, &(0x7f00000002c0))
ioctl$SNDCTL_DSP_SETFMT(r9, 0xc0045005, &(0x7f0000000040)=0x10000)
read$dsp(r9, &(0x7f00000000c0)=""/108, 0x6c)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000500), &(0x7f0000000540)=ANY=[@ANYBLOB="c225a74940a5d6a3c3c90c7b88ee174ff9f9dd624e5d622d02770234018e407617b3a75752974f76", @ANYRES8=0x0, @ANYRESDEC=r0, @ANYRES32=r1, @ANYRES32=r3, @ANYRES8=r5], 0xf8d, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000008280)={&(0x7f0000008200)={0x18, 0x1, 0x9, 0x5, 0x0, 0x0, {}, [@NFCTH_TUPLE={0x4}]}, 0x18}}, 0x0)
executing program 1:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)
executing program 1:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000140)={0x0, 0x0, 0x20, 0xe7}, &(0x7f00000001c0)=0x18)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=16s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 26, 30, 30, 2, 29, 4]
detailed listing:
executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0xbf3a}]}]}, 0x28}}, 0x0)
executing program 3:
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = eventfd(0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000380)=""/138, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000180)={0x0, r2})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c00000010000100000000cb7850fe77a0b0d5be20f8e91a06b57f282228d7addf5e601efcc884e38cfa176cae43329481a82aa025ef3811a6fff2c2e8413c9f1b24b913a3272658af71cce3059324523bce4ec08743e0ac88dcf9c8fee0b938f3e7520885c18271f100"/130, @ANYRES32=0x0, @ANYBLOB="000000000000000014000300626f6e643000000000000000000000000500270006000000"], 0x3c}}, 0x0)
pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000500)={0x1fe}, 0x0, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x20000)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000380)="1800000069006bcd8effffff000000000000", 0x12}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x59, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000540)={'#! ', './file0'}, 0xb)
executing program 1:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), 0x1, 0x0, 0x1})
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0)
dup(r9)
socket$inet6_tcp(0xa, 0x1, 0x0)
executing program 0:
socket$alg(0x26, 0x5, 0x0)
r0 = inotify_init1(0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
open(0x0, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x81, 0x7f, 0x1}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000180)={0x0, 0x0, 0x20}, 0xc)
sendto$inet6(r6, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r7, &(0x7f0000000240)="0093ba7b3600000000000000", 0xc, 0x0, 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="180000002a000900000000000000000004b8fa2c82f5c68dc7b400882b04001a80715d2e7b9d37643fe8dd41d385efbf3a50e6bd7902661593eb14"], 0x18}, 0x1, 0x3000000}, 0x0)
r9 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f00000001c0))
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r4, 0x84, 0x73, 0x0, &(0x7f00000002c0))
ioctl$SNDCTL_DSP_SETFMT(r9, 0xc0045005, &(0x7f0000000040)=0x10000)
read$dsp(r9, &(0x7f00000000c0)=""/108, 0x6c)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000500), &(0x7f0000000540)=ANY=[@ANYBLOB="c225a74940a5d6a3c3c90c7b88ee174ff9f9dd624e5d622d02770234018e407617b3a75752974f76", @ANYRES8=0x0, @ANYRESDEC=r0, @ANYRES32=r1, @ANYRES32=r3, @ANYRES8=r5], 0xf8d, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000008280)={&(0x7f0000008200)={0x18, 0x1, 0x9, 0x5, 0x0, 0x0, {}, [@NFCTH_TUPLE={0x4}]}, 0x18}}, 0x0)
executing program 1:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)
executing program 1:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000140)={0x0, 0x0, 0x20, 0xe7}, &(0x7f00000001c0)=0x18)

program did not crash
bisect: split chunk #1 of len 2 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=16s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 15, 30, 30, 2, 29, 4]
detailed listing:
executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0xbf3a}]}]}, 0x28}}, 0x0)
executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x2, 0x6, &(0x7f0000000180)=ANY=[@ANYBLOB="1802000000000000000000000000000018200000", @ANYRES32=r1, @ANYBLOB="000000000000005d9b000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xd2, &(0x7f0000000040)=""/210}, 0x21)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x20001400)
executing program 1:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), 0x1, 0x0, 0x1})
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0)
dup(r9)
socket$inet6_tcp(0xa, 0x1, 0x0)
executing program 0:
socket$alg(0x26, 0x5, 0x0)
r0 = inotify_init1(0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
open(0x0, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x81, 0x7f, 0x1}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000180)={0x0, 0x0, 0x20}, 0xc)
sendto$inet6(r6, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r7, &(0x7f0000000240)="0093ba7b3600000000000000", 0xc, 0x0, 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="180000002a000900000000000000000004b8fa2c82f5c68dc7b400882b04001a80715d2e7b9d37643fe8dd41d385efbf3a50e6bd7902661593eb14"], 0x18}, 0x1, 0x3000000}, 0x0)
r9 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f00000001c0))
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r4, 0x84, 0x73, 0x0, &(0x7f00000002c0))
ioctl$SNDCTL_DSP_SETFMT(r9, 0xc0045005, &(0x7f0000000040)=0x10000)
read$dsp(r9, &(0x7f00000000c0)=""/108, 0x6c)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000500), &(0x7f0000000540)=ANY=[@ANYBLOB="c225a74940a5d6a3c3c90c7b88ee174ff9f9dd624e5d622d02770234018e407617b3a75752974f76", @ANYRES8=0x0, @ANYRESDEC=r0, @ANYRES32=r1, @ANYRES32=r3, @ANYRES8=r5], 0xf8d, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000008280)={&(0x7f0000008200)={0x18, 0x1, 0x9, 0x5, 0x0, 0x0, {}, [@NFCTH_TUPLE={0x4}]}, 0x18}}, 0x0)
executing program 1:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)
executing program 1:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000140)={0x0, 0x0, 0x20, 0xe7}, &(0x7f00000001c0)=0x18)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=16s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 15, 26, 30, 2, 29, 4]
detailed listing:
executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0xbf3a}]}]}, 0x28}}, 0x0)
executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x2, 0x6, &(0x7f0000000180)=ANY=[@ANYBLOB="1802000000000000000000000000000018200000", @ANYRES32=r1, @ANYBLOB="000000000000005d9b000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xd2, &(0x7f0000000040)=""/210}, 0x21)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x20001400)
executing program 3:
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = eventfd(0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000380)=""/138, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000180)={0x0, r2})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c00000010000100000000cb7850fe77a0b0d5be20f8e91a06b57f282228d7addf5e601efcc884e38cfa176cae43329481a82aa025ef3811a6fff2c2e8413c9f1b24b913a3272658af71cce3059324523bce4ec08743e0ac88dcf9c8fee0b938f3e7520885c18271f100"/130, @ANYRES32=0x0, @ANYBLOB="000000000000000014000300626f6e643000000000000000000000000500270006000000"], 0x3c}}, 0x0)
pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000500)={0x1fe}, 0x0, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x20000)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000380)="1800000069006bcd8effffff000000000000", 0x12}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x59, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000540)={'#! ', './file0'}, 0xb)
executing program 0:
socket$alg(0x26, 0x5, 0x0)
r0 = inotify_init1(0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
open(0x0, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x81, 0x7f, 0x1}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000180)={0x0, 0x0, 0x20}, 0xc)
sendto$inet6(r6, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r7, &(0x7f0000000240)="0093ba7b3600000000000000", 0xc, 0x0, 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="180000002a000900000000000000000004b8fa2c82f5c68dc7b400882b04001a80715d2e7b9d37643fe8dd41d385efbf3a50e6bd7902661593eb14"], 0x18}, 0x1, 0x3000000}, 0x0)
r9 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f00000001c0))
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r4, 0x84, 0x73, 0x0, &(0x7f00000002c0))
ioctl$SNDCTL_DSP_SETFMT(r9, 0xc0045005, &(0x7f0000000040)=0x10000)
read$dsp(r9, &(0x7f00000000c0)=""/108, 0x6c)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000500), &(0x7f0000000540)=ANY=[@ANYBLOB="c225a74940a5d6a3c3c90c7b88ee174ff9f9dd624e5d622d02770234018e407617b3a75752974f76", @ANYRES8=0x0, @ANYRESDEC=r0, @ANYRES32=r1, @ANYRES32=r3, @ANYRES8=r5], 0xf8d, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000008280)={&(0x7f0000008200)={0x18, 0x1, 0x9, 0x5, 0x0, 0x0, {}, [@NFCTH_TUPLE={0x4}]}, 0x18}}, 0x0)
executing program 1:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)
executing program 1:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000140)={0x0, 0x0, 0x20, 0xe7}, &(0x7f00000001c0)=0x18)

program did not crash
bisect: split chunk #2 of len 2 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=16s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 15, 26, 30, 2, 29, 4]
detailed listing:
executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0xbf3a}]}]}, 0x28}}, 0x0)
executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x2, 0x6, &(0x7f0000000180)=ANY=[@ANYBLOB="1802000000000000000000000000000018200000", @ANYRES32=r1, @ANYBLOB="000000000000005d9b000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xd2, &(0x7f0000000040)=""/210}, 0x21)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x20001400)
executing program 3:
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = eventfd(0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000380)=""/138, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000180)={0x0, r2})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c00000010000100000000cb7850fe77a0b0d5be20f8e91a06b57f282228d7addf5e601efcc884e38cfa176cae43329481a82aa025ef3811a6fff2c2e8413c9f1b24b913a3272658af71cce3059324523bce4ec08743e0ac88dcf9c8fee0b938f3e7520885c18271f100"/130, @ANYRES32=0x0, @ANYBLOB="000000000000000014000300626f6e643000000000000000000000000500270006000000"], 0x3c}}, 0x0)
pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000500)={0x1fe}, 0x0, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x20000)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000380)="1800000069006bcd8effffff000000000000", 0x12}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x59, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000540)={'#! ', './file0'}, 0xb)
executing program 1:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), 0x1, 0x0, 0x1})
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0)
dup(r9)
socket$inet6_tcp(0xa, 0x1, 0x0)
executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000008280)={&(0x7f0000008200)={0x18, 0x1, 0x9, 0x5, 0x0, 0x0, {}, [@NFCTH_TUPLE={0x4}]}, 0x18}}, 0x0)
executing program 1:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)
executing program 1:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000140)={0x0, 0x0, 0x20, 0xe7}, &(0x7f00000001c0)=0x18)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=16s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 15, 26, 30, 30, 29, 4]
detailed listing:
executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0xbf3a}]}]}, 0x28}}, 0x0)
executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x2, 0x6, &(0x7f0000000180)=ANY=[@ANYBLOB="1802000000000000000000000000000018200000", @ANYRES32=r1, @ANYBLOB="000000000000005d9b000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xd2, &(0x7f0000000040)=""/210}, 0x21)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x20001400)
executing program 3:
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = eventfd(0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000380)=""/138, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000180)={0x0, r2})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c00000010000100000000cb7850fe77a0b0d5be20f8e91a06b57f282228d7addf5e601efcc884e38cfa176cae43329481a82aa025ef3811a6fff2c2e8413c9f1b24b913a3272658af71cce3059324523bce4ec08743e0ac88dcf9c8fee0b938f3e7520885c18271f100"/130, @ANYRES32=0x0, @ANYBLOB="000000000000000014000300626f6e643000000000000000000000000500270006000000"], 0x3c}}, 0x0)
pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000500)={0x1fe}, 0x0, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x20000)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000380)="1800000069006bcd8effffff000000000000", 0x12}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x59, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000540)={'#! ', './file0'}, 0xb)
executing program 1:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), 0x1, 0x0, 0x1})
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0)
dup(r9)
socket$inet6_tcp(0xa, 0x1, 0x0)
executing program 0:
socket$alg(0x26, 0x5, 0x0)
r0 = inotify_init1(0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
open(0x0, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x81, 0x7f, 0x1}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000180)={0x0, 0x0, 0x20}, 0xc)
sendto$inet6(r6, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r7, &(0x7f0000000240)="0093ba7b3600000000000000", 0xc, 0x0, 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="180000002a000900000000000000000004b8fa2c82f5c68dc7b400882b04001a80715d2e7b9d37643fe8dd41d385efbf3a50e6bd7902661593eb14"], 0x18}, 0x1, 0x3000000}, 0x0)
r9 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f00000001c0))
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r4, 0x84, 0x73, 0x0, &(0x7f00000002c0))
ioctl$SNDCTL_DSP_SETFMT(r9, 0xc0045005, &(0x7f0000000040)=0x10000)
read$dsp(r9, &(0x7f00000000c0)=""/108, 0x6c)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000500), &(0x7f0000000540)=ANY=[@ANYBLOB="c225a74940a5d6a3c3c90c7b88ee174ff9f9dd624e5d622d02770234018e407617b3a75752974f76", @ANYRES8=0x0, @ANYRESDEC=r0, @ANYRES32=r1, @ANYRES32=r3, @ANYRES8=r5], 0xf8d, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 1:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)
executing program 1:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000140)={0x0, 0x0, 0x20, 0xe7}, &(0x7f00000001c0)=0x18)

program did not crash
bisect: split chunk #3 of len 2 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=16s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 15, 26, 30, 30, 2, 4]
detailed listing:
executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0xbf3a}]}]}, 0x28}}, 0x0)
executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x2, 0x6, &(0x7f0000000180)=ANY=[@ANYBLOB="1802000000000000000000000000000018200000", @ANYRES32=r1, @ANYBLOB="000000000000005d9b000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xd2, &(0x7f0000000040)=""/210}, 0x21)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x20001400)
executing program 3:
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = eventfd(0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000380)=""/138, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000180)={0x0, r2})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c00000010000100000000cb7850fe77a0b0d5be20f8e91a06b57f282228d7addf5e601efcc884e38cfa176cae43329481a82aa025ef3811a6fff2c2e8413c9f1b24b913a3272658af71cce3059324523bce4ec08743e0ac88dcf9c8fee0b938f3e7520885c18271f100"/130, @ANYRES32=0x0, @ANYBLOB="000000000000000014000300626f6e643000000000000000000000000500270006000000"], 0x3c}}, 0x0)
pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000500)={0x1fe}, 0x0, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x20000)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000380)="1800000069006bcd8effffff000000000000", 0x12}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x59, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000540)={'#! ', './file0'}, 0xb)
executing program 1:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), 0x1, 0x0, 0x1})
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0)
dup(r9)
socket$inet6_tcp(0xa, 0x1, 0x0)
executing program 0:
socket$alg(0x26, 0x5, 0x0)
r0 = inotify_init1(0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
open(0x0, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x81, 0x7f, 0x1}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000180)={0x0, 0x0, 0x20}, 0xc)
sendto$inet6(r6, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r7, &(0x7f0000000240)="0093ba7b3600000000000000", 0xc, 0x0, 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="180000002a000900000000000000000004b8fa2c82f5c68dc7b400882b04001a80715d2e7b9d37643fe8dd41d385efbf3a50e6bd7902661593eb14"], 0x18}, 0x1, 0x3000000}, 0x0)
r9 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f00000001c0))
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r4, 0x84, 0x73, 0x0, &(0x7f00000002c0))
ioctl$SNDCTL_DSP_SETFMT(r9, 0xc0045005, &(0x7f0000000040)=0x10000)
read$dsp(r9, &(0x7f00000000c0)=""/108, 0x6c)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000500), &(0x7f0000000540)=ANY=[@ANYBLOB="c225a74940a5d6a3c3c90c7b88ee174ff9f9dd624e5d622d02770234018e407617b3a75752974f76", @ANYRES8=0x0, @ANYRESDEC=r0, @ANYRES32=r1, @ANYRES32=r3, @ANYRES8=r5], 0xf8d, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000008280)={&(0x7f0000008200)={0x18, 0x1, 0x9, 0x5, 0x0, 0x0, {}, [@NFCTH_TUPLE={0x4}]}, 0x18}}, 0x0)
executing program 1:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000140)={0x0, 0x0, 0x20, 0xe7}, &(0x7f00000001c0)=0x18)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=16s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 15, 26, 30, 30, 2, 29]
detailed listing:
executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0xbf3a}]}]}, 0x28}}, 0x0)
executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x2, 0x6, &(0x7f0000000180)=ANY=[@ANYBLOB="1802000000000000000000000000000018200000", @ANYRES32=r1, @ANYBLOB="000000000000005d9b000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xd2, &(0x7f0000000040)=""/210}, 0x21)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x20001400)
executing program 3:
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = eventfd(0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000380)=""/138, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000180)={0x0, r2})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c00000010000100000000cb7850fe77a0b0d5be20f8e91a06b57f282228d7addf5e601efcc884e38cfa176cae43329481a82aa025ef3811a6fff2c2e8413c9f1b24b913a3272658af71cce3059324523bce4ec08743e0ac88dcf9c8fee0b938f3e7520885c18271f100"/130, @ANYRES32=0x0, @ANYBLOB="000000000000000014000300626f6e643000000000000000000000000500270006000000"], 0x3c}}, 0x0)
pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000500)={0x1fe}, 0x0, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x20000)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000380)="1800000069006bcd8effffff000000000000", 0x12}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x59, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000540)={'#! ', './file0'}, 0xb)
executing program 1:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), 0x1, 0x0, 0x1})
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0)
dup(r9)
socket$inet6_tcp(0xa, 0x1, 0x0)
executing program 0:
socket$alg(0x26, 0x5, 0x0)
r0 = inotify_init1(0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
open(0x0, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x81, 0x7f, 0x1}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000180)={0x0, 0x0, 0x20}, 0xc)
sendto$inet6(r6, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r7, &(0x7f0000000240)="0093ba7b3600000000000000", 0xc, 0x0, 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="180000002a000900000000000000000004b8fa2c82f5c68dc7b400882b04001a80715d2e7b9d37643fe8dd41d385efbf3a50e6bd7902661593eb14"], 0x18}, 0x1, 0x3000000}, 0x0)
r9 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f00000001c0))
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r4, 0x84, 0x73, 0x0, &(0x7f00000002c0))
ioctl$SNDCTL_DSP_SETFMT(r9, 0xc0045005, &(0x7f0000000040)=0x10000)
read$dsp(r9, &(0x7f00000000c0)=""/108, 0x6c)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000500), &(0x7f0000000540)=ANY=[@ANYBLOB="c225a74940a5d6a3c3c90c7b88ee174ff9f9dd624e5d622d02770234018e407617b3a75752974f76", @ANYRES8=0x0, @ANYRESDEC=r0, @ANYRES32=r1, @ANYRES32=r3, @ANYRES8=r5], 0xf8d, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000008280)={&(0x7f0000008200)={0x18, 0x1, 0x9, 0x5, 0x0, 0x0, {}, [@NFCTH_TUPLE={0x4}]}, 0x18}}, 0x0)
executing program 1:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program did not crash
bisect: too many guilty chunks, aborting
single: executing 4 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-prctl$PR_SCHED_CORE-sched_setaffinity-openat$hwrng-sendmsg$IPCTNL_MSG_CT_GET-syz_genetlink_get_family_id$batadv-preadv-openat$sysfs-getpgrp-openat$kvm-getsockopt$bt_BT_VOICE-ioctl$KVM_CREATE_VM-syz_init_net_socket$bt_hci-bind$bt_hci-setsockopt$SO_TIMESTAMPING-recvmmsg-socket$unix-socket$unix-sendmsg$NL80211_CMD_SET_PMKSA-syz_emit_vhci-inotify_init1-bpf$MAP_CREATE-mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_procs-write$cgroup_pid-openat$cgroup_int-write$cgroup_subtree-socket$nl_route
detailed listing:
executing program 0:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sched_setaffinity-read$msr-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-socket$inet6_tcp-setsockopt$inet6_tcp_TCP_MD5SIG-bind$inet6-listen-syz_emit_ethernet-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet6-getsockopt$IP_VS_SO_GET_VERSION-prctl$PR_SCHED_CORE-socket$alg-bind$alg-accept4-setsockopt$ALG_SET_KEY-read$alg-recvmmsg-memfd_create-mmap-fcntl$addseals
detailed listing:
executing program 0:
socket$nl_xfrm(0x10, 0x3, 0x6)
sched_setaffinity(0x0, 0x0, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB], &(0x7f0000000440)='GPL\x00'}, 0x90)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000e00)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x44, 0x0, "e541bd3d3aa6a2bf75e9671e8abcb31c134f3a9db8f52e7300fe6e079f35ac63186c7244fc3b3801e79f15ced9fd7e55d0345bce05c13ed90158fbdeb70322ea3188f81890e3db00"}, 0xd8)
bind$inet6(r1, &(0x7f0000000100), 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f00000002c0)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, {[@mss={0x13, 0x4}, @window={0x3, 0x3}, @sack_perm={0x4, 0x2}, @exp_smc={0xfe, 0x6}, @sack_perm={0x4, 0x2}]}}}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10)
r2 = socket$inet6(0xa, 0x80002, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r2, 0x0, 0x480, &(0x7f0000000040), &(0x7f0000000080)=0x40)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
read$alg(r4, &(0x7f0000000080)=""/16, 0x10)
recvmmsg(r4, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0)
r5 = memfd_create(&(0x7f0000000480)='\xff\x00l\x1e\xa0</\x00\x8eO4._\x14zC\x8a\xe8\xe0u\xe0\xff\xf1\xb2\xfd\xf6nz\x05-]\xc2Vk\xaeky\xd3\x83\xe2\xc7\xd3\xe6M^\x98ox\x14\t\xe9Q1\x1dK\x9a\x045\xd37\xb22\xfdD(\xd2\xdd\xa0\xff\x0f\x00\x00\x00\x00\x00\x00v\n\xd8?]k\x14N\x18\xf4\xc2j\xed6g\xfd\xd2\xd4\xe3\x1f\xa6 \xa0\x8d\xb5\x9aE<2`]<\x8cR\xd69\x0fO\xbf\xc3\xbd\xb0\x96\x90\x91k\x86\x1a\x10\xd2\xf5\x8b\xfc\xf4\xd0[\x12\xf5+\x1aS\x02/Yx\xf2jJb\x97\x9c/\x1f5i\xc6\x861\x9a\xff\xc3\xe7\xbfU\xd5\xac\xccB=\x8f\xfd\x84\xeepQ\x93nn\x0f\xc6\xa9?\xad\x8b~\x96@i=G\x9ft\x1d\xcc\xc6Ys7\x7f\x8ehv\xd3$\x13s\xa0\xbfi\xfaFS\xa9=Xe\xf8tI\x15\x882\x8b\x8e-X\xb8\xf2\x9du\x15S^\xec\xce\xfaf$S\x9f\xe7Ed\n\x84\\ u\xd2\x16\xc1\xa5\xa0\xaa\xe8.i\xc8\x0e\vt\xe2\xf1lA\x93\xdd\xce\x8f$\x06v\xbe\xe7\x95nN\xc5\xaa\x1ev\xc6P\x9c\\G&y\x8bYA\xc3}\xd9\x86[\xb2\xf3\x0f\x90%\xcb\x81\xe8\xea\xbcs\x95\xe9\x8eXH\x19m\xdfOY\xf1E9-\xc8\xe7\x13^+(\x034\x82\xafiOO\x14\x8f^\x8c', 0x7)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1046f51d5689e7af, 0x4d091, r5, 0x0)
fcntl$addseals(r5, 0x409, 0xf)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$ENABLE_STATS-prctl$PR_SCHED_CORE-getpid-process_vm_readv-open-openat$cgroup_ro-write$binfmt_script-recvmmsg-madvise-sendmsg$NL80211_CMD_GET_KEY-openat$ptmx-mknodat$loop-bpf$MAP_CREATE_CONST_STR-socket$inet_udplite-getsockopt$sock_cred-setreuid-bpf$MAP_CREATE_RINGBUF-bpf$PROG_LOAD-writev-socket$netlink-sendmsg$nl_route-syz_emit_vhci-syz_usb_control_io$hid-io_uring_setup-syz_io_uring_setup-syz_io_uring_submit-openat$vcs-dup-socket$inet6_tcp
detailed listing:
executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), 0x1, 0x0, 0x1})
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0)
dup(r9)
socket$inet6_tcp(0xa, 0x1, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-sched_setaffinity-ioctl$KVM_CREATE_VCPU-dup-ioctl$KVM_SET_MSRS-ioctl$KVM_RUN
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
ioctl$KVM_SET_MSRS(r3, 0x4048aecb, &(0x7f0000000040)=ANY=[])
ioctl$KVM_RUN(r2, 0xae80, 0x0)

program did not crash
single: failed to extract reproducer
bisect: bisecting 24 programs with base timeout 1m40s
testing program (duration=1m46s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 7, 12, 2, 3, 7, 1, 3, 4, 15, 26, 30, 30, 2, 29, 4, 7, 9, 6, 7, 30, 5, 22, 29]
detailed listing:
executing program 2:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x58, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'syz_tun\x00'}]}]}]}], {0x14}}, 0x80}}, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000440)={@local, @broadcast, @val={@void}, {@ipv4={0x8864, @tipc={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x21, 0x0, 0x6, 0x0, @rand_addr, @dev}, @name_distributor={{0x28, 0x0, 0x0, 0x0, 0x0, 0xa}}}}}}, 0x0)
executing program 2:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x4, r0})
add_key(0x0, 0x0, &(0x7f0000000340)="143fda06ec07c23fde3cb79ed88031e0525844da66056aa14d12625411d03e53ce8b21eb6a1f226e36e0cac952721ddf616e87e9ffe93ac1e52dd133000344f88e2bd1940b122e4b8bfe75b7064af951aebf4702ad6acc0594005cf451e566a70a32db2041f15744318ba584e6b34cb67ef7e7c0f5b45bb40534e3afdd3909e48f4e3e368043a32ed1c11081d1cbc2d4408637fcc3d9c30aa0f86b4d38219b35ad30cb1f4388f03e1d475300dde6374b94340632c98c8cb13273cece1688495104", 0xc1, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000140)={0x0, 0x40, 0x4, {0x2, @raw_data="3d924b8271394fa4ec01eb92492ff84715d1a004d08b012a7cafe27a5f313d31bbdae50511ca5be6bfe92437ed0d21b5180e375be56b3b9306d7dbb26bf9f22de7ac7681cca450055250217bdf1113b4258293ba4efed33147bda8454dd115bd5ba066ba06f2854cc96db9a98055cbde9fd084a1223ada91ed2e832907a01ab5ee65f997b617f73d1aa5a6dfc47acdc5eb834f8e448469d235e4380cbcc3310200970349a3c1374ffec96177b67caa0656f9664277cadb8597e7d911ad1da457ef9744b0993c57a7"}})
ioctl$vim2m_VIDIOC_PREPARE_BUF(r2, 0xc058565d, &(0x7f00000003c0)=@fd={0x0, 0x2, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "f06e4b56"}, 0x0, 0x4, {}, 0x5c000000})
executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000080)='./file1\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x2, 0x3, 0x0, 0x6, 0x7fffffff})
mkdir(&(0x7f0000000140)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
openat$incfs(0xffffffffffffff9c, &(0x7f0000000140)='.pending_reads\x00', 0x41, 0x0)
executing program 2:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000008280)={&(0x7f0000008200)={0x18, 0x1, 0x9, 0x5, 0x0, 0x0, {}, [@NFCTH_TUPLE={0x4}]}, 0x18}}, 0x0)
executing program 2:
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)={0x14, 0x1a, 0xa01}, 0x14}}, 0x0)
executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
ioctl$KVM_SET_MSRS(r3, 0x4048aecb, &(0x7f0000000040)=ANY=[])
ioctl$KVM_RUN(r2, 0xae80, 0x0)
executing program 3:
syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @local}}}}}, 0x0)
executing program 0:
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)={0x14, 0x1a, 0xa01}, 0x14}}, 0x0)
executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0xbf3a}]}]}, 0x28}}, 0x0)
executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x2, 0x6, &(0x7f0000000180)=ANY=[@ANYBLOB="1802000000000000000000000000000018200000", @ANYRES32=r1, @ANYBLOB="000000000000005d9b000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xd2, &(0x7f0000000040)=""/210}, 0x21)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x20001400)
executing program 3:
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = eventfd(0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000380)=""/138, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000180)={0x0, r2})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c00000010000100000000cb7850fe77a0b0d5be20f8e91a06b57f282228d7addf5e601efcc884e38cfa176cae43329481a82aa025ef3811a6fff2c2e8413c9f1b24b913a3272658af71cce3059324523bce4ec08743e0ac88dcf9c8fee0b938f3e7520885c18271f100"/130, @ANYRES32=0x0, @ANYBLOB="000000000000000014000300626f6e643000000000000000000000000500270006000000"], 0x3c}}, 0x0)
pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000500)={0x1fe}, 0x0, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x20000)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000380)="1800000069006bcd8effffff000000000000", 0x12}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x59, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000540)={'#! ', './file0'}, 0xb)
executing program 1:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), 0x1, 0x0, 0x1})
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0)
dup(r9)
socket$inet6_tcp(0xa, 0x1, 0x0)
executing program 0:
socket$alg(0x26, 0x5, 0x0)
r0 = inotify_init1(0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
open(0x0, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x81, 0x7f, 0x1}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000180)={0x0, 0x0, 0x20}, 0xc)
sendto$inet6(r6, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r7, &(0x7f0000000240)="0093ba7b3600000000000000", 0xc, 0x0, 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="180000002a000900000000000000000004b8fa2c82f5c68dc7b400882b04001a80715d2e7b9d37643fe8dd41d385efbf3a50e6bd7902661593eb14"], 0x18}, 0x1, 0x3000000}, 0x0)
r9 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f00000001c0))
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r4, 0x84, 0x73, 0x0, &(0x7f00000002c0))
ioctl$SNDCTL_DSP_SETFMT(r9, 0xc0045005, &(0x7f0000000040)=0x10000)
read$dsp(r9, &(0x7f00000000c0)=""/108, 0x6c)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000500), &(0x7f0000000540)=ANY=[@ANYBLOB="c225a74940a5d6a3c3c90c7b88ee174ff9f9dd624e5d622d02770234018e407617b3a75752974f76", @ANYRES8=0x0, @ANYRESDEC=r0, @ANYRES32=r1, @ANYRES32=r3, @ANYRES8=r5], 0xf8d, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000008280)={&(0x7f0000008200)={0x18, 0x1, 0x9, 0x5, 0x0, 0x0, {}, [@NFCTH_TUPLE={0x4}]}, 0x18}}, 0x0)
executing program 1:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)
executing program 1:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000140)={0x0, 0x0, 0x20, 0xe7}, &(0x7f00000001c0)=0x18)
executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x1c}}, 0x0)
getsockname(r1, &(0x7f0000000280)=@xdp={0x2c, 0x0, <r2=>0x0}, &(0x7f0000000040)=0x80)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@newlink={0x34, 0x10, 0x581, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}]}, 0x34}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=@bridge_newvlan={0x3c, 0x70, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r2}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x0, 0x600}}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x0, 0x4}}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x0, 0x3}}}]}, 0x3c}, 0x1, 0x5502000000000000}, 0x0)
executing program 0:
socket$kcm(0x2, 0xa, 0x2)
r0 = syz_io_uring_setup(0x7dca, &(0x7f0000000340)={0x0, 0x0, 0x10100}, &(0x7f0000000140), &(0x7f0000000100)=<r1=>0x0)
syz_io_uring_setup(0x1868, &(0x7f00000003c0), &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000180))
syz_io_uring_submit(r2, r1, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r0, 0x184c, 0x0, 0x0, 0x0, 0x0)
r3 = io_uring_setup(0x7058, &(0x7f0000000040))
symlinkat(&(0x7f0000000000)='./file0/file0\x00', 0xffffffffffffffff, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0x18, 0x20000000, r4)
executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
io_uring_setup(0x0, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x2c)
r1 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000040)={{{@in=@local, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x6c}, 0xa, @in6=@loopback, 0x0, 0x4}}, 0xe8)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
executing program 3:
bpf$LINK_GET_NEXT_ID(0x1f, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0xc, &(0x7f0000000080)=ANY=[@ANYBLOB="180200000a00000000000000000000008500000087000000180100002020784200000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f86dd", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
executing program 1:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), 0x1, 0x0, 0x1})
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0)
dup(r9)
socket$inet6_tcp(0xa, 0x1, 0x0)
executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00')
syz_io_uring_setup(0x0, 0x0, 0x0, 0x0)
fchdir(r1)
sendmmsg$unix(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)=@abs={0x1, 0x30}, 0x6e, 0x0}}], 0x1, 0x0)
executing program 0:
socket$nl_xfrm(0x10, 0x3, 0x6)
sched_setaffinity(0x0, 0x0, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB], &(0x7f0000000440)='GPL\x00'}, 0x90)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000e00)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x44, 0x0, "e541bd3d3aa6a2bf75e9671e8abcb31c134f3a9db8f52e7300fe6e079f35ac63186c7244fc3b3801e79f15ced9fd7e55d0345bce05c13ed90158fbdeb70322ea3188f81890e3db00"}, 0xd8)
bind$inet6(r1, &(0x7f0000000100), 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f00000002c0)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, {[@mss={0x13, 0x4}, @window={0x3, 0x3}, @sack_perm={0x4, 0x2}, @exp_smc={0xfe, 0x6}, @sack_perm={0x4, 0x2}]}}}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10)
r2 = socket$inet6(0xa, 0x80002, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r2, 0x0, 0x480, &(0x7f0000000040), &(0x7f0000000080)=0x40)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
read$alg(r4, &(0x7f0000000080)=""/16, 0x10)
recvmmsg(r4, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0)
r5 = memfd_create(&(0x7f0000000480)='\xff\x00l\x1e\xa0</\x00\x8eO4._\x14zC\x8a\xe8\xe0u\xe0\xff\xf1\xb2\xfd\xf6nz\x05-]\xc2Vk\xaeky\xd3\x83\xe2\xc7\xd3\xe6M^\x98ox\x14\t\xe9Q1\x1dK\x9a\x045\xd37\xb22\xfdD(\xd2\xdd\xa0\xff\x0f\x00\x00\x00\x00\x00\x00v\n\xd8?]k\x14N\x18\xf4\xc2j\xed6g\xfd\xd2\xd4\xe3\x1f\xa6 \xa0\x8d\xb5\x9aE<2`]<\x8cR\xd69\x0fO\xbf\xc3\xbd\xb0\x96\x90\x91k\x86\x1a\x10\xd2\xf5\x8b\xfc\xf4\xd0[\x12\xf5+\x1aS\x02/Yx\xf2jJb\x97\x9c/\x1f5i\xc6\x861\x9a\xff\xc3\xe7\xbfU\xd5\xac\xccB=\x8f\xfd\x84\xeepQ\x93nn\x0f\xc6\xa9?\xad\x8b~\x96@i=G\x9ft\x1d\xcc\xc6Ys7\x7f\x8ehv\xd3$\x13s\xa0\xbfi\xfaFS\xa9=Xe\xf8tI\x15\x882\x8b\x8e-X\xb8\xf2\x9du\x15S^\xec\xce\xfaf$S\x9f\xe7Ed\n\x84\\ u\xd2\x16\xc1\xa5\xa0\xaa\xe8.i\xc8\x0e\vt\xe2\xf1lA\x93\xdd\xce\x8f$\x06v\xbe\xe7\x95nN\xc5\xaa\x1ev\xc6P\x9c\\G&y\x8bYA\xc3}\xd9\x86[\xb2\xf3\x0f\x90%\xcb\x81\xe8\xea\xbcs\x95\xe9\x8eXH\x19m\xdfOY\xf1E9-\xc8\xe7\x13^+(\x034\x82\xafiOO\x14\x8f^\x8c', 0x7)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1046f51d5689e7af, 0x4d091, r5, 0x0)
fcntl$addseals(r5, 0x409, 0xf)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
bisect: bisecting 24 programs
bisect: split chunks (needed=false): <24>
bisect: split chunk #0 of len 24 into 3 parts
bisect: testing without sub-chunk 1/3
testing program (duration=1m44s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 15, 26, 30, 30, 2, 29, 4, 7, 9, 6, 7, 30, 5, 22, 29]
detailed listing:
executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0xbf3a}]}]}, 0x28}}, 0x0)
executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x2, 0x6, &(0x7f0000000180)=ANY=[@ANYBLOB="1802000000000000000000000000000018200000", @ANYRES32=r1, @ANYBLOB="000000000000005d9b000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xd2, &(0x7f0000000040)=""/210}, 0x21)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001400)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x20001400)
executing program 3:
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = eventfd(0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000380)=""/138, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000180)={0x0, r2})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c00000010000100000000cb7850fe77a0b0d5be20f8e91a06b57f282228d7addf5e601efcc884e38cfa176cae43329481a82aa025ef3811a6fff2c2e8413c9f1b24b913a3272658af71cce3059324523bce4ec08743e0ac88dcf9c8fee0b938f3e7520885c18271f100"/130, @ANYRES32=0x0, @ANYBLOB="000000000000000014000300626f6e643000000000000000000000000500270006000000"], 0x3c}}, 0x0)
pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000500)={0x1fe}, 0x0, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x20000)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000380)="1800000069006bcd8effffff000000000000", 0x12}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x59, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000540)={'#! ', './file0'}, 0xb)
executing program 1:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), 0x1, 0x0, 0x1})
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0)
dup(r9)
socket$inet6_tcp(0xa, 0x1, 0x0)
executing program 0:
socket$alg(0x26, 0x5, 0x0)
r0 = inotify_init1(0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
open(0x0, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x81, 0x7f, 0x1}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000180)={0x0, 0x0, 0x20}, 0xc)
sendto$inet6(r6, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r7, &(0x7f0000000240)="0093ba7b3600000000000000", 0xc, 0x0, 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="180000002a000900000000000000000004b8fa2c82f5c68dc7b400882b04001a80715d2e7b9d37643fe8dd41d385efbf3a50e6bd7902661593eb14"], 0x18}, 0x1, 0x3000000}, 0x0)
r9 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f00000001c0))
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r4, 0x84, 0x73, 0x0, &(0x7f00000002c0))
ioctl$SNDCTL_DSP_SETFMT(r9, 0xc0045005, &(0x7f0000000040)=0x10000)
read$dsp(r9, &(0x7f00000000c0)=""/108, 0x6c)
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000500), &(0x7f0000000540)=ANY=[@ANYBLOB="c225a74940a5d6a3c3c90c7b88ee174ff9f9dd624e5d622d02770234018e407617b3a75752974f76", @ANYRES8=0x0, @ANYRESDEC=r0, @ANYRES32=r1, @ANYRES32=r3, @ANYRES8=r5], 0xf8d, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000008280)={&(0x7f0000008200)={0x18, 0x1, 0x9, 0x5, 0x0, 0x0, {}, [@NFCTH_TUPLE={0x4}]}, 0x18}}, 0x0)
executing program 1:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)
executing program 1:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000140)={0x0, 0x0, 0x20, 0xe7}, &(0x7f00000001c0)=0x18)
executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x1c}}, 0x0)
getsockname(r1, &(0x7f0000000280)=@xdp={0x2c, 0x0, <r2=>0x0}, &(0x7f0000000040)=0x80)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@newlink={0x34, 0x10, 0x581, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}]}, 0x34}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=@bridge_newvlan={0x3c, 0x70, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r2}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x0, 0x600}}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x0, 0x4}}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x0, 0x3}}}]}, 0x3c}, 0x1, 0x5502000000000000}, 0x0)
executing program 0:
socket$kcm(0x2, 0xa, 0x2)
r0 = syz_io_uring_setup(0x7dca, &(0x7f0000000340)={0x0, 0x0, 0x10100}, &(0x7f0000000140), &(0x7f0000000100)=<r1=>0x0)
syz_io_uring_setup(0x1868, &(0x7f00000003c0), &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000180))
syz_io_uring_submit(r2, r1, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r0, 0x184c, 0x0, 0x0, 0x0, 0x0)
r3 = io_uring_setup(0x7058, &(0x7f0000000040))
symlinkat(&(0x7f0000000000)='./file0/file0\x00', 0xffffffffffffffff, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0x18, 0x20000000, r4)
executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
io_uring_setup(0x0, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x2c)
r1 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000040)={{{@in=@local, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x6c}, 0xa, @in6=@loopback, 0x0, 0x4}}, 0xe8)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
executing program 3:
bpf$LINK_GET_NEXT_ID(0x1f, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0xc, &(0x7f0000000080)=ANY=[@ANYBLOB="180200000a00000000000000000000008500000087000000180100002020784200000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f86dd", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
executing program 1:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), 0x1, 0x0, 0x1})
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0)
dup(r9)
socket$inet6_tcp(0xa, 0x1, 0x0)
executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00')
syz_io_uring_setup(0x0, 0x0, 0x0, 0x0)
fchdir(r1)
sendmmsg$unix(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)=@abs={0x1, 0x30}, 0x6e, 0x0}}], 0x1, 0x0)
executing program 0:
socket$nl_xfrm(0x10, 0x3, 0x6)
sched_setaffinity(0x0, 0x0, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB], &(0x7f0000000440)='GPL\x00'}, 0x90)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000e00)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x44, 0x0, "e541bd3d3aa6a2bf75e9671e8abcb31c134f3a9db8f52e7300fe6e079f35ac63186c7244fc3b3801e79f15ced9fd7e55d0345bce05c13ed90158fbdeb70322ea3188f81890e3db00"}, 0xd8)
bind$inet6(r1, &(0x7f0000000100), 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f00000002c0)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, {[@mss={0x13, 0x4}, @window={0x3, 0x3}, @sack_perm={0x4, 0x2}, @exp_smc={0xfe, 0x6}, @sack_perm={0x4, 0x2}]}}}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10)
r2 = socket$inet6(0xa, 0x80002, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r2, 0x0, 0x480, &(0x7f0000000040), &(0x7f0000000080)=0x40)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
read$alg(r4, &(0x7f0000000080)=""/16, 0x10)
recvmmsg(r4, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0)
r5 = memfd_create(&(0x7f0000000480)='\xff\x00l\x1e\xa0</\x00\x8eO4._\x14zC\x8a\xe8\xe0u\xe0\xff\xf1\xb2\xfd\xf6nz\x05-]\xc2Vk\xaeky\xd3\x83\xe2\xc7\xd3\xe6M^\x98ox\x14\t\xe9Q1\x1dK\x9a\x045\xd37\xb22\xfdD(\xd2\xdd\xa0\xff\x0f\x00\x00\x00\x00\x00\x00v\n\xd8?]k\x14N\x18\xf4\xc2j\xed6g\xfd\xd2\xd4\xe3\x1f\xa6 \xa0\x8d\xb5\x9aE<2`]<\x8cR\xd69\x0fO\xbf\xc3\xbd\xb0\x96\x90\x91k\x86\x1a\x10\xd2\xf5\x8b\xfc\xf4\xd0[\x12\xf5+\x1aS\x02/Yx\xf2jJb\x97\x9c/\x1f5i\xc6\x861\x9a\xff\xc3\xe7\xbfU\xd5\xac\xccB=\x8f\xfd\x84\xeepQ\x93nn\x0f\xc6\xa9?\xad\x8b~\x96@i=G\x9ft\x1d\xcc\xc6Ys7\x7f\x8ehv\xd3$\x13s\xa0\xbfi\xfaFS\xa9=Xe\xf8tI\x15\x882\x8b\x8e-X\xb8\xf2\x9du\x15S^\xec\xce\xfaf$S\x9f\xe7Ed\n\x84\\ u\xd2\x16\xc1\xa5\xa0\xaa\xe8.i\xc8\x0e\vt\xe2\xf1lA\x93\xdd\xce\x8f$\x06v\xbe\xe7\x95nN\xc5\xaa\x1ev\xc6P\x9c\\G&y\x8bYA\xc3}\xd9\x86[\xb2\xf3\x0f\x90%\xcb\x81\xe8\xea\xbcs\x95\xe9\x8eXH\x19m\xdfOY\xf1E9-\xc8\xe7\x13^+(\x034\x82\xafiOO\x14\x8f^\x8c', 0x7)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1046f51d5689e7af, 0x4d091, r5, 0x0)
fcntl$addseals(r5, 0x409, 0xf)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/3
testing program (duration=1m42s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [7, 9, 6, 7, 30, 5, 22, 29]
detailed listing:
executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x1c}}, 0x0)
getsockname(r1, &(0x7f0000000280)=@xdp={0x2c, 0x0, <r2=>0x0}, &(0x7f0000000040)=0x80)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@newlink={0x34, 0x10, 0x581, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}]}, 0x34}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=@bridge_newvlan={0x3c, 0x70, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r2}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x0, 0x600}}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x0, 0x4}}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x0, 0x3}}}]}, 0x3c}, 0x1, 0x5502000000000000}, 0x0)
executing program 0:
socket$kcm(0x2, 0xa, 0x2)
r0 = syz_io_uring_setup(0x7dca, &(0x7f0000000340)={0x0, 0x0, 0x10100}, &(0x7f0000000140), &(0x7f0000000100)=<r1=>0x0)
syz_io_uring_setup(0x1868, &(0x7f00000003c0), &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000180))
syz_io_uring_submit(r2, r1, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r0, 0x184c, 0x0, 0x0, 0x0, 0x0)
r3 = io_uring_setup(0x7058, &(0x7f0000000040))
symlinkat(&(0x7f0000000000)='./file0/file0\x00', 0xffffffffffffffff, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0x18, 0x20000000, r4)
executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
io_uring_setup(0x0, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x2c)
r1 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000040)={{{@in=@local, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x6c}, 0xa, @in6=@loopback, 0x0, 0x4}}, 0xe8)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
executing program 3:
bpf$LINK_GET_NEXT_ID(0x1f, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0xc, &(0x7f0000000080)=ANY=[@ANYBLOB="180200000a00000000000000000000008500000087000000180100002020784200000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f86dd", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
executing program 1:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), 0x1, 0x0, 0x1})
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0)
dup(r9)
socket$inet6_tcp(0xa, 0x1, 0x0)
executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00')
syz_io_uring_setup(0x0, 0x0, 0x0, 0x0)
fchdir(r1)
sendmmsg$unix(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)=@abs={0x1, 0x30}, 0x6e, 0x0}}], 0x1, 0x0)
executing program 0:
socket$nl_xfrm(0x10, 0x3, 0x6)
sched_setaffinity(0x0, 0x0, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB], &(0x7f0000000440)='GPL\x00'}, 0x90)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000e00)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x44, 0x0, "e541bd3d3aa6a2bf75e9671e8abcb31c134f3a9db8f52e7300fe6e079f35ac63186c7244fc3b3801e79f15ced9fd7e55d0345bce05c13ed90158fbdeb70322ea3188f81890e3db00"}, 0xd8)
bind$inet6(r1, &(0x7f0000000100), 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f00000002c0)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, {[@mss={0x13, 0x4}, @window={0x3, 0x3}, @sack_perm={0x4, 0x2}, @exp_smc={0xfe, 0x6}, @sack_perm={0x4, 0x2}]}}}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10)
r2 = socket$inet6(0xa, 0x80002, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r2, 0x0, 0x480, &(0x7f0000000040), &(0x7f0000000080)=0x40)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
read$alg(r4, &(0x7f0000000080)=""/16, 0x10)
recvmmsg(r4, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0)
r5 = memfd_create(&(0x7f0000000480)='\xff\x00l\x1e\xa0</\x00\x8eO4._\x14zC\x8a\xe8\xe0u\xe0\xff\xf1\xb2\xfd\xf6nz\x05-]\xc2Vk\xaeky\xd3\x83\xe2\xc7\xd3\xe6M^\x98ox\x14\t\xe9Q1\x1dK\x9a\x045\xd37\xb22\xfdD(\xd2\xdd\xa0\xff\x0f\x00\x00\x00\x00\x00\x00v\n\xd8?]k\x14N\x18\xf4\xc2j\xed6g\xfd\xd2\xd4\xe3\x1f\xa6 \xa0\x8d\xb5\x9aE<2`]<\x8cR\xd69\x0fO\xbf\xc3\xbd\xb0\x96\x90\x91k\x86\x1a\x10\xd2\xf5\x8b\xfc\xf4\xd0[\x12\xf5+\x1aS\x02/Yx\xf2jJb\x97\x9c/\x1f5i\xc6\x861\x9a\xff\xc3\xe7\xbfU\xd5\xac\xccB=\x8f\xfd\x84\xeepQ\x93nn\x0f\xc6\xa9?\xad\x8b~\x96@i=G\x9ft\x1d\xcc\xc6Ys7\x7f\x8ehv\xd3$\x13s\xa0\xbfi\xfaFS\xa9=Xe\xf8tI\x15\x882\x8b\x8e-X\xb8\xf2\x9du\x15S^\xec\xce\xfaf$S\x9f\xe7Ed\n\x84\\ u\xd2\x16\xc1\xa5\xa0\xaa\xe8.i\xc8\x0e\vt\xe2\xf1lA\x93\xdd\xce\x8f$\x06v\xbe\xe7\x95nN\xc5\xaa\x1ev\xc6P\x9c\\G&y\x8bYA\xc3}\xd9\x86[\xb2\xf3\x0f\x90%\xcb\x81\xe8\xea\xbcs\x95\xe9\x8eXH\x19m\xdfOY\xf1E9-\xc8\xe7\x13^+(\x034\x82\xafiOO\x14\x8f^\x8c', 0x7)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1046f51d5689e7af, 0x4d091, r5, 0x0)
fcntl$addseals(r5, 0x409, 0xf)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
bisect: the chunk can be dropped
bisect: testing without sub-chunk 3/3
bisect: split chunks (needed=true): <8>
bisect: split chunk #0 of len 8 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m41s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [30, 5, 22, 29]
detailed listing:
executing program 1:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), 0x1, 0x0, 0x1})
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0)
dup(r9)
socket$inet6_tcp(0xa, 0x1, 0x0)
executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00')
syz_io_uring_setup(0x0, 0x0, 0x0, 0x0)
fchdir(r1)
sendmmsg$unix(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)=@abs={0x1, 0x30}, 0x6e, 0x0}}], 0x1, 0x0)
executing program 0:
socket$nl_xfrm(0x10, 0x3, 0x6)
sched_setaffinity(0x0, 0x0, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB], &(0x7f0000000440)='GPL\x00'}, 0x90)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000e00)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x44, 0x0, "e541bd3d3aa6a2bf75e9671e8abcb31c134f3a9db8f52e7300fe6e079f35ac63186c7244fc3b3801e79f15ced9fd7e55d0345bce05c13ed90158fbdeb70322ea3188f81890e3db00"}, 0xd8)
bind$inet6(r1, &(0x7f0000000100), 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f00000002c0)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, {[@mss={0x13, 0x4}, @window={0x3, 0x3}, @sack_perm={0x4, 0x2}, @exp_smc={0xfe, 0x6}, @sack_perm={0x4, 0x2}]}}}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10)
r2 = socket$inet6(0xa, 0x80002, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r2, 0x0, 0x480, &(0x7f0000000040), &(0x7f0000000080)=0x40)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
read$alg(r4, &(0x7f0000000080)=""/16, 0x10)
recvmmsg(r4, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0)
r5 = memfd_create(&(0x7f0000000480)='\xff\x00l\x1e\xa0</\x00\x8eO4._\x14zC\x8a\xe8\xe0u\xe0\xff\xf1\xb2\xfd\xf6nz\x05-]\xc2Vk\xaeky\xd3\x83\xe2\xc7\xd3\xe6M^\x98ox\x14\t\xe9Q1\x1dK\x9a\x045\xd37\xb22\xfdD(\xd2\xdd\xa0\xff\x0f\x00\x00\x00\x00\x00\x00v\n\xd8?]k\x14N\x18\xf4\xc2j\xed6g\xfd\xd2\xd4\xe3\x1f\xa6 \xa0\x8d\xb5\x9aE<2`]<\x8cR\xd69\x0fO\xbf\xc3\xbd\xb0\x96\x90\x91k\x86\x1a\x10\xd2\xf5\x8b\xfc\xf4\xd0[\x12\xf5+\x1aS\x02/Yx\xf2jJb\x97\x9c/\x1f5i\xc6\x861\x9a\xff\xc3\xe7\xbfU\xd5\xac\xccB=\x8f\xfd\x84\xeepQ\x93nn\x0f\xc6\xa9?\xad\x8b~\x96@i=G\x9ft\x1d\xcc\xc6Ys7\x7f\x8ehv\xd3$\x13s\xa0\xbfi\xfaFS\xa9=Xe\xf8tI\x15\x882\x8b\x8e-X\xb8\xf2\x9du\x15S^\xec\xce\xfaf$S\x9f\xe7Ed\n\x84\\ u\xd2\x16\xc1\xa5\xa0\xaa\xe8.i\xc8\x0e\vt\xe2\xf1lA\x93\xdd\xce\x8f$\x06v\xbe\xe7\x95nN\xc5\xaa\x1ev\xc6P\x9c\\G&y\x8bYA\xc3}\xd9\x86[\xb2\xf3\x0f\x90%\xcb\x81\xe8\xea\xbcs\x95\xe9\x8eXH\x19m\xdfOY\xf1E9-\xc8\xe7\x13^+(\x034\x82\xafiOO\x14\x8f^\x8c', 0x7)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1046f51d5689e7af, 0x4d091, r5, 0x0)
fcntl$addseals(r5, 0x409, 0xf)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <4>
bisect: split chunk #0 of len 4 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [22, 29]
detailed listing:
executing program 0:
socket$nl_xfrm(0x10, 0x3, 0x6)
sched_setaffinity(0x0, 0x0, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB], &(0x7f0000000440)='GPL\x00'}, 0x90)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000e00)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x44, 0x0, "e541bd3d3aa6a2bf75e9671e8abcb31c134f3a9db8f52e7300fe6e079f35ac63186c7244fc3b3801e79f15ced9fd7e55d0345bce05c13ed90158fbdeb70322ea3188f81890e3db00"}, 0xd8)
bind$inet6(r1, &(0x7f0000000100), 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f00000002c0)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, {[@mss={0x13, 0x4}, @window={0x3, 0x3}, @sack_perm={0x4, 0x2}, @exp_smc={0xfe, 0x6}, @sack_perm={0x4, 0x2}]}}}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10)
r2 = socket$inet6(0xa, 0x80002, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r2, 0x0, 0x480, &(0x7f0000000040), &(0x7f0000000080)=0x40)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
read$alg(r4, &(0x7f0000000080)=""/16, 0x10)
recvmmsg(r4, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0)
r5 = memfd_create(&(0x7f0000000480)='\xff\x00l\x1e\xa0</\x00\x8eO4._\x14zC\x8a\xe8\xe0u\xe0\xff\xf1\xb2\xfd\xf6nz\x05-]\xc2Vk\xaeky\xd3\x83\xe2\xc7\xd3\xe6M^\x98ox\x14\t\xe9Q1\x1dK\x9a\x045\xd37\xb22\xfdD(\xd2\xdd\xa0\xff\x0f\x00\x00\x00\x00\x00\x00v\n\xd8?]k\x14N\x18\xf4\xc2j\xed6g\xfd\xd2\xd4\xe3\x1f\xa6 \xa0\x8d\xb5\x9aE<2`]<\x8cR\xd69\x0fO\xbf\xc3\xbd\xb0\x96\x90\x91k\x86\x1a\x10\xd2\xf5\x8b\xfc\xf4\xd0[\x12\xf5+\x1aS\x02/Yx\xf2jJb\x97\x9c/\x1f5i\xc6\x861\x9a\xff\xc3\xe7\xbfU\xd5\xac\xccB=\x8f\xfd\x84\xeepQ\x93nn\x0f\xc6\xa9?\xad\x8b~\x96@i=G\x9ft\x1d\xcc\xc6Ys7\x7f\x8ehv\xd3$\x13s\xa0\xbfi\xfaFS\xa9=Xe\xf8tI\x15\x882\x8b\x8e-X\xb8\xf2\x9du\x15S^\xec\xce\xfaf$S\x9f\xe7Ed\n\x84\\ u\xd2\x16\xc1\xa5\xa0\xaa\xe8.i\xc8\x0e\vt\xe2\xf1lA\x93\xdd\xce\x8f$\x06v\xbe\xe7\x95nN\xc5\xaa\x1ev\xc6P\x9c\\G&y\x8bYA\xc3}\xd9\x86[\xb2\xf3\x0f\x90%\xcb\x81\xe8\xea\xbcs\x95\xe9\x8eXH\x19m\xdfOY\xf1E9-\xc8\xe7\x13^+(\x034\x82\xafiOO\x14\x8f^\x8c', 0x7)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1046f51d5689e7af, 0x4d091, r5, 0x0)
fcntl$addseals(r5, 0x409, 0xf)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [30, 5]
detailed listing:
executing program 1:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), 0x1, 0x0, 0x1})
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0)
dup(r9)
socket$inet6_tcp(0xa, 0x1, 0x0)
executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00')
syz_io_uring_setup(0x0, 0x0, 0x0, 0x0)
fchdir(r1)
sendmmsg$unix(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)=@abs={0x1, 0x30}, 0x6e, 0x0}}], 0x1, 0x0)

program did not crash
bisect: split chunks (needed=true): <2>, <2>
bisect: split chunk #0 of len 2 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 22, 29]
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00')
syz_io_uring_setup(0x0, 0x0, 0x0, 0x0)
fchdir(r1)
sendmmsg$unix(r0, &(0x7f0000000240)=[{{&(0x7f0000000080)=@abs={0x1, 0x30}, 0x6e, 0x0}}], 0x1, 0x0)
executing program 0:
socket$nl_xfrm(0x10, 0x3, 0x6)
sched_setaffinity(0x0, 0x0, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB], &(0x7f0000000440)='GPL\x00'}, 0x90)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000e00)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x44, 0x0, "e541bd3d3aa6a2bf75e9671e8abcb31c134f3a9db8f52e7300fe6e079f35ac63186c7244fc3b3801e79f15ced9fd7e55d0345bce05c13ed90158fbdeb70322ea3188f81890e3db00"}, 0xd8)
bind$inet6(r1, &(0x7f0000000100), 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f00000002c0)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, {[@mss={0x13, 0x4}, @window={0x3, 0x3}, @sack_perm={0x4, 0x2}, @exp_smc={0xfe, 0x6}, @sack_perm={0x4, 0x2}]}}}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10)
r2 = socket$inet6(0xa, 0x80002, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r2, 0x0, 0x480, &(0x7f0000000040), &(0x7f0000000080)=0x40)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
read$alg(r4, &(0x7f0000000080)=""/16, 0x10)
recvmmsg(r4, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0)
r5 = memfd_create(&(0x7f0000000480)='\xff\x00l\x1e\xa0</\x00\x8eO4._\x14zC\x8a\xe8\xe0u\xe0\xff\xf1\xb2\xfd\xf6nz\x05-]\xc2Vk\xaeky\xd3\x83\xe2\xc7\xd3\xe6M^\x98ox\x14\t\xe9Q1\x1dK\x9a\x045\xd37\xb22\xfdD(\xd2\xdd\xa0\xff\x0f\x00\x00\x00\x00\x00\x00v\n\xd8?]k\x14N\x18\xf4\xc2j\xed6g\xfd\xd2\xd4\xe3\x1f\xa6 \xa0\x8d\xb5\x9aE<2`]<\x8cR\xd69\x0fO\xbf\xc3\xbd\xb0\x96\x90\x91k\x86\x1a\x10\xd2\xf5\x8b\xfc\xf4\xd0[\x12\xf5+\x1aS\x02/Yx\xf2jJb\x97\x9c/\x1f5i\xc6\x861\x9a\xff\xc3\xe7\xbfU\xd5\xac\xccB=\x8f\xfd\x84\xeepQ\x93nn\x0f\xc6\xa9?\xad\x8b~\x96@i=G\x9ft\x1d\xcc\xc6Ys7\x7f\x8ehv\xd3$\x13s\xa0\xbfi\xfaFS\xa9=Xe\xf8tI\x15\x882\x8b\x8e-X\xb8\xf2\x9du\x15S^\xec\xce\xfaf$S\x9f\xe7Ed\n\x84\\ u\xd2\x16\xc1\xa5\xa0\xaa\xe8.i\xc8\x0e\vt\xe2\xf1lA\x93\xdd\xce\x8f$\x06v\xbe\xe7\x95nN\xc5\xaa\x1ev\xc6P\x9c\\G&y\x8bYA\xc3}\xd9\x86[\xb2\xf3\x0f\x90%\xcb\x81\xe8\xea\xbcs\x95\xe9\x8eXH\x19m\xdfOY\xf1E9-\xc8\xe7\x13^+(\x034\x82\xafiOO\x14\x8f^\x8c', 0x7)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1046f51d5689e7af, 0x4d091, r5, 0x0)
fcntl$addseals(r5, 0x409, 0xf)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [30, 22, 29]
detailed listing:
executing program 1:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), 0x1, 0x0, 0x1})
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0)
dup(r9)
socket$inet6_tcp(0xa, 0x1, 0x0)
executing program 0:
socket$nl_xfrm(0x10, 0x3, 0x6)
sched_setaffinity(0x0, 0x0, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB], &(0x7f0000000440)='GPL\x00'}, 0x90)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000e00)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x44, 0x0, "e541bd3d3aa6a2bf75e9671e8abcb31c134f3a9db8f52e7300fe6e079f35ac63186c7244fc3b3801e79f15ced9fd7e55d0345bce05c13ed90158fbdeb70322ea3188f81890e3db00"}, 0xd8)
bind$inet6(r1, &(0x7f0000000100), 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f00000002c0)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, {[@mss={0x13, 0x4}, @window={0x3, 0x3}, @sack_perm={0x4, 0x2}, @exp_smc={0xfe, 0x6}, @sack_perm={0x4, 0x2}]}}}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10)
r2 = socket$inet6(0xa, 0x80002, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r2, 0x0, 0x480, &(0x7f0000000040), &(0x7f0000000080)=0x40)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
read$alg(r4, &(0x7f0000000080)=""/16, 0x10)
recvmmsg(r4, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0)
r5 = memfd_create(&(0x7f0000000480)='\xff\x00l\x1e\xa0</\x00\x8eO4._\x14zC\x8a\xe8\xe0u\xe0\xff\xf1\xb2\xfd\xf6nz\x05-]\xc2Vk\xaeky\xd3\x83\xe2\xc7\xd3\xe6M^\x98ox\x14\t\xe9Q1\x1dK\x9a\x045\xd37\xb22\xfdD(\xd2\xdd\xa0\xff\x0f\x00\x00\x00\x00\x00\x00v\n\xd8?]k\x14N\x18\xf4\xc2j\xed6g\xfd\xd2\xd4\xe3\x1f\xa6 \xa0\x8d\xb5\x9aE<2`]<\x8cR\xd69\x0fO\xbf\xc3\xbd\xb0\x96\x90\x91k\x86\x1a\x10\xd2\xf5\x8b\xfc\xf4\xd0[\x12\xf5+\x1aS\x02/Yx\xf2jJb\x97\x9c/\x1f5i\xc6\x861\x9a\xff\xc3\xe7\xbfU\xd5\xac\xccB=\x8f\xfd\x84\xeepQ\x93nn\x0f\xc6\xa9?\xad\x8b~\x96@i=G\x9ft\x1d\xcc\xc6Ys7\x7f\x8ehv\xd3$\x13s\xa0\xbfi\xfaFS\xa9=Xe\xf8tI\x15\x882\x8b\x8e-X\xb8\xf2\x9du\x15S^\xec\xce\xfaf$S\x9f\xe7Ed\n\x84\\ u\xd2\x16\xc1\xa5\xa0\xaa\xe8.i\xc8\x0e\vt\xe2\xf1lA\x93\xdd\xce\x8f$\x06v\xbe\xe7\x95nN\xc5\xaa\x1ev\xc6P\x9c\\G&y\x8bYA\xc3}\xd9\x86[\xb2\xf3\x0f\x90%\xcb\x81\xe8\xea\xbcs\x95\xe9\x8eXH\x19m\xdfOY\xf1E9-\xc8\xe7\x13^+(\x034\x82\xafiOO\x14\x8f^\x8c', 0x7)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1046f51d5689e7af, 0x4d091, r5, 0x0)
fcntl$addseals(r5, 0x409, 0xf)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
bisect: the chunk can be dropped
bisect: split chunk #1 of len 2 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [30, 29]
detailed listing:
executing program 1:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), 0x1, 0x0, 0x1})
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0)
dup(r9)
socket$inet6_tcp(0xa, 0x1, 0x0)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <1>, <1>
bisect: split chunk #0 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: split chunk #1 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: 2 programs left: 

executing program 1:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), 0x1, 0x0, 0x1})
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0)
dup(r9)
socket$inet6_tcp(0xa, 0x1, 0x0)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)


bisect: trying to concatenate
bisect: concatenate 2 entries
minimizing program #0 before concatenation
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [29, 29]
detailed listing:
executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), 0x1, 0x0, 0x1})
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0)
dup(r9)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [28, 29]
detailed listing:
executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), 0x1, 0x0, 0x1})
openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [27, 29]
detailed listing:
executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000280)=@IORING_OP_TIMEOUT={0xb, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0), 0x1, 0x0, 0x1})
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [26, 29]
detailed listing:
executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r6 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r6}, &(0x7f0000000200), &(0x7f0000000140))
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [25, 29]
detailed listing:
executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7})
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [24, 29]
detailed listing:
executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [23, 29]
detailed listing:
executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [22, 29]
detailed listing:
executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
r5 = socket$netlink(0x10, 0x3, 0x7)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3c000000100003050000f4ffffff000000000000de7cb8f3fdbbd0a0069b45707bb479d279a9c8b666b0470f1b73dc265f5cce8291f6173f109929f235b6a4e30240533d8baa76df072bf5e071f5be58230bba77e2144a832792ff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006d616373656300000c00028005000d0003000000"], 0x3c}}, 0x0)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [22, 29]
detailed listing:
executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
socket$netlink(0x10, 0x3, 0x7)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [21, 29]
detailed listing:
executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [20, 29]
detailed listing:
executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1a, 0x11, &(0x7f0000000b40)=ANY=[@ANYBLOB="180800ae5e6e335a9129dc2c00000000181100"/30, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc8630000100000088802000f0ffffffbf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [20, 29]
detailed listing:
executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [19, 29]
detailed listing:
executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r3)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [18, 29]
detailed listing:
executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [17, 29]
detailed listing:
executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socket$inet_udplite(0x2, 0x2, 0x88)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [16, 29]
detailed listing:
executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [15, 29]
detailed listing:
executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [14, 29]
detailed listing:
executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [13, 29]
detailed listing:
executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [12, 29]
detailed listing:
executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [11, 29]
detailed listing:
executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000049c0)=[{{&(0x7f0000000400)=@tipc=@name, 0x80, &(0x7f0000000080)=[{&(0x7f0000000480)=""/135, 0x87}], 0x1, &(0x7f0000000540)=""/136, 0x88}, 0x22}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/157, 0x9d}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/85, 0x55}, {&(0x7f0000000800)=""/235, 0xeb}], 0x4, &(0x7f00000002c0)=""/15, 0xf}, 0x9}, {{&(0x7f00000043c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000048c0)=[{&(0x7f0000004440)=""/223, 0xdf}, {0x0}, {&(0x7f0000000a80)=""/185, 0xb9}, {0x0}, {&(0x7f0000004780)=""/180, 0xb4}, {&(0x7f0000004840)=""/111, 0x6f}], 0x6, &(0x7f0000004900)=""/134, 0x86}, 0x24a}], 0x3, 0x0, &(0x7f0000004a40)={0x77359400})
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [10, 29]
detailed listing:
executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 29]
detailed listing:
executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [8, 29]
detailed listing:
executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
open(0x0, 0x0, 0x146)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [7, 29]
detailed listing:
executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [6, 29]
detailed listing:
executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getpid()
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 29]
detailed listing:
executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 29]
detailed listing:
executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 29]
detailed listing:
executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 29]
detailed listing:
executing program 0:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 3:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
minimized 30 calls -> 2 calls
minimizing program #1 before concatenation
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 28]
detailed listing:
executing program 1:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 0:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
r5 = openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000000c0)={[{0x0, 'rlimit'}]}, 0x8)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 27]
detailed listing:
executing program 1:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 0:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)
openat$cgroup_int(r3, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 26]
detailed listing:
executing program 1:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 0:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000100), 0x12)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 25]
detailed listing:
executing program 1:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 0:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_procs(r3, &(0x7f00000006c0)='cgroup.procs\x00', 0x2, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 24]
detailed listing:
executing program 1:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 0:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 23]
detailed listing:
executing program 1:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 0:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 22]
detailed listing:
executing program 1:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 0:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 21]
detailed listing:
executing program 1:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 0:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
inotify_init1(0x0)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 20]
detailed listing:
executing program 1:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 0:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 19]
detailed listing:
executing program 1:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 0:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 19]
detailed listing:
executing program 1:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 0:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 19]
detailed listing:
executing program 1:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 0:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 18]
detailed listing:
executing program 1:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 0:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
recvmmsg(r2, &(0x7f0000003280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=""/67, 0x43}}], 0x1, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 17]
detailed listing:
executing program 1:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 0:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000002c0)=0x7933, 0x4)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 16]
detailed listing:
executing program 1:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 0:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 15]
detailed listing:
executing program 1:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 0:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 14]
detailed listing:
executing program 1:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 0:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 13]
detailed listing:
executing program 1:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 0:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 12]
detailed listing:
executing program 1:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 0:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 11]
detailed listing:
executing program 1:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 0:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpgrp(0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 10]
detailed listing:
executing program 1:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 0:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 9]
detailed listing:
executing program 1:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 0:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 8]
detailed listing:
executing program 1:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 0:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 7]
detailed listing:
executing program 1:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 0:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 6]
detailed listing:
executing program 1:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 0:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 5]
detailed listing:
executing program 1:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 0:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 4]
detailed listing:
executing program 1:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 0:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 3]
detailed listing:
executing program 1:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 0:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net/softnet_stat\x00')
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2]
detailed listing:
executing program 1:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
executing program 0:
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
minimized 29 calls -> 2 calls
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): writev-syz_emit_vhci-sendmsg$NL80211_CMD_SET_PMKSA-syz_emit_vhci
detailed listing:
executing program 0:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
bisect: concatenation succeeded
found reproducer with 4 syscalls
minimizing guilty program
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): writev-syz_emit_vhci-sendmsg$NL80211_CMD_SET_PMKSA
detailed listing:
executing program 0:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): writev-syz_emit_vhci-syz_emit_vhci
detailed listing:
executing program 0:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): writev-sendmsg$NL80211_CMD_SET_PMKSA-syz_emit_vhci
detailed listing:
executing program 0:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_emit_vhci-sendmsg$NL80211_CMD_SET_PMKSA-syz_emit_vhci
detailed listing:
executing program 0:
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): writev-syz_emit_vhci-sendmsg$NL80211_CMD_SET_PMKSA-syz_emit_vhci
detailed listing:
executing program 0:
writev(0xffffffffffffffff, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): writev-syz_emit_vhci-sendmsg$NL80211_CMD_SET_PMKSA-syz_emit_vhci
detailed listing:
executing program 0:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {0x0}], 0x2)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)

program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): writev-syz_emit_vhci-sendmsg$NL80211_CMD_SET_PMKSA-syz_emit_vhci
detailed listing:
executing program 0:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}, {0x0}], 0x2)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): writev-syz_emit_vhci-sendmsg$NL80211_CMD_SET_PMKSA-syz_emit_vhci
detailed listing:
executing program 0:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {0x0}], 0x2)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): writev-syz_emit_vhci-sendmsg$NL80211_CMD_SET_PMKSA-syz_emit_vhci
detailed listing:
executing program 0:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {0x0}], 0x2)
syz_emit_vhci(0x0, 0x22)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): writev-syz_emit_vhci-sendmsg$NL80211_CMD_SET_PMKSA-syz_emit_vhci
detailed listing:
executing program 0:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {0x0}], 0x2)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB], 0x22)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): writev-syz_emit_vhci-sendmsg$NL80211_CMD_SET_PMKSA-syz_emit_vhci
detailed listing:
executing program 0:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {0x0}], 0x2)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): writev-syz_emit_vhci-sendmsg$NL80211_CMD_SET_PMKSA-syz_emit_vhci
detailed listing:
executing program 0:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {0x0}], 0x2)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): writev-syz_emit_vhci-sendmsg$NL80211_CMD_SET_PMKSA-syz_emit_vhci
detailed listing:
executing program 0:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {0x0}], 0x2)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(0x0, 0x24)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): writev-syz_emit_vhci-sendmsg$NL80211_CMD_SET_PMKSA-syz_emit_vhci
detailed listing:
executing program 0:
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {0x0}], 0x2)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x42, &(0x7f0000000200)={0x0, 0xfffffffffffffecd}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB], 0x24)

program did not crash
extracting C reproducer
testing compiled C program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): writev-syz_emit_vhci-sendmsg$NL80211_CMD_SET_PMKSA-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
simplifying C reproducer
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): writev-syz_emit_vhci-sendmsg$NL80211_CMD_SET_PMKSA-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): writev-syz_emit_vhci-sendmsg$NL80211_CMD_SET_PMKSA-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): writev-syz_emit_vhci-sendmsg$NL80211_CMD_SET_PMKSA-syz_emit_vhci
program did not crash
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): writev-syz_emit_vhci-sendmsg$NL80211_CMD_SET_PMKSA-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): writev-syz_emit_vhci-sendmsg$NL80211_CMD_SET_PMKSA-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): writev-syz_emit_vhci-sendmsg$NL80211_CMD_SET_PMKSA-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): writev-syz_emit_vhci-sendmsg$NL80211_CMD_SET_PMKSA-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): writev-syz_emit_vhci-sendmsg$NL80211_CMD_SET_PMKSA-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): writev-syz_emit_vhci-sendmsg$NL80211_CMD_SET_PMKSA-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): writev-syz_emit_vhci-sendmsg$NL80211_CMD_SET_PMKSA-syz_emit_vhci
program did not crash
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): writev-syz_emit_vhci-sendmsg$NL80211_CMD_SET_PMKSA-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): writev-syz_emit_vhci-sendmsg$NL80211_CMD_SET_PMKSA-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): writev-syz_emit_vhci-sendmsg$NL80211_CMD_SET_PMKSA-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): writev-syz_emit_vhci-sendmsg$NL80211_CMD_SET_PMKSA-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): writev-syz_emit_vhci-sendmsg$NL80211_CMD_SET_PMKSA-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): writev-syz_emit_vhci-sendmsg$NL80211_CMD_SET_PMKSA-syz_emit_vhci
program crashed: BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt
reproducing took 2h16m59.370132438s
repro crashed as (corrupted=false):
BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585
in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5213, name: kworker/u33:2
preempt_count: 0, expected: 0
RCU nest depth: 1, expected: 0
4 locks held by kworker/u33:2/5213:
 #0: ffff888026939148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x1277/0x1b40 kernel/workqueue.c:3206
 #1: ffffc900034efd80 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1b40 kernel/workqueue.c:3207
 #2: ffff88802ef80078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xde/0xb30 net/bluetooth/hci_event.c:6852
 #3: ffffffff8dbb15e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:327 [inline]
 #3: ffffffff8dbb15e0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:839 [inline]
 #3: ffffffff8dbb15e0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0x100/0xb30 net/bluetooth/hci_event.c:6853
CPU: 3 PID: 5213 Comm: kworker/u33:2 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: hci0 hci_rx_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:114
 __might_resched+0x3c0/0x5e0 kernel/sched/core.c:8437
 __mutex_lock_common kernel/locking/mutex.c:585 [inline]
 __mutex_lock+0xe2/0x9c0 kernel/locking/mutex.c:752
 hci_connect_cfm include/net/bluetooth/hci_core.h:1962 [inline]
 hci_le_create_big_complete_evt+0x387/0xb30 net/bluetooth/hci_event.c:6877
 hci_le_meta_evt+0x2e2/0x5d0 net/bluetooth/hci_event.c:7134
 hci_event_func net/bluetooth/hci_event.c:7442 [inline]
 hci_event_packet+0x666/0x1180 net/bluetooth/hci_event.c:7497
 hci_rx_work+0x2c6/0x1610 net/bluetooth/hci_core.c:4029
 process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231
 process_scheduled_works kernel/workqueue.c:3312 [inline]
 worker_thread+0x6c8/0xf20 kernel/workqueue.c:3390
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>

=============================
[ BUG: Invalid wait context ]
6.10.0-syzkaller-04472-g51835949dda3 #0 Tainted: G        W         
-----------------------------
kworker/u33:2/5213 is trying to lock:
ffffffff8f9b69a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1962 [inline]
ffffffff8f9b69a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0x387/0xb30 net/bluetooth/hci_event.c:6877
other info that might help us debug this:
context-{4:4}
4 locks held by kworker/u33:2/5213:
 #0: ffff888026939148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x1277/0x1b40 kernel/workqueue.c:3206
 #1: ffffc900034efd80 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1b40 kernel/workqueue.c:3207
 #2: ffff88802ef80078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xde/0xb30 net/bluetooth/hci_event.c:6852
 #3: ffffffff8dbb15e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:327 [inline]
 #3: ffffffff8dbb15e0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:839 [inline]
 #3: ffffffff8dbb15e0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0x100/0xb30 net/bluetooth/hci_event.c:6853
stack backtrace:
CPU: 3 PID: 5213 Comm: kworker/u33:2 Tainted: G        W          6.10.0-syzkaller-04472-g51835949dda3 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: hci0 hci_rx_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114
 print_lock_invalid_wait_context kernel/locking/lockdep.c:4750 [inline]
 check_wait_context kernel/locking/lockdep.c:4820 [inline]
 __lock_acquire+0x811/0x3b30 kernel/locking/lockdep.c:5086
 lock_acquire kernel/locking/lockdep.c:5753 [inline]
 lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5718
 __mutex_lock_common kernel/locking/mutex.c:608 [inline]
 __mutex_lock+0x175/0x9c0 kernel/locking/mutex.c:752
 hci_connect_cfm include/net/bluetooth/hci_core.h:1962 [inline]
 hci_le_create_big_complete_evt+0x387/0xb30 net/bluetooth/hci_event.c:6877
 hci_le_meta_evt+0x2e2/0x5d0 net/bluetooth/hci_event.c:7134
 hci_event_func net/bluetooth/hci_event.c:7442 [inline]
 hci_event_packet+0x666/0x1180 net/bluetooth/hci_event.c:7497
 hci_rx_work+0x2c6/0x1610 net/bluetooth/hci_core.c:4029
 process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231
 process_scheduled_works kernel/workqueue.c:3312 [inline]
 worker_thread+0x6c8/0xf20 kernel/workqueue.c:3390
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
==================================================================
BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0xa62/0xb30 net/bluetooth/hci_event.c:6856
Read of size 8 at addr ffff88802ee4c000 by task kworker/u33:2/5213

CPU: 3 PID: 5213 Comm: kworker/u33:2 Tainted: G        W          6.10.0-syzkaller-04472-g51835949dda3 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: hci0 hci_rx_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114
 print_address_description mm/kasan/report.c:377 [inline]
 print_report+0xc3/0x620 mm/kasan/report.c:488
 kasan_report+0xd9/0x110 mm/kasan/report.c:601
 hci_le_create_big_complete_evt+0xa62/0xb30 net/bluetooth/hci_event.c:6856
 hci_le_meta_evt+0x2e2/0x5d0 net/bluetooth/hci_event.c:7134
 hci_event_func net/bluetooth/hci_event.c:7442 [inline]
 hci_event_packet+0x666/0x1180 net/bluetooth/hci_event.c:7497
 hci_rx_work+0x2c6/0x1610 net/bluetooth/hci_core.c:4029
 process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231
 process_scheduled_works kernel/workqueue.c:3312 [inline]
 worker_thread+0x6c8/0xf20 kernel/workqueue.c:3390
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>

Allocated by task 5213:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:370 [inline]
 __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:387
 kmalloc_noprof include/linux/slab.h:660 [inline]
 kzalloc_noprof include/linux/slab.h:778 [inline]
 __hci_conn_add+0x131/0x1a50 net/bluetooth/hci_conn.c:934
 hci_conn_add+0x56/0x70 net/bluetooth/hci_conn.c:1052
 hci_le_big_sync_established_evt+0x73f/0xad0 net/bluetooth/hci_event.c:6922
 hci_le_meta_evt+0x2e2/0x5d0 net/bluetooth/hci_event.c:7134
 hci_event_func net/bluetooth/hci_event.c:7442 [inline]
 hci_event_packet+0x666/0x1180 net/bluetooth/hci_event.c:7497
 hci_rx_work+0x2c6/0x1610 net/bluetooth/hci_core.c:4029
 process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231
 process_scheduled_works kernel/workqueue.c:3312 [inline]
 worker_thread+0x6c8/0xf20 kernel/workqueue.c:3390
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Freed by task 5213:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579
 poison_slab_object+0xf7/0x160 mm/kasan/common.c:240
 __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256
 kasan_slab_free include/linux/kasan.h:184 [inline]
 slab_free_hook mm/slub.c:2196 [inline]
 slab_free mm/slub.c:4438 [inline]
 kfree+0x12a/0x3b0 mm/slub.c:4559
 device_release+0xa1/0x240 drivers/base/core.c:2581
 kobject_cleanup lib/kobject.c:689 [inline]
 kobject_release lib/kobject.c:720 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x1fa/0x5b0 lib/kobject.c:737
 put_device+0x1f/0x30 drivers/base/core.c:3787
 hci_conn_del_sysfs+0x151/0x180 net/bluetooth/hci_sysfs.c:72
 hci_conn_cleanup net/bluetooth/hci_conn.c:175 [inline]
 hci_conn_del+0x54e/0xdb0 net/bluetooth/hci_conn.c:1162
 hci_le_create_big_complete_evt+0x4ba/0xb30 net/bluetooth/hci_event.c:6879
 hci_le_meta_evt+0x2e2/0x5d0 net/bluetooth/hci_event.c:7134
 hci_event_func net/bluetooth/hci_event.c:7442 [inline]
 hci_event_packet+0x666/0x1180 net/bluetooth/hci_event.c:7497
 hci_rx_work+0x2c6/0x1610 net/bluetooth/hci_core.c:4029
 process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231
 process_scheduled_works kernel/workqueue.c:3312 [inline]
 worker_thread+0x6c8/0xf20 kernel/workqueue.c:3390
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

The buggy address belongs to the object at ffff88802ee4c000
 which belongs to the cache kmalloc-8k of size 8192
The buggy address is located 0 bytes inside of
 freed 8192-byte region [ffff88802ee4c000, ffff88802ee4e000)

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2ee48
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: 0xffffefff(slab)
raw: 00fff00000000040 ffff888015443180 ffffea00009d9400 0000000000000002
raw: 0000000000000000 0000000080020002 00000001ffffefff 0000000000000000
head: 00fff00000000040 ffff888015443180 ffffea00009d9400 0000000000000002
head: 0000000000000000 0000000080020002 00000001ffffefff 0000000000000000
head: 00fff00000000003 ffffea0000bb9201 ffffffffffffffff 0000000000000000
head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4917, tgid 4917 (dhcpcd), ts 39554246945, free_ts 37645583457
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1473
 prep_new_page mm/page_alloc.c:1481 [inline]
 get_page_from_freelist+0x1353/0x2e50 mm/page_alloc.c:3425
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4683
 __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]
 alloc_pages_node_noprof include/linux/gfp.h:296 [inline]
 alloc_slab_page+0x56/0x110 mm/slub.c:2265
 allocate_slab mm/slub.c:2428 [inline]
 new_slab+0x84/0x260 mm/slub.c:2481
 ___slab_alloc+0xdac/0x1870 mm/slub.c:3667
 __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3757
 __slab_alloc_node mm/slub.c:3810 [inline]
 slab_alloc_node mm/slub.c:3990 [inline]
 __do_kmalloc_node mm/slub.c:4122 [inline]
 kmalloc_node_track_caller_noprof+0x355/0x430 mm/slub.c:4143
 kmalloc_reserve+0xef/0x2c0 net/core/skbuff.c:605
 __alloc_skb+0x164/0x380 net/core/skbuff.c:674
 alloc_skb include/linux/skbuff.h:1320 [inline]
 netlink_dump+0x2c1/0xcc0 net/netlink/af_netlink.c:2291
 netlink_recvmsg+0xa0d/0xf30 net/netlink/af_netlink.c:1983
 sock_recvmsg_nosec net/socket.c:1046 [inline]
 sock_recvmsg+0x1f6/0x250 net/socket.c:1068
 ____sys_recvmsg+0x21f/0x6b0 net/socket.c:2816
 ___sys_recvmsg+0x115/0x1a0 net/socket.c:2858
 __sys_recvmsg+0x114/0x1e0 net/socket.c:2888
page last free pid 4697 tgid 4697 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2588
 __put_partials+0x14c/0x170 mm/slub.c:2995
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:322
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3940 [inline]
 slab_alloc_node mm/slub.c:4002 [inline]
 kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4009
 vma_lock_alloc kernel/fork.c:443 [inline]
 vm_area_dup+0x53/0x2f0 kernel/fork.c:496
 dup_mmap kernel/fork.c:693 [inline]
 dup_mm kernel/fork.c:1671 [inline]
 copy_mm kernel/fork.c:1720 [inline]
 copy_process+0x7bd5/0x8de0 kernel/fork.c:2373
 kernel_clone+0xfd/0x980 kernel/fork.c:2780
 __do_sys_clone+0xba/0x100 kernel/fork.c:2923
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Memory state around the buggy address:
 ffff88802ee4bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff88802ee4bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff88802ee4c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                   ^
 ffff88802ee4c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88802ee4c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================

final repro crashed as (corrupted=false):
BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585
in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5213, name: kworker/u33:2
preempt_count: 0, expected: 0
RCU nest depth: 1, expected: 0
4 locks held by kworker/u33:2/5213:
 #0: ffff888026939148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x1277/0x1b40 kernel/workqueue.c:3206
 #1: ffffc900034efd80 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1b40 kernel/workqueue.c:3207
 #2: ffff88802ef80078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xde/0xb30 net/bluetooth/hci_event.c:6852
 #3: ffffffff8dbb15e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:327 [inline]
 #3: ffffffff8dbb15e0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:839 [inline]
 #3: ffffffff8dbb15e0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0x100/0xb30 net/bluetooth/hci_event.c:6853
CPU: 3 PID: 5213 Comm: kworker/u33:2 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: hci0 hci_rx_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:114
 __might_resched+0x3c0/0x5e0 kernel/sched/core.c:8437
 __mutex_lock_common kernel/locking/mutex.c:585 [inline]
 __mutex_lock+0xe2/0x9c0 kernel/locking/mutex.c:752
 hci_connect_cfm include/net/bluetooth/hci_core.h:1962 [inline]
 hci_le_create_big_complete_evt+0x387/0xb30 net/bluetooth/hci_event.c:6877
 hci_le_meta_evt+0x2e2/0x5d0 net/bluetooth/hci_event.c:7134
 hci_event_func net/bluetooth/hci_event.c:7442 [inline]
 hci_event_packet+0x666/0x1180 net/bluetooth/hci_event.c:7497
 hci_rx_work+0x2c6/0x1610 net/bluetooth/hci_core.c:4029
 process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231
 process_scheduled_works kernel/workqueue.c:3312 [inline]
 worker_thread+0x6c8/0xf20 kernel/workqueue.c:3390
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>

=============================
[ BUG: Invalid wait context ]
6.10.0-syzkaller-04472-g51835949dda3 #0 Tainted: G        W         
-----------------------------
kworker/u33:2/5213 is trying to lock:
ffffffff8f9b69a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1962 [inline]
ffffffff8f9b69a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0x387/0xb30 net/bluetooth/hci_event.c:6877
other info that might help us debug this:
context-{4:4}
4 locks held by kworker/u33:2/5213:
 #0: ffff888026939148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x1277/0x1b40 kernel/workqueue.c:3206
 #1: ffffc900034efd80 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1b40 kernel/workqueue.c:3207
 #2: ffff88802ef80078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xde/0xb30 net/bluetooth/hci_event.c:6852
 #3: ffffffff8dbb15e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:327 [inline]
 #3: ffffffff8dbb15e0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:839 [inline]
 #3: ffffffff8dbb15e0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0x100/0xb30 net/bluetooth/hci_event.c:6853
stack backtrace:
CPU: 3 PID: 5213 Comm: kworker/u33:2 Tainted: G        W          6.10.0-syzkaller-04472-g51835949dda3 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: hci0 hci_rx_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114
 print_lock_invalid_wait_context kernel/locking/lockdep.c:4750 [inline]
 check_wait_context kernel/locking/lockdep.c:4820 [inline]
 __lock_acquire+0x811/0x3b30 kernel/locking/lockdep.c:5086
 lock_acquire kernel/locking/lockdep.c:5753 [inline]
 lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5718
 __mutex_lock_common kernel/locking/mutex.c:608 [inline]
 __mutex_lock+0x175/0x9c0 kernel/locking/mutex.c:752
 hci_connect_cfm include/net/bluetooth/hci_core.h:1962 [inline]
 hci_le_create_big_complete_evt+0x387/0xb30 net/bluetooth/hci_event.c:6877
 hci_le_meta_evt+0x2e2/0x5d0 net/bluetooth/hci_event.c:7134
 hci_event_func net/bluetooth/hci_event.c:7442 [inline]
 hci_event_packet+0x666/0x1180 net/bluetooth/hci_event.c:7497
 hci_rx_work+0x2c6/0x1610 net/bluetooth/hci_core.c:4029
 process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231
 process_scheduled_works kernel/workqueue.c:3312 [inline]
 worker_thread+0x6c8/0xf20 kernel/workqueue.c:3390
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
==================================================================
BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0xa62/0xb30 net/bluetooth/hci_event.c:6856
Read of size 8 at addr ffff88802ee4c000 by task kworker/u33:2/5213

CPU: 3 PID: 5213 Comm: kworker/u33:2 Tainted: G        W          6.10.0-syzkaller-04472-g51835949dda3 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: hci0 hci_rx_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114
 print_address_description mm/kasan/report.c:377 [inline]
 print_report+0xc3/0x620 mm/kasan/report.c:488
 kasan_report+0xd9/0x110 mm/kasan/report.c:601
 hci_le_create_big_complete_evt+0xa62/0xb30 net/bluetooth/hci_event.c:6856
 hci_le_meta_evt+0x2e2/0x5d0 net/bluetooth/hci_event.c:7134
 hci_event_func net/bluetooth/hci_event.c:7442 [inline]
 hci_event_packet+0x666/0x1180 net/bluetooth/hci_event.c:7497
 hci_rx_work+0x2c6/0x1610 net/bluetooth/hci_core.c:4029
 process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231
 process_scheduled_works kernel/workqueue.c:3312 [inline]
 worker_thread+0x6c8/0xf20 kernel/workqueue.c:3390
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>

Allocated by task 5213:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:370 [inline]
 __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:387
 kmalloc_noprof include/linux/slab.h:660 [inline]
 kzalloc_noprof include/linux/slab.h:778 [inline]
 __hci_conn_add+0x131/0x1a50 net/bluetooth/hci_conn.c:934
 hci_conn_add+0x56/0x70 net/bluetooth/hci_conn.c:1052
 hci_le_big_sync_established_evt+0x73f/0xad0 net/bluetooth/hci_event.c:6922
 hci_le_meta_evt+0x2e2/0x5d0 net/bluetooth/hci_event.c:7134
 hci_event_func net/bluetooth/hci_event.c:7442 [inline]
 hci_event_packet+0x666/0x1180 net/bluetooth/hci_event.c:7497
 hci_rx_work+0x2c6/0x1610 net/bluetooth/hci_core.c:4029
 process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231
 process_scheduled_works kernel/workqueue.c:3312 [inline]
 worker_thread+0x6c8/0xf20 kernel/workqueue.c:3390
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Freed by task 5213:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579
 poison_slab_object+0xf7/0x160 mm/kasan/common.c:240
 __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256
 kasan_slab_free include/linux/kasan.h:184 [inline]
 slab_free_hook mm/slub.c:2196 [inline]
 slab_free mm/slub.c:4438 [inline]
 kfree+0x12a/0x3b0 mm/slub.c:4559
 device_release+0xa1/0x240 drivers/base/core.c:2581
 kobject_cleanup lib/kobject.c:689 [inline]
 kobject_release lib/kobject.c:720 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x1fa/0x5b0 lib/kobject.c:737
 put_device+0x1f/0x30 drivers/base/core.c:3787
 hci_conn_del_sysfs+0x151/0x180 net/bluetooth/hci_sysfs.c:72
 hci_conn_cleanup net/bluetooth/hci_conn.c:175 [inline]
 hci_conn_del+0x54e/0xdb0 net/bluetooth/hci_conn.c:1162
 hci_le_create_big_complete_evt+0x4ba/0xb30 net/bluetooth/hci_event.c:6879
 hci_le_meta_evt+0x2e2/0x5d0 net/bluetooth/hci_event.c:7134
 hci_event_func net/bluetooth/hci_event.c:7442 [inline]
 hci_event_packet+0x666/0x1180 net/bluetooth/hci_event.c:7497
 hci_rx_work+0x2c6/0x1610 net/bluetooth/hci_core.c:4029
 process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231
 process_scheduled_works kernel/workqueue.c:3312 [inline]
 worker_thread+0x6c8/0xf20 kernel/workqueue.c:3390
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

The buggy address belongs to the object at ffff88802ee4c000
 which belongs to the cache kmalloc-8k of size 8192
The buggy address is located 0 bytes inside of
 freed 8192-byte region [ffff88802ee4c000, ffff88802ee4e000)

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2ee48
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: 0xffffefff(slab)
raw: 00fff00000000040 ffff888015443180 ffffea00009d9400 0000000000000002
raw: 0000000000000000 0000000080020002 00000001ffffefff 0000000000000000
head: 00fff00000000040 ffff888015443180 ffffea00009d9400 0000000000000002
head: 0000000000000000 0000000080020002 00000001ffffefff 0000000000000000
head: 00fff00000000003 ffffea0000bb9201 ffffffffffffffff 0000000000000000
head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4917, tgid 4917 (dhcpcd), ts 39554246945, free_ts 37645583457
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1473
 prep_new_page mm/page_alloc.c:1481 [inline]
 get_page_from_freelist+0x1353/0x2e50 mm/page_alloc.c:3425
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4683
 __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]
 alloc_pages_node_noprof include/linux/gfp.h:296 [inline]
 alloc_slab_page+0x56/0x110 mm/slub.c:2265
 allocate_slab mm/slub.c:2428 [inline]
 new_slab+0x84/0x260 mm/slub.c:2481
 ___slab_alloc+0xdac/0x1870 mm/slub.c:3667
 __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3757
 __slab_alloc_node mm/slub.c:3810 [inline]
 slab_alloc_node mm/slub.c:3990 [inline]
 __do_kmalloc_node mm/slub.c:4122 [inline]
 kmalloc_node_track_caller_noprof+0x355/0x430 mm/slub.c:4143
 kmalloc_reserve+0xef/0x2c0 net/core/skbuff.c:605
 __alloc_skb+0x164/0x380 net/core/skbuff.c:674
 alloc_skb include/linux/skbuff.h:1320 [inline]
 netlink_dump+0x2c1/0xcc0 net/netlink/af_netlink.c:2291
 netlink_recvmsg+0xa0d/0xf30 net/netlink/af_netlink.c:1983
 sock_recvmsg_nosec net/socket.c:1046 [inline]
 sock_recvmsg+0x1f6/0x250 net/socket.c:1068
 ____sys_recvmsg+0x21f/0x6b0 net/socket.c:2816
 ___sys_recvmsg+0x115/0x1a0 net/socket.c:2858
 __sys_recvmsg+0x114/0x1e0 net/socket.c:2888
page last free pid 4697 tgid 4697 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2588
 __put_partials+0x14c/0x170 mm/slub.c:2995
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:322
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3940 [inline]
 slab_alloc_node mm/slub.c:4002 [inline]
 kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4009
 vma_lock_alloc kernel/fork.c:443 [inline]
 vm_area_dup+0x53/0x2f0 kernel/fork.c:496
 dup_mmap kernel/fork.c:693 [inline]
 dup_mm kernel/fork.c:1671 [inline]
 copy_mm kernel/fork.c:1720 [inline]
 copy_process+0x7bd5/0x8de0 kernel/fork.c:2373
 kernel_clone+0xfd/0x980 kernel/fork.c:2780
 __do_sys_clone+0xba/0x100 kernel/fork.c:2923
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Memory state around the buggy address:
 ffff88802ee4bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff88802ee4bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff88802ee4c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                   ^
 ffff88802ee4c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88802ee4c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================