Warning: Permanently added '[localhost]:8934' (ECDSA) to the list of known hosts. 2023/02/26 09:00:18 fuzzer started 2023/02/26 09:00:18 dialing manager at localhost:41417 syzkaller login: [ 37.696146] cgroup: Unknown subsys name 'net' [ 37.802290] cgroup: Unknown subsys name 'rlimit' 2023/02/26 09:00:33 syscalls: 215 2023/02/26 09:00:33 code coverage: enabled 2023/02/26 09:00:33 comparison tracing: enabled 2023/02/26 09:00:33 extra coverage: enabled 2023/02/26 09:00:33 setuid sandbox: enabled 2023/02/26 09:00:33 namespace sandbox: enabled 2023/02/26 09:00:33 Android sandbox: enabled 2023/02/26 09:00:33 fault injection: enabled 2023/02/26 09:00:33 leak checking: enabled 2023/02/26 09:00:33 net packet injection: enabled 2023/02/26 09:00:33 net device setup: enabled 2023/02/26 09:00:33 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2023/02/26 09:00:33 devlink PCI setup: PCI device 0000:00:10.0 is not available 2023/02/26 09:00:33 USB emulation: enabled 2023/02/26 09:00:33 hci packet injection: enabled 2023/02/26 09:00:33 wifi device emulation: enabled 2023/02/26 09:00:33 802.15.4 emulation: enabled 2023/02/26 09:00:33 fetching corpus: 0, signal 0/0 (executing program) 2023/02/26 09:00:35 starting 8 fuzzer processes 09:00:35 executing program 0: getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000000)={@dev, @local}, &(0x7f0000000040)=0xc) r0 = memfd_secret(0x0) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000080)={0x0, 0x1, 0xffffffffffffffff, 0x9, 0x80000}) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f00000000c0)={0x5, 0x1}, 0x2) getsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f0000000100)=0x8000, &(0x7f0000000140)=0x2) r1 = socket(0x9, 0xa, 0x663) getsockopt$bt_BT_SECURITY(r1, 0x112, 0x4, &(0x7f0000000180), 0x2) sendmsg$NFNL_MSG_CTHELPER_GET(r1, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x4c, 0x1, 0x9, 0x801, 0x0, 0x0, {0x5, 0x0, 0x7}, [@NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x3}, @NFCTH_STATUS={0x8, 0x6, 0x1, 0x0, 0x1}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x12}, @NFCTH_STATUS={0x8, 0x6, 0x1, 0x0, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20}, 0x10) r2 = memfd_secret(0x0) sendmsg$GTP_CMD_NEWPDP(r2, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x14, 0x0, 0x309, 0x70bd29, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x8100) getsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f0000000400), &(0x7f0000000440)=0x4) getsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f0000000480)=0xffff, &(0x7f00000004c0)=0x2) r3 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TIOCL_GETMOUSEREPORTING(r3, 0x541c, &(0x7f0000000500)) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000580)={'wpan4\x00', 0x0}) sendmsg$NL802154_CMD_GET_SEC_DEVKEY(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x70, 0x0, 0x8, 0x70bd2b, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000000}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x70}}, 0x48050) getsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f00000006c0)={@broadcast, @empty}, &(0x7f0000000700)=0xc) getsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@rand_addr, @broadcast}, &(0x7f0000000780)=0xc) setsockopt$bt_BT_FLUSHABLE(r2, 0x112, 0x8, &(0x7f00000007c0)=0x4, 0x4) sendmsg$NL802154_CMD_SET_CCA_ED_LEVEL(0xffffffffffffffff, &(0x7f0000000900)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x110010}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x4c, 0x0, 0x800, 0x70bd2c, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_CCA_ED_LEVEL={0x8, 0xe, 0xb}, @NL802154_ATTR_CCA_ED_LEVEL={0x8, 0xe, 0x7}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_CCA_ED_LEVEL={0x8, 0xe, 0x2}]}, 0x4c}, 0x1, 0x0, 0x0, 0x880}, 0x880) 09:00:35 executing program 1: sendmsg$NLBL_UNLABEL_C_ACCEPT(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x3c, 0x0, 0x10, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:ksm_device_t:s0\x00'}]}, 0x3c}}, 0x2004c011) sendmsg$NL802154_CMD_GET_SEC_DEVKEY(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x900000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x40, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x40}, 0x1, 0x0, 0x0, 0x4010}, 0x1) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_DEL_SEC_DEV(r0, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x24, 0x0, 0x2, 0x70bd29, 0x25dfdbfe, {}, [@NL802154_ATTR_SEC_DEVICE={0x10, 0x23, 0x0, 0x1, {0xc, 0x4, {0x7056727ddf41bf80}}}]}, 0x24}}, 0x4044000) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000340)={'wpan3\x00', 0x0}) sendmsg$NL802154_CMD_SET_MAX_FRAME_RETRIES(r0, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x44, 0x0, 0x800, 0x70bd29, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_MAX_FRAME_RETRIES={0x5, 0xf, 0x80}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x20008001) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r2, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x74, 0x0, 0x10, 0x70bd25, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @loopback}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @private0={0xfc, 0x0, '\x00', 0x1}}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'syzkaller0\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'wg0\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @loopback}]}, 0x74}, 0x1, 0x0, 0x0, 0x20008010}, 0x4000) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000600), r0) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r0, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x3c, r3, 0x800, 0x70bd2a, 0x25dfdbfb, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000}, 0x20000011) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000740), r2) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000780)={'wpan1\x00', 0x0}) sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r4, &(0x7f0000000840)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x2c, r5, 0x8, 0x70bd2c, 0x25dfdbfb, {}, [@IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x75}, @IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0x3f}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8800}, 0x240080c4) sendmsg$IEEE802154_LLSEC_SETPARAMS(r2, &(0x7f0000000940)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000900)={&(0x7f00000008c0)={0x1c, 0x0, 0x20, 0x70bd29, 0x25dfdbfd, {}, [@IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4001}, 0xd081) sendmsg$IPCTNL_MSG_EXP_GET(0xffffffffffffffff, &(0x7f0000000a80)={&(0x7f0000000980), 0xc, &(0x7f0000000a40)={&(0x7f00000009c0)={0x4c, 0x1, 0x2, 0x5, 0x0, 0x0, {0x2, 0x0, 0x2}, [@CTA_EXPECT_TUPLE={0x28, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x15}}]}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x2}, @CTA_EXPECT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20008051}, 0x880) ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f0000000b00)={'wpan3\x00', 0x0}) sendmsg$NL802154_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000c00)={&(0x7f0000000ac0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000bc0)={&(0x7f0000000b40)={0x54, r3, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x4000810) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_START_REQ(r8, &(0x7f0000000d00)={&(0x7f0000000c40)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000c80)={0x3c, r5, 0x10, 0x70bd26, 0x25dfdbfc, {}, [@IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xffff}, @IEEE802154_ATTR_PAGE={0x5, 0x1d, 0x6}, @IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0x2}, @IEEE802154_ATTR_SF_ORD={0x5, 0x18, 0x6}, @IEEE802154_ATTR_PAGE={0x5, 0x1d, 0x1b}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x20004000) 09:00:35 executing program 2: r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x78, r0, 0x1, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x2e}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x887}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x10000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}]}, @TIPC_NLA_LINK={0x20, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}]}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x8044}, 0x880) r1 = memfd_secret(0x80000) r2 = syz_open_procfs$userns(0xffffffffffffffff, &(0x7f00000001c0)) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r1, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x68, 0x0, 0x1, 0x70bd27, 0x25dfdbfb, {{}, {@val={0x8, 0x1, 0x75}, @val={0x8}, @val={0xc, 0x99, {0x400, 0x3}}}}, [@NL80211_ATTR_WDEV={0xc, 0x99, {0x200, 0x4}}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x6fb, 0x53}}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x10000, 0xd}}, @NL80211_ATTR_NETNS_FD={0x8, 0xdb, r2}, @NL80211_ATTR_WDEV={0xc, 0x99, {0xffffffe0, 0x6a}}]}, 0x68}, 0x1, 0x0, 0x0, 0x8040}, 0x1) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_SET_CCA_MODE(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x34, r3, 0x800, 0x70bd2b, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_CCA_MODE={0x8, 0xc, 0x6}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_DEV(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x2c, 0x0, 0x0, 0x70bd25, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r5}, @NL802154_ATTR_SEC_DEVICE={0x10, 0x23, 0x0, 0x1, {0xc, 0x4, {0xaaaaaaaaaaaa0202}}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000000}, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_PAN_ID(r6, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x1010040}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x14, 0x0, 0x100, 0x70bd29, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x8850}, 0xc000) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000700), r1) sendmsg$TIPC_NL_BEARER_GET(r1, &(0x7f0000000840)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000800)={&(0x7f0000000740)={0xa4, r7, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7ff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7ff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7fffffff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}]}, @TIPC_NLA_LINK={0x10, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_MON={0x3c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x46}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8001}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x800}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}]}]}, 0xa4}}, 0x4000040) ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f00000008c0)={'wpan4\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r6, &(0x7f00000009c0)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0xad716c2f67fe9b1}, 0xc, &(0x7f0000000980)={&(0x7f0000000900)={0x74, r3, 0x2, 0x70bd26, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_SEC_DEVKEY={0x4c, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0302}}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0302}}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_ID={0xc, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x10000}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0302}}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x74}, 0x1, 0x0, 0x0, 0x40010}, 0x4) r9 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000a40), r6) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r6, &(0x7f0000000b40)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000b00)={&(0x7f0000000a80)={0x70, r9, 0x0, 0x70bd2d, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_SECCTX={0x2a, 0x7, 'system_u:object_r:urandom_device_t:s0\x00'}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @remote}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'syz_tun\x00'}]}, 0x70}, 0x1, 0x0, 0x0, 0x4000800}, 0x40000d0) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_STATS(r10, &(0x7f0000000c40)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000c00)={&(0x7f0000000bc0)={0x14, 0x5, 0x1, 0x0, 0x0, 0x0, {0xc}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x24008014}, 0x81) 09:00:35 executing program 3: setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f0000000000)=0x21a, 0x4) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f0000000040)=0x7, 0x4) r0 = socket(0x18, 0x0, 0xffffffff) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000100)={0x314, r1, 0x300, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0x138, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x29}}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x85d, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x6}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x1000, @private2={0xfc, 0x2, '\x00', 0x1}, 0x1}}, {0x20, 0x2, @in6={0xa, 0x16, 0x10000, @private0={0xfc, 0x0, '\x00', 0x1}, 0x7}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x5, @remote, 0x3ff}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0x9, @rand_addr=' \x01\x00', 0xf668}}}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x969}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}]}]}, @TIPC_NLA_LINK={0x58, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x40e}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xfff}]}, @TIPC_NLA_NODE={0x154, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "29afd8d45deda26f860785b134757fab9bbccfa1"}}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY={0x3f, 0x4, {'gcm(aes)\x00', 0x17, "e118c36a51c9208f6f40d048a8e956e9eb2cde693eeb49"}}, @TIPC_NLA_NODE_KEY={0x41, 0x4, {'gcm(aes)\x00', 0x19, "3b75b38beefef28b4561351f8d3140a92bfe0368fe0213756d"}}, @TIPC_NLA_NODE_KEY={0x3e, 0x4, {'gcm(aes)\x00', 0x16, "2f50fb05bb831049f840c1ff86b17a64e2f9a73e3367"}}, @TIPC_NLA_NODE_KEY={0x40, 0x4, {'gcm(aes)\x00', 0x18, "2d703588bd8ae529ad1bd4499e14cebdcfb174ac4b349533"}}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3}]}]}, 0x314}}, 0x4000000) sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x64, r1, 0x100, 0x70bd2a, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x4}, @TIPC_NLA_NODE={0x4c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "5af7b7c9064d444dcd63ab3a7b829c2042c38d4f3e9104126f6c07d693535280"}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x40000}, 0x40000) r2 = socket(0x27, 0xa, 0x5) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000640), r0) sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000780)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000740)={&(0x7f0000000680)={0xbc, r3, 0x400, 0x70bd2a, 0x25dfdbfe, {}, [@TIPC_NLA_MEDIA={0x20, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}]}]}, @TIPC_NLA_MEDIA={0x38, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}, @TIPC_NLA_NODE={0x50, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x4a, 0x4, {'gcm(aes)\x00', 0x22, "24ece1f1352f768ed0d2571f5b9e26c94044ba4e1491ce91abe2fa056e46fa75f9c4"}}]}]}, 0xbc}, 0x1, 0x0, 0x0, 0x24000800}, 0x40) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_PEER_REMOVE(r4, &(0x7f0000000940)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000900)={&(0x7f0000000800)={0xd4, r3, 0x100, 0x70bd2b, 0x25dfdbfb, {}, [@TIPC_NLA_NODE={0xc0, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ID={0xb4, 0x3, "3eb5b444a3069298b7d3fef0123090458d9f6e677cac203b41fa556fc6dc8ca14361bb23dfca0e3c26856dcaa580af240c82eb975e8cd2321b30f250ceaf42407c2ba74e487039c8f73d0669d4fa23f8746726822c5536b68ff36c0288c89c45413060a6758cb4226324e13bac973f7aa7c3064c7f0279a626479eb9b0cc20690b9276e10d597f7cdf7978a0b936026d46fc47cbcefb472f5ee3bdc57b31b988afb040e4e0bb2472936b991270360e05"}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x80000001}]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x2404880c}, 0x10) socket$inet_udp(0x2, 0x2, 0x0) setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000980)=0x1, 0x4) r5 = memfd_secret(0x80000) setsockopt$bt_BT_DEFER_SETUP(r5, 0x112, 0x7, &(0x7f00000009c0)=0x1, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000a00)={0x2, 0x5, 0x7, 0x446ccff4, 0x8c}, 0x14) ioctl$VT_RESIZEX(r5, 0x560a, &(0x7f0000000a40)={0x81, 0x786, 0x4, 0x7, 0xfff8, 0x5}) sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(0xffffffffffffffff, &(0x7f0000000b80)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000b40)={&(0x7f0000000ac0)={0x44, 0x0, 0x580, 0x70bd26, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_SECCTX={0x27, 0x7, 'system_u:object_r:lvm_control_t:s0\x00'}]}, 0x44}}, 0x4001) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000bc0), 0x4) sendmsg$NLBL_UNLABEL_C_ACCEPT(0xffffffffffffffff, &(0x7f0000000d80)={&(0x7f0000000c00)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000d40)={&(0x7f0000000c80)={0x98, 0x0, 0x400, 0x70bd25, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @rand_addr=0x64010101}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @private=0xa010101}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @mcast2}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}]}, 0x98}, 0x1, 0x0, 0x0, 0x40000d0}, 0x24004814) [ 52.872027] audit: type=1400 audit(1677402035.341:6): avc: denied { execmem } for pid=258 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 09:00:35 executing program 6: r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xb2, 0x6, 0x6, 0x5, 0x0, 0x4, 0x82001, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x2, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0xe6, 0x1, @perf_bp={&(0x7f00000000c0), 0xb}, 0x10, 0x4, 0xfffffffc, 0x8, 0x3, 0x9, 0x7, 0x0, 0x1, 0x0, 0x3f}, 0xffffffffffffffff, 0xd, 0xffffffffffffffff, 0x8) r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x4, 0x40, 0xa3, 0x40, 0x0, 0x8, 0x18c00, 0x9, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0xfffffffc, 0x0, @perf_bp={&(0x7f0000000000), 0x8}, 0x1, 0x10001, 0x8000, 0x8, 0x5, 0xfff, 0x7, 0x0, 0x0, 0x0, 0x8}, 0xffffffffffffffff, 0xf, r0, 0x2) r2 = perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x6, 0x6, 0x1, 0x20, 0x0, 0xe2, 0x4, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x6, 0x1, @perf_config_ext={0xa6, 0x6}, 0x0, 0xff, 0x1ff, 0x4, 0x3, 0x69, 0x1580, 0x0, 0x7fffffff, 0x0, 0x8}, 0x0, 0x8, r1, 0x0) ioctl$KDGETLED(0xffffffffffffffff, 0x4b31, &(0x7f0000000200)) r3 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TIOCSWINSZ(r3, 0x5414, &(0x7f0000000240)={0x1, 0x20, 0xff, 0x7ff}) ioctl$PIO_SCRNMAP(r3, 0x4b41, &(0x7f0000000280)="6d5724a2d0751e1577ea704fa418f053c5c50600f00309f8146e46a4c55d0fc9186abe7dad3d77974ab6e4af798129bedff7dec2fe14a0625f3581414b6ebcf53208f4275d7a5967a21c4ce2e802d961623191385d702e3f09edbe6b75f2eaf42bf3341926021686f605eca427e2c05ec0588d5b059113e09557c64ea52d4c") ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000300)='\x00') ioctl$KDSKBSENT(0xffffffffffffffff, 0x4b49, &(0x7f0000000340)={0x4b, "7d4fa6e9f665e441c432b510296021314eae2bd84dbe6695fdd92bede71f302af78ac99856b85bd338ce6d50d56d05babf2ecc1f4e5efea0cd0d5e7550c41c1be213e3da7c70dde14bceee0bc5e0d26e9c9bf66d14f60850951153d4fcd00b638ab777e386511a62e960584945166d1eb18ec5ba5fa9ab9d19286fee59e0c5c5d86fe63aa19711fb9121a59903f8235198f700282592597cce795d8fd8cdb9a7a57bad84d118ee8aa5241feb87051e759213139ea898ba87bbf9a0938c281121a8cb6728a0b1a9d518bdcec0f11f7e7558d822195e66ba25444838bdc84b599726a1e927528258bb8c5e8f295f28174f5a6bbc20a9901aa23a8a272233e17a2807a1c498718073b471ba3f781f02d7f576baaffcc225b7bb3feb2d3cef55316e09856646912d6ab6bf406b1f588ee90ef0d6c5fca9ba4e565d1a5a072a46a13a7a40b47122f6cf9b06734107620a99a192d0d50c791df5b10ab853e915bc86c2714d6c779cad9ee495be61beb8f6630dba50ae959c614bc1448939789b9432b74f57161d042297fcdfdf9d45fa05171be8d008c622c93ff16e808241d668131183740bf41b3b5e164c9e5ce0582f69f6e1b7b33f1cd7350f862415e0fe0ef123183e13920c00bc5d573118b60b779961c6c0bbbbee66b7a9c51cc6c6d45f65233bb6e7ec31c82538d282c0cf077f2f0811a7caa7074a611abaa1fff18994a958"}) r4 = perf_event_open(&(0x7f00000005c0)={0x5, 0x80, 0x6, 0x6e, 0x20, 0x0, 0x0, 0x7, 0xc2084, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x53b7, 0x0, @perf_bp={&(0x7f0000000580), 0x4}, 0x40880, 0x40000000000, 0x6a, 0x2, 0x0, 0x200, 0x3ff, 0x0, 0x7}, 0x0, 0x3, r2, 0xa) ioctl$PERF_EVENT_IOC_RESET(r4, 0x2403, 0x2000000000000000) ioctl$PERF_EVENT_IOC_ID(r4, 0x80082407, &(0x7f0000000640)) ioctl$PERF_EVENT_IOC_RESET(r4, 0x2403, 0x0) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$bt_BT_RCVMTU(r5, 0x112, 0xd, &(0x7f0000000680)=0xc5b, &(0x7f00000006c0)=0x2) r6 = memfd_secret(0x80000) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000700)='\x00') ioctl$PERF_EVENT_IOC_ID(r4, 0x80082407, &(0x7f0000000740)) perf_event_open(&(0x7f0000000780)={0x0, 0x80, 0x3, 0x6, 0x36, 0x2, 0x0, 0x1d, 0x100, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x5, 0x1, @perf_config_ext={0x3c, 0x2}, 0x4408, 0x8, 0x1f, 0x1, 0xc822, 0x2, 0x208, 0x0, 0x7f}, 0x0, 0x9, 0xffffffffffffffff, 0x1) ioctl$TIOCGSID(r3, 0x5429, &(0x7f0000000800)) 09:00:35 executing program 4: getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000000)=""/154, &(0x7f00000000c0)=0x9a) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000100)=0x2, 0x4) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000140)={@rand_addr, @initdev}, &(0x7f0000000180)=0xc) r0 = memfd_secret(0x80000) ioctl$TIOCL_SELLOADLUT(r0, 0x541c, &(0x7f00000001c0)={0x5, 0x80000000, 0x100, 0x9, 0xfffffffffffffffb}) r1 = memfd_secret(0x80000) ioctl$VT_DISALLOCATE(r1, 0x5608) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet6_tcp_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, &(0x7f0000000200)) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000380)={'syztnl2\x00', &(0x7f0000000300)={'gre0\x00', 0x0, 0x7, 0x7800, 0x7f, 0x4, {{0x17, 0x4, 0x1, 0xa, 0x5c, 0x66, 0x0, 0x60, 0x4, 0x0, @local, @multicast2, {[@end, @ra={0x94, 0x4, 0x1}, @end, @timestamp={0x44, 0x8, 0xbf, 0x0, 0x9, [0x6]}, @ra={0x94, 0x4}, @end, @end, @timestamp_prespec={0x44, 0x34, 0x8c, 0x3, 0x7, [{@loopback, 0x401}, {@multicast2}, {@rand_addr=0x64010101, 0x7f}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0xfff}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x2}, {@multicast2, 0x7fffffff}]}]}}}}}) recvfrom$packet(r0, &(0x7f0000000240)=""/151, 0x97, 0x2102, &(0x7f00000003c0)={0x11, 0x1c, r3, 0x1, 0x6, 0x6, @remote}, 0x14) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r4, 0x6, 0x1d, &(0x7f0000000400)={0x7, 0x1, 0x7, 0xfffffffe, 0x6}, 0x14) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQ(r5, 0x5411, &(0x7f0000000440)) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r2, 0xc0c89425, &(0x7f0000000480)={"c9fb36938ea493db14ae5a3c68926b8c", 0x0, 0x0, {0x39e, 0x92}, {0x5, 0x2}, 0x900, [0x8, 0x9, 0x86, 0x4, 0x0, 0x101, 0x9, 0x80000000, 0x0, 0x3bf, 0x6, 0x4000000000000, 0x599, 0x8, 0x3, 0x9]}) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_PEER_REMOVE(r6, &(0x7f00000009c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000980)={&(0x7f00000005c0)={0x388, 0x0, 0x800, 0x70bd25, 0x25dfdbfd, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @remote}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x900, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7}}}}]}, @TIPC_NLA_NET={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x6}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x40}]}, @TIPC_NLA_NET={0x20, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0xce9}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x4}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xc4}]}, @TIPC_NLA_NODE={0x50, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_NODE_KEY={0x3d, 0x4, {'gcm(aes)\x00', 0x15, "e00c12f4f0c511c62ab2d0c0705e9eb2ba4e84331d"}}]}, @TIPC_NLA_MEDIA={0x34, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}, @TIPC_NLA_BEARER={0x104, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x3}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @rand_addr=0x64010100}}, {0x14, 0x2, @in={0x2, 0x4e22, @empty}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}]}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x7ff, @mcast2, 0x6}}, {0x14, 0x2, @in={0x2, 0x4e21, @multicast1}}}}, @TIPC_NLA_BEARER_PROP={0x4}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'macsec0\x00'}}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x13d400, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x3, @empty, 0x6}}}}]}, @TIPC_NLA_NET={0x58, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x80000000}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x1000}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x2}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x753fcdc5}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7ff}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x100000001}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x200}]}, @TIPC_NLA_BEARER={0x8c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0x4, @private1={0xfc, 0x1, '\x00', 0x1}, 0x3ff}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x7, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10000}}}}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9a7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xda97}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x100}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x400}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'vlan0\x00'}}]}, @TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}]}, @TIPC_NLA_SOCK={0x68, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x2}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x26}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x80000001}, @TIPC_NLA_CON_FLAG={0x8}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x5}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xe63a}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x388}}, 0x20000411) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000a00)=0x1, 0x4) ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f0000000a40)={0x80, 0x5, 0x3, 0x8, 0x1, 0x400}) 09:00:35 executing program 5: sendmsg$NL802154_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x40, 0x0, 0x10, 0x70bd2b, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan1\x00'}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, {0xaaaaaaaaaaaa0302}}]}, 0x40}, 0x1, 0x0, 0x0, 0x4}, 0x4004040) sendmsg$NL802154_CMD_NEW_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x74, 0x0, 0x100, 0x70bd25, 0x25dfdbfe, {}, [@NL802154_ATTR_SEC_LEVEL={0x4c, 0x22, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x2}, @NL802154_SECLEVEL_ATTR_FRAME={0x8}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x80}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x1f}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x83}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x3}, @NL802154_SECLEVEL_ATTR_FRAME={0x8}]}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}]}, 0x74}, 0x1, 0x0, 0x0, 0x240000d0}, 0x20000050) r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL802154_CMD_DEL_SEC_DEV(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8200000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x4c, r0, 0x804, 0x70bd26, 0x25dfdbfe, {}, [@NL802154_ATTR_SEC_DEVICE={0x10, 0x23, 0x0, 0x1, {0xc, 0x4, {0xaaaaaaaaaaaa0002}}}, @NL802154_ATTR_SEC_DEVICE={0x10, 0x23, 0x0, 0x1, {0xc}}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}]}, 0x4c}, 0x1, 0x0, 0x0, 0x80}, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x9000b0c3}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x6c, 0x0, 0x800, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_SECCTX={0x27, 0x7, 'system_u:object_r:zero_device_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'gre0\x00'}]}, 0x6c}, 0x1, 0x0, 0x0, 0x10}, 0x20000010) sendmsg$NL802154_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x28, 0x0, 0x4, 0x70bd2d, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x24000000}, 0x8000) sendmsg$NL802154_CMD_NEW_SEC_DEV(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x20, r0, 0x400, 0x70bd29, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}]}, 0x20}, 0x1, 0x0, 0x0, 0x4006885}, 0x4000000) sendmsg$TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000880)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x480024}, 0xc, &(0x7f0000000840)={&(0x7f0000000740)={0xe0, 0x0, 0x200, 0x70bd25, 0x25dfdbfb, {}, [@TIPC_NLA_NET={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7a}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x3}]}, @TIPC_NLA_BEARER={0xa8, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb663}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xbaf}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @rand_addr=0x64010100}}, {0x14, 0x2, @in={0x2, 0x4e23, @multicast2}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xe8}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x300}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}]}]}]}, 0xe0}, 0x1, 0x0, 0x0, 0x40000000}, 0x4cb37c2100412516) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_DEL_DEV(r1, &(0x7f0000000980)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x14, 0x0, 0x8, 0x70bd29, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x4010) r2 = memfd_secret(0x80000) r3 = getpid() sendmsg$DEVLINK_CMD_RELOAD(r2, &(0x7f0000000b00)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x20000c0}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a00)={0xac, 0x0, 0x800, 0x70bd26, 0x25dfdbfe, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_ID={0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, 0xffffffffffffffff}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_FD={0x8}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r3}}]}, 0xac}, 0x1, 0x0, 0x0, 0x20000810}, 0x80) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000b80), r1) sendmsg$NLBL_UNLABEL_C_ACCEPT(r4, &(0x7f0000000c80)={&(0x7f0000000b40)={0x10, 0x0, 0x0, 0x1040004}, 0xc, &(0x7f0000000c40)={&(0x7f0000000bc0)={0x58, r5, 0x410, 0x70bd29, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @private=0xa010101}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'gretap0\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'ip6tnl0\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000850}, 0x40040) sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r4, &(0x7f0000000d80)={&(0x7f0000000cc0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000d40)={&(0x7f0000000d00)={0x2c, 0x0, 0x2, 0x70bd28, 0x25dfdbfb, {}, [@IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}, @IEEE802154_ATTR_LLSEC_SECLEVELS={0x5, 0x35, 0x7f}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8}, 0x40040) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_PAN_ID(r6, &(0x7f0000000e80)={&(0x7f0000000dc0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000e40)={&(0x7f0000000e00)={0x14, 0x0, 0x200, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x800) sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(0xffffffffffffffff, &(0x7f0000000f80)={&(0x7f0000000ec0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000f40)={&(0x7f0000000f00)={0x40, 0x0, 0x200, 0x70bd2b, 0x25dfdbff, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0102}}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000080}, 0x40) 09:00:35 executing program 7: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000000)) sendmsg$NFNL_MSG_CTHELPER_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x28, 0x1, 0x9, 0x101, 0x0, 0x0, {0x5, 0x0, 0x5}, [@NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x3}}, @NFCTH_STATUS={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x4044080) ioctl$PERF_EVENT_IOC_REFRESH(0xffffffffffffffff, 0x2402, 0x4) ioctl$TIOCSWINSZ(0xffffffffffffffff, 0x5414, &(0x7f0000000140)={0x0, 0x1, 0x4, 0x7fff}) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x20) ioctl$KDSKBLED(0xffffffffffffffff, 0x4b65, 0x1000) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000001c0)) r1 = perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x5, 0x84, 0xc6, 0x1, 0x0, 0x2, 0xc05, 0x2, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x3, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0xc66, 0x4, @perf_bp={&(0x7f0000000240), 0x5}, 0x800, 0x6, 0x400000, 0x1, 0x4, 0x74, 0x0, 0x0, 0x8, 0x0, 0xfffffffffffffbff}, 0x0, 0x4, 0xffffffffffffffff, 0x9) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000340)={0x3, 0x80, 0x8b, 0x80, 0x1f, 0x0, 0x0, 0x4, 0x49000, 0xf, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x4, 0x4, @perf_bp={&(0x7f0000000300), 0x2}, 0x8004, 0x8000, 0x8001, 0x8, 0x6, 0x9, 0xffff, 0x0, 0xffff, 0x0, 0xfffffffffffffff7}) ioctl$PERF_EVENT_IOC_ID(0xffffffffffffffff, 0x80082407, &(0x7f00000003c0)) getsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f0000000400)=0x1, &(0x7f0000000440)=0x4) r2 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TIOCSPGRP(r2, 0x5410, &(0x7f0000000480)=0xffffffffffffffff) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f00000004c0)=0x8) ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000000500)) r3 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TIOCMGET(r3, 0x5415, &(0x7f0000000540)) ioctl$TIOCNXCL(r3, 0x540d) ioctl$NS_GET_NSTYPE(0xffffffffffffffff, 0xb703, 0x0) [ 54.146596] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 54.149966] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 54.151576] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 54.154712] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 54.156420] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 54.157986] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 54.199911] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 54.206735] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 54.208903] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 54.211592] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 54.213151] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 54.215700] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 54.301439] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 54.303252] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 54.305972] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 54.311520] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 54.313441] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 54.314669] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 54.341092] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 54.342476] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 54.345034] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 54.346888] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 54.348174] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 54.349552] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 54.350840] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 54.352055] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 54.353627] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 54.359085] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 54.359717] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 54.360106] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 54.362930] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 54.363040] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 54.366065] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 54.367656] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 54.368910] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 54.369014] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 54.371586] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 54.372953] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 54.380643] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 54.411094] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 54.413243] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 54.414725] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 56.236652] Bluetooth: hci2: command 0x0409 tx timeout [ 56.237248] Bluetooth: hci0: command 0x0409 tx timeout [ 56.237863] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 56.239065] [ 56.239203] ====================================================== [ 56.239626] WARNING: possible circular locking dependency detected [ 56.240085] 6.2.0-next-20230224 #1 Not tainted [ 56.240397] ------------------------------------------------------ [ 56.241086] syz-executor.7/271 is trying to acquire lock: [ 56.244938] ffff88800dc88880 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: __flush_work+0xdd/0xd80 [ 56.245702] [ 56.245702] but task is already holding lock: [ 56.246103] ffff88800dc88920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 56.246749] [ 56.246749] which lock already depends on the new lock. [ 56.246749] [ 56.247292] [ 56.247292] the existing dependency chain (in reverse order) is: [ 56.247813] [ 56.247813] -> #1 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}: [ 56.248315] __mutex_lock+0x133/0x14a0 [ 56.248645] hci_cmd_sync_work+0x1e6/0x320 [ 56.248996] process_one_work+0xa0f/0x1790 [ 56.249344] worker_thread+0x63b/0x1260 [ 56.249672] kthread+0x2e9/0x3a0 [ 56.249963] ret_from_fork+0x2c/0x50 [ 56.250270] [ 56.250270] -> #0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}: [ 56.250847] __lock_acquire+0x2d56/0x6380 [ 56.251186] lock_acquire.part.0+0xea/0x320 [ 56.251538] __flush_work+0x109/0xd80 [ 56.251855] __cancel_work_timer+0x39c/0x4e0 [ 56.252200] hci_cmd_sync_clear+0x52/0x250 [ 56.252540] hci_unregister_dev+0xf9/0x410 [ 56.252880] vhci_release+0x80/0x100 [ 56.253216] __fput+0x263/0xa40 [ 56.253494] task_work_run+0x174/0x280 [ 56.253818] do_exit+0xad8/0x2800 [ 56.254200] do_group_exit+0xd4/0x2a0 [ 56.254629] __x64_sys_exit_group+0x3e/0x50 [ 56.255093] do_syscall_64+0x3f/0x90 [ 56.255503] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 56.256025] [ 56.256025] other info that might help us debug this: [ 56.256025] [ 56.256733] Possible unsafe locking scenario: [ 56.256733] [ 56.257300] CPU0 CPU1 [ 56.257739] ---- ---- [ 56.258182] lock(&hdev->cmd_sync_work_lock); [ 56.258624] lock((work_completion)(&hdev->cmd_sync_work)); [ 56.259395] lock(&hdev->cmd_sync_work_lock); [ 56.260054] lock((work_completion)(&hdev->cmd_sync_work)); [ 56.260614] [ 56.260614] *** DEADLOCK *** [ 56.260614] [ 56.261177] 1 lock held by syz-executor.7/271: [ 56.261612] #0: ffff88800dc88920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 56.262593] [ 56.262593] stack backtrace: [ 56.263018] CPU: 1 PID: 271 Comm: syz-executor.7 Not tainted 6.2.0-next-20230224 #1 [ 56.263754] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 56.264536] Call Trace: [ 56.264795] [ 56.265034] dump_stack_lvl+0x91/0xf0 [ 56.265419] check_noncircular+0x263/0x2e0 [ 56.265843] ? __pfx_check_noncircular+0x10/0x10 [ 56.266224] __lock_acquire+0x2d56/0x6380 [ 56.266535] ? lock_is_held_type+0x9f/0x120 [ 56.266856] ? __pfx___lock_acquire+0x10/0x10 [ 56.267187] ? __pfx_register_lock_class+0x10/0x10 [ 56.267548] ? __wait_for_common+0x394/0x550 [ 56.267880] ? __pfx_lock_release+0x10/0x10 [ 56.268195] lock_acquire.part.0+0xea/0x320 [ 56.268511] ? __flush_work+0xdd/0xd80 [ 56.268802] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 56.269174] ? __flush_work+0xdd/0xd80 [ 56.269465] ? rcu_read_lock_sched_held+0x42/0x80 [ 56.269812] ? trace_lock_acquire+0x170/0x1e0 [ 56.270141] ? __flush_work+0xdd/0xd80 [ 56.270427] ? lock_acquire+0x32/0xc0 [ 56.270708] ? __flush_work+0xdd/0xd80 [ 56.270999] __flush_work+0x109/0xd80 [ 56.271276] ? __flush_work+0xdd/0xd80 [ 56.271565] ? __pfx_mark_lock.part.0+0x10/0x10 [ 56.271901] ? __pfx___flush_work+0x10/0x10 [ 56.272213] ? lock_acquire.part.0+0xea/0x320 [ 56.272538] ? hci_cmd_sync_clear+0x45/0x250 [ 56.272858] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 56.273216] ? hci_cmd_sync_clear+0x45/0x250 [ 56.273537] ? rcu_read_lock_sched_held+0x42/0x80 [ 56.273883] ? trace_lock_acquire+0x170/0x1e0 [ 56.274209] ? lock_is_held_type+0x9f/0x120 [ 56.274525] ? mark_held_locks+0x9e/0xe0 [ 56.274823] __cancel_work_timer+0x39c/0x4e0 [ 56.275147] ? __pfx___cancel_work_timer+0x10/0x10 [ 56.275490] ? __cancel_work_timer+0x2aa/0x4e0 [ 56.275812] ? __pfx___cancel_work_timer+0x10/0x10 [ 56.276157] ? lock_release+0x1e3/0x710 [ 56.276450] ? __pfx_lock_release+0x10/0x10 [ 56.276763] ? do_raw_write_lock+0x11e/0x3b0 [ 56.277090] ? __pfx_vhci_release+0x10/0x10 [ 56.277405] hci_cmd_sync_clear+0x52/0x250 [ 56.277708] ? __pfx_vhci_release+0x10/0x10 [ 56.278027] hci_unregister_dev+0xf9/0x410 [ 56.278334] vhci_release+0x80/0x100 [ 56.278611] __fput+0x263/0xa40 [ 56.278860] task_work_run+0x174/0x280 [ 56.279145] ? __pfx_task_work_run+0x10/0x10 [ 56.279467] ? do_raw_spin_unlock+0x53/0x220 [ 56.279783] do_exit+0xad8/0x2800 [ 56.280043] ? lock_release+0x1e3/0x710 [ 56.280336] ? __pfx_lock_release+0x10/0x10 [ 56.280762] ? do_raw_spin_lock+0x125/0x270 [ 56.281230] ? __pfx_do_exit+0x10/0x10 [ 56.281518] do_group_exit+0xd4/0x2a0 [ 56.281823] __x64_sys_exit_group+0x3e/0x50 [ 56.282229] do_syscall_64+0x3f/0x90 [ 56.282630] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 56.282990] RIP: 0033:0x7f52b8543b19 [ 56.283250] Code: Unable to access opcode bytes at 0x7f52b8543aef. [ 56.283674] RSP: 002b:00007fff3ad8bb58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 56.284197] RAX: ffffffffffffffda RBX: 00007fff3ad8c338 RCX: 00007f52b8543b19 [ 56.284691] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 56.285198] RBP: 0000000000000000 R08: 0000000000000026 R09: 00007fff3ad8c338 [ 56.285684] R10: 0000000000000020 R11: 0000000000000246 R12: 00007f52b859d233 [ 56.286166] R13: 0000000000000002 R14: 0000000000000000 R15: 00000000000000f8 [ 56.286659] [ 56.363458] Bluetooth: hci7: command 0x0409 tx timeout [ 56.428340] Bluetooth: hci3: command 0x0409 tx timeout [ 56.428751] Bluetooth: hci6: command 0x0409 tx timeout [ 56.429104] Bluetooth: hci4: command 0x0409 tx timeout [ 56.492375] Bluetooth: hci5: command 0x0409 tx timeout [ 58.284360] Bluetooth: hci0: command 0x041b tx timeout [ 58.284777] Bluetooth: hci2: command 0x041b tx timeout [ 58.412366] Bluetooth: hci7: command 0x041b tx timeout [ 58.476354] Bluetooth: hci4: command 0x041b tx timeout [ 58.476716] Bluetooth: hci6: command 0x041b tx timeout [ 58.477083] Bluetooth: hci3: command 0x041b tx timeout [ 58.540344] Bluetooth: hci5: command 0x041b tx timeout [ 60.331374] Bluetooth: hci2: command 0x040f tx timeout [ 60.332095] Bluetooth: hci0: command 0x040f tx timeout [ 60.459505] Bluetooth: hci7: command 0x040f tx timeout [ 60.523521] Bluetooth: hci3: command 0x040f tx timeout [ 60.524231] Bluetooth: hci6: command 0x040f tx timeout [ 60.524895] Bluetooth: hci4: command 0x040f tx timeout [ 60.587423] Bluetooth: hci5: command 0x040f tx timeout [ 60.779375] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 62.380354] Bluetooth: hci0: command 0x0419 tx timeout [ 62.380786] Bluetooth: hci2: command 0x0419 tx timeout [ 62.507339] Bluetooth: hci7: command 0x0419 tx timeout [ 62.572379] Bluetooth: hci4: command 0x0419 tx timeout [ 62.572798] Bluetooth: hci6: command 0x0419 tx timeout [ 62.573169] Bluetooth: hci3: command 0x0419 tx timeout [ 62.635374] Bluetooth: hci5: command 0x0419 tx timeout [ 65.067462] Bluetooth: hci1: Opcode 0x c03 failed: -110 VM DIAGNOSIS: 09:00:38 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=0000000000000018 RCX=0000000000000000 RDX=ffff8880347b8000 RSI=ffffffff8161a042 RDI=ffff8880100c7c70 RBP=ffffea0001b7a940 RSP=ffff8880100c7b78 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=ffffea0001b7a974 R13=ffff8880100c7c70 R14=0000000000000028 R15=dffffc0000000000 RIP=ffffffff816192b0 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe77d2574000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe77d2572000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f401aed9894 CR3=0000000034cb2000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=25252525252525252525252525252525 XMM01=00ff0000000000000000000000ff0000 XMM02=00000000000000000000000000000000 XMM03=756e20796d6d756420736e6f6974706f XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=73253d656d616e6c6165722073253d73 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=000000000000002e RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff82502865 RDI=ffffffff87f10da0 RBP=ffffffff87f10d60 RSP=ffff888016917190 R8 =0000000000000001 R9 =000000000000000a R10=000000000000002e R11=0000000000000001 R12=000000000000002e R13=ffffffff87f10d60 R14=0000000000000010 R15=ffffffff82502850 RIP=ffffffff825028bd RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe2cf002f000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe2cf002d000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ffe212a7970 CR3=000000000f0b2000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=00000000000000000000000000000000 XMM03=7465756c42205d3532373431342e3435 XMM04=636f72703d7373616c63742030733a74 XMM05=3a755f6d65747379733d747865746e6f XMM06=5f6d65747379733a755f6d6574737973 XMM07=00000000000000000000000000000000 XMM08=656c696166203330632078302065646f XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000