syzkaller login: [   34.190802] sshd (226) used greatest stack depth: 24184 bytes left
Warning: Permanently added '[localhost]:2952' (ECDSA) to the list of known hosts.
2023/02/25 11:53:28 fuzzer started
2023/02/25 11:53:28 dialing manager at localhost:41417
[   36.603889] cgroup: Unknown subsys name 'net'
[   36.692391] cgroup: Unknown subsys name 'rlimit'
2023/02/25 11:53:44 syscalls: 205
2023/02/25 11:53:44 code coverage: enabled
2023/02/25 11:53:44 comparison tracing: enabled
2023/02/25 11:53:44 extra coverage: enabled
2023/02/25 11:53:44 setuid sandbox: enabled
2023/02/25 11:53:44 namespace sandbox: enabled
2023/02/25 11:53:44 Android sandbox: enabled
2023/02/25 11:53:44 fault injection: enabled
2023/02/25 11:53:44 leak checking: enabled
2023/02/25 11:53:44 net packet injection: enabled
2023/02/25 11:53:44 net device setup: enabled
2023/02/25 11:53:44 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2023/02/25 11:53:44 devlink PCI setup: PCI device 0000:00:10.0 is not available
2023/02/25 11:53:44 USB emulation: enabled
2023/02/25 11:53:44 hci packet injection: enabled
2023/02/25 11:53:44 wifi device emulation: enabled
2023/02/25 11:53:44 802.15.4 emulation: enabled
2023/02/25 11:53:44 fetching corpus: 0, signal 0/0 (executing program)
2023/02/25 11:53:45 starting 8 fuzzer processes
11:53:45 executing program 0:
tkill(0x0, 0x2e)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_ADD_KEY(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x48, r1, 0x300, 0x70bd28, 0x25dfdbff, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa1}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x2}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x1}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0xffff}]}, 0x48}, 0x1, 0x0, 0x0, 0x4008000}, 0x1)
waitid(0x1, 0x0, &(0x7f0000000180), 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000240)={'wpan0\x00', <r2=>0x0})
sendmsg$IEEE802154_LIST_IFACE(r0, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x70, r1, 0x400, 0x70bd2a, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r2}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x70}, 0x1, 0x0, 0x0, 0x50}, 0x40)
r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000003c0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000640)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000600)={&(0x7f0000000400)={0x1c8, r3, 0x400, 0x70bd2d, 0x25dfdbff, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSCATLST={0x64, 0xc, 0x0, 0x1, [{0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x6208}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2b78}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x33a9d1b2}]}, {0x44, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5070ecc4}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x26f59c84}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6817fdee}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7ce0ff4}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x883f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2e0f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x3223}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x8419ca5}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x1c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x3}, {0x5, 0x3, 0x7}, {0x5}]}, @NLBL_CIPSOV4_A_MLSLVLLST={0x4}, @NLBL_CIPSOV4_A_MLSCATLST={0x128, 0xc, 0x0, 0x1, [{0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1400a660}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbb27}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x74e7c479}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x3dd0}]}, {0x44, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x41cc}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x6580}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2c4d8383}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2a70947}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x772c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x28e7}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe326}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x6bf9}]}, {0x4}, {0x44, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc2dc}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x57493d81}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x19c9}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xdeb9}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x48f7acda}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x7a12e0fb}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x37b16bc8}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3215e263}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xfdf7}]}, {0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x18b3839b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5499c760}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9fb5}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xf878}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x577f}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x64d15783}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4527}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x30bc}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xf9e616f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x514d}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x208b8d8c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x71b9f932}]}]}]}, 0x1c8}, 0x1, 0x0, 0x0, 0x4}, 0x0)
times(&(0x7f0000000680))
sendmsg$NLBL_CIPSOV4_C_LIST(r0, &(0x7f00000007c0)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000780)={&(0x7f0000000700)={0x5c, r3, 0x12e0e5188e219d5d, 0x70bd2a, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_TAGLST={0x3c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x5}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x2}, {0x5}, {0x5}, {0x5}]}, @NLBL_CIPSOV4_A_TAGLST={0xc, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x2}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4048040}, 0x8000)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r4, &(0x7f00000008c0)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000880)={&(0x7f0000000840)={0x1c, r1, 0x100, 0x70bd27, 0x25dfdbff, {}, [@IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8001}, 0x20000000)
sendmsg$IEEE802154_START_REQ(r0, &(0x7f00000009c0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x1c, r1, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@IEEE802154_ATTR_PAGE={0x5, 0x1d, 0x1a}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x800e000)
ptrace$setregs(0xf, 0x0, 0xffffffffffffff23, &(0x7f0000000a00)="1782b7ea6dc976c1505fbdc48d962496967440066a59f23067650f8dcd923f21d5a8d141a87c5c6c6904a44b2ae1f39577e059e6e90fd357c20ed6febff208b8433d")
sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000b80)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000b40)={&(0x7f0000000ac0)={0x54, 0x0, 0x100, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xfffffff8}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x1d}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}]}, 0x54}, 0x1, 0x0, 0x0, 0xc0d0}, 0x40000)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LIST_IFACE(r5, &(0x7f0000000cc0)={&(0x7f0000000bc0), 0xc, &(0x7f0000000c80)={&(0x7f0000000c00)={0x68, r1, 0x4, 0x70bd27, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r2}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r2}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r2}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}]}, 0x68}, 0x1, 0x0, 0x0, 0x40008}, 0x40)
r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d40), 0xffffffffffffffff)
sendmsg$IEEE802154_START_REQ(r0, &(0x7f0000000e00)={&(0x7f0000000d00)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000d80)={0x2c, r6, 0x800, 0x70bd25, 0x25dfdbfd, {}, [@IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa3}, @IEEE802154_ATTR_PAN_COORD={0x5, 0x19, 0x9}, @IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20044800}, 0x84)

11:53:45 executing program 1:
sendmsg$NL80211_CMD_START_NAN(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x28, 0x0, 0x100, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x1, 0x47}}}}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0xff}]}, 0x28}, 0x1, 0x0, 0x0, 0x840}, 0x800)
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000100), 0x4000, 0x0)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000240)={&(0x7f0000000140), 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r1, 0x4, 0x70bd28, 0x25dfdbfc, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x10)
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000280), 0x1, 0x0)
sendmsg$BATADV_CMD_SET_HARDIF(r2, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x48, r1, 0x100, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x10000}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x9}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x9}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @random="4fca4371103f"}]}, 0x48}, 0x1, 0x0, 0x0, 0x4802}, 0x28040010)
nanosleep(&(0x7f0000000400)={0x77359400}, &(0x7f0000000440))
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r2, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x280}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x3c, r1, 0x722, 0x70bd29, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0xa18}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x4000805)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000680)={'tunl0\x00', &(0x7f00000005c0)={'syztnl2\x00', <r3=>0x0, 0x20, 0x8000, 0x126, 0x1f, {{0x25, 0x4, 0x1, 0xb, 0x94, 0x67, 0x0, 0x20, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0x21}, @loopback, {[@lsrr={0x83, 0x13, 0xf1, [@local, @remote, @loopback, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @timestamp_addr={0x44, 0xc, 0x8e, 0x1, 0x4, [{@empty, 0x400}]}, @generic={0x88, 0x4, 'WG'}, @ssrr={0x89, 0x17, 0xe8, [@multicast1, @remote, @broadcast, @broadcast, @private=0xa010100]}, @cipso={0x86, 0x22, 0x1, [{0x5, 0x5, "edc34f"}, {0x5, 0xa, "adcb48600aa85091"}, {0x0, 0x6, "bd2e32e8"}, {0x6, 0x7, "53eecdd8dd"}]}, @ssrr={0x89, 0x23, 0xf, [@rand_addr=0x64010102, @rand_addr=0x64010102, @remote, @dev={0xac, 0x14, 0x14, 0x1d}, @broadcast, @private=0xa010101, @private=0xa010100, @multicast1]}]}}}}})
sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r2, &(0x7f0000000780)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000740)={&(0x7f00000006c0)={0x5c, r1, 0x100, 0x70bd25, 0x25dfdbfe, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x7}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0xfffffffc}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x4c}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x5}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8004}, 0x10)
ioctl$HCIINQUIRY(r2, 0x800448f0, &(0x7f00000007c0)={0x1, 0x1000, "f6d1f2", 0x2, 0x9})
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000800)='/proc/partitions\x00', 0x0, 0x0)
ioctl$RNDCLEARPOOL(r4, 0x5206, &(0x7f0000000840)=0x7fffffff)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000880)='/proc/asound/timers\x00', 0x0, 0x0)
ioctl$EXT4_IOC_MIGRATE(r5, 0x6609)
r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000900), r2)
sendmsg$BATADV_CMD_GET_VLAN(r4, &(0x7f0000000a00)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000009c0)={&(0x7f0000000940)={0x64, r6, 0x800, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x10000}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x6}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x6}]}, 0x64}, 0x1, 0x0, 0x0, 0x1}, 0x15)
sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x11000000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x14, 0x0, 0x4, 0x70bd28, 0x25dfdbfe, {}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x4000040)
openat$full(0xffffffffffffff9c, &(0x7f0000000b40), 0x12000, 0x0)
sched_rr_get_interval(0xffffffffffffffff, &(0x7f0000000b80))

11:53:45 executing program 4:
prctl$PR_GET_DUMPABLE(0x3)
prctl$PR_GET_DUMPABLE(0x3)
prctl$PR_GET_DUMPABLE(0x3)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(0xffffffffffffffff, 0x40485404, &(0x7f0000000000)={{0xffffffffffffffff, 0x3, 0x1ff, 0x1, 0x9}, 0x4})
pidfd_open(0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(0xffffffffffffffff, 0x40485404, &(0x7f0000000080)={{0x1, 0x2, 0x1, 0x3, 0x10001}, 0xfffffffffffff28e, 0x4000000})
syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff)
r0 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r0, 0x200, 0x70bd2c, 0x25dfdbfd, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x4040044)
r1 = openat$full(0xffffffffffffff9c, &(0x7f00000002c0), 0x341200, 0x0)
sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x58100a}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x38, 0x0, 0x400, 0x70bd2c, 0x25dfdbfd, {}, [@NBD_ATTR_SOCKETS={0xc, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}]}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}, @NBD_ATTR_SOCKETS={0xc, 0x7, 0x0, 0x1, [{0x8}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x44804)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_LIST_KEY(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x14, r2, 0x800, 0x70bd2c, 0x25dfdbfb, {}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x24000004}, 0x8000)
sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, 0x0, 0x300, 0x70bd2b, 0x25dfdbfd, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
prctl$PR_GET_DUMPABLE(0x3)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r1, 0x40485404, &(0x7f0000000600)={{0x0, 0x1, 0x9, 0x3, 0x5}, 0xff, 0xad7})
r3 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_HARDIF(r1, &(0x7f0000000780)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x1c, r3, 0x300, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8441}, 0x20000004)
socket$nl_generic(0x10, 0x3, 0x10)
shmdt(0x0)

11:53:45 executing program 3:
tkill(0x0, 0x1)
tgkill(0xffffffffffffffff, 0xffffffffffffffff, 0x23)
r0 = gettid()
tgkill(0x0, r0, 0x2b)
wait4(r0, 0x0, 0x20000000, &(0x7f0000000000))
setsockopt$bt_hci_HCI_TIME_STAMP(0xffffffffffffffff, 0x0, 0x3, &(0x7f00000000c0)=0x7fff, 0x4)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)
ptrace$setopts(0x4200, r0, 0x4, 0x100001)
mq_unlink(&(0x7f0000000140)='-%\x00')
sched_getparam(r0, &(0x7f0000000180))
r1 = openat$full(0xffffffffffffff9c, &(0x7f00000001c0), 0x280000, 0x0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_HARDIF(r1, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x34, r2, 0x8, 0x70bd28, 0x25dfdbfb, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x20000000}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x90}, 0x86)
r3 = syz_open_dev$mouse(&(0x7f0000000380), 0xf165, 0x501400)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000003c0)={<r4=>0xffffffffffffffff})
sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000400)={0xd0, 0x0, 0x20, 0x70bd27, 0x25dfdbfe, {}, [@NBD_ATTR_SOCKETS={0x4c, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8, 0x1, r1}, {0x8, 0x1, r1}, {0x8, 0x1, r1}, {0x8, 0x1, r3}, {0x8}, {0x8}, {0x8, 0x1, r4}, {0x8, 0x1, r1}]}, @NBD_ATTR_CLIENT_FLAGS={0xc}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}, @NBD_ATTR_CLIENT_FLAGS={0xc}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x1}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x9eb0643ac6010009}, @NBD_ATTR_SOCKETS={0x14, 0x7, 0x0, 0x1, [{0x8, 0x1, r1}, {0x8, 0x1, r1}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x10}, 0x80)
sendmsg$BATADV_CMD_SET_HARDIF(r3, &(0x7f0000000640)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x1c, r2, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
prctl$PR_SVE_SET_VL(0x32, 0x37509)
ptrace$setregs(0xd, r0, 0x80, &(0x7f0000000680)="cd3943e5f2d93020f2249b01d7a546c483c96124ed64acdee2379d6d6fc18e097341fba496672d6e39a0480729bd29d7fffe96095e5f01e2751bc4da3b08f08355836be24ff1e04a2f6a843443d91baf904c70b3706c09d8e666354e92671a788e85a55eaf13865dce28877ae59484a13dbfe2d68834370082b27fe8b57b6423601f8fa4c6427d4978a930eb08a318c0e4728e7c9c8aab95d98460a37e75291ff62001468c47bb8913eb2bd8f83366b21ad23650f6c901b917a28d3a75ad5e02d17499b9c3c34ee452ee237faecd1a329c2042bec68649ed9231fff39615ab46dd4b9986")
timerfd_gettime(r3, &(0x7f0000000780))

[   52.055669] audit: type=1400 audit(1677326025.930:6): avc:  denied  { execmem } for  pid=258 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
11:53:45 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$EXT4_IOC_MIGRATE(r0, 0x6609)
getsockname$packet(r0, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000040)=0x14)
prctl$PR_SET_NAME(0xf, &(0x7f0000000080)='\x00')
timerfd_create(0x4, 0x80000)
r1 = syz_open_dev$vcsu(&(0x7f00000000c0), 0x7, 0x80000)
ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000100)={0x0, 0xff, "847e7a", 0x8, 0x1})
r2 = accept$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @local}, &(0x7f0000000180)=0x1c)
ioctl$SIOCGSTAMPNS(r2, 0x8907, &(0x7f00000001c0))
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000200), 0x42, 0x0)
getsockname$packet(r0, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000280)=0x14)
accept$inet6(r3, &(0x7f00000002c0)={0xa, 0x0, 0x0, @remote}, &(0x7f0000000300)=0x1c)
r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000340), 0x107002, 0x0)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x4)
getdents64(r3, &(0x7f0000000380)=""/22, 0x16)
ioctl$SIOCGSTAMPNS(r2, 0x8907, &(0x7f00000003c0))
r5 = socket(0x26, 0xbad2b84297c5266f, 0xb952)
getsockname$packet(r5, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000440)=0x14)
getsockname$packet(r4, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f00000004c0)=0x14)
openat$sr(0xffffffffffffff9c, &(0x7f0000000500), 0x63100, 0x0)

11:53:45 executing program 5:
r0 = syz_open_dev$vcsu(&(0x7f0000000000), 0x1, 0x480000)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0xc0406618, &(0x7f0000000040)={@desc={0x1, 0x0, @desc2}})
r1 = syz_open_dev$vcsn(&(0x7f0000000080), 0x10000, 0x4000)
keyctl$join(0x1, 0x0)
add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffff9)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40485404, &(0x7f0000000140)={{0x1, 0x1, 0x2, 0x3, 0x5}, 0x5, 0x67d4})
faccessat2(r1, &(0x7f00000001c0)='./file0\x00', 0x109, 0x300)
ioctl$RNDZAPENTCNT(r0, 0x5204, &(0x7f0000000200)=0x7ff)
ioctl$EXT4_IOC_MIGRATE(r0, 0x6609)
sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r0, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x24, 0x0, 0x800, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x2}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000014}, 0x800)
r2 = gettid()
pidfd_open(r2, 0x0)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r1, 0x40485404, &(0x7f0000000340)={{0x3, 0x3, 0x62a, 0x1, 0xffffffff}, 0xfb4, 0x14000000000})
r3 = syz_open_dev$mouse(&(0x7f00000003c0), 0x3, 0x448000)
ioctl$EVIOCSABS0(r3, 0x401845c0, &(0x7f0000000400)={0x59, 0x0, 0x3, 0x1, 0xd80000, 0x3})
sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r3, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x44, 0x0, 0x100, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x6}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x157}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0xd22}]}, 0x44}, 0x1, 0x0, 0x0, 0x9c}, 0x4008084)
mknodat(r0, &(0x7f0000000580)='./file0\x00', 0x10, 0x80)
getpriority(0x1, r2)
faccessat2(r1, &(0x7f00000005c0)='./file0\x00', 0xac, 0x1100)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f00000006c0)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x24, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x40}]}, 0x24}, 0x1, 0x0, 0x0, 0x4004881}, 0x4000)

11:53:45 executing program 6:
prctl$PR_GET_FPEXC(0xb, &(0x7f0000000000))
prctl$PR_GET_FPEXC(0xb, &(0x7f0000000040))
prctl$PR_SET_FPEXC(0xc, 0x10000)
prctl$PR_GET_FPEXC(0xb, &(0x7f0000000080))
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x1, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x1, 0xe6, 0x8, 0x3}]})
socket(0xb, 0xa, 0x200)
prctl$PR_SET_FPEXC(0xc, 0x0)
syz_open_dev$evdev(&(0x7f0000000140), 0x4, 0x80)
prctl$PR_SET_SYSCALL_USER_DISPATCH_OFF(0x3b, 0x0)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000180), 0x8000, 0x0)
r0 = openat$null(0xffffffffffffff9c, &(0x7f00000001c0), 0xa0000, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f0000000200), 0x6, 0x10043)
r2 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000240), 0x10200, 0x0)
ioctl$RNDGETENTCNT(r2, 0x80045200, &(0x7f0000000280))
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r0, 0xc080661a, &(0x7f00000002c0)={@id={0x2, 0x0, @c}})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000380)={0x7, &(0x7f0000000340)=[{0x1ff, 0x8, 0x81, 0x40}, {0x0, 0x6, 0x9, 0x5ad}, {0x9, 0x3, 0x80, 0xfffffff7}, {0xda, 0x6, 0x0, 0x4}, {0x5, 0x98, 0x1, 0x58}, {0x9, 0x81, 0x8, 0x7}, {0x81, 0x6, 0x9}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000400)={0x1, &(0x7f00000003c0)=[{0x103, 0xda, 0x9, 0x40}]})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r3=>0x0})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000580)={'syztnl2\x00', &(0x7f0000000480)={'gre0\x00', r3, 0x1, 0x10, 0x5, 0x9, {{0x2b, 0x4, 0x1, 0x3, 0xac, 0x65, 0x0, 0x5, 0x2f, 0x0, @empty, @loopback, {[@rr={0x7, 0x1b, 0x98, [@private=0xa010101, @remote, @multicast1, @local, @initdev={0xac, 0x1e, 0x1, 0x0}, @private=0xa010101]}, @generic={0x86, 0x9, "66cecbd4b7f7ef"}, @end, @generic={0x0, 0x10, "436c1beeb653ca7e4507b9f93617"}, @lsrr={0x83, 0xb, 0x30, [@multicast2, @empty]}, @timestamp={0x44, 0x24, 0x99, 0x0, 0x2, [0x4820, 0x1, 0x1f, 0x6, 0x1, 0x3, 0x6, 0x3]}, @timestamp_prespec={0x44, 0xc, 0x9f, 0x3, 0x8, [{@rand_addr=0x64010102, 0x3}]}, @generic={0x7, 0x12, "e91c5510754df23343143cd3cb04b1b4"}, @timestamp_prespec={0x44, 0x14, 0xc4, 0x3, 0xb, [{@multicast1, 0xfffffff9}, {@loopback, 0x40}]}]}}}}})
prctl$PR_GET_FPEXC(0xb, &(0x7f00000005c0))

11:53:45 executing program 7:
r0 = syz_open_dev$vcsu(&(0x7f0000000000), 0x4, 0x3)
getresgid(&(0x7f0000000080)=<r1=>0x0, &(0x7f00000000c0), &(0x7f0000000100))
fchownat(r0, &(0x7f0000000040)='./file0\x00', 0xffffffffffffffff, r1, 0x800)
r2 = syz_open_dev$vcsu(&(0x7f0000000140), 0x400, 0x0)
sendmsg$inet6(r2, &(0x7f00000018c0)={&(0x7f0000000180)={0xa, 0x4e21, 0x2a, @private0={0xfc, 0x0, '\x00', 0x1}, 0x4000}, 0x1c, &(0x7f0000001800)=[{&(0x7f00000001c0)="d57a3cfbb41d1b92ccb2e355e8a065d972f3b818622c1a4c6b7f914a149cff7980d310a64cb54d041e412d750f85ee400bfc973909c8410d4f27935d713b02a6c58c8ab81cdb67e1d354cb8f3ba41f3667bbbe4ee98a03d07d535e6bdf843fb735aaa8998bfaaab7b944defb39f904c11d5dffcbf4e52275fe4c9ce8a2863cfd4ab7294edec7c0e2a39b5cbb347c0844034b", 0x92}, {&(0x7f0000000280)="6e77c0b1fab4779d27ed5f56442c53adfd57ff626d4cd521a1046b8068a621c687ca6035d70f0a93f62c64b597f8eadfeaee2e67af9255394dc5a86aec2bf78860f7f8e462212179f7d38f2a86", 0x4d}, {&(0x7f0000000300)="225d3b7a37bf21e267cd618da34893936f164814f095d038a5114fa1ba1dba4a63f5e9003f23abbe13ba231543f4e09f56dd89c68db8d9773cb5e78a8fe678a4ea7ff8f1d147d776e9fee09554ed769d6428f5bc65f0836e7d0f7baeb755699fe3478c26a711878d1e80dc5d0219a42e7901935c4d9198d9ac747d81e58525eecebd065f5218ebc600b9771f8fd44bb1d3352eced126647270a49391aec11d83c0a6311ee51d7d64a019b2c0e793441844ec0d7d32d4ee68888d30cf0b96bae9ab0a68aefae8c8f0f8d7b95dc1b2ed9f4d20fe18c61f410c9996bf318ea308bcd5585ae1", 0xe4}, {&(0x7f0000000400)="4c9be3a6c8ad15d2a4740c04f678900e9ad4d2ef350f369bf0edd7b554a9911f5486ed32eba2f63cff4f2267624983fa19ecec53a97a1233c4227086fea829f1a2d968d5d5448da140fcbe0eeb4fdb0068b1764cfa08da3af7454a75dde4fb1c1906750ab2747b83fdfd6b99c221ef6f34481148636eef8de506b051f5612a5f108d4dbddfdd8790a8e2ec3c7e94fea8fe12b1565699fdcec1490ccd453fa27a383f86e67039fde752091a2985f09c2d88c5793a4b30362001ffd8546ffb4736e961b1b09029e8cb", 0xc8}, {&(0x7f0000000500)="f659b2428fb96647de3f4ba0af1f7f26c06249c2109387bef4ec8e598045ed7c87bb0d66c84c30af0c63065b3ee84904d942f7c1593b105ab41d305998eede4a57a67e626c4f88982d5ef1fcf3996556af9f5234c58ba218d63a469f830967ad89b009202e4642e5447617f6a33a564f84d5ae1ea59c1e586dbb509bd9ba8f83a55d0eb3bde7ce3d1d6cce2e6d8b2e2b26be7ea4154d2e59e03825ff639aef3e2fd7ff057413ec959f918c3d5fa65b38e5d18143d1d602aa9febab0182fdfc4ec4428a32620521dcef77fc98d1f49ecced7ca23fbcbcb935c6994b799d249fd3d25bfd191ab6ed26117557b2a2d2d1020bfbccc7131786a50e8e38a6d3852af494b95f7fb5b3f8dc5f67e59287ae2d51f39e6b39d0ae3943a4e059efce292013820df4e19bbc07043fd972b4484e03f3dbdad4f82cc806a8cf9c38520d111d78d3ab695b34c9dfa4eb63de4edc589510693cc4fcc60c683b5914f13514388573d4e174419c4d18d3e8e1d101882f14cf5c8498d111271efc4306290595f15a55684bf4f02b3f33dd8afc5f5857ae13e9641f27d6ff58ca7505ca81a0d3e19733219e4e8c3fe9201d8ff06ec1ef5072a492d8681e5afa011e804287c83dafc9c29b2f557c5cbec355531afedfc5a56e824d6d6c7bd43c6df6b233059dd8ceb3acb83c57a2a76d320630ce748571e36e15b0b7571a32212cf8d985f1daaf9f3d6bc42dea3cfc5c28ce087d7ec68cd9357be9f6e4bf8f4301b6bc3cee763a6a9b6ad0879c1438e25f8f993dde27b11835ee58c2b06e1adb42ed7479d7590651692c78cc770181f24140f300d259530ce971e7cff29f45957b8f35144baa34a1268b691b7e54b52d53467aa4b4a155945e46d61da384d5230b0dc0763b524676ab9c8b69eb601e42d72b60496168eedff534975f0d4e2b3c99e8fabb55f84736f86a90e382932688f1f8d3f7c7753a393746d374d21418e102f658d590f2cb56fefc549bf997649de0469598382b0294ff4d984a4efa187b163111a4b5d79a552813e05b202963a3798b638161722907f9d96a36e06df0d5c7133e56cdd82060219eecb0bccb2d1eb6cc8965c250810bd8233c4570bc12fe06c8bab47e01c48928f9bd742847c4b01ff02eb9d5c06ad83688e672c658d0f2182529e5b77c4b50eb084a56dbca2507015362cc2b792cd854752845948b18089750cf2ca7a6de7d017e2b474ea7533e72daf61ba7d25962f31a29d4544e02ee70f827d49382ca76a7e153caff3f41dc284be6322b83a1496987765f62182925eaa7c8989c6e7a0b57c9df00bb41170be1854bd9093251dd4661a654df49a08ec44a0cc42cdbaec0ac0c2847b66f6230b5ead829d61922df265a80ed6d0abe8399234cbf9ecd1c5de967998c3a79394c58a12d70fd0d85ad3e8d33073220812e187f56e5213553c13a1a78b9c31f5610f35704ad17bd289205b37655ce16c62f3c370e112eff004ace735291c1cd7ad6545ae2b89344a6320b756729f0fd8332a6d2233357ad8e1d85eec53d156ec603f849f49e6b295fba659cbfa1700deb5100dad853a7db18694318a2138190e741d6a0cd4ef2337f13f9eb741007ddea54f42f17e591e23cf4ccc4a1c5e88c31627e0a3506fb459b0064ffa40339191a84ca9dc4be8c31d50a76e253ee61e30a6b66dea79af1f07b647d3f98d1a000d7939a169a97833ed47768b07d25a99477f4d53feec165816f0d06832acccc8b926e3e7561147c1d8fcd7bb1c36b4e8c4d96aef96cae278cad129181c6a6da65b5d334535c836844437e17cf71b69a58a97226ec761d5a5c6e8b070d8f4bcedb0158074b2c94a0e313268e5a4f6fed33b3a775d2cf463c3193ff9866bda08cda48910765fe988f2e99cf45ebd1885253a1fcbd095385a680b487f7f024a5ab05448e17379fc2768b8a8058524c7c6d9e2ba21e8a409ba428e6f08c805e12cf948fee0a91554c4fb6bca80db65f9d57cc8e0a4423e8eca5fbba737db237681eb97e4988a7efed8347958608af5680ce5e211cd72d69ef38b80a2a7f9e27e7797aeba2bc350a4e40d06d7ce2a986e679f33e4a6e91314169dda0c8919284d173ab83e7ecfd13824430f716ee594d2a0b0e68bab925a88d981d66f855f211268477b2383d7691091da19804db708281e8f2709659802d66b6b9218ae0be2450ff3be76ebd33b0a2f8091c1a98305545ba300cb743df7403adc2c23a810f47bc7aacb64dcac2916d14588e7c6632f3f71ac627a13234d6fba515dbd85d79f303a9d482ba7b13ef75bbfa41efa26faae7c5011537e51be5b77f9e1e8f34cfa81a9334cd68d92c9b6e9aa573b464df1220e04a6ae448ec4ae991f5e9c81e75e0509bdafe34dc68573f9a3319406142f04cd7e5bc77937c455a16e202fb22c850c68db9af21f7b08110cb50214d4222b2a97861bcc2438983fc81c0e4676757ba8ec4644733798577c323a6d16d8c33586d5ea50d01f221030ec7df305c16935d8643269233577de334be6d28dddba9e173098ee21816e41183f99805164373422282c0850badf317b1a48a318a3a5de3cde5762fbcadacf416246716229dc2fc22d14d9e4a2da5f4f1203d903eeb457b9649c74265463770b8fac16b1ffd2dd9cd5dd09a5cf48eb83e40e993f3a7ce2f8e5c5347a9a6f23049d1298549fc31bb78c3c75a1d8211b0859b93c5adea833e954d47db433ba973d79f2ea50b1b21809ffb29db71494784da172ac52eb4effd33a33cd7bc3e30eefdc04fba103185e89b511b73d3af333ebce6a0635b4e6e44be64b95cceab374c2638b141aecea135813e084fc65498d6d3b33e69f21dc7f5115a526f8c5761721cbfde1a4f1fc39b7727dcef96a8e10f87565d65390c6c132be465426a60c16d1becc897a77b02905aeef5319e4e213352546714e8bfca59bc15c10af39ddf35818e4552c21dbf2e5779685e1bbac12e38471c7e057cebec08303908576fd5328c0e8735e531fd6bff0dfb007fdbd8408d5a92c6469080afc1c0cd67f3dc21f46ef8627373b2cc1e2ec943c105dc57952853ee441d79527675a9cf7e9efdf7155e485ecd47bd3240b8420394a505cc1788302dab0b3d0e199a6522ca0ea620422aeff30322a8a7f3a60826f653d02da5a9f7013e5d80dc6dad9d675258ef94ebbd5a0430972af689d7f2322235fb47a6e6cbab66a68ee1c215cca8ec97b39e8167c99c078767fe1790ec59864bf5aea10d4fd81f7b911010735ce3548212ee3c2569585988015c33a1e594863a1be2d1386c0e16daca2dac09bbaab87428d21eb41338ce7c4079591e205df4837914a259285fb2dff5752d8cfc8769503dbed0f51777799598da72302ec26d5fd55209f1fa3664118e1270758ef0141664ed5c3a2560a80abad3a2318246d914e7f3d399f929ecadd0959904a5f8006fb1d06eb9906911e2e0767448c24719ac43f1e8369bd89cb98c38c889808469dadd7684114a9b4da93916dc766aff7ebf9d5f5e831382e6abf1d7354ff94fcf9c45007776d37d4b3b8e3b543075f784d56a9f1a865120b21a1a698cd61ece755ddf6e1e461470b782c80e80bd3ea71a36de387899928ecbbb766431bbccc416c57ce3ac615c0ae9500179ac618ed0b703b551aa22c5ccb3a7f7461b985b41633272670809eaaebde57cffafea110a710c0cffa5d1f37c2aec44358bb3708fe94ce5ec31613742aed2a291ec5469eb1d12324c4526537db18502ab055795712dce20436ef6ba92dee0131f6d5f6bbf8f62389740b0a13a4868d4148fb8f28c3a77f31c7561df4bec096cffed136c0313ba30df09b5d60f6e8dcecd7ea482ca9f8881757df6bed1becdb6f738d685800345b31d03dfa410e2de29e8d89c44d1f35be192cd57e587f698770f06ff93bb54abf3db29ca65179bc58d05b0fe00f49581cc80fd62e41e676f4c5a21cedab2747b2af6f74f73c07cf590e1a9e6e008b6c1562163688c95b173636a0b39e1c217e6f3218da3639b68692c6e2749c9e128a798a00f0527f663de9e811d0eca7e775e7a184dd4b551544bc63e147b93fea225ab8e676e6efa0391ea5bc5780df6dbdffa86f9813a57bd40e3b2044838be6d30016f71ae7fac06b3e2354deaec1cab48b0f27bda04d16ca80ec029290a2334b834564c53e96fb788e22e32af15e710b48b95759dc1912be17f9a8be99ad654517800d5212c4fa4066740fdac67ef2a75db8b66772d22e24de0276dc6c6999767320f57293f4c1a9cb1cb195ae31de6da4fb42bc680d235c72e1114acf7932a057c6195ba3376f97b3b024d73451aa0d972b4b6993b81d7f3a715e4a253438d51f1af0841ebc169b60b6c5814e55fc85320b5a577ea7341a24b99ba0589b15f5de76a986121aed6f6a4819f9c414db69346b2276026d9117e472b573cdc40db57cd985e62456cd31c5946fb5323ad34815e2428f9fd3ab67af61b17923c23bc57c2a6e8558c23a7beb98f149318efc12381ac92377b3253fef9fdcda82c4f4f1dafb9fb6689c1b6e9a7beaa3a347b3040b7da283fcf135bfbbe6ee1a23fff33f5a0bcf7addf6f64ce736beef5d4b8e9879dbd26289eded5a6b26d98931e94bd4bb84a8121090b03f66d4d87d88656fbcfff72c0f96487b4efb041830ce71d94d9f6c4150a126cdca2c61b2480af0b4e5ae585166bc9a204c849b9a7cf3ee5a3224fefab756af94f8eebe0eb69225788416ef58eac51cda0929ee4099ce5d9baa9e5ed0c8bfee10cb8b252984dc0de5c53381035fd78bc7364fc557fa090d7cf821444140b7e8d495ed869f932ef50bc064dc4e8d222c16263fe032cdb5cda6e8ba3c18cb48faeae1ae40155f8555409af78504a4bf1f48dd42de0d8dd74419659c490b2b92ede11f27f170b9826a3adc935fd8db1b7dd0d7c27bc393d39d6a1dbcf1e49963ad3a5465783e6ef991bde2e7b993e31049db0478178b426b342e8eaf60f6ca5d5a591b7dbff5884afc9dd6e3d342586f276b411b6967691fbba0e30264bc6a9681b10961de2f198f3f7d1206f6c61d69c3d4e5b3c5205be57045cc65abaa643bb6ea86c0847660ebf685a7eadb667d8974c472fb658a6b202babfbb51c61ecdf86b6a525db83fecbaccb3095d11b48c5d33a83bc9c6fe90e1eae3d9b5cdcb69737238af6649c9c5ba30b04137cbdd4f8c5681f173bc0b4d767da1adb55605d3948b786dd05617123a242d8f4048387628d051f9b49e07deaab4b1f11a11b16bf9c7eb3256cd7d1a2b2bd5dd0bebf0d8933f5c581dd753e7d902fa7b62945fd21e8bfa66c3230f5deb6d58fffff71846d1f14d9c626e1623135572a0d563efca55ac5c69d7950bcd16756569978847e7d828a38ab4a9a884d4ffe78c27399aae48a85f5ccf61d1aa0c2bfbc60b4e8a96bdc417ce05ff84309727ed72dd67194146010cc2c72a47d977408bfa8481e3452190145bd9a1da85a37cb413c82ed770e49b42b47c3d302d08fe8abe2e11bf8355ad5b1b93e1c4270a4fa6aacd721cc7f939d66e56ee47ae9b2f44c95ecc39940b783a81680d1907ab5d52ff31e3404749dbe56dd15f262ea4ffbe10a2430257a1341e1652daf3fdecf5cd137c4dd337583489034c4cecc7bc0608ea014f0e2a276d2ce787d56d0df1fbade92220f66e66dd9d35c1170943389508483f4a66829480eff86af0fe6b375af9fbc08baca7f57f0b329eb7676b771d04ebf11fafe0bee2808a4aaf73800fadcf29f9494275c6e91b22a1c042ce2882c81d89b4ea528c5525861809", 0x1000}, {&(0x7f0000001500)="ae07cbe554e5c569630a6e52ebee1d4b7555680b1b991edef6488d3a7c51fb1c5f2a8109f126b8ebb248f05a31268a4e80ebf247edb5c9e699adf84bf3ce2ce8172fb009f4bb289e664478fd847ab81edc6f15172f49b804489512c05bac9eb2f7f69f840510f403b4e443c8cf1cd97006dc00b599bbd893900b9bc5781129e863", 0x81}, {&(0x7f00000015c0)="c111fbc30c877bce92c7adc99ffe2b2431d9316b006f53c94addcdb1a0e0bdb8cdb8829c601c9331509b283ea13de5b5006f83c5e8ce11f2cc647fc0d943bd9e451efb0e0ceebf4f8103399065e93944f902d5784679c0d0a5961120290e1efda38ba9a8a914d657c8c99fabe58bdb15e921d6b5234138f9f5a81bd123fd2bb1e98708dd86bce9a928678a78d9ad07c3fd9bb6b6b7006ddd680e0273be162bccfbe5eeca3b6020224649677182c8c20a51d8ffe18e3dfc9a02b6fa89360d122be29cfd7246f57d591c9edb57e3dd3bfe948b79ecb63449", 0xd7}, {&(0x7f00000016c0)="12df0b4e4d7d30708fb9110a5c3d083524de3df17b20674a3185170fbde4a254c0562419a42f8d09a073d64587d9f6a519277221e921964466a91e271a5d93b9d1fc6f4acb9e40f8d36a416ec64111f878fdf66a3e89f162c4fad7e185a04b58478591a16ec8f547b85faa559f7018fb097f7eeae601a19cc02f2c234099427eef2e5d78668618305a090249c50dbd6c53182813106e0bcdb316d4909cacc5d5bb9a59cfadfb0b5888b3525803500338e0b1d96c3c", 0xb5}, {&(0x7f0000001780)="1b89cc7f26d9a8949fe471d56e926fa59035c2e99e2444d4851f78aa084a7cdba4d14bc5abcf96c7591540abc20b4cc69fe8fcb1dfbddcd1de7c525397c71634285398cc0e87f8261f8a5faec38fe359f5ddf725873566a0018835745a68164f4f86029e45d88e04528309bf", 0x6c}], 0x9}, 0x5)
r3 = openat$incfs(r0, &(0x7f0000001900)='.pending_reads\x00', 0x0, 0xa9)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(0xffffffffffffff9c, 0xc0406618, &(0x7f0000001940)={@desc={0x1, 0x0, @desc4}})
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000001980), 0x400000, 0x0)
mknodat(r4, &(0x7f00000019c0)='./file0\x00', 0x8000, 0x9)
r5 = openat$null(0xffffffffffffff9c, &(0x7f0000001a00), 0x200000, 0x0)
r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000001a80), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_VLAN(r5, &(0x7f0000001b40)={&(0x7f0000001a40)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000001b00)={&(0x7f0000001ac0)={0x2c, r6, 0x100, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}]}, 0x2c}}, 0x8000)
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(0xffffffffffffffff, 0xc080661a, &(0x7f0000001b80)={@id={0x2, 0x0, @d}})
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r2, 0x800c6613, &(0x7f0000001c00)=@v1={0x0, @adiantum, 0x4, @auto="35723fa01bc1ab2c"})
r7 = syz_open_dev$vcsn(&(0x7f0000001c80), 0x400, 0x800)
linkat(r3, &(0x7f0000001c40)='./file0\x00', r7, &(0x7f0000001cc0)='./file0\x00', 0x400)
ioctl$SNDRV_TIMER_IOCTL_PAUSE(r2, 0x54a3)
timerfd_gettime(r0, &(0x7f0000001d00))
socket$inet6(0xa, 0x4, 0x3)
ptrace$setregset(0x4205, 0x0, 0x3, &(0x7f0000001e40)={&(0x7f0000001d40)="36309d28ac19847a710e9221bf6956ab9901370ea854e92ae4fdb902926b77b30e265c903858128ee9626fb6568ecb6b7c879cff4caa7e7aed6607c0e4112541b28ef22011bd9b69568e22af58ec78467ef3d105858c32ecb7d9f926dd9034b4ddc93f9725086289155e3670bd3feb8942f4b9080d458f73a5fe460779f523eec9c521d464cbbd0277a4da98ac1f5543a74bb7251125cc11827c34323299f04e2021738f77b00e6e1cc23d05b379893c58de82cee24955d0cc0e4e16cd04b5d6ce1b2e85af0d45a97c", 0xc9})

[   53.228534] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   53.230360] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   53.232639] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   53.233759] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   53.236218] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   53.237177] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   53.241684] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   53.242586] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   53.245273] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   53.246269] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   53.248153] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   53.249215] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   53.338943] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   53.341890] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   53.344068] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   53.347303] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   53.348878] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   53.350923] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   53.405367] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   53.407090] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   53.409431] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   53.412847] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   53.415174] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[   53.416552] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   53.464652] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   53.475291] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   53.477513] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   53.495324] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   53.505281] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[   53.513647] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   55.297520] Bluetooth: hci1: command 0x0409 tx timeout
[   55.298337] Bluetooth: hci0: command 0x0409 tx timeout
[   55.361176] Bluetooth: hci5: Opcode 0x c03 failed: -110
[   55.362365] Bluetooth: hci3: Opcode 0x c03 failed: -110
[   55.362947] Bluetooth: hci4: Opcode 0x c03 failed: -110
[   55.363142] 
[   55.363665] ======================================================
[   55.364196] WARNING: possible circular locking dependency detected
[   55.364744] 6.2.0-next-20230224 #1 Not tainted
[   55.365150] ------------------------------------------------------
[   55.369168] syz-executor.7/272 is trying to acquire lock:
[   55.369689] ffff88800f234880 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: __flush_work+0xdd/0xd80
[   55.370672] 
[   55.370672] but task is already holding lock:
[   55.371224] ffff88800f234920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250
[   55.372120] 
[   55.372120] which lock already depends on the new lock.
[   55.372120] 
[   55.372873] 
[   55.372873] the existing dependency chain (in reverse order) is:
[   55.373554] 
[   55.373554] -> #1 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}:
[   55.374244]        __mutex_lock+0x133/0x14a0
[   55.374681]        hci_cmd_sync_work+0x1e6/0x320
[   55.375136]        process_one_work+0xa0f/0x1790
[   55.375594]        worker_thread+0x63b/0x1260
[   55.376047]        kthread+0x2e9/0x3a0
[   55.376423]        ret_from_fork+0x2c/0x50
[   55.376830] 
[   55.376830] -> #0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}:
[   55.377623]        __lock_acquire+0x2d56/0x6380
[   55.378080]        lock_acquire.part.0+0xea/0x320
[   55.378567]        __flush_work+0x109/0xd80
[   55.378987]        __cancel_work_timer+0x39c/0x4e0
[   55.379449]        hci_cmd_sync_clear+0x52/0x250
[   55.379895]        hci_unregister_dev+0xf9/0x410
[   55.380353]        vhci_release+0x80/0x100
[   55.380764]        __fput+0x263/0xa40
[   55.381133]        task_work_run+0x174/0x280
[   55.381596]        do_exit+0xad8/0x2800
[   55.381978]        do_group_exit+0xd4/0x2a0
[   55.382361]        __x64_sys_exit_group+0x3e/0x50
[   55.382801]        do_syscall_64+0x3f/0x90
[   55.383173]        entry_SYSCALL_64_after_hwframe+0x72/0xdc
[   55.383684] 
[   55.383684] other info that might help us debug this:
[   55.383684] 
[   55.384344]  Possible unsafe locking scenario:
[   55.384344] 
[   55.384868]        CPU0                    CPU1
[   55.385273]        ----                    ----
[   55.385676]   lock(&hdev->cmd_sync_work_lock);
[   55.386102]                                lock((work_completion)(&hdev->cmd_sync_work));
[   55.386791]                                lock(&hdev->cmd_sync_work_lock);
[   55.387420]   lock((work_completion)(&hdev->cmd_sync_work));
[   55.387919] 
[   55.387919]  *** DEADLOCK ***
[   55.387919] 
[   55.388435] 1 lock held by syz-executor.7/272:
[   55.388835]  #0: ffff88800f234920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250
[   55.389813] 
[   55.389813] stack backtrace:
[   55.390198] CPU: 0 PID: 272 Comm: syz-executor.7 Not tainted 6.2.0-next-20230224 #1
[   55.390846] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[   55.391567] Call Trace:
[   55.391793]  <TASK>
[   55.392003]  dump_stack_lvl+0x91/0xf0
[   55.392368]  check_noncircular+0x263/0x2e0
[   55.392750]  ? __pfx_check_noncircular+0x10/0x10
[   55.393195]  ? __pfx_mark_lock.part.0+0x10/0x10
[   55.393661]  __lock_acquire+0x2d56/0x6380
[   55.394055]  ? __pfx___lock_acquire+0x10/0x10
[   55.394476]  ? __pfx_queued_spin_lock_slowpath+0x10/0x10
[   55.394960]  lock_acquire.part.0+0xea/0x320
[   55.395357]  ? __flush_work+0xdd/0xd80
[   55.395709]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   55.396164]  ? __flush_work+0xdd/0xd80
[   55.396526]  ? rcu_read_lock_sched_held+0x42/0x80
[   55.396977]  ? trace_lock_acquire+0x170/0x1e0
[   55.397394]  ? __flush_work+0xdd/0xd80
[   55.397757]  ? lock_acquire+0x32/0xc0
[   55.398106]  ? __flush_work+0xdd/0xd80
[   55.398481]  __flush_work+0x109/0xd80
[   55.398833]  ? __flush_work+0xdd/0xd80
[   55.399190]  ? __pfx_mark_lock.part.0+0x10/0x10
[   55.399645]  ? __pfx___flush_work+0x10/0x10
[   55.400052]  ? lock_acquire.part.0+0xea/0x320
[   55.400476]  ? hci_cmd_sync_clear+0x45/0x250
[   55.400945]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   55.401387]  ? hci_cmd_sync_clear+0x45/0x250
[   55.401824]  ? rcu_read_lock_sched_held+0x42/0x80
[   55.402255]  ? trace_lock_acquire+0x170/0x1e0
[   55.402671]  ? lock_is_held_type+0x9f/0x120
[   55.403059]  ? mark_held_locks+0x9e/0xe0
[   55.403426]  __cancel_work_timer+0x39c/0x4e0
[   55.403812]  ? __pfx___cancel_work_timer+0x10/0x10
[   55.404237]  ? __cancel_work_timer+0x2aa/0x4e0
[   55.404635]  ? __pfx___cancel_work_timer+0x10/0x10
[   55.405092]  ? lock_release+0x1e3/0x710
[   55.405463]  ? __pfx_lock_release+0x10/0x10
[   55.405868]  ? do_raw_write_lock+0x11e/0x3b0
[   55.406266]  ? __pfx_vhci_release+0x10/0x10
[   55.406655]  hci_cmd_sync_clear+0x52/0x250
[   55.407056]  ? __pfx_vhci_release+0x10/0x10
[   55.407442]  hci_unregister_dev+0xf9/0x410
[   55.407820]  vhci_release+0x80/0x100
[   55.408157]  __fput+0x263/0xa40
[   55.408474]  task_work_run+0x174/0x280
[   55.408823]  ? __pfx_task_work_run+0x10/0x10
[   55.409233]  ? do_raw_spin_unlock+0x53/0x220
[   55.409623]  do_exit+0xad8/0x2800
[   55.409939]  ? lock_release+0x1e3/0x710
[   55.410299]  ? __pfx_lock_release+0x10/0x10
[   55.410682]  ? do_raw_spin_lock+0x125/0x270
[   55.411056]  ? __pfx_do_exit+0x10/0x10
[   55.411404]  do_group_exit+0xd4/0x2a0
[   55.411740]  __x64_sys_exit_group+0x3e/0x50
[   55.412119]  do_syscall_64+0x3f/0x90
[   55.412444]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[   55.412883] RIP: 0033:0x7f2388092b19
[   55.413204] Code: Unable to access opcode bytes at 0x7f2388092aef.
[   55.413752] RSP: 002b:00007fff81b19e08 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   55.414387] RAX: ffffffffffffffda RBX: 00007fff81b1a5e8 RCX: 00007f2388092b19
[   55.414998] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043
[   55.415605] RBP: 0000000000000000 R08: 0000000000000026 R09: 00007fff81b1a5e8
[   55.416204] R10: 0000000000000020 R11: 0000000000000246 R12: 00007f23880ec233
[   55.416811] R13: 0000000000000002 R14: 0000000000000000 R15: 00000000000000f8
[   55.417419]  </TASK>
[   55.426019] Bluetooth: hci2: command 0x0409 tx timeout
[   55.489060] Bluetooth: hci6: command 0x0409 tx timeout
[   55.553050] Bluetooth: hci7: command 0x0409 tx timeout
[   57.346029] Bluetooth: hci0: command 0x041b tx timeout
[   57.346467] Bluetooth: hci1: command 0x041b tx timeout
[   57.473038] Bluetooth: hci2: command 0x041b tx timeout
[   57.537035] Bluetooth: hci6: command 0x041b tx timeout
[   57.601030] Bluetooth: hci7: command 0x041b tx timeout
[   59.393030] Bluetooth: hci1: command 0x040f tx timeout
[   59.393623] Bluetooth: hci0: command 0x040f tx timeout
[   59.521057] Bluetooth: hci2: command 0x040f tx timeout
[   59.585040] Bluetooth: hci6: command 0x040f tx timeout
[   59.649044] Bluetooth: hci7: command 0x040f tx timeout
[   60.033011] Bluetooth: hci4: Opcode 0x c03 failed: -110
[   60.033478] Bluetooth: hci3: Opcode 0x c03 failed: -110
[   60.097293] Bluetooth: hci5: Opcode 0x c03 failed: -110
[   61.441043] Bluetooth: hci0: command 0x0419 tx timeout
[   61.441475] Bluetooth: hci1: command 0x0419 tx timeout
[   61.569138] Bluetooth: hci2: command 0x0419 tx timeout
[   61.634030] Bluetooth: hci6: command 0x0419 tx timeout
[   61.697016] Bluetooth: hci7: command 0x0419 tx timeout
[   64.385033] Bluetooth: hci3: Opcode 0x c03 failed: -110
[   64.449035] Bluetooth: hci4: Opcode 0x c03 failed: -110
[   64.513089] Bluetooth: hci5: Opcode 0x c03 failed: -110

VM DIAGNOSIS:
11:53:49  Registers:
info registers vcpu 0
RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff82502865 RDI=ffffffff87f10da0 RBP=ffffffff87f10d60 RSP=ffff88802fb5f190
R8 =0000000000000001 R9 =000000000000000a R10=000000000000002d R11=0000000000000001
R12=000000000000002d R13=ffffffff87f10d60 R14=0000000000000010 R15=ffffffff82502850
RIP=ffffffff825028bd RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe5372e37000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe5372e35000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f9545d95d40 CR3=000000000ca24000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=2e6f747079726362696c2f756e672d78
XMM02=00312e312e6f732e6f74707972636269 XMM03=6c2f756e672d78756e696c2d34365f36
XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=1ffffffff0f30095 RBX=ffffffff877bc860 RCX=0000000000000000 RDX=ffff888016ab0000
RSI=ffffffff8216bb9b RDI=ffffffff879804a8 RBP=0000000000002265 RSP=ffff888016abfbb0
R8 =0000000000000007 R9 =0000000000000000 R10=ffffffe000000000 R11=0000000000000001
R12=0000000000002265 R13=ffffffff87980498 R14=dffffc0000000000 R15=ffffffff877bc8a0
RIP=ffffffff812c0b45 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0457a9f000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0457a9d000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fff6742b0a0 CR3=000000000f654000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000000000000000ff00 XMM01=25252525252525252525252525252525
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=0000000000000000000000000000ff00 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000