Warning: Permanently added '[localhost]:34113' (ECDSA) to the list of known hosts. 2023/02/26 01:13:30 fuzzer started 2023/02/26 01:13:30 dialing manager at localhost:41417 syzkaller login: [ 36.188367] cgroup: Unknown subsys name 'net' [ 36.308480] cgroup: Unknown subsys name 'rlimit' 2023/02/26 01:13:47 syscalls: 218 2023/02/26 01:13:47 code coverage: enabled 2023/02/26 01:13:47 comparison tracing: enabled 2023/02/26 01:13:47 extra coverage: enabled 2023/02/26 01:13:47 setuid sandbox: enabled 2023/02/26 01:13:47 namespace sandbox: enabled 2023/02/26 01:13:47 Android sandbox: enabled 2023/02/26 01:13:47 fault injection: enabled 2023/02/26 01:13:47 leak checking: enabled 2023/02/26 01:13:47 net packet injection: enabled 2023/02/26 01:13:47 net device setup: enabled 2023/02/26 01:13:47 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2023/02/26 01:13:47 devlink PCI setup: PCI device 0000:00:10.0 is not available 2023/02/26 01:13:47 USB emulation: enabled 2023/02/26 01:13:47 hci packet injection: enabled 2023/02/26 01:13:47 wifi device emulation: enabled 2023/02/26 01:13:47 802.15.4 emulation: enabled 2023/02/26 01:13:47 fetching corpus: 0, signal 0/0 (executing program) 2023/02/26 01:13:48 starting 8 fuzzer processes 01:13:48 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, r1, 0x8, 0x70bd27, 0x25dfdbfd, {{}, {}, {0x14, 0x19, {0x7fffffff, 0x800, 0x0, 0x401}}}, ["", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x4000890}, 0x4000) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x24, 0x0, 0x404, 0x70bd2b, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x7}]}, 0x24}, 0x1, 0x0, 0x0, 0x20004004}, 0x4040000) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r2, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x5c, 0x0, 0x10, 0x70bd27, 0x25dfdbfd, {}, [@IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x1}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x3}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0xc1}, @IEEE802154_ATTR_SHORT_ADDR={0x6}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x7}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x6}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4004}, 0x80) sendmsg$NLBL_CALIPSO_C_LIST(r2, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x64, 0x0, 0x200, 0x70bd29, 0x25dfdbfd, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x64}, 0x1, 0x0, 0x0, 0x40}, 0x800) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000500), r0) sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x1c, r3, 0x0, 0x70bd27, 0x25dfdbfd, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4800}, 0x20000000) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000600), 0x701000, 0x0) ioctl$SNAPSHOT_UNFREEZE(r4, 0x3302) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000640)={'wpan4\x00'}) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f00000006c0), 0xffffffffffffffff) sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f00000007c0)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000780)={&(0x7f0000000700)={0x70, r5, 0x400, 0x70bd29, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x1, 0x0}}]}, @IPVS_CMD_ATTR_SERVICE={0x48, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@empty}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x2}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x4044000}, 0x8001) sendmsg$IPVS_CMD_DEL_DAEMON(r0, &(0x7f00000009c0)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000980)={&(0x7f0000000840)={0x110, r5, 0x2, 0x70bd2b, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x44, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'ovf\x00'}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x10, 0x9}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0xc}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x4}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}]}, @IPVS_CMD_ATTR_DAEMON={0x18, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @dev={0xfe, 0x80, '\x00', 0x3c}}]}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @rand_addr=' \x01\x00'}]}, @IPVS_CMD_ATTR_DEST={0x60, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x6}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x2}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_FWD_METHOD={0x8}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x6}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x119}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x5}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x12}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@dev={0xac, 0x14, 0x14, 0x33}}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7fff}]}, 0x110}, 0x1, 0x0, 0x0, 0x4004}, 0x14) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000a40), r0) sendmsg$IPVS_CMD_GET_CONFIG(r0, &(0x7f0000000b00)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x24, r6, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x81}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x1) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000c00)={'ip_vti0\x00', &(0x7f0000000b80)={'tunl0\x00', 0x0, 0x8000, 0x87, 0x4, 0x1, {{0x15, 0x4, 0x1, 0x0, 0x54, 0x64, 0x0, 0x1f, 0x4, 0x0, @private=0xa010101, @empty, {[@ra={0x94, 0x4, 0x1}, @lsrr={0x83, 0xf, 0xee, [@remote, @empty, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @noop, @generic={0x82, 0x11, "fdbd77f20032a98f16c4be19f21ae3"}, @lsrr={0x83, 0x1b, 0x1f, [@empty, @broadcast, @empty, @broadcast, @multicast2, @remote]}]}}}}}) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000000cc0)={&(0x7f0000000b40), 0xc, &(0x7f0000000c80)={&(0x7f0000000c40)={0x34, r3, 0x400, 0x70bd2b, 0x25dfdbfb, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x4}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x49}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r7}]}, 0x34}, 0x1, 0x0, 0x0, 0x4008000}, 0x1) 01:13:48 executing program 2: r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc2}, &(0x7f0000000080)={0x0, "ada87b77cfb6467bce9b5016a56dbbcda614a919535b76691d2f25b7032c1b981c217b7a22fba8f560392f41aaf40ae5e06e3f99025b27e50155269220b25ea8", 0x3d}, 0x48, 0xfffffffffffffff8) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000100)='asymmetric\x00', 0x0) r1 = add_key$fscrypt_v1(&(0x7f0000000140), &(0x7f0000000180)={'fscrypt:', @auto=[0x64, 0xa0, 0x39, 0x34, 0x63, 0x62, 0x30, 0x63, 0x30, 0x35, 0x62, 0x35, 0x33, 0x37, 0x51, 0x31]}, &(0x7f00000001c0)={0x0, "89952a7316b9b72d2d18fc6470f6b14eecac69f0caa9d05bb6fc2636d8cc9d88c205a26e916aea8d61d484d599cbcfc9f5b9954f69ee74f0167ac896f74746af", 0x29}, 0x48, 0xfffffffffffffffe) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000240)='trusted\x00', &(0x7f0000000280)=@secondary) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, 0x0, 0x200, 0x70bd29, 0x25dfdbfb, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4048910}, 0x810) r3 = add_key$fscrypt_v1(&(0x7f00000003c0), &(0x7f0000000400)={'fscrypt:', @desc4}, &(0x7f0000000440)={0x0, "f1878e912dbd6469c35f710606468acf11d0a4bd8910711669ff9a676f2ebd42421e55c2fb076eea8ae2ef6902e0df49d7aef56b3dd5d7f922fa4cd8efffceff", 0x1c}, 0x48, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000004c0)={0x56, 0x3, 0x4, {0x9b6b, 0x9}, {0x5, 0x2}, @ramp={0x3, 0x0, {0x7, 0x3, 0x0, 0x8000}}}) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000540), r2) sendmsg$TIPC_CMD_DISABLE_BEARER(r2, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x2c, r4, 0x0, 0x70bd2b, 0x25dfdbfc, {{}, {}, {0x10, 0x13, @udp='udp:syz1\x00'}}, ["", "", "", "", ""]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x8000) sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r2, &(0x7f0000000700)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x1c, 0x0, 0x400, 0x70bd2a, 0x25dfdbfb, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x20000000) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f0000000800)={&(0x7f0000000740), 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x34, r4, 0x320, 0x70bd2c, 0x25dfdbff, {{}, {}, {0x18, 0x17, {0xb, 0x4, @l2={'eth', 0x3a, 'hsr0\x00'}}}}, ["", "", "", "", "", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x40c0}, 0x800) ioctl$EVIOCGBITKEY(0xffffffffffffffff, 0x80404521, &(0x7f0000000840)) sendmsg$IPVS_CMD_SET_INFO(r5, &(0x7f0000000a00)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000009c0)={&(0x7f00000008c0)={0xcc, 0x0, 0x2, 0x70bd2d, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}]}, @IPVS_CMD_ATTR_DAEMON={0x44, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0xdb76}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e21}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x20}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}]}, @IPVS_CMD_ATTR_DAEMON={0x60, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth0_vlan\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x7}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x78e}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @empty}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'macvlan1\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}]}, 0xcc}, 0x1, 0x0, 0x0, 0x880}, 0x4005) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000a40)={0x7, 0x15, 0x2}, 0x7) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000a80), 0x1, 0x0) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r2, &(0x7f0000000b80)={&(0x7f0000000ac0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000b40)={&(0x7f0000000b00)={0x1c, 0x0, 0x300, 0x70bd2a, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004041}, 0xc040) sendmsg$TIPC_CMD_RESET_LINK_STATS(r2, &(0x7f0000000c80)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000c40)={&(0x7f0000000c00)={0x30, r4, 0x400, 0x70bd28, 0x25dfdbff, {{}, {}, {0x14, 0x14, 'broadcast-link\x00'}}, ["", "", "", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x200068c0}, 0x4000) keyctl$setperm(0x5, r3, 0x100) 01:13:48 executing program 1: sendmsg$NLBL_CALIPSO_C_ADD(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x34, 0x0, 0x0, 0x70bd2a, 0x25dfdbfd, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0xda3a92a6cda194b6}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x801) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x0, 0x400, 0x70bd28, 0x25dfdbff, {}, ["", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000010}, 0x4) r1 = syz_open_dev$hiddev(&(0x7f0000000200), 0x6, 0x2000) ioctl$HIDIOCGCOLLECTIONINDEX(r1, 0x40184810, &(0x7f0000000240)={0x2, 0x3, 0x1, 0x1ff, 0x1000, 0x3}) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup/syz1\x00', 0x200002, 0x0) sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r0, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, 0x0, 0x20, 0x70bd2b, 0x25dfdbfb, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$IEEE802154_DISASSOCIATE_REQ(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x1c, r2, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@IEEE802154_ATTR_REASON={0x5, 0x12, 0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x8890) ioctl$HIDIOCGUCODE(r1, 0xc018480d, &(0x7f0000000500)={0x2, 0x1, 0xbe, 0x9, 0x0, 0x3}) ioctl$HIDIOCGUSAGE(0xffffffffffffffff, 0xc018480b, &(0x7f0000000540)={0x2, 0x100, 0xfffffe00, 0x4, 0x101, 0x4}) r3 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000580), 0x20000, 0x0) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r3, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x24, 0x0, 0x200, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x7}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x4004c080}, 0x0) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000700)={'wpan0\x00', 0x0}) sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x24, r2, 0x100, 0x70bd2c, 0x25dfdbff, {}, [@IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x3}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r4}]}, 0x24}, 0x1, 0x0, 0x0, 0x200400d1}, 0x10080) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000840), r3) sendmsg$TIPC_CMD_DISABLE_BEARER(r3, &(0x7f0000000900)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x2c, r5, 0x100, 0x70bd2c, 0x25dfdbfd, {{}, {}, {0x10, 0x13, @udp='udp:syz0\x00'}}, ["", "", ""]}, 0x2c}, 0x1, 0x0, 0x0, 0x408d0}, 0x800) socketpair(0x18, 0x4, 0x8, &(0x7f0000000940)={0xffffffffffffffff}) r7 = syz_genetlink_get_family_id$mptcp(&(0x7f00000009c0), r3) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r6, &(0x7f0000000ac0)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a00)={0x50, r7, 0x800, 0x70bd2b, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x1}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x5}, @MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x7}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}]}, 0x50}, 0x1, 0x0, 0x0, 0x81}, 0x50) 01:13:48 executing program 3: ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f0000000000)) ioctl$SNDRV_TIMER_IOCTL_GINFO(0xffffffffffffffff, 0xc0f85403, &(0x7f0000000040)={{0xffffffffffffffff, 0x1, 0x1f, 0x3, 0x1000}, 0x6, 0x31, 'id1\x00', 'timer1\x00', 0x0, 0x2, 0x3b5b, 0x8, 0x4f5}) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000140)=[@sack_perm, @window={0x3, 0x101, 0xc0}, @window={0x3, 0x8d, 0x3ff}], 0x3) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='scalable\x00', 0x9) r1 = syz_open_dev$evdev(&(0x7f00000001c0), 0x81, 0x298440) ioctl$EVIOCGPROP(r1, 0x80404509, &(0x7f0000000200)=""/17) ioctl$sock_inet6_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000240)) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000280)="4d5d0d3c2c9e11008bb15c129bcb5930", 0x10) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x24, 0x0, 0x812, 0x70bd27, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_BONDING_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x24044811}, 0x24004001) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000400), 0x200000) ioctl$SNDRV_TIMER_IOCTL_STATUS32(r2, 0x80585414, &(0x7f0000000440)) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet6_tcp_SIOCATMARK(r3, 0x8905, &(0x7f00000004c0)) ioctl$EVIOCGABS2F(r1, 0x8018456f, &(0x7f0000000500)=""/197) r4 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000600), 0x8080, 0x0) getsockname$packet(r4, &(0x7f0000000640)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000680)=0x14) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r4, 0xc0505405, &(0x7f00000006c0)={{0x1, 0x1, 0x8, 0x1}, 0x7, 0xc7a, 0x5}) getsockopt$inet_udp_int(r4, 0x11, 0xb, &(0x7f0000000740), &(0x7f0000000780)=0x4) 01:13:48 executing program 5: setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000000)="d3e11311691b126edc52af57c94bcc20", 0x10) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000040)) r1 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000080), 0x40e000, 0x0) ioctl$HIDIOCINITREPORT(r1, 0x4805, 0x0) write$P9_RFLUSH(r1, &(0x7f00000000c0)={0x7, 0x6d, 0x80}, 0x7) write$P9_RVERSION(r1, &(0x7f0000000100)={0x13, 0x65, 0xffff, 0x5, 0x6, '9P2000'}, 0x13) r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000140), 0x101, 0x0) getresuid(&(0x7f0000000180)=0x0, &(0x7f00000001c0), &(0x7f0000000200)=0x0) write$P9_RGETATTR(r2, &(0x7f0000000240)={0xa0, 0x19, 0x1, {0x1001, {0x80, 0x1, 0x8}, 0x47, r3, 0x0, 0x365, 0x8245, 0x8, 0xb0, 0x1, 0x9a, 0xffffffff, 0x1, 0x3dd, 0x4, 0x80000000, 0x80000000, 0x3, 0xe7, 0x6}}, 0xa0) write$P9_RGETATTR(r1, &(0x7f0000000300)={0xa0, 0x19, 0x2, {0x84, {0x4, 0x1, 0x1}, 0x0, r4, 0xee01, 0x3, 0x81, 0x9, 0x1ff, 0x6, 0x3, 0xfff, 0x1, 0x84c, 0xdc8, 0x10000, 0x17b60000000, 0x9, 0x3, 0x1f}}, 0xa0) write$P9_RFLUSH(r2, &(0x7f00000003c0)={0x7, 0x6d, 0x1}, 0x7) write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x2, 0x3f}, 0xb) r5 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000440)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep2(r5, 0x83, 0x12, &(0x7f00000004c0)=@conn_svc_rsp={0x0, 0x0, 0xa, "7af07072", {0x3, 0x107, 0x0, 0x0, 0xfffd, 0x7}}) pipe2$9p(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}, 0x1800) write$P9_RMKNOD(r6, &(0x7f0000000540)={0x14, 0x13, 0x2, {0x8, 0x1}}, 0x14) syz_genetlink_get_family_id$ipvs(&(0x7f0000000580), 0xffffffffffffffff) r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000600), r1) sendmsg$TIPC_CMD_DISABLE_BEARER(r2, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x2c, r7, 0x400, 0x70bd2d, 0x25dfdbfd, {{}, {}, {0x10, 0x13, @udp='udp:syz1\x00'}}, ["", "", ""]}, 0x2c}, 0x1, 0x0, 0x0, 0x80c0}, 0x800) 01:13:48 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000000)="d6dc2a7b4d363b5480877b3d21e796ec", 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_GET_ADDR(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x26}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, r2, 0x200, 0x70bd25, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x3}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x5}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x3}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}]}, 0x34}, 0x1, 0x0, 0x0, 0x20008040}, 0x0) pipe2$9p(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) getresuid(&(0x7f00000001c0)=0x0, &(0x7f0000000200), &(0x7f0000000240)) write$P9_RSTATu(r3, &(0x7f0000000280)={0x59, 0x7d, 0x1, {{0x0, 0x42, 0x100, 0xaa5, {0x2, 0x4, 0x3}, 0x88090000, 0x4, 0x3, 0x3ff, 0x1, ',', 0x6, '{!(![.', 0x8, '^-d\xdd}.-*'}, 0x2, '&$', 0x0, 0xee01, r4}}, 0x59) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000340), r1) sendmsg$TIPC_CMD_GET_NODES(r1, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, r5, 0x200, 0x70bd27, 0x25dfdbfd, {}, ["", "", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x40044000) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_VLAN(r6, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x24, 0x0, 0x800, 0x70bd28, 0x25dfdbfc, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0xffffff82}]}, 0x24}, 0x1, 0x0, 0x0, 0x8040}, 0x0) r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000580), r6) sendmsg$IPVS_CMD_DEL_DAEMON(r1, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x24, r7, 0x2, 0x70bd2b, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8001}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008801}, 0xc000) write$P9_RREADLINK(r3, &(0x7f0000000680)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000006c0), 0x4) write$P9_RWRITE(r3, &(0x7f0000000700)={0xb, 0x77, 0x2, 0x1}, 0xb) syz_genetlink_get_family_id$wireguard(&(0x7f0000000740), r6) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000780)='lp\x00', 0x3) sendmsg$BATADV_CMD_GET_VLAN(r1, &(0x7f00000008c0)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000880)={&(0x7f0000000800)={0x58, 0x0, 0x10, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0xe2}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x78}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x3}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x2}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}]}, 0x58}, 0x1, 0x0, 0x0, 0x10}, 0x24000010) [ 52.922509] audit: type=1400 audit(1677374028.839:6): avc: denied { execmem } for pid=260 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 01:13:48 executing program 6: ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(0xffffffffffffffff, 0x80083313, &(0x7f0000000000)) write$snapshot(0xffffffffffffffff, &(0x7f0000000040)="df87f71f8121ecbff17a3a8390d3da5375379aa970ac76c4f20959051a33202aa21c9aa1c51b47366fddf60b714cdd5fe032d9d033619042ddb388942f4f44756bfee6072619101b0bf501e0a3efe2ffc76c9f95169abe4d365b", 0x5a) ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305) ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(0xffffffffffffffff, 0x80083314, &(0x7f00000000c0)) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0) r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40100, 0x0) ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083313, &(0x7f0000000180)) connect$bt_sco(0xffffffffffffffff, &(0x7f00000001c0), 0x8) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200), 0x20000, 0x0) read$snapshot(r1, &(0x7f0000000240)=""/198, 0xc6) ioctl$SNAPSHOT_UNFREEZE(r0, 0x3302) r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000340), 0x4000, 0x0) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x65) ioctl$SNAPSHOT_ATOMIC_RESTORE(r2, 0x3304) ioctl$SNAPSHOT_FREE_SWAP_PAGES(r1, 0x3309) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.net/syz1\x00', 0x200002, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r2, 0x894b, &(0x7f00000003c0)) r3 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000400), 0x940, 0x0) ioctl$EVIOCSFF(r3, 0x40304580, &(0x7f0000000480)={0x54, 0x1ff, 0x2, {0x2, 0x101}, {0x2, 0x9}, @period={0x5b, 0x2, 0xff, 0x8, 0x4, {0x800, 0x2, 0x7fff}, 0x3, &(0x7f0000000440)=[0x800, 0x80, 0x1]}}) ioctl$SNAPSHOT_ATOMIC_RESTORE(r2, 0x3304) 01:13:48 executing program 7: getsockname$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000040)=0x14) sendmsg$MPTCP_PM_CMD_DEL_ADDR(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x58, 0x0, 0x428, 0x70bd2a, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_ADDR={0x4}, @MPTCP_PM_ATTR_ADDR={0x28, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast1}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r0}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x6}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x8}]}, 0x58}, 0x1, 0x0, 0x0, 0x4}, 0x40) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) sendmsg$BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x54, 0x0, 0x20, 0x70bd2a, 0x25dfdbfb, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r1}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x40}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x3bb17cdb}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r0}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r0}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}]}, 0x54}, 0x1, 0x0, 0x0, 0x20004020}, 0x6000140) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_NODES(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, r2, 0x200, 0x70bd29, 0x25dfdbfc, {}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x400}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_GET_MAX_PORTS(r3, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x1c, r2, 0x800, 0x70bd2b, 0x25dfdbfb, {}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) sendmsg$TIPC_CMD_GET_NODES(r3, &(0x7f0000000640)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x1c, r2, 0x20, 0x70bd2d, 0x25dfdbfb, {}, ["", "", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x810}, 0x801c) r4 = openat$hpet(0xffffffffffffff9c, &(0x7f00000006c0), 0xa100, 0x0) syz_genetlink_get_family_id$wireguard(&(0x7f0000000680), r4) prctl$PR_GET_TSC(0x19, &(0x7f0000000700)) r5 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000740), 0x8232459780347fb9, 0x0) sendmsg$TIPC_CMD_GET_NETID(r5, &(0x7f0000000840)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x1c, r2, 0x10, 0x70bd28, 0x25dfdbfb, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000040}, 0x6658ae96e5851edd) r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000008c0), 0xffffffffffffffff) sendmsg$IEEE802154_LLSEC_ADD_KEY(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000880), 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x1c, r6, 0x200, 0x70bd2d, 0x25dfdbfe, {}, [@IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x20}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000) sendmsg$IEEE802154_LLSEC_LIST_DEV(0xffffffffffffffff, &(0x7f0000000a80)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000a40)={&(0x7f0000000a00)={0x14, r6, 0x800, 0x70bd28, 0x25dfdbff, {}, ["", "", "", "", ""]}, 0x14}}, 0x0) prctl$PR_GET_TSC(0x19, &(0x7f0000000ac0)) r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000b40), r3) sendmsg$BATADV_CMD_GET_MESH(r4, &(0x7f0000000c00)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000bc0)={&(0x7f0000000b80)={0x2c, r7, 0x200, 0x70bd2c, 0x25dfdbfc, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r0}]}, 0x2c}, 0x1, 0x0, 0x0, 0xc080}, 0x4004841) [ 54.193911] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 54.196512] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 54.199581] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 54.202517] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 54.204318] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 54.205644] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 54.246225] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 54.248513] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 54.251338] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 54.253933] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 54.255181] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 54.257672] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 54.262395] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 54.264477] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 54.266137] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 54.270144] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 54.271628] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 54.277454] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 54.283408] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 54.286980] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 54.289153] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 54.297519] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 54.338488] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 54.346441] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 54.388326] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 54.390359] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 54.394567] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 54.396441] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 54.398618] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 54.401138] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 54.403202] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 54.405215] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 54.407103] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 54.420126] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 54.423660] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 54.427872] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 56.278748] Bluetooth: hci0: command 0x0409 tx timeout [ 56.342351] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 56.343595] Bluetooth: hci2: command 0x0409 tx timeout [ 56.343828] [ 56.344200] Bluetooth: hci3: command 0x0409 tx timeout [ 56.344486] ====================================================== [ 56.344495] WARNING: possible circular locking dependency detected [ 56.344504] 6.2.0-next-20230224 #1 Not tainted [ 56.344519] ------------------------------------------------------ [ 56.344527] syz-executor.3/275 is trying to acquire lock: [ 56.344542] ffff888015a6c880 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0} [ 56.345024] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 56.345762] , at: __flush_work+0xdd/0xd80 [ 56.352794] [ 56.352794] but task is already holding lock: [ 56.353605] ffff888015a6c920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 56.354921] [ 56.354921] which lock already depends on the new lock. [ 56.354921] [ 56.356007] [ 56.356007] the existing dependency chain (in reverse order) is: [ 56.357004] [ 56.357004] -> #1 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}: [ 56.357984] __mutex_lock+0x133/0x14a0 [ 56.358628] hci_cmd_sync_work+0x1e6/0x320 [ 56.359302] process_one_work+0xa0f/0x1790 [ 56.359982] worker_thread+0x63b/0x1260 [ 56.360617] kthread+0x2e9/0x3a0 [ 56.361168] ret_from_fork+0x2c/0x50 [ 56.361763] [ 56.361763] -> #0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}: [ 56.362920] __lock_acquire+0x2d56/0x6380 [ 56.363601] lock_acquire.part.0+0xea/0x320 [ 56.364303] __flush_work+0x109/0xd80 [ 56.364917] __cancel_work_timer+0x39c/0x4e0 [ 56.365589] hci_cmd_sync_clear+0x52/0x250 [ 56.366253] hci_unregister_dev+0xf9/0x410 [ 56.366931] vhci_release+0x80/0x100 [ 56.367532] __fput+0x263/0xa40 [ 56.368079] task_work_run+0x174/0x280 [ 56.368706] do_exit+0xad8/0x2800 [ 56.369274] do_group_exit+0xd4/0x2a0 [ 56.369859] __x64_sys_exit_group+0x3e/0x50 [ 56.370514] do_syscall_64+0x3f/0x90 [ 56.371086] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 56.371860] [ 56.371860] other info that might help us debug this: [ 56.371860] [ 56.372884] Possible unsafe locking scenario: [ 56.372884] [ 56.373663] CPU0 CPU1 [ 56.374268] ---- ---- [ 56.374873] lock(&hdev->cmd_sync_work_lock); [ 56.375487] lock((work_completion)(&hdev->cmd_sync_work)); [ 56.376562] lock(&hdev->cmd_sync_work_lock); [ 56.377494] lock((work_completion)(&hdev->cmd_sync_work)); [ 56.378259] [ 56.378259] *** DEADLOCK *** [ 56.378259] [ 56.379029] 1 lock held by syz-executor.3/275: [ 56.379656] #0: ffff888015a6c920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 56.381001] [ 56.381001] stack backtrace: [ 56.381590] CPU: 0 PID: 275 Comm: syz-executor.3 Not tainted 6.2.0-next-20230224 #1 [ 56.382600] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 56.383686] Call Trace: [ 56.384039] [ 56.384357] dump_stack_lvl+0x91/0xf0 [ 56.384883] check_noncircular+0x263/0x2e0 [ 56.385477] ? __pfx_check_noncircular+0x10/0x10 [ 56.386143] ? queued_spin_lock_slowpath+0xd1/0xc50 [ 56.386847] __lock_acquire+0x2d56/0x6380 [ 56.387440] ? __pfx___lock_acquire+0x10/0x10 [ 56.388086] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 56.388831] ? __wait_for_common+0x394/0x550 [ 56.389453] ? __pfx_lock_release+0x10/0x10 [ 56.390063] lock_acquire.part.0+0xea/0x320 [ 56.390672] ? __flush_work+0xdd/0xd80 [ 56.391226] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 56.391920] ? __flush_work+0xdd/0xd80 [ 56.392470] ? rcu_read_lock_sched_held+0x42/0x80 [ 56.393129] ? trace_lock_acquire+0x170/0x1e0 [ 56.393753] ? __flush_work+0xdd/0xd80 [ 56.394303] ? lock_acquire+0x32/0xc0 [ 56.394845] ? __flush_work+0xdd/0xd80 [ 56.395397] __flush_work+0x109/0xd80 [ 56.395951] ? __flush_work+0xdd/0xd80 [ 56.396507] ? __pfx_mark_lock.part.0+0x10/0x10 [ 56.397158] ? __pfx___flush_work+0x10/0x10 [ 56.397760] ? lock_acquire.part.0+0xea/0x320 [ 56.398389] ? hci_cmd_sync_clear+0x45/0x250 [ 56.398995] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 56.399685] ? hci_cmd_sync_clear+0x45/0x250 [ 56.400298] ? rcu_read_lock_sched_held+0x42/0x80 [ 56.400957] ? trace_lock_acquire+0x170/0x1e0 [ 56.401583] ? lock_is_held_type+0x9f/0x120 [ 56.402189] ? mark_held_locks+0x9e/0xe0 [ 56.402762] __cancel_work_timer+0x39c/0x4e0 [ 56.403366] ? __pfx___cancel_work_timer+0x10/0x10 [ 56.404045] ? __cancel_work_timer+0x2aa/0x4e0 [ 56.404667] ? __pfx___cancel_work_timer+0x10/0x10 [ 56.405326] ? lock_release+0x1e3/0x710 [ 56.405887] ? __pfx_lock_release+0x10/0x10 [ 56.406380] Bluetooth: hci1: command 0x0409 tx timeout [ 56.406474] ? do_raw_write_lock+0x11e/0x3b0 [ 56.407519] ? __pfx_vhci_release+0x10/0x10 [ 56.408128] hci_cmd_sync_clear+0x52/0x250 [ 56.408711] ? __pfx_vhci_release+0x10/0x10 [ 56.409310] hci_unregister_dev+0xf9/0x410 [ 56.409895] vhci_release+0x80/0x100 [ 56.410422] __fput+0x263/0xa40 [ 56.410893] task_work_run+0x174/0x280 [ 56.411439] ? __pfx_task_work_run+0x10/0x10 [ 56.412073] ? do_raw_spin_unlock+0x53/0x220 [ 56.412683] do_exit+0xad8/0x2800 [ 56.413168] ? lock_release+0x1e3/0x710 [ 56.413730] ? __pfx_lock_release+0x10/0x10 [ 56.414331] ? do_raw_spin_lock+0x125/0x270 [ 56.414914] ? __pfx_do_exit+0x10/0x10 [ 56.415458] do_group_exit+0xd4/0x2a0 [ 56.415995] __x64_sys_exit_group+0x3e/0x50 [ 56.416588] do_syscall_64+0x3f/0x90 [ 56.417102] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 56.417803] RIP: 0033:0x7fb5baee3b19 [ 56.418306] Code: Unable to access opcode bytes at 0x7fb5baee3aef. [ 56.419120] RSP: 002b:00007ffe53c580f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 56.420136] RAX: ffffffffffffffda RBX: 00007ffe53c588d8 RCX: 00007fb5baee3b19 [ 56.421069] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 56.422006] RBP: 0000000000000000 R08: 0000000000000026 R09: 00007ffe53c588d8 [ 56.422937] R10: 0000000000000020 R11: 0000000000000246 R12: 00007fb5baf3d233 [ 56.423893] R13: 0000000000000002 R14: 0000000000000000 R15: 00000000000000f8 [ 56.424837] [ 56.470455] Bluetooth: hci7: command 0x0409 tx timeout [ 56.470917] Bluetooth: hci6: command 0x0409 tx timeout [ 58.326295] Bluetooth: hci0: command 0x041b tx timeout [ 58.390280] Bluetooth: hci3: command 0x041b tx timeout [ 58.390769] Bluetooth: hci2: command 0x041b tx timeout [ 58.454327] Bluetooth: hci1: command 0x041b tx timeout [ 58.518355] Bluetooth: hci6: command 0x041b tx timeout [ 58.518853] Bluetooth: hci7: command 0x041b tx timeout [ 59.290420] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 59.291055] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 59.292254] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 59.295345] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 59.296876] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 59.297434] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 60.374298] Bluetooth: hci0: command 0x040f tx timeout [ 60.438304] Bluetooth: hci2: command 0x040f tx timeout [ 60.438721] Bluetooth: hci3: command 0x040f tx timeout [ 60.502276] Bluetooth: hci1: command 0x040f tx timeout [ 60.566292] Bluetooth: hci7: command 0x040f tx timeout [ 60.566693] Bluetooth: hci6: command 0x040f tx timeout [ 61.270275] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 61.334462] Bluetooth: hci5: command 0x0409 tx timeout [ 62.422300] Bluetooth: hci0: command 0x0419 tx timeout [ 62.486318] Bluetooth: hci3: command 0x0419 tx timeout [ 62.486715] Bluetooth: hci2: command 0x0419 tx timeout [ 62.550308] Bluetooth: hci1: command 0x0419 tx timeout [ 62.614320] Bluetooth: hci6: command 0x0419 tx timeout [ 62.614722] Bluetooth: hci7: command 0x0419 tx timeout [ 63.382323] Bluetooth: hci5: command 0x041b tx timeout [ 65.430293] Bluetooth: hci5: command 0x040f tx timeout [ 65.558290] Bluetooth: hci4: Opcode 0x c03 failed: -110 VM DIAGNOSIS: 01:13:52 Registers: info registers vcpu 0 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff825027d0 RDI=ffffffff87f10da0 RBP=ffffffff87f10d60 RSP=ffff88801598f0a8 R8 =0000000000000004 R9 =0000000000000010 R10=0000000000000010 R11=0000000000000001 R12=0000000000002710 R13=0000000000000020 R14=fffffbfff0fe2205 R15=dffffc0000000000 RIP=ffffffff82502825 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe780d5cf000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe780d5cd000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f223e8f8310 CR3=0000000015a8c000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ffffffffffffffffffffffffffffffff XMM01=30306234386136303638616663356134 XMM02=38303062343861363036386166633561 XMM03=2f6c616e72756f6a2f676f6c2f6e7572 XMM04=f94733c4c2de71d4000000000012d6d0 XMM05=d3fdd5f48436fbd700000000000aead0 XMM06=ea4117fcf783b9e700000000000ae988 XMM07=00000000000000000000000000000000 XMM08=44495f474f4c5359530069253d595449 XMM09=00000000000000000000000000000000 XMM10=00000000000000000020000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=dffffc0000000000 RBX=ffff888019e0f8d0 RCX=ffffffff8611a73c RDX=1ffff110033c1eb2 RSI=0000000000000001 RDI=ffff888019e0f590 RBP=ffff888019e08000 RSP=ffff888019e0f510 R8 =ffffffff8611a740 R9 =ffff888019e0f5c0 R10=0000000000038001 R11=0000000000000001 R12=ffff888019e0f5e0 R13=ffff888019e0f580 R14=ffff888019e0f8d0 R15=0000000000000001 RIP=ffffffff81133ca3 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f4fe8298540 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe452362b000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe4523629000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f4fe8369710 CR3=000000003457e000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=0000ff0000000000000000000000ff00 XMM01=ffff00ffffffffffffffffffffff00ff XMM02=4c4700362e322e325f4342494c470035 XMM03=00000000000000000000000000470035 XMM04=4342494c4700362e322e325f4342494c XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000