Warning: Permanently added '[localhost]:47623' (ECDSA) to the list of known hosts.
2023/02/26 21:46:22 fuzzer started
2023/02/26 21:46:23 dialing manager at localhost:41417
syzkaller login: [   45.677981] cgroup: Unknown subsys name 'net'
[   45.784464] cgroup: Unknown subsys name 'rlimit'
2023/02/26 21:46:38 syscalls: 209
2023/02/26 21:46:38 code coverage: enabled
2023/02/26 21:46:38 comparison tracing: enabled
2023/02/26 21:46:38 extra coverage: enabled
2023/02/26 21:46:38 setuid sandbox: enabled
2023/02/26 21:46:38 namespace sandbox: enabled
2023/02/26 21:46:38 Android sandbox: enabled
2023/02/26 21:46:38 fault injection: enabled
2023/02/26 21:46:38 leak checking: enabled
2023/02/26 21:46:38 net packet injection: enabled
2023/02/26 21:46:38 net device setup: enabled
2023/02/26 21:46:38 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2023/02/26 21:46:38 devlink PCI setup: PCI device 0000:00:10.0 is not available
2023/02/26 21:46:38 USB emulation: enabled
2023/02/26 21:46:38 hci packet injection: enabled
2023/02/26 21:46:38 wifi device emulation: enabled
2023/02/26 21:46:38 802.15.4 emulation: enabled
2023/02/26 21:46:38 fetching corpus: 0, signal 0/0 (executing program)
2023/02/26 21:46:39 starting 8 fuzzer processes
21:46:39 executing program 0:
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$BLKRAGET(r0, 0x1263, &(0x7f0000000040))
setsockopt$inet_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000080), 0x4)
socketpair(0x11, 0x5, 0x61e, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000100)='dctcp\x00', 0x6)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f0000000140), 0x4)
ioctl$sock_ipv6_tunnel_SIOCADDPRL(r1, 0x89f5, &(0x7f0000000200)={'ip6_vti0\x00', &(0x7f0000000180)={'syztnl0\x00', 0x0, 0x29, 0x8, 0x7, 0x1a0c, 0x40, @private2={0xfc, 0x2, '\x00', 0x1}, @private1, 0x8000, 0x7800, 0x4, 0x122}})
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000240)={0x4, 0x4, 0x7, 0x1, 0x4}, 0x14)
r5 = syz_open_dev$hiddev(&(0x7f0000000280), 0x5, 0x94100)
ioctl$HIDIOCGFLAG(r5, 0x8004480e, &(0x7f00000002c0))
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000300)={0x57, 0x9, 0x7d5, 0xfffffffa, 0x5}, 0x14)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000340)='./binderfs2/binder1\x00', 0x2, 0x0)
ioctl$BINDER_ENABLE_ONEWAY_SPAM_DETECTION(r6, 0x40046210, &(0x7f0000000380))
ioctl$SNAPSHOT_GET_IMAGE_SIZE(r1, 0x8008330e, &(0x7f00000003c0))
socketpair(0xf, 0x1, 0x81, &(0x7f0000000400)={<r7=>0xffffffffffffffff})
sendmsg$IPVS_CMD_GET_CONFIG(r7, &(0x7f0000000580)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000540)={&(0x7f0000000480)={0xb4, 0x0, 0x20, 0x70bd2b, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1}, @IPVS_CMD_ATTR_DAEMON={0x44, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @remote}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast1}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'geneve0\x00'}]}, @IPVS_CMD_ATTR_SERVICE={0x34, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x7e}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wrr\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x7f}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x20b8432b}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7b}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}]}, 0xb4}, 0x1, 0x0, 0x0, 0x20040800}, 0xc000884)
r8 = openat$cgroup_ro(r0, &(0x7f00000005c0)='net_prio.prioidx\x00', 0x0, 0x0)
sendmsg$IPVS_CMD_SET_SERVICE(r8, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)={0x50, 0x0, 0x100, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x100}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0xdcb0}]}, @IPVS_CMD_ATTR_DAEMON={0x20, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @dev={0xfe, 0x80, '\x00', 0x23}}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1}]}, 0x50}, 0x1, 0x0, 0x0, 0x4}, 0x40000)
write$P9_RSTATu(0xffffffffffffffff, &(0x7f0000000780)={0x6a, 0x7d, 0x2, {{0x0, 0x4d, 0x401, 0x5, {0x80, 0x0, 0x5}, 0xeb6a8a4a42aa5a58, 0x2474, 0x0, 0x6, 0x1, '&', 0x6, ']$$V\\/', 0x2, '-2', 0x11, '/dev/usb/hiddev#\x00'}, 0x8, '!].\x80(\\&$', 0xee00}}, 0x6a)

21:46:39 executing program 1:
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='lp\x00', 0x3)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000040), &(0x7f0000000080)=0x14)
r0 = timerfd_create(0x0, 0x800)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f00000000c0)='cubic\x00', 0x6)
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$HIDIOCGVERSION(r1, 0x80044801, &(0x7f0000000140))
timerfd_gettime(r2, &(0x7f0000000180))
read$hiddev(r2, &(0x7f00000001c0)=""/160, 0xa0)
pipe(&(0x7f0000000280)={<r3=>0xffffffffffffffff})
ioctl$HIDIOCGFLAG(r3, 0x8004480e, &(0x7f00000002c0))
ioctl$HIDIOCGCOLLECTIONINFO(0xffffffffffffffff, 0xc0104811, &(0x7f0000000300)={0xdbf6, 0xa91, 0x7, 0xffffffff})
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000340)=0x1, 0x4)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000380), r3)
getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000440)={{{@in=@empty, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in6=@loopback}, 0x0, @in=@loopback}}, &(0x7f0000000540)=0xe8)
mount$9p_fd(0x0, &(0x7f00000003c0)='.\x00', &(0x7f0000000400), 0x224000, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@uname={'uname', 0x3d, 'l2tp\x00'}}, {@posixacl}, {@version_L}, {@afid={'afid', 0x3d, 0x5}}, {@access_user}, {@debug={'debug', 0x3d, 0x1}}, {@dfltgid={'dfltgid', 0x3d, 0xffffffffffffffff}}, {@noextend}, {@dfltuid={'dfltuid', 0x3d, 0xee01}}], [{@smackfsroot}, {@fowner_lt={'fowner<', r4}}]}})
ioctl$HIDIOCGCOLLECTIONINDEX(r2, 0x40184810, &(0x7f00000006c0)={0x3, 0x81, 0x833, 0x9, 0x7fffffff, 0xffff})
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000800)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000007c0)={&(0x7f0000000740)={0x48, 0x0, 0x2, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7bd4aaf8}, @IPVS_CMD_ATTR_DAEMON={0x2c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x4}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0x64010101}]}]}, 0x48}, 0x1, 0x0, 0x0, 0xc014}, 0x20000000)
sendmsg$IPVS_CMD_GET_DAEMON(r1, &(0x7f0000000940)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000900)={&(0x7f0000000880)={0x68, 0x0, 0x20, 0x70bd2b, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x9}]}, @IPVS_CMD_ATTR_DEST={0x40, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0xfffb}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x6}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x7}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e24}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@local}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x1030000}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x101}]}, 0x68}, 0x1, 0x0, 0x0, 0x40}, 0x40000)
mount$9p_fd(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f00000009c0), 0x6c819, &(0x7f0000000a40)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x5}}, {@privport}], [{@mask={'mask', 0x3d, '^MAY_APPEND'}}, {@fsname={'fsname', 0x3d, 'posixacl'}}, {@fsname={'fsname', 0x3d, 'wfdno'}}, {@mask={'mask', 0x3d, 'MAY_WRITE'}}, {@pcr={'pcr', 0x3d, 0x8}}, {@euid_eq={'euid', 0x3d, r4}}]}})

21:46:39 executing program 2:
sendmsg$BATADV_CMD_TP_METER_CANCEL(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x34, 0x0, 0x2262bebb3626c4bb, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_VLANID={0x6}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x4010}, 0x4000)
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='blkio.bfq.time\x00', 0x0, 0x0)
write$P9_RSTATFS(r0, &(0x7f0000000140)={0x43, 0x9, 0x2, {0x1f, 0x1f, 0xfffffffffffffffe, 0x2, 0x6, 0xfffffffffffffff8, 0x5, 0x0, 0xe2e5}}, 0x43)
r1 = socket$unix(0x1, 0x2, 0x0)
accept$unix(r1, &(0x7f00000001c0)=@abs, &(0x7f0000000240)=0x6e)
getsockname$unix(r1, &(0x7f0000000280)=@abs, &(0x7f0000000300)=0x6e)
write$P9_RREADLINK(r0, &(0x7f0000000340)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10)
socketpair(0x11, 0xf, 0x5, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$SOCK_DESTROY(r2, &(0x7f0000001600)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000015c0)={&(0x7f0000000400)={0x1198, 0x15, 0x100, 0x70bd27, 0x25dfdbfe, {0x2a, 0xa4}, [@INET_DIAG_REQ_BYTECODE={0x14, 0x1, "2ead0f29ae347fd529f8f11a7152f04c"}, @INET_DIAG_REQ_BYTECODE={0x58, 0x1, "4a27dcc9c8d766afecaaf65ae069bffc094ff5021b580b024c3df77697e3382d1cbddf7b2e9ddcd32039eb0d57d377b3c414780ea804d5b0ebed65fd3452969da7f2a2bd22ff294bb69a3232a541a8970d305438"}, @INET_DIAG_REQ_BYTECODE={0x25, 0x1, "d049bdfdac175ea2c4b34e37e1a1ae711d02b12f2be6cd0c815ecee492da920332"}, @INET_DIAG_REQ_BYTECODE={0xea, 0x1, "295afc3f2099e9afb98bc2e2d6a1ff374aa466da797fc34e36ffa101f109f45f134bd7bf0ad120d3909520cc57d69df327e35bdbbede0bfb0342bb87bb8f182447962b67e0a2243c1e4c08b5ad4c6d8827909f6455393c07f7debd793049876620ed0fcbefadd42ed6d266edcd8c3675623fc0705460873ea3f60484b826ccf29b1f89d095b0f1a7fa8dde89bd154bfdf2eabf5ded54c5514177111877638f143fbd869c705c3a03a437931f39742dfc4ff40d29b94a6e0f3a4a046e2fc8af5c585caec7ce2a139cc221053ed10d72dd808e737d35c115cfdcff9252f21f18744885d3eb6d50"}, @INET_DIAG_REQ_BYTECODE={0x1004, 0x1, "a269f191f3067a22486b87c3f0137cd96b28bd7b76f43ed6bad899a560870504443412ff452bd4088b622c6101e5e6b0b3f1ca2b3fd3a8c750aa854d2dc8acae43054c8848b33272eeba9cedfc5feb08f7afc128761394d4ce9921a941601d52349d2a883d6a32b0c5af97b7fe617dd5b508cad21071d84d3dc76688accefde043cded986fbd11584ed726355ff57d491653229761069b310258b6d84f8575863efd77f627dc258b379e1a5a20b3de4aaf239826de427bbeeabacd4339e9823708e12ec2756762500ab67788c89a6d34f7e4276fe95969e07b5bf37e3ee75a2d1d64478486514ec838201a5f6368d7e2c9255899ba49574be4e4aebfc536e0fb12ee2968694ba12bf7709dab8cce4b4ad1d086ae706e3518fe1c8bc1aefd6b50501eecd2f3859c43ac6ac4870b5dbc579be2dc04a2034dd431d719c694338b27584afefb807831fb7c3506a61d7686a95b5a63ef4cfc0169548f690e0afe111a34dd7dceaad5e27866a92b25dc8a59c9dc168354e239aa5349ae5e5042c0445377b5401577774b52cd00159c884ecfeeea372d00e3467c1c296eabb7cb7fc2d420b3474a7bbde159100e53b91b0b0d31165622bf8d5343052e5bda38a728698c961cacbfb77ea7d0f726c1c521f663b3818f484eb0843352fddfe44e5b2f883ac02d5a89afaacabe41029a9775426c1354ea57e2a31021e3792ac815ec41f195f714234b8479a7449fa935ef37d74f575fa1026826efe71188327441e320ee85befeccd5a37e98ee626c2cc50cb36c9b18ff7b452ea14c6b6dbf0686a8119c8e650dc05c931580839546a6f5c526867d4771be468054639f4ceacb5e5a830e28124ceb57f6c61e4ad5db52592287d77c43f159f3c2e8ab9c50004e8cace18f9efdee15c980b74235b676105f362870f74541e17fe9203e9cfc524d426534fc13f337c075b415b96bd7c65ca716b688b984e2dcbd5d0f91b0f231b79519395d42ce41df5f29bf0409b4c612d99924fe1f9461efbd318fcce4975daf6d941fd7a6806e27b80cc1dc822924154443d8799e8ee3c5bb8f4adbcd16f7dbe91deac9ab11cce07fbec89c58819484e8c8cb8ca1b8903b028dff3791fe6ded6fd9b90f57398d6477cf8840f2c8ffbb3ddc5054e56ae56eb62e0c5f144956eb6aad67e189005f8302967d6a858c881f6aee80f365b3bea67aa5ea60646744066c2ca621986c71d92791217f5b10e996582ca5cde0f999fb5cc52bde1d66609d01578ed7279b30c44c795f2c570714875aea69392a80d9f3b8ccce8b730ccf3ca493c250c941443c62f81b1bbad202f86ab9ebde576e57270c72b67f0efb40d566a528d1bc9701b086923f88f8591e569420720239585196c299d4134db713165599dd7875d4d57767347de199e4adfa38bb640ec2dead6f0bff89dd06f1d4dbe0c306ad9951d52d407871a3ecdb6ab0f7f42b1bdf02338b6dd202cdcab45ccd2b11315723be6550f28134d02fb7c0330f663c6c90e782dc14fc03db3dd1ac4e176c648b1512c46f1e60f9cba017e4ee60ac1a7a357357422612b860e4af559d0cabe015eb79d7092af44c2f000e9d333d447bfd813a6ed900177933078d842a79781a2b8bdec56e9eda5e19408a9226aab5c329f0271775f3eec5ca99170e9b306b86f79f38403686ce4d5121b9b2c402ca1940973aff8bbdb65bbb67a59d6153eec814f1a45aae1dd2900054ea4e9af8ed7da414aef0f5736f3edcd8f9a8aa0376af1000286e1b1679db09cac3c7734d7d0ad5bdb6b65561877219ddeb32f05f6db87702f99e232421b8f4b4cd4d7bf2974cc0327c2d928a500a21961e9300ca30526dea21e193b52dd70b8290c73567500f50ec84ae2281824d19688d672ec72e3ee3ecff0e3ae8d5d8850462e6f192f0e50219f8d880ff693cc6e197f2cd0b4b76c58c0154d601efae10e178343d66d73782ce7cb5d9972a2bdd2d6efb0d0cf653d2370e9ee6a988576cfc0748c206caccff95714d7b9dab3972639675fcd411964c2950aa190c70584a5721367889b05eecaa5ddebadb712eb2b965c01ff0a8ecb2ac0814271dde36b7cb503cf58df9bca80d8a9fb67449b1ae67b5874ff186c5a54044723d6ed39b95e4ed8102956cafda91da1b26e7e4054e1599006c060fcdd31601f2194d7ca32dece0e49da94b4b10e55920aa95daa0c7eff5a2b4211a680957342cb425cad8037ab57427203d328cc53cb7a42c894124c395a71ccf45c88425c1fc1556ff64e6fe15889fe92b3c00c1996e1a3971b3df76d93dc7b4989d7f54ee2519f8700d28a14c48eac2366756c8c08cc2a904bd79c53e46604f972e5b4033cca75accfa5b95eea10a734862e3b9b9eab2e3ac63953da8555f2f6a55e2125ae06cdb9676da894784d6a9ee8ccbc08092d12cc4d03dfaacbf42246ac54a66826709ae27a02fc15699fd636ca66dec1be2143e96123d44507bb66da7244787d2f93e90d263f238f9dc3105b5afb5cd57ba662b349d34adf288b16d1c644e12d110a2f435352708c85e0336204f650e158cafcfa9380ad28941378b72603cb43f073e7d26daf5b13d8f9ba29fbf7cb74829a02363a7b1fc2360789dd04e33b43457ce1d07920be88b08f499d91a853bdc165d9dc81942d23006e70ca2a33ef960bc923bf26668acc3552f5e0158cffb8281b0690392a346354d131b14a45177aa5342ef80103f0a8c73adb05ee81ae0ee554e29a8e562e9fc1c6939b12c4ee3c8f3d388bc3168f7249ae74f156d6fdaeadadfd5175d58727c1590211fb418cd145794c1dbd5b2b62ee9251a5cec94c61b5cff33da05ce9ebc63a5f3b63fdd7b8a028b9d95020e458d1381803aa6bab9d54e96eaca45c788aef6b1439b02d8057771c6d6837ef456e36b1262cb080facf18ceb1323e8ef8dc8e74fab23d2fc6d223da98e0660045b0e7ecf31481a6dc754f67b872fd441ab398d81216745ffc12a859873bff88b9f7d25f5e54daadf0dd05a3fb22356a8a5e8f70f0467ac30872ef563da40f50522b7ceaf3357b288971a0a526ddbb9565e4f78774ac70ab0042836a67b42060d59bb5c6d504ea06a8d2f4e80cb31a5d4d5b1a842f279e20ddcdc04ac4e8d8fe377719b069475b2ede851e32d443c9ba84134ec4e80ed94c15d0003d350e240ffa5ba67d7c789757cd959d601997e559af1fc8f39bc48b72cc793c2b7cb2e369abc40c7d7ee559af996663ce538012a40b79bed42ecd61cb9149941292d61a4cf0f0d84a0a0cf66c25998499d8aa7c179a015268f7d28166f9114fb3b13b453a94526c54abb5290bf1750377b40a144a555d7c4ec76558fa140c093874eea210d3b876a9236d01d12567b90b0cc11f4a57d282f9212499cbdb11d724f75e84a5f7103eb2e2f54ccbb4614ddc40c124bc88e64ef5a21939467c89f58887847d16a93edea1a160943c2f82ec95a0922f40330b933fa3e9e81559ee5fd6c875e3d8e5fdea6411c0cff1ee9f23aa17467cf61147d59a7a837b4ab4da5e41e1faba4486c97644b50d8bd9044deb06dd6e2868734f2cd82ec6bdaed262c9bc682a9be5f2664a94097a563971b1ce1ec5fb1901f97d8a900891aa47dc28a39c5a16a6a226551833d575945f7a3ee7916418aba174c249da6c054e833d7b12c0a795f5977a88a3a40eb69bcdc8aed132f161982f165a9cbb901fa2f0c4919dbd41143b08932685845271d1049768e577d5194b2a9bb3239ae2e39a9228ac74166344b064a89e83a925e1b5848ae3e0985735dd7d7275953975201503add83bd6ccb6d17a7d70d3420a23c015cbbbe1be0b84d897ca3216f0b825c0904ec7ec63c1902ad938055af1948e87e8e25f924b08fde07e27757edaba9c83d864cde5614e26a6cf219e22d8cff5bc04cc658f751fad8010297e40eae125a89c1b97b852bafddefdf4291601ed08dd5681c75ad67f8277d9311cea79cb97ab33f741fc82f7aee94089032df3d763b088ccea5b77e013d12ac5651a0032aec1ba2f7a6c1c9f8818a60d1b3fc643036d1c18daeb2c588cef94a7337c3f789a29683704da5de5d4db33f312d81b90e9bf4c67386ff14d63b84682520ab451b43d624e3b8b884dff663c1b73fd3d97d94fc03bbd365cb0ef5c5a75fb078b8ba748ae95ca97a1d3ac6061dfdeda30ee9e3c1688a15fefd0e0f126c7e9cf9aa7632de411c4f456acad95ac5040eb4a6dc9f6e607f7d2f934e0da82abcb0e7c162e4a630ac97489999d93d78e662861dff7583839a2aa363272d33fb57083c4f2094c289ec1ee17099cb4395f082fe24b8561c82ef82d58e4ea4e01f99768c9ebd51e3734e19e135c535b5dd72b810c3a8b9989c32aec13d974a50a886e9da87752be75632b3c3d629a6857e43bb9cf0dce87d5f81a81498ac7e09be529f35e9d00b23f8ee2975356f472d1faf1d775b9ded3ab1a0513a048fed6c4a18da2e0ad4b318b650ac4ba17e405de9b9a85d029f603b7a135ccef90f990dafe554e6932e66c8d3b4e7dede2b676d6d319af16321775114d770d89136bcb76cc7c9a6a50919f00a8166ea0f41be9845d5d7e120c8867b55cf74cc97fe7c8315f83dbce2df86c2f827c1e464df54583213f74245dcba2d546fb51dbcf670b165d139fad81f4faf610758966fd03fd40a098b28de8c21f07e4707fe99be2348e7b7608d8180c15b0900b6bfef90fb386075488fd4873ce0086d73c97013cc182d346063b98ce53fe47b89c3a3a8043d698bb476d9e23678adaf2a05beaf2ba91c62516aaf4b65aa36da06d4c3759c5e4b50b3bd0676a5733f6d9b906d5decdb3fee57b931d5502daed16981b4f324f6fd7df718a546dd3fe75b082b4cde90ecb43b5aac88efba033321d426c77b9af9df63e2b916c90027568267ad67ac24b2e0a5f5927b06b7fac1627c4f35dee9fbe9994883b540fddf6390817ac04bc526bd65801cfd649faa5e0d88f9ac8e613e3a55cb173a77db897dcc8d8df25aa4fbb8e28baffcb967a489feead35782fd8eaf537548e4bbe0b73a760656a57ee3ab53a602369f116a620dcd8d71c97218e84cf66b066a20ef21db8630490dfd3825f4115c0af2b82d6c8ca0b60d624a5145ff90ba7d622f1069da0e1fecebd1dbff9572c703966ea5bf64cc909a9e89f3c1999e6176220568e79ab9b095226856bcf7c2dc527b585a19c2594ed056a313ca4df7fe1b61ea6eed605c93a719ff44cd7ce6587e8ed12d33729a1fdf54f2630f2f6fd84b88706c1984dc356dd34684594c7e99cb8921ecf8167ff79c1daeda4462fd1c502f6840699b139c81de234b3413c4c853586858b3300fdc22f800a9aee066c283bb5da019bdbbdb8108469c11238f3c5e45a03faf3e65ab6bb85ac7112d53d4efd0730b7c7cfad67b09143a695679fa1a51fdabea39a0601597641628802a8823ff258cbf32819a257046f62ee08ab24ee5f0e3e8499c6a942962566a39eb53a2e7ade582dc42be7204d3fcb616388a939cb2de727033a58ebd2aa6e508219aa690b75e23066cca2a59c1d2db78f92ce2f7e46071e850789f261ea0b6314052b0d9b73863863523bfe423bc40fead5ab8a7472a5268e920374f1d3cae58305c3161c449dbe29c9fdd8f809c807180da8797ee1ba3f48bb1f9e36fa4d0a9ff3c9f422f952c66b21064fa0a891932bab74e267f96ef3b05955175031949b20adc6d9935a83f0f393a290089ed5eea3b124a727561d33b92e2a3fda3407b740549522745c89632a5131217dd0da7b622e54ff5886eccdef9"}]}, 0x1198}}, 0x48004)
write$P9_RSTATFS(r0, &(0x7f0000001640)={0x43, 0x9, 0x1, {0x9, 0x3, 0x101, 0xe53a, 0x9ce, 0x5, 0x81, 0x8001, 0x1000}}, 0x43)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000001840)={&(0x7f00000016c0), 0xc, &(0x7f0000001800)={&(0x7f0000001700)={0xdc, 0x0, 0xb04, 0x70bd28, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x8d}, @IPVS_CMD_ATTR_SERVICE={0x54, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x45}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3c}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x73}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x1d}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@broadcast}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x10, 0x32}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x10000}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xff}, @IPVS_CMD_ATTR_DEST={0x34, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0xfffffff7}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x4}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e21}]}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x4}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xff}]}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'sed\x00'}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}]}]}, 0xdc}}, 0x4040840)
pipe(&(0x7f0000001880)={<r4=>0xffffffffffffffff})
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000001900), r2)
sendmsg$IPVS_CMD_ZERO(r4, &(0x7f0000001a40)={&(0x7f00000018c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001a00)={&(0x7f0000001940)={0xb8, r5, 0x10, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x6}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0xe935}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}, @IPVS_CMD_ATTR_DAEMON={0x4}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6882}, @IPVS_CMD_ATTR_DAEMON={0x74, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x80}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @broadcast}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @private2}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast2}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @private1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_bond\x00'}]}]}, 0xb8}, 0x1, 0x0, 0x0, 0x4008085}, 0x408d0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000001a80)='./binderfs/custom0\x00', 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000001b00), r4)
sendmsg$DEVLINK_CMD_PORT_GET(r6, &(0x7f0000001bc0)={&(0x7f0000001ac0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000001b80)={&(0x7f0000001b40)={0x38, r7, 0x208, 0x70bd2d, 0x25dfdbff, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x4)
syz_genetlink_get_family_id$ipvs(&(0x7f0000001c00), r0)
sendmsg$IPVS_CMD_SET_CONFIG(r0, &(0x7f0000001d40)={&(0x7f0000001c40)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000001d00)={&(0x7f0000001cc0)={0x1c, 0x0, 0x300, 0x70bd28, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8001}]}, 0x1c}, 0x1, 0x0, 0x0, 0x14}, 0x80)

21:46:39 executing program 3:
r0 = syz_open_dev$hiddev(&(0x7f0000000000), 0x0, 0x10000)
ioctl$HIDIOCGCOLLECTIONINDEX(r0, 0x40184810, &(0x7f0000000040)={0x3, 0xffffffff, 0xf205, 0xffff, 0x0, 0x100000})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='memory.stat\x00', 0x0, 0x0)
ioctl$IOC_PR_PREEMPT_ABORT(r1, 0x401870cc, &(0x7f00000000c0)={0x8, 0x7, 0x4, 0x9})
r2 = openat$cgroup_ro(r1, &(0x7f0000000100)='blkio.throttle.io_serviced_recursive\x00', 0x0, 0x0)
ioctl$HIDIOCGCOLLECTIONINDEX(r2, 0x40184810, &(0x7f0000000140)={0x3, 0x2, 0xd4, 0x30000000, 0x0, 0x3ff})
openat$cgroup_devices(r2, &(0x7f0000000180)='devices.allow\x00', 0x2, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000200), r4)
syz_genetlink_get_family_id$devlink(&(0x7f0000000240), r3)
ioctl$HIDIOCGDEVINFO(r0, 0x801c4803, &(0x7f0000000280)=""/124)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000340), r1)
sendmsg$DEVLINK_CMD_TRAP_GET(r4, &(0x7f00000004c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000480)={&(0x7f0000000380)={0xc4, r5, 0x200, 0x70bd2a, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}]}, 0xc4}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000041)
ioctl$HIDIOCGVERSION(r3, 0x80044801, &(0x7f0000000500))
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000540)=[@mss={0x2, 0x5}, @mss={0x2, 0x9}, @sack_perm, @timestamp, @window={0x3, 0x8, 0x7}], 0x5)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_FLUSH(r6, &(0x7f0000000640)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x24, 0x0, 0x200, 0x70bd27, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x80000001}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000010}, 0x40010c2)
ioctl$BLKRAGET(0xffffffffffffffff, 0x1263, &(0x7f00000006c0))

21:46:39 executing program 4:
sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xc840}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x5c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfd, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x9}}, {@pci={{0x8}, {0x11}}, {0x8}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4}, 0x8040)
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='blkio.throttle.io_service_bytes\x00', 0x0, 0x0)
syz_genetlink_get_family_id$gtp(&(0x7f0000000140), r0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000280)={'batadv0\x00', <r1=>0x0})
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x54, 0x0, 0x200, 0x70bd27, 0x25dfdbfd, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xfffffffa}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x6c}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x9}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xb32}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000000}, 0x10000800)
sendmsg$IPVS_CMD_DEL_DEST(r0, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, 0x0, 0x10, 0x70bd2b, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DAEMON={0x14, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x8}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x20004080}, 0x1)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000004c0)={{{@in6=@remote, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in6=@dev}, 0x0, @in=@dev}}, &(0x7f00000005c0)=0xe8)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000640), r0)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r0, &(0x7f0000000740)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0xa000801}, 0xc, &(0x7f0000000700)={&(0x7f0000000680)={0x70, r3, 0x0, 0x70bd28, 0x25dfdbfc, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x44}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xce}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @random="ebee3ee7435f"}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}]}, 0x70}, 0x1, 0x0, 0x0, 0x85}, 0x0)
r4 = socket$unix(0x1, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000780))
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0)
sendmsg$BATADV_CMD_GET_VLAN(r0, &(0x7f00000008c0)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000880)={&(0x7f0000000840)={0x1c, r5, 0x400, 0x70bd26, 0x25dfdbfb, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x20000000)
ioctl$HIDIOCGUCODE(0xffffffffffffffff, 0xc018480d, &(0x7f0000000900)={0x2, 0xffffffff, 0x5, 0x0, 0x4, 0x1f})
pipe(&(0x7f0000000940)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$HIDIOCGCOLLECTIONINFO(r6, 0xc0104811, &(0x7f0000000980)={0x7, 0x6, 0x7, 0x843})
pipe(&(0x7f00000009c0)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$HIDIOCGFLAG(r7, 0x8004480e, &(0x7f0000000a00))
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r8, &(0x7f0000000b00)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x24, r3, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r2}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x100}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
syz_open_dev$hiddev(&(0x7f0000000b40), 0x8, 0x30102)

[   60.763190] audit: type=1400 audit(1677447999.582:6): avc:  denied  { execmem } for  pid=259 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
21:46:39 executing program 5:
r0 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00', <r1=>0x0})
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x54, r0, 0x20, 0x70bd28, 0x25dfdbfc, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r1}]}, 0x54}, 0x1, 0x0, 0x0, 0x20020090}, 0x4000010)
socketpair(0x18, 0x800, 0x5, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x4e21, 0x8f, @private1}}, 0x0, 0x0, 0xc, 0x0, "c8b2ab31b29c52b0379fe23d8091eb898b49e4e3eae7dfde06fd8ea833306d113c76cfa00f33b59f8eb3d8d631261ff648a09ec866629929a9807eebe52de693db48f6d56fcfeb52c8715f9410eb99f6"}, 0xd8)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000300)={'batadv_slave_1\x00'})
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.kill\x00', 0x0, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='cpuacct.usage_percpu_user\x00', 0x0, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000380), r5)
sendmsg$IPVS_CMD_GET_DEST(r4, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x48, 0x0, 0x800, 0x70bd26, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7fff}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1000}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x100}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x4}]}, 0x48}, 0x1, 0x0, 0x0, 0x804}, 0x4008005)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000540)={'wlan0\x00'})
r7 = syz_genetlink_get_family_id$batadv(&(0x7f00000005c0), r3)
ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r4, 0x89f7, &(0x7f0000000680)={'syztnl1\x00', &(0x7f0000000600)={'sit0\x00', <r8=>r1, 0x4, 0x12, 0x2, 0x7fff, 0x54, @dev={0xfe, 0x80, '\x00', 0x26}, @mcast1, 0x80, 0x700, 0x9, 0xff}})
sendmsg$BATADV_CMD_GET_VLAN(r4, &(0x7f0000000740)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x2c, r7, 0x100, 0x70bd29, 0x25dfdbfb, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r8}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x8000)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r9, 0x6, 0x15, &(0x7f0000000780)=0x1, 0x4)
connect$bt_sco(0xffffffffffffffff, &(0x7f00000007c0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8)
ioctl$sock_inet6_tcp_SIOCOUTQ(r2, 0x5411, &(0x7f0000000800))
ioctl$sock_ipv6_tunnel_SIOCADDPRL(0xffffffffffffffff, 0x89f5, &(0x7f0000000900)={'syztnl2\x00', &(0x7f0000000880)={'sit0\x00', 0x0, 0x4, 0x0, 0x3f, 0x100, 0x4, @ipv4={'\x00', '\xff\xff', @remote}, @empty, 0x8000, 0x80, 0x5, 0x1000}})

21:46:39 executing program 6:
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)={0x0, 0x0, @c}, 0x29, 0xffffffffffffffff)
semctl$GETVAL(0x0, 0x0, 0xc, &(0x7f00000000c0)=""/31)
pipe(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$IPVS_CMD_SET_DEST(r1, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x3c, r2, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0xc, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x2b}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9}, @IPVS_CMD_ATTR_DAEMON={0x14, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x800)
r3 = openat$cgroup_ro(r1, &(0x7f0000000280)='memory.events.local\x00', 0x0, 0x0)
sendmsg$IPVS_CMD_GET_SERVICE(r3, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x78, r2, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DAEMON={0x14, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}]}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x100}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x20}, @IPVS_CMD_ATTR_DEST={0x34, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x315}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x3}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000)
sendmsg$IPVS_CMD_DEL_SERVICE(r1, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x70, r2, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DEST={0x2c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_TYPE={0x5}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x10000}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0xfffff801}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x5}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8}]}, @IPVS_CMD_ATTR_DAEMON={0x14, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0xd3d}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x2040004}, 0x804)
pselect6(0x40, &(0x7f0000000540)={0x1, 0x5, 0x100000000, 0x3, 0x4, 0x7, 0x5, 0xffffffffffff71be}, &(0x7f0000000580)={0xfffffffffffffff8, 0x2, 0x5, 0x0, 0x40, 0x6, 0x5, 0x3}, &(0x7f00000005c0)={0x0, 0x7, 0x9, 0x4, 0x7, 0xfffffffffffff000, 0x8000, 0x401}, &(0x7f0000000600), &(0x7f0000000680)={&(0x7f0000000640)={[0x400]}, 0x8})
sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x1c, 0x0, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x41}, 0x24004041)
socketpair(0x27, 0xa, 0x5, &(0x7f0000000800)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
syz_genetlink_get_family_id$ipvs(&(0x7f00000007c0), r5)
r6 = openat$cgroup_ro(r1, &(0x7f0000000840)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
sendmsg$IPVS_CMD_DEL_DEST(r6, &(0x7f0000000940)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000900)={&(0x7f00000008c0)={0x40, r2, 0x2, 0x70bd29, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x59}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x9}, @IPVS_DEST_ATTR_WEIGHT={0x8}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x40040080}, 0x0)
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, &(0x7f0000000ac0)={0x14, &(0x7f0000000980)={0x40, 0xe, 0xc3, {0xc3, 0x6, "6d45303ad93b855c48ba61ecb56c6f45696e66edc924cad173c55623b414eb7fac493b9001a9f97d969cfee1a2f408888f545fc8604fb3d881f4f26ca06f454b03345b4333e181b499c0fb37c6c2fc89174daf0284f94ad6079a79aceb7c0f09f4735d6b108cff6eb9ad94b5df26f8a332c52d91b4022523e48b5807dab4079a673b8811696bc80719f17a8e4ad041b07514d99f2c4d4a52e54e227aed0d5c88f6c41d46ba4df2809fd60a99186557d8339e62fe9101009cfd693ab598232a7e73"}}, &(0x7f0000000a80)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000cc0)={0x1c, &(0x7f0000000b00)={0x0, 0x9, 0xfe, "9a0f11dbb6f4e50cc2d579882c63365c66dd5627fe318318c5df305f1a00ff6b769ca2993c16bf3ad4dc7390f5c34a43336cdcc99389aac753a5cace93ec2c38dea1e95b1410ae3e67a6210acf258fcc5ed618cf419ef5ae0684bbd842385de7a7d9f5d464d9ffcdfd2d791401cdb8a9824cdff65619e7d4414d1a1bd896456c596bf6ff396f4f378388f6c887002526423b7ac1ac78fb8fba214781f7b56a36794c36ca28d931afd6bf637bda1ff01427135668adf3537f1c026d117504ed29f9ca09c3cc9893a7d986e48ce78427f78643ca29a2d8ef8b2c374d18b0103aa900ecdf0d5a530a13fee5539e2699fa920dc1839ddce10bc4e56dc966401c"}, &(0x7f0000000c40)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000000c80)={0x0, 0x8, 0x1}})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000d40)={'batadv0\x00', <r7=>0x0})
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000e40)={&(0x7f0000000d00)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000e00)={&(0x7f0000000d80)={0x54, 0x0, 0x4, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x7}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x2}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x200}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}]}, 0x54}, 0x1, 0x0, 0x0, 0x80c0}, 0x4004000)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r4, &(0x7f0000000f40)={&(0x7f0000000e80)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000f00)={&(0x7f0000000ec0)={0x3c, 0x0, 0x2, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x100}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000}, 0x40091)
r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000fc0), r0)
sendmsg$IPVS_CMD_GET_INFO(r0, &(0x7f00000010c0)={&(0x7f0000000f80)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000001080)={&(0x7f0000001000)={0x68, r8, 0x4, 0x70bd2c, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x5}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xffffbe09}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x2}]}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x9}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x9}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x8001}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e24}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x1}, 0x80)

21:46:39 executing program 7:
connect$bt_sco(0xffffffffffffffff, &(0x7f0000000000)={0x1f, @none}, 0x8)
connect$unix(0xffffffffffffffff, &(0x7f0000000040)=@abs={0x1, 0x0, 0x4e22}, 0x6e)
connect$unix(0xffffffffffffffff, &(0x7f00000000c0)=@abs={0x1, 0x0, 0x4e21}, 0x6e)
timerfd_gettime(0xffffffffffffffff, &(0x7f0000000140))
ioctl$IOC_PR_PREEMPT_ABORT(0xffffffffffffffff, 0x401870cc, &(0x7f0000000180)={0x7f, 0x1ff, 0x0, 0x1000})
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000200)=[@window={0x3, 0x81, 0x3ff}, @mss={0x2, 0x101}, @timestamp, @window={0x3, 0x7, 0x1}, @sack_perm, @mss={0x2, 0x200}, @window={0x3, 0x6, 0x8000}, @timestamp], 0x8)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x34, 0x0, 0x200, 0x70bd2d, 0x25dfdbff, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xb}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x5}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x40440c0}, 0x801)
pipe(&(0x7f0000000340)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockname$unix(r0, &(0x7f0000000380)=@abs, &(0x7f0000000400)=0x6e)
setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000440), 0x4)
setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, &(0x7f0000000480)="2f3128fd466f4a2d34efb71506daff25", 0x10)
ioctl$HIDIOCGDEVINFO(r1, 0x801c4803, &(0x7f00000004c0)=""/101)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000580), r1)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x34, r2, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x3f}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x9}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x8001}]}, 0x34}, 0x1, 0x0, 0x0, 0x14}, 0x40000)
pipe(&(0x7f0000000680)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
getsockopt$inet6_tcp_buf(r3, 0x6, 0x1f, &(0x7f00000006c0)=""/21, &(0x7f0000000700)=0x15)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000740)='./binderfs2/binder1\x00', 0x1002, 0x0)
socketpair(0x8, 0x5, 0x1, &(0x7f0000000780)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r4, 0x6, 0x16, &(0x7f00000007c0)=[@mss={0x2, 0x2}, @mss={0x2, 0x6}, @sack_perm], 0x3)

[   62.006906] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   62.009151] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   62.010597] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   62.013507] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   62.022915] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   62.024155] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   62.075762] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   62.077592] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   62.080210] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   62.101616] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   62.104999] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   62.106949] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   62.108290] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   62.109566] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   62.111052] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   62.134632] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   62.136170] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   62.137458] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   62.143001] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   62.151576] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   62.157045] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   62.158149] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   62.159842] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   62.160154] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   62.160961] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   62.161484] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   62.164053] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   62.165578] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   62.166976] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   62.181872] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   62.184064] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   62.186727] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[   62.187752] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   62.189002] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   62.190802] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[   62.203553] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   62.215985] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   62.223590] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   62.225105] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   62.233235] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   62.272406] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   62.274396] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   64.096876] Bluetooth: hci0: command 0x0409 tx timeout
[   64.159425] Bluetooth: hci2: command 0x0409 tx timeout
[   64.160512] Bluetooth: hci4: Opcode 0x c03 failed: -110
[   64.162277] 
[   64.162492] ======================================================
[   64.163175] WARNING: possible circular locking dependency detected
[   64.163841] 6.2.0-next-20230224 #1 Not tainted
[   64.164340] ------------------------------------------------------
[   64.167446] syz-executor.5/275 is trying to acquire lock:
[   64.169813] ffff8880103a4880 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: __flush_work+0xdd/0xd80
[   64.171035] 
[   64.171035] but task is already holding lock:
[   64.171699] ffff8880103a4920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250
[   64.172778] 
[   64.172778] which lock already depends on the new lock.
[   64.172778] 
[   64.173669] 
[   64.173669] the existing dependency chain (in reverse order) is:
[   64.174483] 
[   64.174483] -> #1 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}:
[   64.175328]        __mutex_lock+0x133/0x14a0
[   64.175853]        hci_cmd_sync_work+0x1e6/0x320
[   64.176408]        process_one_work+0xa0f/0x1790
[   64.176965]        worker_thread+0x63b/0x1260
[   64.177483]        kthread+0x2e9/0x3a0
[   64.177939]        ret_from_fork+0x2c/0x50
[   64.178429] 
[   64.178429] -> #0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}:
[   64.179366]        __lock_acquire+0x2d56/0x6380
[   64.179910]        lock_acquire.part.0+0xea/0x320
[   64.180473]        __flush_work+0x109/0xd80
[   64.180987]        __cancel_work_timer+0x39c/0x4e0
[   64.181544]        hci_cmd_sync_clear+0x52/0x250
[   64.182085]        hci_unregister_dev+0xf9/0x410
[   64.182649]        vhci_release+0x80/0x100
[   64.183164]        __fput+0x263/0xa40
[   64.183616]        task_work_run+0x174/0x280
[   64.184125]        do_exit+0xad8/0x2800
[   64.184586]        do_group_exit+0xd4/0x2a0
[   64.185089]        __x64_sys_exit_group+0x3e/0x50
[   64.185655]        do_syscall_64+0x3f/0x90
[   64.186142]        entry_SYSCALL_64_after_hwframe+0x72/0xdc
[   64.186799] 
[   64.186799] other info that might help us debug this:
[   64.186799] 
[   64.187671]  Possible unsafe locking scenario:
[   64.187671] 
[   64.188320]        CPU0                    CPU1
[   64.188827]        ----                    ----
[   64.189353]   lock(&hdev->cmd_sync_work_lock);
[   64.189860]                                lock((work_completion)(&hdev->cmd_sync_work));
[   64.190787]                                lock(&hdev->cmd_sync_work_lock);
[   64.191565]   lock((work_completion)(&hdev->cmd_sync_work));
[   64.192203] 
[   64.192203]  *** DEADLOCK ***
[   64.192203] 
[   64.192848] 1 lock held by syz-executor.5/275:
[   64.193347]  #0: ffff8880103a4920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250
[   64.194472] 
[   64.194472] stack backtrace:
[   64.194963] CPU: 1 PID: 275 Comm: syz-executor.5 Not tainted 6.2.0-next-20230224 #1
[   64.195810] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[   64.196710] Call Trace:
[   64.197008]  <TASK>
[   64.197269]  dump_stack_lvl+0x91/0xf0
[   64.197716]  check_noncircular+0x263/0x2e0
[   64.198202]  ? __pfx_check_noncircular+0x10/0x10
[   64.198777]  __lock_acquire+0x2d56/0x6380
[   64.199281]  ? lock_is_held_type+0x9f/0x120
[   64.199786]  ? __pfx___lock_acquire+0x10/0x10
[   64.200324]  ? __pfx_register_lock_class+0x10/0x10
[   64.200892]  ? __wait_for_common+0x394/0x550
[   64.201415]  ? __pfx_lock_release+0x10/0x10
[   64.201918]  lock_acquire.part.0+0xea/0x320
[   64.202436]  ? __flush_work+0xdd/0xd80
[   64.202906]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   64.203475]  ? __flush_work+0xdd/0xd80
[   64.203939]  ? rcu_read_lock_sched_held+0x42/0x80
[   64.204485]  ? trace_lock_acquire+0x170/0x1e0
[   64.205018]  ? __flush_work+0xdd/0xd80
[   64.205478]  ? lock_acquire+0x32/0xc0
[   64.205931]  ? __flush_work+0xdd/0xd80
[   64.206402]  __flush_work+0x109/0xd80
[   64.206871]  ? __flush_work+0xdd/0xd80
[   64.207328]  ? __pfx_mark_lock.part.0+0x10/0x10
[   64.207867]  ? __pfx___flush_work+0x10/0x10
[   64.208372]  ? lock_acquire.part.0+0xea/0x320
[   64.208898]  ? hci_cmd_sync_clear+0x45/0x250
[   64.209417]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   64.209993]  ? hci_cmd_sync_clear+0x45/0x250
[   64.210503]  ? rcu_read_lock_sched_held+0x42/0x80
[   64.211058]  ? trace_lock_acquire+0x170/0x1e0
[   64.211556]  ? lock_is_held_type+0x9f/0x120
[   64.212037]  ? mark_held_locks+0x9e/0xe0
[   64.212498]  __cancel_work_timer+0x39c/0x4e0
[   64.212981]  ? __pfx___cancel_work_timer+0x10/0x10
[   64.213515]  ? __cancel_work_timer+0x2aa/0x4e0
[   64.214023]  ? __pfx___cancel_work_timer+0x10/0x10
[   64.214569]  ? lock_release+0x1e3/0x710
[   64.215029]  ? __pfx_lock_release+0x10/0x10
[   64.215522]  ? do_raw_write_lock+0x11e/0x3b0
[   64.216012]  ? __pfx_vhci_release+0x10/0x10
[   64.216487]  hci_cmd_sync_clear+0x52/0x250
[   64.216947]  ? __pfx_vhci_release+0x10/0x10
[   64.217435]  hci_unregister_dev+0xf9/0x410
[   64.217897]  vhci_release+0x80/0x100
[   64.218320]  __fput+0x263/0xa40
[   64.218708]  task_work_run+0x174/0x280
[   64.219142]  ? __pfx_task_work_run+0x10/0x10
[   64.219637]  ? do_raw_spin_unlock+0x53/0x220
[   64.220121]  do_exit+0xad8/0x2800
[   64.220511]  ? lock_release+0x1e3/0x710
[   64.220968]  ? __pfx_lock_release+0x10/0x10
[   64.221456]  ? do_raw_spin_lock+0x125/0x270
[   64.221928]  ? __pfx_do_exit+0x10/0x10
[   64.222363]  do_group_exit+0xd4/0x2a0
[   64.222801]  __x64_sys_exit_group+0x3e/0x50
[   64.223270]  do_syscall_64+0x3f/0x90
[   64.223681]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[   64.224243] RIP: 0033:0x7f7c1e6c1b19
[   64.224653] Code: Unable to access opcode bytes at 0x7f7c1e6c1aef.
[   64.225305] RSP: 002b:00007ffd8b0195c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   64.226366] RAX: ffffffffffffffda RBX: 00007ffd8b019da8 RCX: 00007f7c1e6c1b19
[   64.227220] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043
[   64.228091] RBP: 0000000000000000 R08: 0000000000000026 R09: 00007ffd8b019da8
[   64.228837] R10: 0000000000000020 R11: 0000000000000246 R12: 00007f7c1e71b233
[   64.229572] R13: 0000000000000002 R14: 0000000000000000 R15: 00000000000000f8
[   64.230327]  </TASK>
[   64.230778] Bluetooth: hci1: command 0x0409 tx timeout
[   64.231558] Bluetooth: hci3: command 0x0409 tx timeout
[   64.287406] Bluetooth: hci7: command 0x0409 tx timeout
[   64.287976] Bluetooth: hci6: command 0x0409 tx timeout
[   64.351387] Bluetooth: hci5: command 0x0409 tx timeout
[   66.144567] Bluetooth: hci0: command 0x041b tx timeout
[   66.207345] Bluetooth: hci2: command 0x041b tx timeout
[   66.271429] Bluetooth: hci3: command 0x041b tx timeout
[   66.271838] Bluetooth: hci1: command 0x041b tx timeout
[   66.335336] Bluetooth: hci6: command 0x041b tx timeout
[   66.335745] Bluetooth: hci7: command 0x041b tx timeout
[   66.399340] Bluetooth: hci5: command 0x041b tx timeout
[   68.191348] Bluetooth: hci0: command 0x040f tx timeout
[   68.255362] Bluetooth: hci2: command 0x040f tx timeout
[   68.319346] Bluetooth: hci1: command 0x040f tx timeout
[   68.319397] Bluetooth: hci3: command 0x040f tx timeout
[   68.383378] Bluetooth: hci7: command 0x040f tx timeout
[   68.383449] Bluetooth: hci6: command 0x040f tx timeout
[   68.447479] Bluetooth: hci5: command 0x040f tx timeout
[   68.831326] Bluetooth: hci4: Opcode 0x c03 failed: -110
[   70.239396] Bluetooth: hci0: command 0x0419 tx timeout
[   70.303374] Bluetooth: hci2: command 0x0419 tx timeout
[   70.367359] Bluetooth: hci3: command 0x0419 tx timeout
[   70.367541] Bluetooth: hci1: command 0x0419 tx timeout
[   70.431374] Bluetooth: hci7: command 0x0419 tx timeout
[   70.431403] Bluetooth: hci6: command 0x0419 tx timeout
[   70.495399] Bluetooth: hci5: command 0x0419 tx timeout
[   73.119427] Bluetooth: hci4: Opcode 0x c03 failed: -110

VM DIAGNOSIS:
21:46:43  Registers:
info registers vcpu 0
RAX=ffffffff8185acb1 RBX=ffffffff86119ce5 RCX=0000000000000001 RDX=ffff8880191d7a01
RSI=ffff8880191d7a98 RDI=ffff8880191d7a98 RBP=ffff8880191d7720 RSP=ffff8880191d7658
R8 =ffffffff86119ce4 R9 =ffff8880191d7708 R10=0000000000038001 R11=0000000000000001
R12=ffff8880191d7728 R13=ffff8880191d76c8 R14=ffff8880191d7aa0 R15=0000000000000001
RIP=ffffffff81133240 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fbe7bdf1540 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe11f4d5b000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe11f4d59000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffc8a54edc8 CR3=000000000eaea000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=25252525252525252525252525252525 XMM01=00ff0000000000000000000000ff0000
XMM02=00000000000000000000000000000000 XMM03=756e20796d6d756420736e6f6974706f
XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=73253d656d616e6c6165722073253d73 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=dffffc0000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9
RSI=ffffffff825027d0 RDI=ffffffff87f10da0 RBP=ffffffff87f10d60 RSP=ffff88803382f198
R8 =0000000000000001 R9 =ffff88803382f123 R10=ffffed1006705e24 R11=0000000000000001
R12=000000000000003d R13=ffffffff87f10d60 R14=ffffffff87f10db0 R15=ffffffff87f11018
RIP=ffffffff82502825 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe7562c4a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe7562c48000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f7999159260 CR3=000000000f41a000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=756e696c2d34365f3638782f62696c2f XMM01=2e6f747079726362696c2f756e672d78
XMM02=00312e312e6f732e6f74707972636269 XMM03=6c2f756e672d78756e696c2d34365f36
XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000