Warning: Permanently added '[localhost]:52064' (ECDSA) to the list of known hosts. 2023/02/27 10:10:00 fuzzer started 2023/02/27 10:10:00 dialing manager at localhost:41417 syzkaller login: [ 39.173836] cgroup: Unknown subsys name 'net' [ 39.258155] cgroup: Unknown subsys name 'rlimit' 2023/02/27 10:10:14 syscalls: 212 2023/02/27 10:10:14 code coverage: enabled 2023/02/27 10:10:14 comparison tracing: enabled 2023/02/27 10:10:14 extra coverage: enabled 2023/02/27 10:10:14 setuid sandbox: enabled 2023/02/27 10:10:14 namespace sandbox: enabled 2023/02/27 10:10:14 Android sandbox: enabled 2023/02/27 10:10:14 fault injection: enabled 2023/02/27 10:10:14 leak checking: enabled 2023/02/27 10:10:14 net packet injection: enabled 2023/02/27 10:10:14 net device setup: enabled 2023/02/27 10:10:14 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2023/02/27 10:10:14 devlink PCI setup: PCI device 0000:00:10.0 is not available 2023/02/27 10:10:14 USB emulation: enabled 2023/02/27 10:10:14 hci packet injection: enabled 2023/02/27 10:10:14 wifi device emulation: enabled 2023/02/27 10:10:14 802.15.4 emulation: enabled 2023/02/27 10:10:14 fetching corpus: 0, signal 0/0 (executing program) 2023/02/27 10:10:15 starting 8 fuzzer processes 10:10:15 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan3\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_SET_SHORT_ADDR(r0, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r1, 0x710, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r3}, @NL802154_ATTR_SHORT_ADDR={0x6, 0xa, 0xaaa1}, @NL802154_ATTR_SHORT_ADDR={0x6, 0xa, 0xaaa1}]}, 0x4c}, 0x1, 0x0, 0x0, 0xc000000}, 0x0) sendmsg$NL802154_CMD_SET_SEC_PARAMS(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x34, r1, 0x100, 0x70bd25, 0x25dfdbff, {}, [@NL802154_ATTR_SEC_OUT_LEVEL={0x8, 0x1f, 0x6}, @NL802154_ATTR_SEC_OUT_KEY_ID={0x18, 0x20, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x6}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x4011) r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), r0) sendmsg$NL802154_CMD_SET_ACKREQ_DEFAULT(r0, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, r4, 0x400, 0x70bd29, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000008}, 0x8000) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000480)={'wpan1\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000004c0)={'wpan4\x00', 0x0}) sendmsg$NL802154_CMD_GET_SEC_DEV(r0, &(0x7f0000000580)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x3c, r1, 0x300, 0x70bd2a, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r5}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}]}, 0x3c}, 0x1, 0x0, 0x0, 0x44004}, 0x801) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000600)={'wpan4\x00', 0x0}) sendmsg$NL802154_CMD_SET_SHORT_ADDR(r0, &(0x7f0000000700)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)={0x58, r1, 0x400, 0x5, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_SHORT_ADDR={0x6, 0xa, 0xaaa1}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SHORT_ADDR={0x6, 0xa, 0xaaa3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x58}, 0x1, 0x0, 0x0, 0x90}, 0x4000880) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000780)={'wpan3\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_DEV(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000880)={&(0x7f00000007c0)={0xbc, r4, 0x402, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_SEC_DEVICE={0x10, 0x23, 0x0, 0x1, [@NL802154_DEV_ATTR_EXTENDED_ADDR={0xc, 0x4, {0xaaaaaaaaaaaa0102}}]}, @NL802154_ATTR_SEC_DEVICE={0xc, 0x23, 0x0, 0x1, [@NL802154_DEV_ATTR_SHORT_ADDR={0x6, 0x3, 0xfffe}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_SEC_DEVICE={0x18, 0x23, 0x0, 0x1, [@NL802154_DEV_ATTR_EXTENDED_ADDR={0xc, 0x4, {0xaaaaaaaaaaaa0102}}, @NL802154_DEV_ATTR_SHORT_ADDR={0x6, 0x3, 0xaaa3}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_SEC_DEVICE={0x4c, 0x23, 0x0, 0x1, [@NL802154_DEV_ATTR_EXTENDED_ADDR={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ATTR_FRAME_COUNTER={0x6, 0x1, 0x3a}, @NL802154_DEV_ATTR_SHORT_ADDR={0x6, 0x3, 0xaaa2}, @NL802154_DEV_ATTR_PAN_ID={0x6, 0x2, 0x1}, @NL802154_DEV_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEV_ATTR_SHORT_ADDR={0x6, 0x3, 0xaaa2}, @NL802154_DEV_ATTR_KEY_MODE={0x8}, @NL802154_DEV_ATTR_KEY_MODE={0x8, 0x6, 0x2}]}]}, 0xbc}, 0x1, 0x0, 0x0, 0x4000881}, 0x40801) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) sendmsg$TIPC_CMD_SET_LINK_TOL(0xffffffffffffffff, &(0x7f0000000a00)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000009c0)={&(0x7f0000000940)={0x68, 0x0, 0x20, 0x70bd28, 0x25dfdbfc, {{}, {}, {0x4c, 0x18, {0x7fffffff, @link='syz1\x00'}}}, ["", ""]}, 0x68}, 0x1, 0x0, 0x0, 0xc800}, 0x20000000) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_SEC_PARAMS(r9, &(0x7f0000000b00)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x1c, r4, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@NL802154_ATTR_SEC_FRAME_COUNTER={0x8, 0x21, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x44040}, 0x8000) sendmsg$NL802154_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000c40)={&(0x7f0000000b40)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000c00)={&(0x7f0000000bc0)={0x38, 0x0, 0x2, 0x70bd25, 0x25dfdbfc, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, {0xaaaaaaaaaaaa0002}}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, {0xaaaaaaaaaaaa0202}}]}, 0x38}, 0x1, 0x0, 0x0, 0xc010}, 0x8) 10:10:15 executing program 0: ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000000)=0x0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/34, 0x22}, {&(0x7f0000000080)=""/225, 0xe1}, {&(0x7f0000000180)=""/34, 0x22}], 0x3) r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000200), 0x2c6000, 0x0) ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000240)={0x4, 0x2, {0x26517a83, @struct={0x8}, 0x0, 0x2, 0x4e1, 0x1, 0x7, 0xcc8, 0x80, @struct={0x622, 0x80000000}, 0x7f, 0x3, [0x8001, 0x9, 0x1, 0x2, 0x3, 0x1]}, {0x6cb, @struct={0x3, 0x3}, 0x0, 0x8, 0x8, 0x5, 0x4, 0x0, 0xa0, @struct={0x0, 0x4}, 0x1, 0x4, [0x8, 0x7, 0xffffffffffffff80, 0x4, 0x2, 0x7]}, {0x9, @struct={0x0, 0x101}, 0x0, 0x0, 0x2, 0x80000000, 0x100, 0x81, 0x50, @struct={0x0, 0x5}, 0xffff, 0x0, [0x9, 0x7fffffff, 0x10, 0xc, 0x3f, 0x7f]}, {0x200, 0x8001, 0x100000001}}) ioctl$BTRFS_IOC_RESIZE(r1, 0x50009403, &(0x7f0000000640)={{}, {@val={r3}, @max}}) ioctl$SG_EMULATED_HOST(r1, 0x2203, &(0x7f0000000680)) io_uring_enter(r1, 0x5fa8, 0x488e, 0x0, &(0x7f00000006c0)={[0x7]}, 0x8) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000000700)={0x80000000, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0}], 0x8, "c825f3dcfb1e27"}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r1, 0xc0709411, &(0x7f0000001700)={{r5, 0x1ff, 0x286, 0x7, 0x80000000, 0x8, 0xb4c4, 0x5, 0x945, 0x3, 0x1, 0x101, 0x3, 0xfe, 0x1ff}, 0x8, [0x0]}) r6 = syz_io_uring_complete(0x0) io_uring_register$IORING_UNREGISTER_EVENTFD(r6, 0x5, 0x0, 0x0) write$P9_RFLUSH(r1, &(0x7f0000001780)={0x7, 0x6d, 0x1}, 0x7) creat(&(0x7f00000017c0)='./file0\x00', 0x0) r7 = syz_io_uring_setup(0x5bde, &(0x7f0000001800)={0x0, 0x604e, 0x10, 0x2, 0x6d}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000001880), &(0x7f00000018c0)) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4acdfcd8889b048a, 0x10, r7, 0x10000000) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r1, 0xc0c89425, &(0x7f0000001900)={"11eb8b0fe65293922507db8e8d039e20", r0, 0x0, {0x10001, 0x1}, {0x68, 0xcc6}, 0x90f0, [0xffffffffffff5751, 0x100000001, 0x7, 0x9, 0x0, 0x1, 0x9, 0x7, 0x7, 0x1ff, 0x8, 0xffffffff, 0x2, 0x8001, 0x1, 0x8]}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000001a00)={"dff34fa3b0eefdf0030daa98c6a6eabc", r0, r0, {0x5, 0x2}, {0x13, 0x4}, 0x4, [0x5, 0x0, 0x7, 0x5, 0xd6, 0x9, 0x7f, 0xfb1, 0x0, 0xffffffffffffff86, 0x9, 0xeb5, 0x6, 0x1, 0x6, 0x6]}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r7, 0xc0c89425, &(0x7f0000001b00)={"dab3bb7ad3444b1cad31c8185c813a88", r8, r9, {0x2, 0x1000}, {0xbc, 0x101}, 0x2480, [0x1f, 0x5, 0x80000000, 0x4, 0x40, 0xf7, 0x9, 0xffff, 0xffff, 0x5f9, 0x5015, 0xffff, 0x9, 0x4, 0x7, 0x1]}) r10 = memfd_secret(0x80000) ioctl$BTRFS_IOC_BALANCE_V2(r10, 0xc4009420, &(0x7f0000002000)={0x1, 0x1, {0x5, @usage=0x7fffffff, 0x0, 0xffffffff, 0x4c, 0x6, 0x1, 0x5, 0x48, @struct={0xffffffff, 0xd216}, 0x7ff, 0x2, [0x3, 0x23, 0x0, 0x9, 0x9]}, {0x4, @struct={0x8000, 0x6}, r4, 0x3, 0x21, 0x9, 0x0, 0x5, 0x22, @usage=0x6, 0x7cda, 0x7fffffff, [0xfffffffffffffffd, 0x5a8, 0x6, 0x7147b07f, 0x1000, 0x9]}, {0x8001, @struct={0x9, 0x101}, r2, 0x10001, 0x8000, 0x1000, 0x8, 0x7, 0x400, @usage=0x40, 0x400, 0x1ff, [0x3, 0x400, 0xe84, 0x33, 0xfffffffffffffff9, 0xf7]}, {0x401, 0x101, 0x7}}) 10:10:15 executing program 1: ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xffffffffffffffff}}, './file0\x00'}) write$P9_RLERRORu(r1, &(0x7f0000000040)={0x14, 0x7, 0x1, {{0x7, ')/*,$!^'}}}, 0x14) ioctl$SG_GET_ACCESS_COUNT(r0, 0x2289, &(0x7f0000000080)) r2 = openat$incfs(0xffffffffffffffff, &(0x7f00000000c0)='.log\x00', 0x10800, 0x4) getsockopt$inet6_mreq(r2, 0x29, 0x14, &(0x7f0000000100)={@mcast2, 0x0}, &(0x7f0000000140)=0x14) socketpair(0x2a, 0x2, 0x81, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f00000001c0)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0}) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r4, 0x50009418, &(0x7f00000003c0)={{r1}, r6, 0x10, @unused=[0x1, 0x80, 0x1, 0x1], @subvolid=0x7}) r7 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r7, 0x89f2, &(0x7f0000001440)={'ip6_vti0\x00', &(0x7f00000013c0)={'syztnl1\x00', r3, 0x4, 0x8, 0x80, 0x80000001, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, @empty, 0x7, 0x20, 0x0, 0x7}}) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000001480)={'wlan0\x00'}) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r2, 0x84009422, &(0x7f00000014c0)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000001980)={'syztnl0\x00', &(0x7f0000001900)={'sit0\x00', 0x0, 0x29, 0x3f, 0x1, 0x8, 0x0, @mcast2, @dev={0xfe, 0x80, '\x00', 0x41}, 0x10, 0x8000, 0x3, 0xfadb}}) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000001e00)={&(0x7f00000018c0)={0x10, 0x0, 0x0, 0x221000}, 0xc, &(0x7f0000001dc0)={&(0x7f00000019c0)={0x3d8, 0x0, 0x0, 0x70bd2c, 0x25dfdbfc, {}, [@WGDEVICE_A_IFINDEX={0x8, 0x1, r8}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}, @WGDEVICE_A_PEERS={0x3a0, 0x8, 0x0, 0x1, [{0x88, 0x0, 0x0, 0x1, [@WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x40}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e23, @local}}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e23, 0xdde, @private1={0xfc, 0x1, '\x00', 0x1}, 0x52}}]}, {0x314, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x310, 0x9, 0x0, 0x1, [{0xc4, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010101}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x1}}]}, {0x64, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x2}}]}, {0x64, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @private=0xa010101}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x3}}]}, {0x58, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}]}, {0x10c, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x11}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x2}}]}]}]}]}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e20}]}, 0x3d8}, 0x1, 0x0, 0x0, 0x4004}, 0x20000000) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) r9 = openat$nvram(0xffffffffffffff9c, &(0x7f0000001e40), 0x28080, 0x0) ioctl$SG_GET_LOW_DMA(r9, 0x227a, &(0x7f0000001e80)) sendmsg$FOU_CMD_DEL(r4, &(0x7f0000001fc0)={&(0x7f0000001ec0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000001f80)={&(0x7f0000001f00)={0x68, 0x0, 0x8, 0x70bd2a, 0x25dfdbfb, {}, [@FOU_ATTR_LOCAL_V6={0x14, 0x7, @empty}, @FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e20}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @multicast1}, @FOU_ATTR_TYPE={0x5}, @FOU_ATTR_IFINDEX={0x8, 0xb, r3}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e21}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e22}, @FOU_ATTR_TYPE={0x5, 0x4, 0x2}]}, 0x68}, 0x1, 0x0, 0x0, 0x10}, 0x0) r10 = memfd_secret(0x80000) openat$incfs(r10, &(0x7f0000002000)='.pending_reads\x00', 0x840, 0x9) 10:10:15 executing program 4: r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r1 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) io_uring_register$IORING_UNREGISTER_FILES(r2, 0x3, 0x0, 0x0) bind$bt_l2cap(r2, &(0x7f00000000c0)={0x1f, 0x5, @none, 0x800}, 0xe) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_sco_SCO_OPTIONS(r2, 0x11, 0x1, &(0x7f0000000100)=""/145, &(0x7f00000001c0)=0x91) connect$bt_sco(r2, &(0x7f0000000200)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x8) getsockopt$bt_sco_SCO_CONNINFO(r2, 0x11, 0x2, &(0x7f0000000240)=""/89, &(0x7f00000002c0)=0x59) r4 = openat$cgroup_subtree(r2, &(0x7f0000000300), 0x2, 0x0) r5 = openat$random(0xffffffffffffff9c, &(0x7f0000000340), 0x80000, 0x0) io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f0000000380)=[r0, r4, 0xffffffffffffffff, r0, r3, r5, r0, r3, r2], 0x9) openat$cgroup_subtree(r2, &(0x7f00000003c0), 0x2, 0x0) ioctl$SG_SCSI_RESET(r2, 0x2284, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, &(0x7f0000000400)={0x0, 0x0, {0x0, @struct, 0x0}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) getsockopt$bt_l2cap_L2CAP_OPTIONS(r5, 0x6, 0x1, &(0x7f0000000800), &(0x7f0000000840)=0xc) write$P9_RREADDIR(r2, &(0x7f0000000880)={0xa6, 0x29, 0x1, {0x6, [{{0x80, 0x1, 0x8}, 0x8, 0x4, 0x7, './file0'}, {{0x20, 0x2}, 0x4, 0xff, 0x7, './file0'}, {{0x2, 0x3, 0x4}, 0x0, 0x5a, 0x7, './file0'}, {{0x80, 0x1, 0x4}, 0x81, 0x4, 0x7, './file0'}, {{0x4, 0x3, 0x2}, 0x7, 0x6, 0x7, './file0'}]}}, 0xa6) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r2, 0xc400941d, &(0x7f0000000940)={r6, 0x9}) openat$cgroup_int(r2, &(0x7f0000000d40)='memory.low\x00', 0x2, 0x0) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000001c40)={{r1}, {@val, @actul_num={@val=0x2d, 0x9, 0x50}}}) [ 52.778285] audit: type=1400 audit(1677492615.550:6): avc: denied { execmem } for pid=257 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 10:10:15 executing program 5: r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0) ioctl$SCSI_IOCTL_DOORLOCK(r0, 0x5380) r1 = socket$inet6(0xa, 0x6, 0x8000) r2 = eventfd(0x4) ioctl$BTRFS_IOC_RESIZE(r1, 0x50009403, &(0x7f0000000040)={{r2}, {@val, @actul_num={@val=0x2d, 0x6, 0x45}}}) r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080), 0x84800, 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f00000000c0)='/dev/nvram\x00', &(0x7f0000000100)='*[\x00', 0x0) r4 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/attr/keycreate\x00', 0x2, 0x0) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r4, 0xc400941d, &(0x7f0000000180)={0x0, 0x40, 0x8001, 0x1}) eventfd(0x3) ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0) ioctl$BTRFS_IOC_DEV_INFO(0xffffffffffffffff, 0xd000941e, &(0x7f0000000580)={r5, "9860382117c34dc85b178821b1b79599"}) openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000001580)='/proc/self/attr/exec\x00', 0x2, 0x0) r6 = socket$inet6(0xa, 0x80000, 0x200) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r1, 0xc400941d, &(0x7f00000015c0)={r5, 0x6, 0x0, 0x1}) ioctl$BTRFS_IOC_DEV_REPLACE(r6, 0xca289435, &(0x7f00000019c0)={0x2, 0x4, @start={r7, 0x1, "722f5828815d2faa3fcc25ab4cbee082822513ad86b6eee1749b9bd5a871304a9a5cf8633bdd1f997c46d3735c8fe924ce644b1b0b37569af22306c7445be6c3641579bb483eb295662c2e45bcdf9d6d811dc0e80904be40079a081c96535d3e8bc8c0b434f6e680b99b5b50c4192f9a5dd6aaebf73d21ed2455eb1a85c0dab738b8f2f9b92a15b518b9cc410779b631941b6e4e44de394c984eb6c637b56afecc6f08575181e7b8feac5db7a3535bab9294f0c886c62a835e8fbebc38ed7b9164b5f21c6dde3887d01a85ad274381077e235d6cd755012edeeb94445d397a76cc62d1eec75eaa578da44350ed5d9c5bde5d0d1e88ed078b32d3008e18e5296bd204e91e53d8b8443eba04eb4378bc2bbe99f29cb9b9cffea4e02c5058fe8e0de6895f2982b6f6fba9ae17a3789d72436f36cdb7b65eaee27949da44dce4f6975af2fa165c81fbc165e607b68f6ecfc6db83d5d8fbfc44d6f468b6282e945cba00f7f8ffa022250d8c580912385d3f343d7a81fe430dac83db0d654d3df0b5d0f9430aff774740f7f4ecd939bb67218cc5cfed4018f378ba40c8f02729a974da31260d80d13b227cf3d60f0d8fa006a69fb6be479c8df233de8d9653f51e121ecd7f0b1a2eedf84a16d3f0c8cfa7fb058a542a68cf6d686610d40180ae1f419ac20e8308cf062f1034a5db0f66b03f53055c2be0fd254ebf332bc975f485ce45134ce9c0d5433a730630c8af26791e4a829651b2796a60daf5f64f9da022d89d47be96611f505d6852c11f59ba6729a6e081a20516d6dbe9bc938ec7704dd3d5a2e34ce8a0be181102bcfae7fbfa578d7a1ea5b571bced4d7c77a688e054f542f534ac56362ba783a21a1302e70e16dedf13a57eb68e0399a9272db18468a8da9136ddbcdb63a729caae81c2dc27158435455e1536cee1321afab41d94a12a85a13f8b357fcb89dfe76f0eac07c617f6f7f20f1684907b2a17fbf3a561ecde926e5f6bf33d830eaccf39dd5a6d24b86ff5786a035850da1ca001ed7688a95e33be7d4de492e4228120dc1609fa6450d6b5305cc7e60952c75eea6b12c5d1af0cc30eb47d61e4de4d6c90e26dc84f3160d903156f8600c79902c5ed009ca20a820074b2bf90b1f231f47ba477e0212a56c0a52a6db7207f3c54e7067c9235ddf608b26f6963c12d688dffe37b250da8b133b001d4d5a74a4be5024a12cd24662a92643cf98d2a012c078062e9019d80b3dce8d0651005294b64cf6a6b01751cfd683e3d2735ad8aad48c0cba64ff6ab17105eee931b8a462072a5f35da6d3be6f772f5bbb96328f471922b1448c6468060977178731c3a17e479d973c41648017eef0f1b039a99d0782200e2c03a0211c0cf05eae00e907e9b934861b4b23f5b2b3ff77e24a9847cf09793aa9dda9362402abbe66d80b9f624a10043fb36f3e81fd", "020985469e6ef8fbb2cb784ec28155500a5418bcda03e4d78bdb6effdfe51e445d7f4bdd6cf38dbca797a895d62add822cf9180205f6fc529621bcec6443adf974e631b4e12ff66d2dd289e35234926d8eb28160935774d701f353bbfe1c71d717101a517badb1718beb6fe8c0e416b564ee04f722571d030cd93ac8727249f0b66d6e7c0d832825d32b1cfc7e0a4453fd10964640d6883bf322cc4efb5c478f52339b48dd6c8cee58fe61398d1de4cd7884800bbec0aa919981a65d3bb5cd4db2d94744985aa07e4b5843602b936ea73e3d43472fb0d29394ab7bb353e9ad3a12a712d1983bf6634260a72af71215aeb02ccb62c9be97cf4a082fd7638ee13d3161eb86d258bd0c06cb6536730cd935be7d339d42921359e8915de7ae2e7492d31801e7f5b85d51fc434b63774ae87694389cebdf5a69156606ca6612240e6f664f7b38df1b00f6b6e7f7721cc10b9402c7ad8f9f4d41bc3fdcde4cf106b1f4526dffedf176c53d2732532cbf138cf7d7dfa91d1668ad4e14966e705d73a3a767561ff972c7cffe243630fa6d9ce0011036aac2641400bb5bb02124afee74a7142b7824462452ad499cd4fffffc311d379c7e804a277f5a13be28f39dc91672f779b0888c21aaac2e193582460c1bdd53dc24ab1303c6a2f46755ab9f68baa455c9ea8c08fa57228a40c38b11417dc8c458c885768b989d3701d01e5a52cdace03f73e5847b022333b20f384e7b151301d3df32246995fe7086e3532665bc12de5b85b6be51be16fa09ad6ad70cdc757cda01bb1c7cd3a874f2f6fe63ee2c320edc07a5651a0346bf9c2acd12d08ae67b06b1c549e45bb365f569f535cdef0e9d880e4bfd9848f488b72ba0ce4657bb496a29d9f0d54e501895313312dd58ea7722bc1610a32455e5bc2c449a3af5d0a07f5925f06e19651fe123943e1a9655e842eb8cf25b812e8de4947358425b0359958b0c7cbafc53a19c57d21c70d4482e52eef92efc990b4583a6e9d8b47f7a60fc70d3dfaa24b78568e1a7f590fcd24bc259322f3c2899cd1064d4b6e3bcb8b4eb0f2b6391364a44568fbee859d1d0fb5fa0a5f2037af09b983a5d3b3f204630604b31a52f0c9ba5da104aee1cc9c8ec4817778dc5e8e056b4e70ee7950dfb5022a3b46790e452c275bc01548446ef1d8fac9af613e015091c1ded10799ddd5eda3fd163fce94e4eef748e5bf30ebb47668d831e06f0617fcb2bdc020e02ad8bd12650dd11f13086e69ed9ce42d92bd44b511e924e274b9463f9a97dfa53ec22130e9b7179b98b5bb0223e68a9a95c1f1cb83841f065d04c17533f5549af991d96d18ad93417c00a6b31857a0a37ae7059837c8341f82386f4c916e6a868ab28d86f0462dc4aada2b3f3035d7c5be6d180f6e39aaea849edb5634f44d6910d08f585bd4630f7834aef3514c22a8bd1e3"}, [0x3, 0xffffffff00000000, 0x6, 0x9, 0x3, 0xfffffffffffff8bd, 0x4, 0x80000000, 0x100000001, 0x90000000000, 0x7, 0x9, 0x4fc9af53, 0x7, 0xce8, 0x7dd, 0x7ff, 0xcd, 0x0, 0x786, 0x4, 0x3, 0xffffffff, 0x57, 0x9, 0x1, 0x2, 0x2, 0x49c1, 0x80000000000, 0x2, 0x8001, 0x7, 0x100000000, 0x401, 0x3, 0x1, 0x3, 0x1ff, 0xda3f, 0x1, 0x2, 0x100, 0x7fff, 0x8, 0x9, 0x5, 0xffff, 0x0, 0xf476, 0x100000000, 0x8, 0xffffffffffffff60, 0x1, 0x80, 0x9, 0x20, 0x8, 0x124, 0x1, 0x80000000, 0x7fff, 0x6, 0x401]}) ioctl$RNDADDENTROPY(r3, 0x40085203, &(0x7f0000002400)={0x101, 0x27, "a07f4baf513877b6612455df690465f35901c5f711a715e0d239f258a69e2677d6955c15d07006"}) eventfd(0x3) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000002480)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_KEY(0xffffffffffffffff, &(0x7f0000002600)={&(0x7f0000002440)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000025c0)={&(0x7f00000024c0)={0xec, 0x0, 0x400, 0x70bd27, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x400000004}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_SEC_KEY={0x80, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_BYTES={0x14, 0x4, "10217e5bab308968f19964dc988dcc9d"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x7}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "8a7dca60d6eb32141f5705590ae1e88d9f930b144f772ac1f41707e6c828785f"}, @NL802154_KEY_ATTR_ID={0x3c, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x6}, @NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x10, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x6}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}]}]}, @NL802154_ATTR_IFINDEX={0x8}]}, 0xec}}, 0x404c000) 10:10:15 executing program 7: ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wpan1\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wpan4\x00', 0x0}) sendmsg$NL802154_CMD_GET_SEC_DEV(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20200004}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, 0x0, 0x200, 0x70bd27, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r0}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x28}, 0x1, 0x0, 0x0, 0x44}, 0x240000c0) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f00000001c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'wpan4\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_DEV(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000240)={0x154, r2, 0x34, 0x70bd2c, 0x25dfdbfe, {}, [@NL802154_ATTR_SEC_DEVICE={0x58, 0x23, 0x0, 0x1, [@NL802154_DEV_ATTR_KEY_MODE={0x8}, @NL802154_DEV_ATTR_EXTENDED_ADDR={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ATTR_KEY_MODE={0x8}, @NL802154_DEV_ATTR_SHORT_ADDR={0x6, 0x3, 0xaaa0}, @NL802154_DEV_ATTR_SHORT_ADDR={0x6, 0x3, 0xfffe}, @NL802154_DEV_ATTR_EXTENDED_ADDR={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ATTR_SHORT_ADDR={0x6, 0x3, 0xaaa2}, @NL802154_DEV_ATTR_PAN_ID={0x6}, @NL802154_DEV_ATTR_EXTENDED_ADDR={0xc, 0x4, {0xaaaaaaaaaaaa0102}}]}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_SEC_DEVICE={0x40, 0x23, 0x0, 0x1, [@NL802154_DEV_ATTR_PAN_ID={0x6, 0x2, 0x1}, @NL802154_DEV_ATTR_SHORT_ADDR={0x6, 0x3, 0xaaa3}, @NL802154_DEV_ATTR_FRAME_COUNTER={0x6, 0x1, 0x2}, @NL802154_DEV_ATTR_KEY_MODE={0x8, 0x6, 0x1}, @NL802154_DEV_ATTR_EXTENDED_ADDR={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ATTR_KEY_MODE={0x8}, @NL802154_DEV_ATTR_SHORT_ADDR={0x6}]}, @NL802154_ATTR_SEC_DEVICE={0xc, 0x23, 0x0, 0x1, [@NL802154_DEV_ATTR_SHORT_ADDR={0x6, 0x3, 0xfffe}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r3}, @NL802154_ATTR_SEC_DEVICE={0x1c, 0x23, 0x0, 0x1, [@NL802154_DEV_ATTR_PAN_ID={0x6, 0x2, 0x2}, @NL802154_DEV_ATTR_PAN_ID={0x6}, @NL802154_DEV_ATTR_FRAME_COUNTER={0x6, 0x1, 0x9}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r0}, @NL802154_ATTR_SEC_DEVICE={0x4c, 0x23, 0x0, 0x1, [@NL802154_DEV_ATTR_SECLEVEL_EXEMPT={0x5, 0x5, 0x1}, @NL802154_DEV_ATTR_EXTENDED_ADDR={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ATTR_SHORT_ADDR={0x6, 0x3, 0xaaa0}, @NL802154_DEV_ATTR_PAN_ID={0x6, 0x2, 0x2}, @NL802154_DEV_ATTR_FRAME_COUNTER={0x6, 0x1, 0x72}, @NL802154_DEV_ATTR_EXTENDED_ADDR={0xc, 0x4, {0xaaaaaaaaaaaa0202}}, @NL802154_DEV_ATTR_SECLEVEL_EXEMPT={0x5, 0x5, 0x1}, @NL802154_DEV_ATTR_PAN_ID={0x6, 0x2, 0x2}]}]}, 0x154}, 0x1, 0x0, 0x0, 0x8000}, 0x4008000) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'wpan4\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_GET_SEC_KEY(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x6c, r2, 0x100, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x6c}, 0x1, 0x0, 0x0, 0xc000}, 0x8801) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000640), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000680)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_SET_CCA_MODE(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000740)={&(0x7f00000006c0)={0x60, r6, 0x800, 0x70bd28, 0x25dfdbfe, {}, [@NL802154_ATTR_CCA_OPT={0x8, 0xd, 0x1}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_CCA_MODE={0x8, 0xc, 0x3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r3}, @NL802154_ATTR_CCA_MODE={0x8, 0xc, 0x4}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x60}, 0x1, 0x0, 0x0, 0xcaed742f114989cc}, 0x10) sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000900)={&(0x7f0000000800)={0xfc, r6, 0x2, 0x70bd28, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r5}, @NL802154_ATTR_SEC_KEY={0x14, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x7b}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_SEC_KEY={0xc4, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "1ef8b299d8573386bdb15df30d2d99d2b3ca9fad28ea2a84cd7d750c62a72aed"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x1}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "662e6415ef2743431e06ccc9399b68858b46713c000316f9d7d1066b60f570fa"}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "dd525f4e86bc638d4a9b4ddb148c9d8eb466c8732803b584c98e6bcb86bd5d09"}, @NL802154_KEY_ATTR_ID={0x28, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0xffffff4b}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x80}]}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "db3bd34f2cfbfe6bd089a26ec1f7789cbf71bef1a969a71e3383ac64816d5ecb"}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x4010}, 0x40) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000009c0)={'wpan3\x00', 0x0}) sendmsg$NL802154_CMD_GET_SEC_DEVKEY(0xffffffffffffffff, &(0x7f0000000ac0)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a00)={0x68, r6, 0x200, 0xfffffff7, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}]}, 0x68}, 0x1, 0x0, 0x0, 0x48050}, 0x4000004) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000b40), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CCA_MODE(r9, &(0x7f0000000c40)={&(0x7f0000000b00), 0xc, &(0x7f0000000c00)={&(0x7f0000000b80)={0x5c, r10, 0x10, 0x70bd2a, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_CCA_MODE={0x8, 0xc, 0x2}, @NL802154_ATTR_CCA_OPT={0x8, 0xd, 0x1}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_CCA_MODE={0x8, 0xc, 0x5}, @NL802154_ATTR_CCA_OPT={0x8, 0xd, 0x1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x20004040) pipe2(&(0x7f0000000c80)={0xffffffffffffffff}, 0x46800) getsockopt$bt_l2cap_L2CAP_CONNINFO(r11, 0x6, 0x2, &(0x7f0000000cc0), &(0x7f0000000d00)=0x6) 10:10:15 executing program 6: ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000000)={0x58, ""/88}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f0000000080)={0xc8, 0x1ff, 0xfff, "36c70217024960b6107fdb9482bf9977d6d8b643b41d12a8275a09a11c7fcb7f77754c0d6e844e1d98068ced009457955f95feb6b0c2a8a492ccbf80bba4e5e519651e394329b2ce4f2de555eb8b6a22d424144dc5c3ac2c67ae879131d5e89d0520f8b8220f038d14dd43b0dfafb1fb04442fa3bcce8115db312e646f9c8daf95b20176a5a42c741ed84f768cac170082d16a3b3fcd43f8ffdede68279475e557520703180c99affa58230300fa1372f773204305cdd2c83f3277bcd3ac76d9f6c6340a1f98ae2e"}) ioctl$SG_GET_PACK_ID(0xffffffffffffffff, 0x227c, &(0x7f0000000180)) ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f00000001c0)={0x0, 0x41, 0x0, [0x2, 0x8, 0x4, 0x7ff, 0x80], [0x7f, 0x7fffffff, 0x0, 0x100000001, 0x2, 0x8, 0xd3, 0x6, 0x6617, 0x8, 0x2, 0x1, 0x6, 0x7, 0xff, 0x7ff, 0x4, 0x0, 0x100000001, 0xbf, 0x7, 0x20, 0x2, 0x400, 0xfffffffffffffffa, 0x253, 0x400, 0x1, 0xa40, 0x5, 0xea8a, 0x9e2, 0x9, 0x101, 0x8, 0xffffffff, 0x1, 0x1, 0x3, 0x9, 0x3, 0xffff, 0x101, 0x86, 0x10001, 0x10001, 0x1ff, 0x10001, 0x7fff, 0x476, 0xac5, 0x1, 0x7f, 0x8, 0xf8, 0x3, 0x100, 0x5, 0x0, 0x9, 0x990c, 0x2, 0x4, 0x4, 0xe9, 0x6, 0x4, 0x40, 0x4bc2, 0x6, 0x9, 0x2, 0x100000000, 0x0, 0x7, 0xbb, 0x0, 0x4, 0x5, 0x9, 0x80, 0x2, 0xa2, 0x0, 0xa2, 0x5459, 0x3, 0x2, 0xdc0, 0xf2a, 0x5, 0x6, 0x6, 0x7, 0x200, 0x100000000, 0x401, 0x4, 0x1, 0x80000000, 0x6, 0x10001, 0x3, 0x9e00000000000000, 0x7fff, 0x7, 0x0, 0x56b, 0x4, 0x200, 0x100000000, 0x4, 0x40, 0x6, 0xbca7, 0x4, 0x6, 0x100, 0x200, 0x7fff, 0x9]}) ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000600)={r0, 0x5, 0x3}) pipe2(&(0x7f0000000a00)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000a40)='./cgroup.net/syz0\x00', 0x200002, 0x0) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r4, 0xc0c89425, &(0x7f0000000a80)={"130c454959b05b899a9b3b0b80a4955b", 0x0, 0x0, {0x1, 0x5}, {0x9, 0x9}, 0x6, [0x2, 0x86de, 0x400, 0x5, 0x3, 0xffffffffffffff00, 0x8001, 0x8, 0x7, 0x1f, 0x8, 0xfffffffffffffffa, 0xb04f, 0x0, 0x8, 0x293cb8c2]}) ioctl$SG_GET_RESERVED_SIZE(r2, 0x2272, &(0x7f0000000b80)) syz_open_dev$vcsu(&(0x7f0000000bc0), 0x80, 0x4a800) r5 = eventfd(0x1f) ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000c00)={0x11, 0x7, {0xa09, @usage=0x100, 0x0, 0x8ea, 0x7fe, 0x1, 0x9, 0x0, 0x480, @struct={0x1, 0x81}, 0xdd1, 0x0, [0x6, 0x5, 0xfffffffffffffffc, 0x3ff, 0x3, 0x2]}, {0x9, @usage=0x1f, r0, 0x8a98, 0x3, 0x40, 0xe, 0x9, 0x87, @struct={0x0, 0x3}, 0x7, 0x8, [0x6, 0x5, 0x0, 0x8, 0x2, 0x7]}, {0x100000000, @usage, r1, 0x7fff, 0x1, 0x8, 0x6, 0x2, 0x0, @usage=0x8001, 0x3, 0x6, [0x8, 0xfffffffffffffff9, 0x5, 0x80, 0xffffffffc74d9ab9, 0x800]}, {0x8, 0x4, 0x1000}}) r6 = syz_io_uring_complete(0x0) write$tcp_congestion(r6, &(0x7f0000001000)='highspeed\x00', 0xa) r7 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000001040), 0x220200) r8 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000001080), 0x10000) socketpair(0x25, 0x3, 0x80, &(0x7f00000010c0)={0xffffffffffffffff, 0xffffffffffffffff}) r10 = openat$cgroup_int(r2, &(0x7f0000001100)='cpuset.cpus\x00', 0x2, 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000001140)=[r5, r3, r5, r7, r8, r9, r2, r4, r10], 0x9) ioctl$BTRFS_IOC_RESIZE(r7, 0x50009403, &(0x7f00000015c0)={{}, {@val, @max}}) 10:10:16 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000000000), 0xfffffffffffffffb, 0x101000) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r0, 0x5386, &(0x7f0000000040)) ioctl$SG_GET_TIMEOUT(0xffffffffffffffff, 0x2202, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r1, 0xc0709411, &(0x7f0000000080)={{0x0, 0xff, 0x3ff, 0xbc0, 0x2, 0x5, 0x6cf8, 0x81, 0xfff, 0x6, 0x0, 0x8069, 0x1, 0x2, 0x10000}, 0x28, [0x0, 0x0, 0x0, 0x0, 0x0]}) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000140), 0x349200, 0x0) ioctl$SG_GET_VERSION_NUM(r3, 0x2282, &(0x7f0000000180)) r4 = syz_io_uring_complete(0x0) ioctl$SG_GET_SG_TABLESIZE(r4, 0x227f, &(0x7f00000001c0)) r5 = openat$incfs(r3, &(0x7f0000000200)='.pending_reads\x00', 0x400000, 0x61) r6 = openat$incfs(r3, &(0x7f0000000280)='.log\x00', 0x200000, 0x0) syz_genetlink_get_family_id$l2tp(&(0x7f0000000240), r6) ioctl$SG_IO(r3, 0x2285, &(0x7f0000000400)={0x0, 0xfffffffffffffffe, 0x28, 0x2, @buffer={0x0, 0x6f, &(0x7f00000002c0)=""/111}, &(0x7f0000000340)="b883d86e777f7bb6720d2a60f66e1b836c7172c7e4b59a12da7991329980720fefb81fa564185212", &(0x7f0000000380)=""/16, 0x0, 0x10021, 0x2, &(0x7f00000003c0)}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r3, 0xc0c89425, &(0x7f0000000480)={"03812af9d2f1e4b28f29836b6fab9c9c", 0x0, 0x0, {0x8, 0x4}, {0x7, 0x3}, 0x3, [0xff, 0x7ff, 0x0, 0x9, 0xffffffff8e1bb518, 0x80000000, 0xb8d2, 0x9, 0x0, 0x3f00, 0x2, 0x0, 0x67, 0x6, 0x2, 0x2]}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r3, 0xc400941d, &(0x7f0000000fc0)={0x0, 0xfff, 0x2, 0x1}) ioctl$BTRFS_IOC_SCRUB(r5, 0xc400941b, &(0x7f00000013c0)={r7, 0x100000001, 0xfffffffffffffff7}) r8 = syz_open_dev$vcsu(&(0x7f00000017c0), 0x3, 0x206c02) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r3, 0xc0709411, &(0x7f0000001800)={{r2, 0x3, 0x2, 0x9, 0xa1, 0x10001, 0xfffffffffffffff9, 0x1, 0xce65, 0x0, 0x1, 0x1, 0x5, 0x3}, 0x28, [0x0, 0x0, 0x0, 0x0, 0x0]}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f00000018c0)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r8, 0xd000943d, &(0x7f0000065ac0)={0x8, [{r9}, {r2, r10}, {r2}, {r2}, {}, {}, {r2}, {r2}, {}, {r2}, {r2}, {r2}, {}, {r2}, {r2}, {r2}, {r2}, {r2}, {r2}, {r2}, {r2}, {r2}, {r2}, {}, {}, {r2}, {r2}, {r2}, {r2}, {r2}, {}, {}, {r2}, {r2}, {}, {}, {}, {}, {}, {r2}, {}, {}, {}, {r2}, {}, {}, {r2}, {}, {}, {}, {}, {}, {r2}, {r2}, {}, {}, {}, {r2}, {}, {r2}, {r2}, {}, {r2}, {}, {r2}, {r2}, {r2}, {}, {}, {r2}, {}, {r2}, {r2}, {}, {r2}, {}, {r2}, {}, {r2}, {r2}, {r2}, {}, {}, {r2}, {r2}, {}, {r2}, {r2}, {}, {}, {}, {}, {r2}, {r2}, {}, {}, {}, {r2}, {}, {r2}, {}, {r2}, {r2}, {r2}, {}, {r2}, {r2}, {r2}, {}, {}, {r2}, {r2}, {}, {}, {}, {r2}, {r2}, {}, {}, {r2}, {}, {r2}, {}, {}, {r2}, {}, {}, {}, {r2}, {}, {}, {r2}, {}, {}, {r2}, {}, {}, {}, {}, {}, {r2}, {}, {}, {r2}, {r2}, {r2}, {}, {r2}, {}, {r2}, {r2}, {}, {r2}, {r2}, {r2}, {r2}, {r2}, {r2}, {r2}, {r2}, {}, {}, {r2}, {}, {}, {r2}, {r2}, {r2}, {r2}, {r2}, {r2}, {}, {}, {r2}, {r2}, {}, {}, {}, {}, {r2}, {r2}, {r2}, {}, {r2}, {r2}, {r2}, {}, {r2}, {r2}, {}, {r2}, {r2}, {}, {r2}, {}, {r2}, {r2}, {r2}, {r2}, {}, {}, {}, {r2}, {}, {r2}, {}, {r2}, {r2}, {r2}, {r2}, {r2}, {r2}, {r2}, {}, {r2}, {}, {}, {r2}, {r2}, {}, {}, {r2}, {}, {}, {}, {r2}, {}, {}, {}, {r2}, {r2}, {}, {}, {r2}, {r2}, {r2}, {r2}, {}, {}, {r2}, {r2}, {r2}, {r2}, {r2}, {}, {r2}, {r2}, {}, {r2}, {r2}, {}, {r2}, {r2}, {r2}], 0x7, "ec35346b6d3708"}) [ 54.089087] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 54.090060] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 54.115830] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 54.117597] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 54.121963] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 54.123836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 54.125811] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 54.132252] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 54.134162] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 54.143470] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 54.145147] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 54.146923] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 54.148665] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 54.157008] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 54.158334] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 54.160124] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 54.161228] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 54.162410] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 54.167293] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 54.169107] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 54.169288] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 54.171296] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 54.171488] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 54.174292] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 54.175046] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 54.176139] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 54.177457] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 54.178163] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 54.178961] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 54.180440] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 54.181797] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 54.183468] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 54.185898] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 54.200048] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 54.201736] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 54.203588] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 54.235856] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 54.323094] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 54.326356] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 54.336156] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 54.340288] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 54.341567] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 56.247044] Bluetooth: hci0: command 0x0409 tx timeout [ 56.248246] Bluetooth: hci6: command 0x0409 tx timeout [ 56.249454] Bluetooth: hci2: command 0x0409 tx timeout [ 56.250601] Bluetooth: hci5: command 0x0409 tx timeout [ 56.251780] Bluetooth: hci3: command 0x0409 tx timeout [ 56.252929] Bluetooth: hci1: command 0x0409 tx timeout [ 56.374942] Bluetooth: hci4: command 0x0409 tx timeout [ 56.438860] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 56.441517] [ 56.441890] ====================================================== [ 56.443069] WARNING: possible circular locking dependency detected [ 56.444860] 6.2.0-next-20230224 #1 Not tainted [ 56.445730] ------------------------------------------------------ [ 56.446892] syz-executor.3/273 is trying to acquire lock: [ 56.447966] ffff888015980880 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: __flush_work+0xdd/0xd80 [ 56.449940] [ 56.449940] but task is already holding lock: [ 56.451040] ffff888015980920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 56.452886] [ 56.452886] which lock already depends on the new lock. [ 56.452886] [ 56.454398] [ 56.454398] the existing dependency chain (in reverse order) is: [ 56.456120] [ 56.456120] -> #1 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}: [ 56.457557] __mutex_lock+0x133/0x14a0 [ 56.458478] hci_cmd_sync_work+0x1e6/0x320 [ 56.459498] process_one_work+0xa0f/0x1790 [ 56.460478] worker_thread+0x63b/0x1260 [ 56.461422] kthread+0x2e9/0x3a0 [ 56.462218] ret_from_fork+0x2c/0x50 [ 56.463100] [ 56.463100] -> #0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}: [ 56.464823] __lock_acquire+0x2d56/0x6380 [ 56.465790] lock_acquire.part.0+0xea/0x320 [ 56.466791] __flush_work+0x109/0xd80 [ 56.467680] __cancel_work_timer+0x39c/0x4e0 [ 56.468597] hci_cmd_sync_clear+0x52/0x250 [ 56.469481] hci_unregister_dev+0xf9/0x410 [ 56.470373] vhci_release+0x80/0x100 [ 56.471165] __fput+0x263/0xa40 [ 56.471929] task_work_run+0x174/0x280 [ 56.472756] do_exit+0xad8/0x2800 [ 56.473498] do_group_exit+0xd4/0x2a0 [ 56.474311] __x64_sys_exit_group+0x3e/0x50 [ 56.475205] do_syscall_64+0x3f/0x90 [ 56.476019] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 56.477069] [ 56.477069] other info that might help us debug this: [ 56.477069] [ 56.478540] Possible unsafe locking scenario: [ 56.478540] [ 56.479688] CPU0 CPU1 [ 56.480541] ---- ---- [ 56.481382] lock(&hdev->cmd_sync_work_lock); [ 56.482221] lock((work_completion)(&hdev->cmd_sync_work)); [ 56.483761] lock(&hdev->cmd_sync_work_lock); [ 56.485065] lock((work_completion)(&hdev->cmd_sync_work)); [ 56.486121] [ 56.486121] *** DEADLOCK *** [ 56.486121] [ 56.487217] 1 lock held by syz-executor.3/273: [ 56.488085] #0: ffff888015980920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 56.489939] [ 56.489939] stack backtrace: [ 56.490759] CPU: 1 PID: 273 Comm: syz-executor.3 Not tainted 6.2.0-next-20230224 #1 [ 56.492208] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 56.493738] Call Trace: [ 56.494213] [ 56.494625] dump_stack_lvl+0x91/0xf0 [ 56.495363] check_noncircular+0x263/0x2e0 [ 56.496162] ? __pfx_check_noncircular+0x10/0x10 [ 56.497043] ? __pfx_mark_lock.part.0+0x10/0x10 [ 56.497919] __lock_acquire+0x2d56/0x6380 [ 56.498697] ? __pfx___lock_acquire+0x10/0x10 [ 56.499567] ? __pfx_register_lock_class+0x10/0x10 [ 56.500503] lock_acquire.part.0+0xea/0x320 [ 56.501312] ? __flush_work+0xdd/0xd80 [ 56.502041] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 56.502964] ? __flush_work+0xdd/0xd80 [ 56.503724] ? rcu_read_lock_sched_held+0x42/0x80 [ 56.504620] ? trace_lock_acquire+0x170/0x1e0 [ 56.505459] ? __flush_work+0xdd/0xd80 [ 56.506173] ? lock_acquire+0x32/0xc0 [ 56.506889] ? __flush_work+0xdd/0xd80 [ 56.507656] __flush_work+0x109/0xd80 [ 56.508377] ? __flush_work+0xdd/0xd80 [ 56.509112] ? __pfx_mark_lock.part.0+0x10/0x10 [ 56.510274] ? __pfx___flush_work+0x10/0x10 [ 56.511275] ? lock_acquire.part.0+0xea/0x320 [ 56.512336] ? hci_cmd_sync_clear+0x45/0x250 [ 56.513344] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 56.514459] ? hci_cmd_sync_clear+0x45/0x250 [ 56.515486] ? rcu_read_lock_sched_held+0x42/0x80 [ 56.516524] ? trace_lock_acquire+0x170/0x1e0 [ 56.517543] ? lock_is_held_type+0x9f/0x120 [ 56.518504] ? mark_held_locks+0x9e/0xe0 [ 56.519516] __cancel_work_timer+0x39c/0x4e0 [ 56.520520] ? __pfx___cancel_work_timer+0x10/0x10 [ 56.521636] ? __cancel_work_timer+0x2aa/0x4e0 [ 56.522658] ? __pfx___cancel_work_timer+0x10/0x10 [ 56.523865] ? lock_release+0x1e3/0x710 [ 56.524784] ? __pfx_lock_release+0x10/0x10 [ 56.525798] ? do_raw_write_lock+0x11e/0x3b0 [ 56.526827] ? __pfx_vhci_release+0x10/0x10 [ 56.527849] hci_cmd_sync_clear+0x52/0x250 [ 56.528817] ? __pfx_vhci_release+0x10/0x10 [ 56.529791] hci_unregister_dev+0xf9/0x410 [ 56.530650] vhci_release+0x80/0x100 [ 56.531496] __fput+0x263/0xa40 [ 56.532292] task_work_run+0x174/0x280 [ 56.533212] ? __pfx_task_work_run+0x10/0x10 [ 56.534237] ? do_raw_spin_unlock+0x53/0x220 [ 56.535252] do_exit+0xad8/0x2800 [ 56.536032] ? lock_release+0x1e3/0x710 [ 56.536970] ? __pfx_lock_release+0x10/0x10 [ 56.537971] ? do_raw_spin_lock+0x125/0x270 [ 56.538970] ? __pfx_do_exit+0x10/0x10 [ 56.539886] do_group_exit+0xd4/0x2a0 [ 56.540791] __x64_sys_exit_group+0x3e/0x50 [ 56.541779] do_syscall_64+0x3f/0x90 [ 56.542516] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 56.543906] RIP: 0033:0x7fc561e73b19 [ 56.544659] Code: Unable to access opcode bytes at 0x7fc561e73aef. [ 56.546139] RSP: 002b:00007fff5fecfa18 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 56.547871] RAX: ffffffffffffffda RBX: 00007fff5fed01f8 RCX: 00007fc561e73b19 [ 56.549503] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 56.551118] RBP: 0000000000000000 R08: 0000000000000026 R09: 00007fff5fed01f8 [ 56.552833] R10: 0000000000000020 R11: 0000000000000246 R12: 00007fc561ecd233 [ 56.554872] R13: 0000000000000002 R14: 0000000000000000 R15: 00000000000000f8 [ 56.557513] [ 58.295754] Bluetooth: hci1: command 0x041b tx timeout [ 58.295785] Bluetooth: hci3: command 0x041b tx timeout [ 58.297017] Bluetooth: hci5: command 0x041b tx timeout [ 58.297986] Bluetooth: hci2: command 0x041b tx timeout [ 58.298005] Bluetooth: hci6: command 0x041b tx timeout [ 58.299118] Bluetooth: hci0: command 0x041b tx timeout [ 58.422765] Bluetooth: hci4: command 0x041b tx timeout [ 60.342793] Bluetooth: hci6: command 0x040f tx timeout [ 60.342824] Bluetooth: hci5: command 0x040f tx timeout [ 60.343288] Bluetooth: hci0: command 0x040f tx timeout [ 60.343797] Bluetooth: hci2: command 0x040f tx timeout [ 60.344209] Bluetooth: hci3: command 0x040f tx timeout [ 60.344609] Bluetooth: hci1: command 0x040f tx timeout [ 60.470762] Bluetooth: hci4: command 0x040f tx timeout [ 61.238835] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 62.390733] Bluetooth: hci3: command 0x0419 tx timeout [ 62.391151] Bluetooth: hci2: command 0x0419 tx timeout [ 62.391528] Bluetooth: hci0: command 0x0419 tx timeout [ 62.391932] Bluetooth: hci5: command 0x0419 tx timeout [ 62.392302] Bluetooth: hci6: command 0x0419 tx timeout [ 62.392745] Bluetooth: hci1: command 0x0419 tx timeout [ 62.519757] Bluetooth: hci4: command 0x0419 tx timeout [ 65.526774] Bluetooth: hci7: Opcode 0x c03 failed: -110 VM DIAGNOSIS: 10:10:19 Registers: info registers vcpu 0 RAX=ffff88806ce34f80 RBX=ffffffff8542a840 RCX=ffffffff84483c3e RDX=ffffed100d9c69f1 RSI=0000000000000004 RDI=ffffffff812847b0 RBP=0000000000000000 RSP=ffffffff85407e38 R8 =0000000000000000 R9 =ffff88806ce34f83 R10=ffffed100d9c69f0 R11=0000000000000001 R12=fffffbfff0a85508 R13=ffffffff85d27a90 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff84484c5f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe3ef2622000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe3ef2620000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fc9367fd6f4 CR3=000000000e3e6000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000004143892528f5ace4 XMM01=00000000000000003f847ae147ae147b XMM02=00000000000000000000000000000000 XMM03=00000000000000003f6eaf6e4286be12 XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962 XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72 XMM08=000000000000000a000000c000014016 XMM09=000000000000002a000000c000016000 XMM10=0000000000000009000000c000014040 XMM11=0000000000000007000000c000014049 XMM12=000000000000001c000000c000018000 XMM13=0000000000000041000000c00001a000 XMM14=000000000000000c000000c000014050 XMM15=000000000000000d000000c000014060 info registers vcpu 1 RAX=000000000000002e RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff82502865 RDI=ffffffff87f10da0 RBP=ffffffff87f10d60 RSP=ffff888034a1f0f8 R8 =0000000000000001 R9 =000000000000000a R10=000000000000002e R11=0000000000000001 R12=000000000000002e R13=ffffffff87f10d60 R14=0000000000000010 R15=ffffffff82502850 RIP=ffffffff825028bd RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0e9852e000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0e9852c000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ffdd366cf70 CR3=000000000f0dc000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=2039313a30313a303120373220626546 XMM01=5d3036383833342e36352020205b203a XMM02=632078302065646f63704f203a376963 XMM03=383833342e36352020205b203a6c656e XMM04=2035313a30313a303120373220626546 XMM05=65636f72703d7373616c63742030733a XMM06=733a755f6d65747379733d747865746e XMM07=725f6d65747379733a755f6d65747379 XMM08=7475636578652d7a7973223d6d6d6f63 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000