Warning: Permanently added '[localhost]:25985' (ECDSA) to the list of known hosts. 2022/07/18 13:56:22 fuzzer started 2022/07/18 13:56:23 dialing manager at localhost:37835 2022/07/18 13:56:23 checking machine... 2022/07/18 13:56:23 checking revisions... syzkaller login: [ 35.731611] kmemleak: Automatic memory scanning thread ended 2022/07/18 13:56:23 testing simple program... [ 35.799020] cgroup: Unknown subsys name 'net' [ 35.888792] cgroup: Unknown subsys name 'rlimit' executing program executing program executing program executing program executing program [ 50.685721] audit: type=1400 audit(1658152598.403:6): avc: denied { execmem } for pid=284 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 51.801183] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 51.803413] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 51.805639] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 51.809002] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 51.810810] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 51.812476] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 executing program [ 53.880332] Bluetooth: hci0: command 0x0409 tx timeout [ 55.928498] Bluetooth: hci0: command 0x041b tx timeout executing program [ 57.975880] Bluetooth: hci0: command 0x040f tx timeout executing program [ 60.023080] Bluetooth: hci0: command 0x0419 tx timeout executing program executing program executing program [ 69.455793] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.457063] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.459215] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 69.495893] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.497360] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.499603] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2022/07/18 13:56:57 building call list... [ 69.955865] INFO: trying to register non-static key. [ 69.956581] The code is fine but needs lockdep annotation, or maybe [ 69.957406] you didn't initialize this object before use? [ 69.958133] turning off the locking correctness validator. [ 69.959580] CPU: 1 PID: 8 Comm: kworker/u4:0 Not tainted 5.19.0-rc7-next-20220718 #1 [ 69.960894] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 69.962285] Workqueue: netns cleanup_net [ 69.962826] Call Trace: [ 69.963162] [ 69.963459] dump_stack_lvl+0x8b/0xb3 [ 69.963953] register_lock_class+0x1597/0x1890 [ 69.964545] ? check_irq_usage+0x18c/0xcf0 [ 69.965095] ? hlock_conflict+0x54/0x200 [ 69.965662] ? is_dynamic_key.part.0+0x130/0x130 [ 69.966336] ? print_shortest_lock_dependencies_backwards+0x80/0x80 [ 69.967213] ? mark_lock.part.0+0xef/0x2f70 [ 69.967826] __lock_acquire+0x102/0x5e70 [ 69.968397] ? is_dynamic_key.part.0+0x130/0x130 [ 69.969063] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 69.969792] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 69.970548] lock_acquire+0x1a2/0x530 [ 69.971088] ? ieee80211_do_stop+0xbe/0x1dd0 [ 69.971721] ? lock_release+0x750/0x750 [ 69.972281] ? lock_release+0x750/0x750 [ 69.972848] ? lock_is_held_type+0xd7/0x130 [ 69.973454] _raw_spin_lock_bh+0x2f/0x40 [ 69.974025] ? ieee80211_do_stop+0xbe/0x1dd0 [ 69.974647] ieee80211_do_stop+0xbe/0x1dd0 [ 69.975245] ? lock_is_held_type+0xd7/0x130 [ 69.975848] ? ieee80211_stop+0xb8/0x600 [ 69.976427] ? mutex_lock_io_nested+0x1310/0x1310 [ 69.977085] ? lock_release+0x3b2/0x750 [ 69.977645] ? ieee80211_del_virtual_monitor+0x2e0/0x2e0 [ 69.978410] ? mark_held_locks+0x9e/0xe0 [ 69.978984] ? __local_bh_enable_ip+0xa0/0x130 [ 69.979626] ? __local_bh_enable_ip+0xa0/0x130 [ 69.980269] ? ieee80211_do_stop+0x1dd0/0x1dd0 [ 69.980914] ieee80211_stop+0xc5/0x600 [ 69.981465] ? ieee80211_do_stop+0x1dd0/0x1dd0 [ 69.982125] __dev_close_many+0x1b8/0x2f0 [ 69.982711] ? napi_enable+0x220/0x220 [ 69.983272] dev_close_many+0x1b0/0x450 [ 69.983833] ? __dev_close_many+0x2f0/0x2f0 [ 69.984436] ? lockdep_hardirqs_on+0x79/0x100 [ 69.985072] dev_close+0x13a/0x1c0 [ 69.985582] ? netdev_state_change+0x130/0x130 [ 69.986238] ? __mutex_lock+0x231/0x14d0 [ 69.986800] cfg80211_shutdown_all_interfaces+0x96/0x1f0 [ 69.987543] ieee80211_remove_interfaces+0xe3/0x690 [ 69.988244] ? ieee80211_sdata_stop+0x90/0x90 [ 69.988887] ieee80211_unregister_hw+0x47/0x1f0 [ 69.989542] hwsim_exit_net+0x49a/0xb90 [ 69.990107] ? hwsim_register_received_nl+0x410/0x410 [ 69.990809] ? sit_exit_batch_net+0x504/0x720 [ 69.991441] ? hwsim_register_received_nl+0x410/0x410 [ 69.992142] ops_exit_list+0xb3/0x180 [ 69.992678] cleanup_net+0x484/0x9e0 [ 69.993201] ? unregister_pernet_device+0x70/0x70 [ 69.993885] ? lock_is_held_type+0xd7/0x130 [ 69.994483] process_one_work+0xa0f/0x1690 [ 69.995078] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 69.995726] ? rwlock_bug.part.0+0x90/0x90 [ 69.996312] ? _raw_spin_lock_irq+0x41/0x50 [ 69.996913] worker_thread+0x637/0x1260 [ 69.997480] ? process_one_work+0x1690/0x1690 [ 69.998117] kthread+0x2ed/0x3a0 [ 69.998592] ? kthread_complete_and_exit+0x40/0x40 [ 69.999268] ret_from_fork+0x22/0x30 [ 69.999795] executing program [ 71.896818] audit: type=1400 audit(1658152619.614:7): avc: denied { create } for pid=264 comm="syz-fuzzer" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1 2022/07/18 13:57:02 syscalls: 2217 2022/07/18 13:57:02 code coverage: enabled 2022/07/18 13:57:02 comparison tracing: enabled 2022/07/18 13:57:02 extra coverage: enabled 2022/07/18 13:57:02 setuid sandbox: enabled 2022/07/18 13:57:02 namespace sandbox: enabled 2022/07/18 13:57:02 Android sandbox: enabled 2022/07/18 13:57:02 fault injection: enabled 2022/07/18 13:57:02 leak checking: enabled 2022/07/18 13:57:02 net packet injection: enabled 2022/07/18 13:57:02 net device setup: enabled 2022/07/18 13:57:02 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/07/18 13:57:02 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/07/18 13:57:02 USB emulation: enabled 2022/07/18 13:57:02 hci packet injection: enabled 2022/07/18 13:57:02 wifi device emulation: enabled 2022/07/18 13:57:02 802.15.4 emulation: enabled 2022/07/18 13:57:02 fetching corpus: 0, signal 0/0 (executing program) 2022/07/18 13:57:02 fetching corpus: 0, signal 0/0 (executing program) 2022/07/18 13:57:03 starting 8 fuzzer processes 13:57:03 executing program 0: sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(0xffffffffffffffff, 0x0, 0x8ad1cf799cff2630) 13:57:03 executing program 4: r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000000000)=0xb44e) 13:57:03 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x1c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x6}, @void}}}, 0x1c}}, 0x0) 13:57:03 executing program 2: ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, 0x0) perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000240)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x0, 0x1}, 0xe) 13:57:03 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000004200)={0x0, 0x0, &(0x7f00000029c0)={&(0x7f0000001880)=@getspdinfo={0x14, 0x25, 0x1}, 0x14}}, 0x0) 13:57:03 executing program 5: add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) 13:57:03 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) close(r0) socket$packet(0x11, 0x3, 0x300) bind(r0, &(0x7f0000000080)=@xdp, 0x80) 13:57:03 executing program 7: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000200)={'wlan0\x00', &(0x7f00000001c0)=@ethtool_wolinfo={0x5, 0x0, 0x0, "f01778924044"}}) [ 76.747167] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.748360] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.750336] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.752320] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.753662] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 76.755438] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.805102] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 76.807514] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 76.808668] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 76.810877] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 76.812538] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 76.813636] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 76.859823] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 76.872099] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 76.874865] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 76.876258] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 76.877727] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 76.879123] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 76.880318] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 76.881389] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 76.882471] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 76.884406] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 76.885532] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 76.886807] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 76.888032] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 76.889113] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 76.890322] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 76.891370] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 76.892834] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 76.894075] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 76.897433] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 76.898761] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 76.901267] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 76.904516] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 76.956040] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 76.963406] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 78.775130] Bluetooth: hci0: command 0x0409 tx timeout [ 78.838940] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 78.839024] Bluetooth: hci2: command 0x0409 tx timeout [ 78.902978] Bluetooth: hci7: command 0x0409 tx timeout [ 78.903030] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 78.966948] Bluetooth: hci6: command 0x0409 tx timeout [ 78.967459] Bluetooth: hci4: command 0x0409 tx timeout [ 79.030940] Bluetooth: hci5: command 0x0409 tx timeout VM DIAGNOSIS: 13:56:58 Registers: info registers vcpu 0 RAX=fffff940000e67c0 RBX=fffff940000e67c1 RCX=ffffffff816dacef RDX=fffff940000e67c1 RSI=0000000000000008 RDI=ffffea0000733e00 RBP=fffff940000e67c0 RSP=ffff8880198afcb8 R8 =0000000000000001 R9 =ffffea0000733e07 R10=fffff940000e67c0 R11=0000000000000001 R12=000000000c0008c9 R13=0000000000000001 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff817840a5 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 000000c000030410 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000c0008c9000 CR3=000000000d5bc000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=3035633133343138 6666666666666666 0a6c616e6769735f 686374616d5f7469 YMM01=3866666666666666 660a7563725f656c 75725f656572665f 7469647561205420 YMM02=66660a7972746e65 5f6f745f61746164 5f74696475612074 2030336631333431 YMM03=74735f6b6361706e 755f746964756120 5420303435343334 3138666666666666 YMM04=5f7570637265705f 6465786966204120 3030303030303030 3030303030303030 YMM05=0000000000000000 0000000000000000 6434633831386666 6666666666660a34 YMM06=0000000000000000 0000000000000000 706d6f635f323361 695f5f2054203035 YMM07=0000000000000000 0000000000000000 0a34367366746174 735f7379735f7461 YMM08=0000000000000000 0000000000000000 3030653463383138 6666666666666666 YMM09=0000000000000000 0000000000000000 665f7379735f7461 706d6f636b205420 YMM10=0000000000000000 0000000000000000 666666666666660a 3436736674617473 YMM11=0000000000000000 0000000000000000 61695f5f20542030 3266346338313866 YMM12=0000000000000000 0000000000000000 73665f7379735f74 61706d6f635f3233 YMM13=0000000000000000 0000000000000000 000000c0001cac00 000000c000447e40 YMM14=0000000000000000 0000000000000000 000000c00009c700 000000c0004465b0 YMM15=0000000000000000 0000000000000000 000000c0002ea400 000000c00009c880 info registers vcpu 1 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff824319cc RDI=ffffffff87627720 RBP=ffffffff876276e0 RSP=ffff88800862ed80 R8 =0000000000000004 R9 =0000000000000010 R10=0000000000000010 R11=0000000000000001 R12=0000000000002710 R13=0000000000000020 R14=fffffbfff0ec4f33 R15=dffffc0000000000 RIP=ffffffff82431a21 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000c00084d000 CR3=000000000d5bc000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 0000000000000000 3ff77a8c0eed8743 YMM02=0000000000000000 0000000000000000 0000000000000000 4137654500000000 YMM03=0000000000000000 0000000000000000 0000ff0000000000 0000000000000000 YMM04=0000000000000000 0000000000000000 732f6c61636f6c2f 7273752f3d485441 YMM05=0000000000000000 0000000000000000 622f6c61636f6c2f 7273752f3a6e6962 YMM06=0000000000000000 0000000000000000 73752f3a6e696273 2f7273752f3a6e69 YMM07=0000000000000000 0000000000000000 6e69622f3a6e6962 732f3a6e69622f72 YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000