syzkaller login: [ 68.402928] sshd (231) used greatest stack depth: 24272 bytes left Warning: Permanently added '[localhost]:31026' (ECDSA) to the list of known hosts. 2025/01/23 22:11:54 fuzzer started 2025/01/23 22:11:54 dialing manager at localhost:45511 [ 71.494184] cgroup: Unknown subsys name 'net' [ 71.612313] cgroup: Unknown subsys name 'cpuset' [ 71.650087] cgroup: Unknown subsys name 'rlimit' [ 79.544032] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 2025/01/23 22:12:12 syscalls: 210 2025/01/23 22:12:12 code coverage: enabled 2025/01/23 22:12:12 comparison tracing: enabled 2025/01/23 22:12:12 extra coverage: enabled 2025/01/23 22:12:12 setuid sandbox: enabled 2025/01/23 22:12:12 namespace sandbox: enabled 2025/01/23 22:12:12 Android sandbox: enabled 2025/01/23 22:12:12 fault injection: enabled 2025/01/23 22:12:12 leak checking: enabled 2025/01/23 22:12:12 net packet injection: enabled 2025/01/23 22:12:12 net device setup: enabled 2025/01/23 22:12:12 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/01/23 22:12:12 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/01/23 22:12:12 USB emulation: enabled 2025/01/23 22:12:12 hci packet injection: enabled 2025/01/23 22:12:12 wifi device emulation: enabled 2025/01/23 22:12:12 802.15.4 emulation: enabled 2025/01/23 22:12:12 fetching corpus: 0, signal 0/0 (executing program) 2025/01/23 22:12:14 starting 8 fuzzer processes 22:12:14 executing program 0: modify_ldt$read(0x0, &(0x7f0000000000)=""/116, 0x74) modify_ldt$read(0x0, &(0x7f0000000080)=""/203, 0xcb) getsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0xb, &(0x7f0000000180), &(0x7f00000001c0)=0x4) r0 = getuid() r1 = geteuid() ioprio_get$uid(0x3, r1) r2 = geteuid() setreuid(r0, r2) socket$inet_udplite(0x2, 0x2, 0x88) r3 = getuid() setreuid(0xffffffffffffffff, r3) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14, 0x0, 0x0, 0x70bd25, 0x25dfdbff, {{}, {@void, @void}}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x50) setfsuid(r0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'wpan4\x00', 0x0}) sendmsg$NL802154_CMD_SET_CCA_MODE(r4, &(0x7f0000000480)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x60, r5, 0x400, 0x70bd2d, 0x25dfdbfd, {}, [@NL802154_ATTR_CCA_OPT={0x8}, @NL802154_ATTR_CCA_OPT={0x8, 0xd, 0x1}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x2}, @NL802154_ATTR_CCA_MODE={0x8, 0xc, 0x5}, @NL802154_ATTR_CCA_MODE={0x8, 0xc, 0x3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}, @NL802154_ATTR_CCA_OPT={0x8}, @NL802154_ATTR_CCA_OPT={0x8}]}, 0x60}, 0x1, 0x0, 0x0, 0x4008040}, 0x40008c5) r7 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_udp_encap(r7, 0x11, 0x64, &(0x7f0000000580)=0x4, 0x4) setfsuid(r1) 22:12:14 executing program 1: r0 = accept(0xffffffffffffffff, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @private0}, &(0x7f00000000c0)=0x80) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0) r1 = socket$packet(0x11, 0x3, 0x300) r2 = accept(r1, 0x0, &(0x7f0000000100)) r3 = accept(0xffffffffffffffff, 0x0, &(0x7f0000000140)) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r2) sendmsg$NL80211_CMD_START_SCHED_SCAN(r3, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000440)={&(0x7f0000000200)={0x22c, r4, 0x8, 0x70bd2a, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x20, 0x4a}}}}, [@NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x2100}, @NL80211_ATTR_SCHED_SCAN_DELAY={0x8, 0xdc, 0x2}, @NL80211_ATTR_SCAN_SSIDS={0x78, 0x2d, 0x0, 0x1, [{0x12, 0x0, @random="b0aba8f19a37f27b3e46692bd3b3"}, {0x18, 0x0, @random="3cad3e62e0c56eeeb2caa8a7f3d06a4cf5ba0975"}, {0xa, 0x0, @default_ibss_ssid}, {0xa, 0x0, @default_ap_ssid}, {0xa, 0x0, @default_ibss_ssid}, {0xc, 0x0, @random="7eb022d2685d4f8e"}, {0xa, 0x0, @default_ibss_ssid}, {0xa, 0x0, @default_ibss_ssid}]}, @NL80211_ATTR_BG_SCAN_PERIOD={0x6, 0x98, 0x3}, @NL80211_ATTR_BSSID={0xa}, @NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x1000}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_SCAN_SUPP_RATES={0x15c, 0x7d, 0x0, 0x1, [@NL80211_BAND_60GHZ={0xcd, 0x2, "fe9daadcaa2c4e1d092635d5dcd7dd7ec8f97945ce8f7a30e50ee7c0beedda29fa8ddcead105ddd825dc9d4af91464224fc49e4bf79196d4704dca44643e31c04278dbbd8b198ee49d4349e77a3a78ee941788540c7a345a63b8086c208cfdf5f5c20d378cac34f2b83b665b17909440e881e4c0a6e0f35c5f4d6e5393cc0142cad9f82d12f9225f43020907b34598a06032e54e7a4b94c7316fc1c5919f899847d09b8652387795bfec9c533df4d0e36b8161b0e52a0d31cbcc748915357281b70903969ddc19a51f"}, @NL80211_BAND_6GHZ={0x85, 0x3, "ef8b401b2e725bb858821d1902d118d4843b1b6decb867194e6535cb37225643b20adf5bc28d278858fcb50c8141f34b295dad51a56a9820e6cbc6beb817d473fa5e46a59a9ed9e760cc08de936dcd71ef3d27b6dfc6f30f2d92387f087d6da3f217f67d6f92791343dfce159ce9a17436b5d99ceb4a96d4c8479e0e5a1bf1ed8e"}]}, @NL80211_ATTR_SCHED_SCAN_INTERVAL={0x8, 0x77, 0x9}]}, 0x22c}, 0x1, 0x0, 0x0, 0x40008c0}, 0x40000) r5 = socket(0xe, 0x5, 0x9) getpeername(r5, &(0x7f00000004c0)=@tipc, &(0x7f0000000540)=0x80) r6 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000580), 0x1, 0x0) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000600), r5) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r6, &(0x7f0000000700)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)={0x4c, r7, 0x8, 0x70bd27, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0xcc}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x1}, @NL80211_ATTR_DURATION={0x8}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x800}, @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x3a}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xe}]]}, 0x4c}, 0x1, 0x0, 0x0, 0x40001}, 0x48011) r8 = syz_open_dev$vcsa(&(0x7f0000000740), 0x0, 0x80000) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r8, 0x40505330, &(0x7f0000000780)={{0x8, 0x9}, {0x4, 0x81}, 0x6, 0x2, 0x8}) sendmsg$NL80211_CMD_SET_COALESCE(r5, &(0x7f0000000940)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000900)={&(0x7f0000000840)={0xbc, r7, 0x8, 0x70bd2a, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_COALESCE_RULE_CONDITION={0x8}, @NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0xa0, 0x3, 0x0, 0x1, [{0x9c, 0x0, 0x0, 0x1, @NL80211_PKTPAT_PATTERN={0x95, 0x2, "84bfb8e4ddd8c6bdac955ab31ebccf75e91a86d59afcf849a6963bce55a05c524d19338605890d8427439a8a4ba86f73e43519b47fa134cab1c8d0f3766d0596f029676ff51fff6be78834026d902e77b2c2bf197b854c687b57242c145dea45bc80d4277b6afb466de0c844236d80031a2e6ed71e685719f8f6deee8e03e1adfdcab5644efc0ac9eb3081819688b43e96"}}]}]}, 0xbc}, 0x1, 0x0, 0x0, 0x240088c1}, 0x8800) socket$inet6(0xa, 0x4, 0x9) socket(0x25, 0x4, 0x5) accept4$packet(r2, &(0x7f0000000980)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000009c0)=0x14, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000a40)={'ip_vti0\x00', &(0x7f0000000a00)={'tunl0\x00', r9, 0x1, 0x7, 0x9, 0x9, {{0x6, 0x4, 0x1, 0x4, 0x18, 0x67, 0x0, 0xe9, 0x2f, 0x0, @multicast1, @multicast1, {[@ra={0x94, 0x4, 0x1}]}}}}}) sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, &(0x7f00000016c0)={&(0x7f0000000f80)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000001680)={&(0x7f0000001000)={0x668, 0x0, 0x4, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x6, 0x1a}}}}, [@NL80211_ATTR_IE={0xf, 0x2a, [@chsw_timing={0x68, 0x4, {0x9, 0x4}}, @channel_switch={0x25, 0x3, {0x0, 0xb8}}]}, @NL80211_ATTR_FTM_RESPONDER={0x5bc, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0xd4, 0x2, "a96da4cf542f9ef78d0a89d204f2d8b51ee4197c67b015aa6a6b268ce894d1f0a2ae3334c4f45036dd7029c33af4b03ea3ca107ffd4e2e563f85a9d2fd0d8659e472a929b8494ecaa490f3623152af41927f946ac9f9639a0211f087d6ca7f8182074831eb7ddb8aa1d8418644625ec94599570ead23e1e42a9b6d37e983e553377c76716385cbcc5289006cdb38439f680506c065060336efa5253d0e8fae0620d653ec9699d8aac08333fdeb1822499d299ed9766fbac6c16820a02a32a2e8425c67c0424e74904061b86e54e6afb0"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0xc0, 0x3, "6ef054758254098354e20c26666cb2ab521566e8b0495e4de80398319975ed8cb76833ea169ccb76237841c4a47efd427ba23d855849b40fedd3523ff6590dea362ce93718e575ba8520295fbc8beb4ffd782bbdccd84012ad03c240600fdf62a4663b497a9b9a0c89056260605cec3d6fb1e2a5714082a6e3f971fd89cdefcbad8cea2007af9fc3d52481c0e5c3e3b2c985e24dc9ca6c9b6a1ab1f48f5a73fc82af10ff30de0814295a81668519f3f604f863f0e1bd42a9bdd351ae"}, @NL80211_FTM_RESP_ATTR_LCI={0xd3, 0x2, "a6ec5e84807888a89b2eae76a1c616763f7e45a957b7361f0213af70ba626b5d27296b31e8860a663c2d8c565045f3ed79719e373257a029451e2e68cd56bc1fb8e67f431b999c96fb804bd99c28d679199a3a6c6dd4d5d4949c69b22c2ae5d0bf564fa2270d5fc6f9023424fa9a999fe79f499775e3c60971fd7002ca2512e73aac6f5870319cdb00d73f00053e253029f1d820e2339a9729acccac5d2c8e6abe78d4ace07b66bb30b729d298d9be6f147ffbf9c8345ebfa600b0a40dd815a60e219195fdd4778c6616cddefc8dc3"}, @NL80211_FTM_RESP_ATTR_LCI={0xa5, 0x2, "7779f4089b3c4c73f85d34f008dab25e3e8c0dc8e429534ec3325f203ac26bd2b852cc2592e58267214d447e0cc2decbc803a145fbd71c859eedf05f994e90d62fb91b283099786f0560188730051b74d739b8274a459bee95ed0d3668afb09347504f00933c3979312a1d89e7a987bb18abd7a5bb8f92ed99220fa8b9535a7c5f39059b0141b0dfa05fc51e3fd748fc1cdaf5abe789004b04d4a553f2533bbb4a"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0xae, 0x3, "94b5615b08073f73c918cc0965d9bdb3513eb65348f21bc43e1fe22c36bc8bb7bc732f7aa5ac46e2a33715a7bd90187f58af42f4536fc133f9c97fffedca2d165f4f42f2592a1bc76febaca0834a7fade6897b522c676b46a5eba8c9cc5d6fdac833b9ad72b05968c72798a354c526289c717188f1bce11ac40c414e4d29f408b6f32a6da99ad55c775cbeb42c85eed1bfd6d32fe9ef4d4585aec1759fcfc8c6e8322ad7106748ed54ac"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0xff, 0x2, "72b7dff1eaadb6a4b8977044fe0c6646b8c4bca1d1b685ac2f307e2a8e0e6aa4eb3178ecfd8609f7dfb53868c8fb073dd3d20507d4344a78e376f5179e4363e92f00323bdc095b584362b762fccebf243cc1c6b0922a7cee2cef87a2dbcda63f72cb6941112893418a090d5d6e39c836365ddbb5ddad819628e093ec4815df18b3b6790caa43274244a93e7f014aa211e9405890790121ee28b1f9ef2a91a3c191aa36f41e9df44d49d3f971b6ff9bbfdb7742c6a8a00b5d7418ee63e29e4bd03c9b61bfc24f207283552adc2f01c668c1962bc8720676fb8de275623eeda5949e91d51b65b5dd2afcaad57de2517b844a19fc3b288b6cadc454ac"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0xee, 0x3, "65cda05cd6185a6875876d7a4b410359b043ecbacfd60af37bcad06438cfd219711689c6639b0714507dc2a99ad14970b3351932f85d267c7da229c762499714038c202f05cdc2e7e8d70e9fcf497f5d0639eb62274ef646d950c498657e6fb7831115b12666b6675e1aa52bc2762efa8a7741e6cdb8252f242c1d06288c22b39596e051dfee3175c83f580b88ec2814d0916eb792cd278d497ee3d3f39eddcc3396568011dccb83dd1255f731d0178ba9773f59f75ba79e87894cbaa91a60fefb596efc652cc31ae84769098fe52d7473b1097d5267a0cb33971f2f9ec3f9618b152ab53c348c5bdc25"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}, @NL80211_ATTR_BEACON_TAIL={0x79, 0xf, [@measure_req={0x26, 0x5c, {0x7, 0xe0, 0x9, "e071a56b3b11fd70f422fc40f7dae60f5e372c5cc866f29239e3c4dfc0e6a5387aff0e2c497630cbb64b526dc7eb24adac99e716cf1f74aab801c1240fafa87a392faa37ecc057c8fc3df949ec21731a75f0cabc373cf82498"}}, @rann={0x7e, 0x15, {{0x0, 0x4b}, 0x20, 0x80, @broadcast, 0x5, 0x8, 0x8}}]}]}, 0x668}, 0x1, 0x0, 0x0, 0x40000}, 0x20000050) 22:12:14 executing program 2: sendmsg$NL80211_CMD_START_P2P_DEVICE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8}, @void}}, ["", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0xa080}, 0x400c1) r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_SEC_KEY(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x44, r0, 0x20, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000000}, 0xa0) r1 = syz_open_dev$vcsa(&(0x7f0000000280), 0xfffffffffffffc01, 0x20000) getsockname$packet(r1, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000300)=0x14) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r2, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x28, r3, 0x100, 0x70bd2d, 0x25dfdbff, {}, [@IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xfffe}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x24000084}, 0x1) r4 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000480), r2) socketpair(0x27, 0x5, 0x1, &(0x7f00000004c0)={0xffffffffffffffff}) sendmsg$NL80211_CMD_START_P2P_DEVICE(r5, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x20, 0x0, 0x100, 0x70bd2a, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x401, 0x46}}}}, ["", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000004}, 0x20008050) sendmsg$IEEE802154_LLSEC_SETPARAMS(r2, &(0x7f00000006c0)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x38, r3, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0xffff}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x1}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0x56}]}, 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x4000880) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000740)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_KEY(r6, &(0x7f00000009c0)={&(0x7f0000000700), 0xc, &(0x7f0000000980)={&(0x7f0000000780)={0x1fc, r0, 0x800, 0x70bd2d, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_SEC_KEY={0x54, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x5}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x6}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "afb2240ae8a5c8ede5e8421bd09bcd2b9c007f7925427e2bd6613855e77228fc"}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "13dd88f6f3c5cfc35e55572ca554c02e"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x6}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SEC_KEY={0x3c, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_ID={0x38, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x18, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xfffe}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}]}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x1}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}]}]}, @NL802154_ATTR_SEC_KEY={0xac, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "d23d29b027436101d2c1c813b3661044386001f7e83300af1abef945779e46ed"}, @NL802154_KEY_ATTR_ID={0x40, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0xd2}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x8}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x499}]}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "181cbf94841232eab687566dfa322fa5"}, @NL802154_KEY_ATTR_ID={0x1c, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x10, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc}]}]}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "e4db6229d12b58024ab9a1b715c94a2a"}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_SEC_KEY={0x74, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x8}, @NL802154_KEY_ATTR_ID={0x68, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x20, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xffff}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}]}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x3}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x30, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}]}]}]}]}, 0x1fc}, 0x1, 0x0, 0x0, 0x4}, 0x24000884) sendmsg$NLBL_MGMT_C_REMOVEDEF(r6, &(0x7f0000000b00)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a40)={0x64, r4, 0x400, 0x70bd2a, 0x25dfdbff, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @empty}, @NLBL_MGMT_A_DOMAIN={0xa, 0x1, '%%#\x91-\x00'}, @NLBL_MGMT_A_DOMAIN={0xa, 0x1, 'wpan3\x00'}, @NLBL_MGMT_A_DOMAIN={0xd, 0x1, 'nl802154\x00'}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x3}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @dev={0xac, 0x14, 0x14, 0x31}}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x3}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @dev={0xac, 0x14, 0x14, 0x38}}]}, 0x64}, 0x1, 0x0, 0x0, 0x10}, 0x4000) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000b80), r6) sendmsg$NLBL_MGMT_C_LISTDEF(r8, &(0x7f0000000c80)={&(0x7f0000000b40)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000c40)={&(0x7f0000000bc0)={0x6c, r9, 0x800, 0x70bd26, 0x25dfdbfe, {}, [@NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x3}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x21}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @mcast2}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x1}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @dev={0xfe, 0x80, '\x00', 0x41}}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @local}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @multicast2}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x1}]}, 0x6c}, 0x1, 0x0, 0x0, 0xc050}, 0x40008001) getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000cc0)=""/173, &(0x7f0000000d80)=0xad) 22:12:14 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wpan4\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan3\x00', 0x0}) sendmsg$NL802154_CMD_SET_MAX_FRAME_RETRIES(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x50, 0x0, 0x300, 0x70bd2c, 0x25dfdbff, {}, [@NL802154_ATTR_MAX_FRAME_RETRIES={0x5, 0xf, 0x2}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_MAX_FRAME_RETRIES={0x5, 0xf, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_MAX_FRAME_RETRIES={0x5, 0xf, 0xd}, @NL802154_ATTR_MAX_FRAME_RETRIES={0x5, 0xf, 0x7f}]}, 0x50}, 0x1, 0x0, 0x0, 0x8010}, 0x48801) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_NEW_SEC_DEV(r3, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x48, 0x0, 0x2, 0x70bd2b, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_SEC_DEVICE={0xc, 0x23, 0x0, 0x1, [@NL802154_DEV_ATTR_PAN_ID={0x6, 0x2, 0xffff}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}]}, 0x48}, 0x1, 0x0, 0x0, 0xbc31861871eaf61e}, 0x20004000) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000300), r4) sendmsg$NBD_CMD_CONNECT(r4, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x44, 0x0, 0x200, 0x70bd2c, 0x25dfdbfb, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x2}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x2}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xe}]}, 0x44}}, 0x48c0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000480), r5) sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r3, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x1c, 0x0, 0x2, 0x70bd27, 0x25dfdbfe, {}, [@IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x8050) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000600), r0) ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, &(0x7f0000000640)={'wpan4\x00', 0x0}) sendmsg$NL802154_CMD_GET_SEC_KEY(r6, &(0x7f0000000740)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000700)={&(0x7f0000000680)={0x5c, r7, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x11f4664e31452dad}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40}, 0x40000) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_STATUS(r9, &(0x7f0000000840)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x28, 0x0, 0x100, 0x70bd26, 0x25dfdbfc, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x28}, 0x1, 0x0, 0x0, 0x804}, 0x20040000) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r6, &(0x7f0000000980)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000940)={&(0x7f00000008c0)={0x68, r7, 0x300, 0x70bd2c, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_SEC_DEVKEY={0x8, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x4}]}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_SEC_DEVKEY={0x2c, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0202}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x6}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0102}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x3}]}]}, 0x68}}, 0x8000) sendmsg$NLBL_CIPSOV4_C_LISTALL(r0, &(0x7f0000000bc0)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000b80)={&(0x7f0000000a00)={0x16c, 0x0, 0x300, 0x0, 0x25dfdbfe, {}, [@NLBL_CIPSOV4_A_TAGLST={0x34, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x1}, {0x5, 0x3, 0x6}, {0x5}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x2}, {0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}, @NLBL_CIPSOV4_A_MLSCATLST={0xf8, 0xc, 0x0, 0x1, [{0x54, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3c890754}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x66a254c3}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x6773}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbe9b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x264114ed}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4db99928}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5192a209}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5fa7a37e}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x408f5bc7}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe3c5}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x70bf}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x603b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xf1db}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x64150e9a}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x47d9c2fd}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc29f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc24c}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc434}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x180a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3434be29}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xd23af87}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd4f}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x23a9423c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x61ea72f2}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x33c7a8e9}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2c928f1c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1918}]}]}, @NLBL_CIPSOV4_A_MLSLVLLST={0x24, 0x8, 0x0, 0x1, [{0x4}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x33042dae}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x9b}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x7a8fe795}]}]}]}, 0x16c}, 0x1, 0x0, 0x0, 0x1}, 0x4040) [ 91.503513] audit: type=1400 audit(1737670334.919:7): avc: denied { execmem } for pid=270 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 22:12:14 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_GET_SEC_DEV(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x48, 0x0, 0x2, 0x70bd26, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x48}, 0x1, 0x0, 0x0, 0xc010}, 0x20000010) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_ADD_KEY(r1, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x38, 0x0, 0x400, 0x70bd28, 0x25dfdbfb, {}, [@IEEE802154_ATTR_LLSEC_KEY_USAGE_COMMANDS={0x24, 0x32, "7dd9d934f35dbd5e29155e0012025945f18b7b7a6a5536c076bd9e113408d61a"}]}, 0x38}, 0x1, 0x0, 0x0, 0x80cd}, 0x840) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_LIST_KEY(r2, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x14, 0x0, 0x1, 0x70bd2c, 0x25dfdbfd, {}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x400c800}, 0x40000000) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r3, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x50, 0x0, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x5}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x2}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xffff}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0x2c4878b344094424}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0x2}]}, 0x50}}, 0x8800) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_RECONFIGURE(r4, &(0x7f0000000540)={&(0x7f0000000480), 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x38, 0x0, 0x800, 0x70bd2b, 0x25dfdbfb, {}, [@NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x9}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x2e}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x28}]}, 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x8040) r5 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000005c0), r4) sendmsg$NLBL_MGMT_C_VERSION(r4, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x68, r5, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x3}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @private1={0xfc, 0x1, '\x00', 0x1}}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @loopback}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @private2={0xfc, 0x2, '\x00', 0x1}}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @dev={0xfe, 0x80, '\x00', 0x1f}}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x16}]}, 0x68}, 0x1, 0x0, 0x0, 0x20004080}, 0x40) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000700), r4) r6 = syz_genetlink_get_family_id$nbd(&(0x7f0000000780), r0) sendmsg$NBD_CMD_STATUS(r4, &(0x7f0000000880)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000840)={&(0x7f00000007c0)={0x50, r6, 0x2, 0x70bd2d, 0x25dfdbfe, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x5}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0xd83a}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x2}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x29}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x3}]}, 0x50}, 0x1, 0x0, 0x0, 0x20040000}, 0x850) r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000900), r3) sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(0xffffffffffffffff, &(0x7f00000009c0)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x14, r7, 0x2, 0x70bd2b, 0x25dfdbfb, {}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x4000019) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_STATUS(r8, &(0x7f0000000b40)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x1085404}, 0xc, &(0x7f0000000b00)={&(0x7f0000000a80)={0x70, 0x0, 0x100, 0x70bd2d, 0x25dfdbfc, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x2}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x80000001}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x6}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x11b8}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x3}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x70}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 22:12:14 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1208000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x58, 0x0, 0x100, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x1, 0x59}}}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_STA_SUPPORTED_CHANNELS={0xa, 0xbd, [0xffdf, 0x3, 0x3f]}, @NL80211_ATTR_MESH_PEER_AID={0x6, 0xed, 0x151}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x3}, @NL80211_ATTR_STA_VLAN={0x8}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000050}, 0x0) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'wpan3\x00', 0x0}) sendmsg$NL802154_CMD_SET_LBT_MODE(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x38, 0x0, 0x10, 0x70bd28, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_LBT_MODE={0x5, 0x13, 0x1}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x8}, 0x1c) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)={0xb0, r3, 0x100, 0x70bd29, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_SEC_LEVEL={0x2c, 0x22, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x2}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x5}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_SEC_LEVEL={0x3c, 0x22, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x3}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x6}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x6}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x6}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}]}, 0xb0}, 0x1, 0x0, 0x0, 0x24004000}, 0x48850) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f0000000500)={0xffffffffffffffff}) r6 = openat$zero(0xffffffffffffff9c, &(0x7f0000000540), 0xa42, 0x0) r7 = accept(0xffffffffffffffff, &(0x7f0000000580)=@nfc_llcp, &(0x7f0000000600)=0x80) sendmsg$NBD_CMD_RECONFIGURE(r4, &(0x7f0000000740)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000700)={&(0x7f0000000640)={0x90, 0x0, 0x2, 0x70bd2d, 0x25dfdbfc, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x9}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x7f}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x3}, @NBD_ATTR_SOCKETS={0x4c, 0x7, 0x0, 0x1, [{0x8, 0x1, r5}, {0x8}, {0x8}, {0x8}, {0x8, 0x1, r0}, {0x8, 0x1, r6}, {0x8, 0x1, r7}, {0x8}, {0x8}]}, @NBD_ATTR_CLIENT_FLAGS={0xc}]}, 0x90}, 0x1, 0x0, 0x0, 0x24000010}, 0x54) r8 = syz_genetlink_get_family_id$nl802154(&(0x7f00000007c0), r4) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r4, &(0x7f0000000b80)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000b40)={&(0x7f0000000800)={0x30c, r8, 0x2, 0x70bd2a, 0x25dfdbfb, {}, [@NL802154_ATTR_SEC_DEVKEY={0x18, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0102}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x7}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_SEC_DEVKEY={0x110, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x4c, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x38, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xffff}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x31de}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_ID={0x78, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0xfffffffa}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x4c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc}]}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x7}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x5}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0xda8}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x701b}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0102}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0xfffffffe}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0302}}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0002}}]}, @NL802154_ATTR_SEC_DEVKEY={0x8, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x4}]}, @NL802154_ATTR_SEC_DEVKEY={0xb8, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0102}}, @NL802154_DEVKEY_ATTR_ID={0xa8, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x20, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x1}]}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0xb8}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x10000}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x14, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x1}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}]}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x10, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}]}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x2c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}]}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000000}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_SEC_DEVKEY={0xf4, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0202}}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0002}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x6}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0102}}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_ID={0x1c, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0xfff}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x4}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x4}]}, @NL802154_DEVKEY_ATTR_ID={0x20, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x650e}]}, @NL802154_DEVKEY_ATTR_ID={0xc, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0xfffffffb}]}, @NL802154_DEVKEY_ATTR_ID={0x68, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x5c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa0}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa3}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa0}]}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x5}]}]}, 0x30c}, 0x1, 0x0, 0x0, 0x21}, 0x8040) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_STATION(r9, &(0x7f0000000dc0)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x2008040}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c00)={0x168, 0x0, 0x800, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x2b7, 0x3f}}}}, [@NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x4b, 0xbe, "617404c07ec113b658944b236d7894404d40bea69e3eee08f6c7d1922ece58567dc7b7769c83aed69d1ca75542e12a44ad39da7adf27e619351ccdf083387075be95de87378131"}, @NL80211_ATTR_STA_PLINK_ACTION={0x5, 0x19, 0x2}, @NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0xf9}, @NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x38b}, @NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0xd2, 0xbe, "788d25b7aaab25fb7a6b68011e52f1cafddb59c40e66e317340cd9eeb0923f8008c13d022ce89999e5e258bd9ca46402d3c1e0067d723a31c2ba8bc0cee8f671fed92eb79e9cc744c0a4e20a579ba39597d9a42d78d5894a604c16106b6b861c6e148a7e32e68b8f6d32d021118155d6b69e0788658af20c40374a958c30cc954a4ae4fa8f7abc1f955f1c79a2a5e6f0cadab305626affa4f8211d8d66aec878b84ea1f941d8cd1afae980eafdf045531a818ae045db9b935d32f2ff6ef3ecac443bd4504025120af323c0673511"}, @NL80211_ATTR_STA_VLAN={0x8, 0x14, r1}]}, 0x168}}, 0x4840) r10 = openat$zero(0xffffffffffffff9c, &(0x7f0000000e00), 0x10000, 0x0) r11 = inotify_add_watch(r6, &(0x7f0000000e40)='./file0\x00', 0x60000003) inotify_rm_watch(r10, r11) sendmsg$NL80211_CMD_SET_COALESCE(r6, &(0x7f0000000f40)={&(0x7f0000000e80)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000f00)={&(0x7f0000000ec0)={0x2c, 0x0, 0x100, 0x70bd27, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x6}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x7ff}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8004}, 0x40000) 22:12:14 executing program 6: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000040)={@private1, 0x0}, &(0x7f0000000080)=0x14) accept$packet(r0, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000100)=0x14) setsockopt$packet_buf(r1, 0x107, 0x2, &(0x7f0000000140)="74226d52471d214d9ca7eb41b2f54774c6a550be1df73befda5204165734139c007fbd7366d083173f8ae887459f9196f7481e929911552cb92a659c95a46b77912d6384d2e500c1e86e6e026887e744a9227fe2a01fa45757c360f58ae07b425e1b9c3aa314928ea99bd7b363829737ffa88ced6d7b339343213e2e9697f9fd60a2f1dd9e73be2a73df8e14c373d252a967f6d7ee1a83ac4f5867ada92878892b5398a6a395ea6bc1bbee29bb5cd08fac522efab8357d24bc227440e65c05636cb68013a4a106ef61348fa604ffd7c853b9c214591e9319e28f40b02a8052275754d1", 0xe3) socket$packet(0x11, 0x3, 0x300) sendmsg$NL80211_CMD_SET_MCAST_RATE(r1, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x5c, 0x0, 0x410, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x14}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x21c}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x1ba}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0xa}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0xb4}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x14}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x1e0}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0xb4}]}, 0x5c}, 0x1, 0x0, 0x0, 0x24000000}, 0x20000000) r4 = accept4$packet(0xffffffffffffffff, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000003c0)=0x14, 0x80000) recvfrom$packet(r4, &(0x7f0000000400)=""/139, 0x8b, 0x142, &(0x7f00000004c0)={0x11, 0xf8, r2, 0x1, 0x5, 0x6, @local}, 0x14) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000500)=@req3={0x100, 0x5, 0xffffff7f, 0x8, 0x3, 0x0, 0xc950af6}, 0x1c) sendto$packet(0xffffffffffffffff, &(0x7f0000000540)="ad708a9ef7b67f9072b038cce02891dc68afd82520352a", 0x17, 0x80, 0x0, 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_LIST_KEY(r5, &(0x7f0000000640)={&(0x7f0000000580), 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x14, 0x0, 0x300, 0x70bd28, 0x25dfdbff, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x20004080}, 0x40844) alarm(0x1000) bind$packet(r1, &(0x7f0000000680)={0x11, 0x11, r3, 0x1, 0x8, 0x6, @remote}, 0x14) alarm(0x163b) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000700), r5) sendmsg$NLBL_CIPSOV4_C_LIST(r6, &(0x7f0000000800)={&(0x7f00000006c0), 0xc, &(0x7f00000007c0)={&(0x7f0000000740)={0x48, r7, 0x300, 0x70bd2d, 0x25dfdbff, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x2}, @NLBL_CIPSOV4_A_TAGLST={0x2c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x1}, {0x5}, {0x5, 0x3, 0x6}, {0x5, 0x3, 0x6}, {0x5, 0x3, 0x2}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x20008000}, 0x4) r8 = syz_open_dev$vcsa(&(0x7f0000000840), 0xfff, 0x200601) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r8, 0x89f3, &(0x7f0000000980)={'tunl0\x00', &(0x7f0000000880)={'syztnl0\x00', r3, 0x10, 0x10, 0x0, 0x1, {{0x29, 0x4, 0x0, 0x3e, 0xa4, 0x66, 0x0, 0x8, 0x2f, 0x0, @empty, @local, {[@ra={0x94, 0x4}, @generic={0x7, 0x10, "047de42416e034bed42244f0e538"}, @ra={0x94, 0x4, 0x1}, @cipso={0x86, 0x18, 0x2, [{0x2, 0x9, "cb5d99f6ea1058"}, {0x0, 0x9, "a743c146bf3f1e"}]}, @timestamp_addr={0x44, 0xc, 0xb0, 0x1, 0x5, [{@empty, 0x2abb}]}, @rr={0x7, 0x1f, 0x31, [@local, @dev={0xac, 0x14, 0x14, 0xa}, @initdev={0xac, 0x1e, 0x1, 0x0}, @empty, @multicast2, @multicast2, @private=0xa010102]}, @timestamp_addr={0x44, 0x34, 0xcc, 0x1, 0x6, [{@loopback, 0x2}, {@broadcast, 0x200}, {@empty, 0xfffffff4}, {@empty, 0x80000001}, {@multicast2, 0x4}, {@remote, 0x80000001}]}]}}}}}) 22:12:15 executing program 7: modify_ldt$read(0x0, &(0x7f0000000000)=""/116, 0x74) modify_ldt$read(0x0, &(0x7f0000000080)=""/107, 0x6b) ioctl$sock_inet_udp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000100)) r0 = geteuid() r1 = geteuid() setreuid(r1, r1) r2 = getuid() setfsuid(r2) setreuid(r0, r2) getsockopt$packet_int(0xffffffffffffffff, 0x107, 0x7, &(0x7f0000000140), &(0x7f0000000180)=0x4) ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f00000001c0)={0x775c, 0x1, 0x1, 0x3, 0xffffff35, 0xfff}) setreuid(r1, r2) ioprio_get$uid(0x0, r1) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getpeername(r3, &(0x7f0000000240)=@alg, &(0x7f00000002c0)=0x80) recvmsg(r4, &(0x7f0000001480)={&(0x7f0000000300)=@in={0x2, 0x0, @broadcast}, 0x80, &(0x7f0000000440)=[{&(0x7f0000000380)=""/143, 0x8f}], 0x1, &(0x7f0000000480)=""/4096, 0x1000}, 0x0) sendmsg$IEEE802154_DISASSOCIATE_REQ(0xffffffffffffffff, &(0x7f0000001580)={&(0x7f00000014c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000001540)={&(0x7f0000001500)={0x30, 0x0, 0x2, 0x70bd26, 0x25dfdbfe, {}, [@IEEE802154_ATTR_REASON={0x5, 0x12, 0x3}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000081}, 0x40811) r5 = geteuid() setfsuid(r5) getsockname(r4, &(0x7f00000015c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000001640)=0x80) [ 92.863690] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 92.870437] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 92.872134] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 92.876080] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 92.878095] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 92.884275] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 92.891130] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 92.894524] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 92.901430] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 92.905648] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 92.907315] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 92.909947] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 92.916519] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 92.929402] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 92.956971] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 92.969348] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 92.974970] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 92.978174] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 93.108681] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 93.122312] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 93.133476] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 93.155162] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 93.162265] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 93.171151] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 93.263054] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 93.276455] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 93.280257] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 93.292191] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 93.302416] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 93.306701] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 93.320186] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 93.332319] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 93.338646] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 93.393679] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 93.403968] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 93.405860] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 93.414557] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 93.416413] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 93.448364] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 93.449346] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 93.454186] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 93.464392] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 93.474688] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 93.476856] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 93.484945] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 93.485924] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 93.494547] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 93.513989] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 95.002227] Bluetooth: hci0: command tx timeout [ 95.003098] Bluetooth: hci1: command tx timeout [ 95.066865] Bluetooth: hci2: command tx timeout [ 95.258839] Bluetooth: hci3: command tx timeout [ 95.450870] Bluetooth: hci4: command tx timeout [ 95.513913] Bluetooth: hci5: command tx timeout [ 95.578916] Bluetooth: hci6: command tx timeout [ 95.642889] Bluetooth: hci7: command tx timeout [ 97.051055] Bluetooth: hci1: command tx timeout [ 97.051551] Bluetooth: hci0: command tx timeout [ 97.114906] Bluetooth: hci2: command tx timeout [ 97.305942] Bluetooth: hci3: command tx timeout [ 97.498007] Bluetooth: hci4: command tx timeout [ 97.562922] Bluetooth: hci5: command tx timeout [ 97.627096] Bluetooth: hci6: command tx timeout [ 97.690894] Bluetooth: hci7: command tx timeout [ 99.099197] Bluetooth: hci1: command tx timeout [ 99.099689] Bluetooth: hci0: command tx timeout [ 99.163150] Bluetooth: hci2: command tx timeout [ 99.354836] Bluetooth: hci3: command tx timeout [ 99.546903] Bluetooth: hci4: command tx timeout [ 99.610821] Bluetooth: hci5: command tx timeout [ 99.674889] Bluetooth: hci6: command tx timeout [ 99.738848] Bluetooth: hci7: command tx timeout [ 101.146998] Bluetooth: hci1: command tx timeout [ 101.147490] Bluetooth: hci0: command tx timeout [ 101.211151] Bluetooth: hci2: command tx timeout [ 101.403831] Bluetooth: hci3: command tx timeout [ 101.596339] Bluetooth: hci4: command tx timeout [ 101.657818] Bluetooth: hci5: command tx timeout [ 101.721932] Bluetooth: hci6: command tx timeout [ 101.785929] Bluetooth: hci7: command tx timeout [ 151.571395] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 151.572150] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 152.793996] syz-executor.1 (279) used greatest stack depth: 23680 bytes left [ 152.992053] [ 152.992441] ====================================================== [ 152.993471] WARNING: possible circular locking dependency detected [ 152.994472] 6.13.0-next-20250123 #1 Not tainted [ 152.995251] ------------------------------------------------------ [ 153.001311] kworker/u8:1/65 is trying to acquire lock: [ 153.002181] ffffffff8621d8e8 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x1612/0x1c80 [ 153.003964] [ 153.003964] but task is already holding lock: [ 153.005036] ffff888015f80768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 153.006770] [ 153.006770] which lock already depends on the new lock. [ 153.006770] [ 153.008186] [ 153.008186] the existing dependency chain (in reverse order) is: [ 153.009467] [ 153.009467] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 153.010662] __mutex_lock+0x13d/0xb50 [ 153.011500] wiphy_register+0x1b2e/0x25d0 [ 153.012419] ieee80211_register_hw+0x23a4/0x3d60 [ 153.013396] mac80211_hwsim_new_radio+0x2759/0x4d60 [ 153.014419] init_mac80211_hwsim+0x389/0x870 [ 153.015367] do_one_initcall+0xf9/0x640 [ 153.016267] kernel_init_freeable+0x53d/0x7a0 [ 153.017218] kernel_init+0x1e/0x2d0 [ 153.017990] ret_from_fork+0x48/0x80 [ 153.018778] ret_from_fork_asm+0x1a/0x30 [ 153.019659] [ 153.019659] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 153.020781] __lock_acquire+0x29fd/0x4580 [ 153.021633] lock_acquire+0x19b/0x520 [ 153.022404] __mutex_lock+0x13d/0xb50 [ 153.023204] unregister_netdevice_many_notify+0x1612/0x1c80 [ 153.024319] unregister_netdevice_queue+0x224/0x2e0 [ 153.025283] _cfg80211_unregister_wdev+0x57b/0x700 [ 153.026247] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 153.027196] ieee80211_unregister_hw+0x55/0x3a0 [ 153.028115] hwsim_exit_net+0x3a0/0x730 [ 153.028900] ops_exit_list+0xb3/0x180 [ 153.029662] cleanup_net+0x546/0xad0 [ 153.030425] process_one_work+0x8ee/0x1a10 [ 153.031287] worker_thread+0x674/0xe70 [ 153.032122] kthread+0x3ab/0x720 [ 153.032843] ret_from_fork+0x48/0x80 [ 153.033576] ret_from_fork_asm+0x1a/0x30 [ 153.034400] [ 153.034400] other info that might help us debug this: [ 153.034400] [ 153.035655] Possible unsafe locking scenario: [ 153.035655] [ 153.036655] CPU0 CPU1 [ 153.037414] ---- ---- [ 153.038185] lock(&rdev->wiphy.mtx); [ 153.038859] lock(rtnl_mutex); [ 153.039816] lock(&rdev->wiphy.mtx); [ 153.040884] lock(rtnl_mutex); [ 153.041488] [ 153.041488] *** DEADLOCK *** [ 153.041488] [ 153.042436] 4 locks held by kworker/u8:1/65: [ 153.043165] #0: ffff888008fdb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12b6/0x1a10 [ 153.044914] #1: ffff88800efbfd30 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x861/0x1a10 [ 153.046559] #2: ffffffff86211910 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xca/0xad0 [ 153.048158] #3: ffff888015f80768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 153.049942] [ 153.049942] stack backtrace: [ 153.050711] CPU: 1 UID: 0 PID: 65 Comm: kworker/u8:1 Not tainted 6.13.0-next-20250123 #1 [ 153.050786] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 153.050829] Workqueue: netns cleanup_net [ 153.050912] Call Trace: [ 153.050930] [ 153.050953] dump_stack_lvl+0xca/0x120 [ 153.051067] print_circular_bug+0x47b/0x750 [ 153.051158] check_noncircular+0x2e9/0x3c0 [ 153.051242] ? __pfx_check_noncircular+0x10/0x10 [ 153.051327] ? hlock_class+0x4e/0x130 [ 153.051387] ? srso_return_thunk+0x5/0x5f [ 153.051499] ? mark_lock+0xac/0xed0 [ 153.051579] ? srso_return_thunk+0x5/0x5f [ 153.051697] ? lockdep_lock+0xba/0x1b0 [ 153.051811] ? __pfx_lockdep_lock+0x10/0x10 [ 153.051935] __lock_acquire+0x29fd/0x4580 [ 153.052072] ? __pfx___lock_acquire+0x10/0x10 [ 153.052164] ? lock_release+0x20f/0x6f0 [ 153.052252] ? __pfx_lock_release+0x10/0x10 [ 153.052338] ? srso_return_thunk+0x5/0x5f [ 153.052458] lock_acquire+0x19b/0x520 [ 153.052545] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 153.052644] ? __pfx_lock_acquire+0x10/0x10 [ 153.052738] ? srso_return_thunk+0x5/0x5f [ 153.052850] ? lock_is_held_type+0x9e/0x120 [ 153.052961] ? srso_return_thunk+0x5/0x5f [ 153.053081] __mutex_lock+0x13d/0xb50 [ 153.053186] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 153.053278] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 153.053372] ? srso_return_thunk+0x5/0x5f [ 153.053484] ? synchronize_rcu_expedited+0x38a/0x420 [ 153.053570] ? __pfx___mutex_lock+0x10/0x10 [ 153.053680] ? srso_return_thunk+0x5/0x5f [ 153.053796] ? srso_return_thunk+0x5/0x5f [ 153.053907] ? kasan_quarantine_put+0x84/0x1e0 [ 153.054027] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 153.054097] ? srso_return_thunk+0x5/0x5f [ 153.054218] unregister_netdevice_many_notify+0x1612/0x1c80 [ 153.054310] ? __virt_addr_valid+0x2e8/0x5d0 [ 153.054415] ? __pfx_lock_release+0x10/0x10 [ 153.054504] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 153.054598] ? find_held_lock+0x2c/0x110 [ 153.054714] ? srso_return_thunk+0x5/0x5f [ 153.054830] ? kernfs_remove_by_name_ns+0xc7/0x130 [ 153.054949] ? srso_return_thunk+0x5/0x5f [ 153.055061] ? lock_release+0x20f/0x6f0 [ 153.055149] ? __pfx_lock_release+0x10/0x10 [ 153.055235] ? srso_return_thunk+0x5/0x5f [ 153.055347] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 153.055442] ? srso_return_thunk+0x5/0x5f [ 153.055565] unregister_netdevice_queue+0x224/0x2e0 [ 153.055653] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 153.055742] ? up_write+0x195/0x520 [ 153.055851] _cfg80211_unregister_wdev+0x57b/0x700 [ 153.055957] ? srso_return_thunk+0x5/0x5f [ 153.056105] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 153.056184] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 153.056262] ? srso_return_thunk+0x5/0x5f [ 153.056374] ? srso_return_thunk+0x5/0x5f [ 153.056486] ? synchronize_rcu+0x1ff/0x260 [ 153.056571] ieee80211_unregister_hw+0x55/0x3a0 [ 153.056662] hwsim_exit_net+0x3a0/0x730 [ 153.056748] ? __pfx_hwsim_exit_net+0x10/0x10 [ 153.056830] ? srso_return_thunk+0x5/0x5f [ 153.056942] ? netdev_run_todo+0x788/0x1040 [ 153.057042] ? __pfx_hwsim_exit_net+0x10/0x10 [ 153.057129] ops_exit_list+0xb3/0x180 [ 153.057215] cleanup_net+0x546/0xad0 [ 153.057306] ? __pfx_cleanup_net+0x10/0x10 [ 153.057405] ? _raw_spin_unlock_irq+0x23/0x40 [ 153.057505] process_one_work+0x8ee/0x1a10 [ 153.057636] ? __pfx_lock_acquire+0x10/0x10 [ 153.057725] ? __pfx_process_one_work+0x10/0x10 [ 153.057842] ? srso_return_thunk+0x5/0x5f [ 153.057954] ? move_linked_works+0x172/0x270 [ 153.058043] ? srso_return_thunk+0x5/0x5f [ 153.058154] ? assign_work+0x196/0x240 [ 153.058269] worker_thread+0x674/0xe70 [ 153.058385] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 153.058488] ? srso_return_thunk+0x5/0x5f [ 153.058600] ? __pfx_worker_thread+0x10/0x10 [ 153.058719] kthread+0x3ab/0x720 [ 153.058822] ? __pfx_kthread+0x10/0x10 [ 153.058926] ? srso_return_thunk+0x5/0x5f [ 153.059038] ? finish_task_switch.isra.0+0x206/0x840 [ 153.059139] ? __pfx_kthread+0x10/0x10 [ 153.059246] ret_from_fork+0x48/0x80 [ 153.059308] ? __pfx_kthread+0x10/0x10 [ 153.059414] ret_from_fork_asm+0x1a/0x30 [ 153.059546] [ 154.991050] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 154.992362] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 154.993371] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 154.998069] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 155.001125] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 155.002949] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 155.054353] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 155.056617] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 155.058992] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 155.061860] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 155.065943] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 155.069005] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 155.076989] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 155.078673] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 155.080168] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 155.086818] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 155.094083] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 155.094861] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 155.183169] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 155.184106] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 155.186259] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 155.193039] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 155.198467] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 155.202019] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 155.264804] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 155.307046] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 155.309997] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 155.325623] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 155.333206] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 155.348406] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 155.365911] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 155.378034] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 155.394118] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 155.437897] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 155.439603] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 155.445170] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 155.448620] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 155.455648] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 155.466807] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 155.475393] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 155.476048] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 155.478823] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 155.481658] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 155.490054] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 155.491296] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 155.492632] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 155.493859] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 155.494646] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 157.018973] Bluetooth: hci0: command tx timeout [ 157.145926] Bluetooth: hci2: command tx timeout [ 157.146448] Bluetooth: hci1: command tx timeout [ 157.273877] Bluetooth: hci3: command tx timeout [ 157.466820] Bluetooth: hci4: command tx timeout [ 157.530790] Bluetooth: hci6: command tx timeout [ 157.531226] Bluetooth: hci5: command tx timeout [ 157.593819] Bluetooth: hci7: command tx timeout [ 159.066856] Bluetooth: hci0: command tx timeout [ 159.194990] Bluetooth: hci2: command tx timeout [ 159.195460] Bluetooth: hci1: command tx timeout [ 159.322857] Bluetooth: hci3: command tx timeout [ 159.514027] Bluetooth: hci4: command tx timeout [ 159.577828] Bluetooth: hci5: command tx timeout [ 159.578334] Bluetooth: hci6: command tx timeout [ 159.644464] Bluetooth: hci7: command tx timeout [ 161.113898] Bluetooth: hci0: command tx timeout [ 161.241850] Bluetooth: hci1: command tx timeout [ 161.242298] Bluetooth: hci2: command tx timeout [ 161.369790] Bluetooth: hci3: command tx timeout [ 161.562315] Bluetooth: hci4: command tx timeout [ 161.625793] Bluetooth: hci6: command tx timeout [ 161.626265] Bluetooth: hci5: command tx timeout [ 161.690269] Bluetooth: hci7: command tx timeout VM DIAGNOSIS: 22:13:16 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=ffff88800efab780 RCX=ffffffff81429a4a RDX=ffff88800efab780 RSI=ffffffff814299d3 RDI=ffff88800efab7ac RBP=ffffffffffffffff RSP=ffff88800bebfdb8 R8 =0000000000000000 R9 =ffffed1001ded980 R10=ffff88800ef6cc07 R11=0000000000000001 R12=ffff8880770c3ff9 R13=ffffffff88650130 R14=ffff88800efab780 R15=0000000000000086 RIP=ffffffff814299d7 RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fa7e0dd80d0 CR3=00000000135de000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=b6f314b9c876e6af5641d1697a91135f XMM02=6b1e99b806172e3b00000000000aea28 XMM03=80f09f19808d26a300000000000aec68 XMM04=73b84b91967069de0000000000138648 XMM05=d3fdd5f48436fbd700000000000aead0 XMM06=87d940c64bec290500000000000ae988 XMM07=a1fcdcf819d7e1e500000000000ae728 XMM08=44495f474f4c5359530069253d595449 XMM09=00000000000000000000000000000000 XMM10=00000000000000000020000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8283eaa5 RDI=ffffffff886970a0 RBP=ffffffff88697060 RSP=ffff88800efbed20 R8 =0000000000000000 R9 =ffffed100167e046 R10=000000000000002d R11=2d2d2d2d2d2d2d2d R12=000000000000002d R13=0000000000000010 R14=ffffffff88697060 R15=ffffffff8283ea90 RIP=ffffffff8283eafd RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000555dd7c9efb8 CR3=000000000ef16000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=7465677261742e79636e656772656d65 XMM02=73732f6563696c732e6d65747379732f XMM03=00656369767265732e6873732f656369 XMM04=0000555dd7c81c000000555dd7d1ba50 XMM05=00000004ffffffff0000555dd7d440f0 XMM06=370036366131006563697665642e3069 XMM07=00000000000000000000000000000000 XMM08=7368746150796c6e4f64616552646e69 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000