Debian GNU/Linux 11 syzkaller ttyS0 syzkaller login: [ 60.071368] scp (237) used greatest stack depth: 22656 bytes left Warning: Permanently added '[localhost]:42260' (ECDSA) to the list of known hosts. 2025/01/28 03:03:01 fuzzer started 2025/01/28 03:03:02 dialing manager at localhost:40883 [ 63.180516] cgroup: Unknown subsys name 'net' [ 63.289421] cgroup: Unknown subsys name 'cpuset' [ 63.331596] cgroup: Unknown subsys name 'rlimit' [ 70.326712] kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 2025/01/28 03:03:19 syscalls: 208 2025/01/28 03:03:19 code coverage: enabled 2025/01/28 03:03:19 comparison tracing: enabled 2025/01/28 03:03:19 extra coverage: enabled 2025/01/28 03:03:19 setuid sandbox: enabled 2025/01/28 03:03:19 namespace sandbox: enabled 2025/01/28 03:03:19 Android sandbox: enabled 2025/01/28 03:03:19 fault injection: enabled 2025/01/28 03:03:19 leak checking: enabled 2025/01/28 03:03:19 net packet injection: enabled 2025/01/28 03:03:19 net device setup: enabled 2025/01/28 03:03:19 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/01/28 03:03:19 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/01/28 03:03:19 USB emulation: enabled 2025/01/28 03:03:19 hci packet injection: enabled 2025/01/28 03:03:19 wifi device emulation: enabled 2025/01/28 03:03:19 802.15.4 emulation: enabled 2025/01/28 03:03:19 fetching corpus: 0, signal 0/0 (executing program) 2025/01/28 03:03:21 starting 8 fuzzer processes 03:03:21 executing program 0: bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000), 0x6) r0 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x44, r0, 0x200, 0x70bd2b, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_MODE={0x5, 0x33, 0x3}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x79}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x9}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000010}, 0x48001) socketpair(0x21, 0x6, 0x5, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = accept4(r1, &(0x7f0000000240)=@hci, &(0x7f00000002c0)=0x80, 0xc0800) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200), r3) syz_genetlink_get_family_id$batadv(&(0x7f0000000300), 0xffffffffffffffff) r5 = accept4(r2, &(0x7f0000000400)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000000480)=0x80, 0x800) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000500), r3) sendmsg$BATADV_CMD_SET_VLAN(r5, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x2c, r6, 0x20, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}]}, 0x2c}}, 0x4000000) setsockopt$bt_hci_HCI_TIME_STAMP(r3, 0x0, 0x3, &(0x7f0000000600)=0xfff, 0x4) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_START_REQ(r7, &(0x7f0000000700)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x3c, 0x0, 0x0, 0x70bd2c, 0x25dfdbfe, {}, [@IEEE802154_ATTR_COORD_REALIGN={0x5, 0x1b, 0x3}, @IEEE802154_ATTR_SF_ORD={0x5, 0x18, 0x9}, @IEEE802154_ATTR_BAT_EXT={0x5, 0x1a, 0x67}, @IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0x10}, @IEEE802154_ATTR_COORD_REALIGN={0x5, 0x1b, 0xf8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4800}, 0x44800) r8 = accept4(0xffffffffffffffff, &(0x7f0000000740)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, &(0x7f00000007c0)=0x80, 0x80800) sendmsg$BATADV_CMD_TP_METER(r8, &(0x7f00000008c0)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000880)={&(0x7f0000000840)={0x34, r4, 0x200, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x80000000}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xffff}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x80a) accept4(r2, 0x0, &(0x7f0000000900), 0x0) sendmsg$NBD_CMD_RECONFIGURE(r7, &(0x7f0000000a00)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000009c0)={&(0x7f0000000980)={0x20, 0x0, 0x200, 0x70bd2a, 0x25dfdbfb, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x8010}, 0x4008014) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000a40)={'batadv_slave_0\x00', 0x0}) setsockopt$packet_drop_memb(r2, 0x107, 0x2, &(0x7f0000000a80)={r9, 0x1, 0x6}, 0x10) ioctl$sock_bt_hci(r3, 0x400448e0, &(0x7f0000000ac0)="164fbe1b3b0deb18d4562ede3baf0ac99d8374d354aaa904cc25c59fe2cf") 03:03:21 executing program 1: ioctl$RNDZAPENTCNT(0xffffffffffffffff, 0x5204, &(0x7f0000000000)=0x79d8) r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) ioctl$INOTIFY_IOC_SETNEXTWD(0xffffffffffffffff, 0x40044900, 0xa876) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000080)) ioctl$RNDGETENTCNT(r0, 0x80045200, &(0x7f0000000100)) epoll_pwait2(0xffffffffffffffff, &(0x7f0000000140)=[{}, {}, {}, {}, {}], 0x5, &(0x7f0000000180), &(0x7f00000001c0)={[0x5b20]}, 0x8) openat$random(0xffffffffffffff9c, &(0x7f0000000200), 0x4881, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000d80)={0x0, 0x1}, 0x4) getpeername$packet(r1, &(0x7f0000000dc0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000e00)=0x14) r2 = inotify_init1(0x80000) ioctl$RNDZAPENTCNT(r0, 0x5204, &(0x7f0000000e40)=0x2) inotify_rm_watch(r2, 0x0) inotify_add_watch(r2, &(0x7f0000000e80)='./file0\x00', 0x2000010) socketpair(0x1a, 0x2, 0x80000001, &(0x7f0000000ec0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000f40), 0xffffffffffffffff) sendmsg$BATADV_CMD_TP_METER(r3, &(0x7f0000001000)={&(0x7f0000000f00)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000fc0)={&(0x7f0000000f80)={0x3c, r5, 0x2, 0x70bd2b, 0x25dfdbff, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @multicast}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x40804) recvmmsg(r3, &(0x7f0000005e80)=[{{0x0, 0x0, &(0x7f00000031c0)=[{&(0x7f0000001040)=""/12, 0xc}, {&(0x7f0000001080)=""/4096, 0x1000}, {&(0x7f0000002080)=""/62, 0x3e}, {&(0x7f00000020c0)=""/4096, 0x1000}, {&(0x7f00000030c0)=""/39, 0x27}, {&(0x7f0000003100)=""/157, 0x9d}], 0x6, &(0x7f0000003240)=""/4096, 0x1000}, 0x401}, {{0x0, 0x0, &(0x7f0000004300)=[{&(0x7f0000004240)=""/145, 0x91}], 0x1}}, {{&(0x7f0000004340)=@ieee802154={0x24, @long}, 0x80, &(0x7f00000047c0)=[{&(0x7f00000043c0)=""/201, 0xc9}, {&(0x7f00000044c0)=""/195, 0xc3}, {&(0x7f00000045c0)=""/53, 0x35}, {&(0x7f0000004600)=""/212, 0xd4}, {&(0x7f0000004700)=""/143, 0x8f}], 0x5, &(0x7f0000004840)=""/4096, 0x1000}, 0xba56}, {{&(0x7f0000005840)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @empty}}}, 0x80, &(0x7f0000005940)=[{&(0x7f00000058c0)=""/69, 0x45}], 0x1, &(0x7f0000005980)=""/63, 0x3f}}, {{&(0x7f00000059c0)=@sco={0x1f, @none}, 0x80, &(0x7f0000005b40)=[{&(0x7f0000005a40)=""/148, 0x94}, {&(0x7f0000005b00)=""/61, 0x3d}], 0x2, &(0x7f0000005b80)=""/73, 0x49}, 0x3}, {{0x0, 0x0, &(0x7f0000005e40)=[{&(0x7f0000005c00)=""/116, 0x74}, {&(0x7f0000005c80)=""/176, 0xb0}, {&(0x7f0000005d40)=""/199, 0xc7}], 0x3}, 0x9}], 0x6, 0x121, &(0x7f0000006000)) r7 = syz_genetlink_get_family_id$gtp(&(0x7f0000006080), r4) sendmsg$GTP_CMD_NEWPDP(r6, &(0x7f0000006180)={&(0x7f0000006040), 0xc, &(0x7f0000006140)={&(0x7f00000060c0)={0x64, r7, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@GTPA_I_TEI={0x8, 0x8, 0x1}, @GTPA_FLOW={0x6}, @GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_VERSION={0x8}, @GTPA_VERSION={0x8}, @GTPA_I_TEI={0x8, 0x8, 0x4}, @GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x42}}, @GTPA_O_TEI={0x8, 0x9, 0x3}, @GTPA_FLOW={0x6}]}, 0x64}, 0x1, 0x0, 0x0, 0x20000004}, 0x40) 03:03:21 executing program 2: r0 = accept4(0xffffffffffffffff, &(0x7f0000003640)=@caif=@dgm, &(0x7f00000036c0)=0x80, 0x80000) sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f0000003800)={&(0x7f0000003700)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000037c0)={&(0x7f0000003740)={0x4c, 0x0, 0x10, 0x70bd2d, 0x25dfdbfd, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x8}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x3ff}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x6}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x1000}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x8}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x24008800}, 0x804) r1 = accept4(r0, &(0x7f0000003840)=@nl=@proc, &(0x7f00000038c0)=0x80, 0x80000) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000003940), r0) sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f0000003a00)={&(0x7f0000003900)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000039c0)={&(0x7f0000003980)={0x3c, r2, 0x800, 0x70bd29, 0x25dfdbfb, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24000090}, 0x11) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000003a40)) sendmsg$SEG6_CMD_SETHMAC(r0, &(0x7f0000003b80)={&(0x7f0000003a80)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000003b40)={&(0x7f0000003ac0)={0x5c, 0x0, 0x10, 0x70bd29, 0x25dfdbff, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x2}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x7}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x8}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x1}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x7}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0xfb6a}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x3}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0xefee}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x4}]}, 0x5c}, 0x1, 0x0, 0x0, 0x1}, 0x4000001) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000003bc0)=0x0) syz_open_procfs$namespace(r3, &(0x7f0000003c00)='ns/pid\x00') r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000003c40)={'batadv_slave_0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000003cc0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_GET_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000003dc0)={&(0x7f0000003c80)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000003d80)={&(0x7f0000003d00)={0x48, 0x0, 0x2, 0x70bd26, 0x80000001, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x880) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f0000003ec0)={&(0x7f0000003e00)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000003e80)={&(0x7f0000003e40)={0x34, 0x0, 0x2, 0x70bd27, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0xffffffffffffffff}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x80000000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$SEG6_CMD_GET_TUNSRC(r7, &(0x7f0000003fc0)={&(0x7f0000003f00)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000003f80)={&(0x7f0000003f40)={0x2c, 0x0, 0x800, 0x70bd2a, 0x25dfdbff, {}, [@SEG6_ATTR_SECRET={0xc, 0x4, [0x8, 0x7fffffff]}, @SEG6_ATTR_SECRET={0x4}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x20004090) syz_open_dev$vcsn(&(0x7f0000004000), 0x9, 0x2) recvmmsg(0xffffffffffffffff, &(0x7f000000bb40)=[{{&(0x7f0000004040)=@in={0x2, 0x0, @remote}, 0x80, &(0x7f00000041c0)=[{&(0x7f00000040c0)=""/246, 0xf6}], 0x1, &(0x7f0000004200)=""/113, 0x71}, 0x2}, {{0x0, 0x0, &(0x7f0000004800)=[{&(0x7f0000004280)=""/39, 0x27}, {&(0x7f00000042c0)}, {&(0x7f0000004300)=""/214, 0xd6}, {&(0x7f0000004400)=""/53, 0x35}, {&(0x7f0000004440)=""/48, 0x30}, {&(0x7f0000004480)=""/220, 0xdc}, {&(0x7f0000004580)=""/9, 0x9}, {&(0x7f00000045c0)=""/104, 0x68}, {&(0x7f0000004640)=""/156, 0x9c}, {&(0x7f0000004700)=""/228, 0xe4}], 0xa, &(0x7f00000048c0)=""/90, 0x5a}, 0xf5}, {{&(0x7f0000004940)=@un=@abs, 0x80, &(0x7f0000005ac0)=[{&(0x7f00000049c0)=""/119, 0x77}, {&(0x7f0000004a40)=""/27, 0x1b}, {&(0x7f0000004a80)=""/30, 0x1e}, {&(0x7f0000004ac0)=""/4096, 0x1000}], 0x4, &(0x7f0000005b00)=""/137, 0x89}, 0xc102}, {{0x0, 0x0, &(0x7f0000007f40)=[{&(0x7f0000005bc0)=""/90, 0x5a}, {&(0x7f0000005c40)=""/4096, 0x1000}, {&(0x7f0000006c40)=""/236, 0xec}, {&(0x7f0000006d40)=""/195, 0xc3}, {&(0x7f0000006e40)=""/140, 0x8c}, {&(0x7f0000006f00)=""/4096, 0x1000}, {&(0x7f0000007f00)=""/38, 0x26}], 0x7}, 0x3}, {{&(0x7f0000007fc0), 0x80, &(0x7f0000009280)=[{&(0x7f0000008040)=""/133, 0x85}, {&(0x7f0000008100)=""/4096, 0x1000}, {&(0x7f0000009100)=""/119, 0x77}, {&(0x7f0000009180)=""/209, 0xd1}], 0x4, &(0x7f00000092c0)=""/56, 0x38}}, {{&(0x7f0000009300)=@caif=@dbg, 0x80, &(0x7f000000a740)=[{&(0x7f0000009380)=""/71, 0x47}, {&(0x7f0000009400)}, {&(0x7f0000009440)=""/4096, 0x1000}, {&(0x7f000000a440)=""/188, 0xbc}, {&(0x7f000000a500)=""/102, 0x66}, {&(0x7f000000a580)=""/84, 0x54}, {&(0x7f000000a600)=""/209, 0xd1}, {&(0x7f000000a700)=""/59, 0x3b}], 0x8, &(0x7f000000a7c0)=""/63, 0x3f}, 0x3}, {{0x0, 0x0, &(0x7f000000a880)=[{&(0x7f000000a800)=""/113, 0x71}], 0x1, &(0x7f000000a8c0)=""/162, 0xa2}, 0x6}, {{&(0x7f000000a980)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff}}, 0x80, &(0x7f000000bb00)=[{&(0x7f000000aa00)=""/244, 0xf4}, {&(0x7f000000ab00)=""/4096, 0x1000}], 0x2}, 0x80000001}], 0x8, 0x40002000, &(0x7f000000bd40)={0x77359400}) sendmsg$BATADV_CMD_TP_METER(r8, &(0x7f000000be40)={&(0x7f000000bd80)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f000000be00)={&(0x7f000000bdc0)={0x1c, r2, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x64e}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20008002}, 0x4044084) sendmsg$BATADV_CMD_SET_VLAN(0xffffffffffffffff, &(0x7f000000bfc0)={&(0x7f000000be80)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f000000bf80)={&(0x7f000000bf00)={0x44, 0x0, 0x10, 0x70bd2b, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x200}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r5}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x8}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040040}, 0x1) 03:03:21 executing program 3: sendmsg$NLBL_MGMT_C_VERSION(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x24, 0x0, 0x200, 0x70bd28, 0x25dfdbfb, {}, [@NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0xffffffffffffffff}, @NLBL_MGMT_A_CLPDOI={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40400}, 0x20000854) sendmsg$IEEE802154_LLSEC_ADD_DEV(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000}, 0xc, 0xfffffffffffffffd, 0x1, 0x0, 0x0, 0x10}, 0x4000004) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x5c0}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x28, 0x0, 0x400, 0x70bd2c, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'vlan0\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000001) sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x44, 0x0, 0x101, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x9}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x7}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x805401c}, 0x40000) r0 = add_key(&(0x7f00000003c0)='cifs.spnego\x00', &(0x7f0000000400)={'syz', 0x3}, &(0x7f0000000440)="bbf3db749c6c2d2f1f69e4e0518a6591788df52e2b6fb2a3638e636b85a4b96286a4f80798f952eb919b0131bc0045919b5ccc466a27520f5c7b7219991baed1f8", 0x41, 0x0) r1 = add_key(&(0x7f0000000500)='asymmetric\x00', &(0x7f0000000540)={'syz', 0x2}, &(0x7f0000000580)="ae870f45320752353b4554ed20e4b5e8a8e4c6408cdd5b36f3b3825083f69f02c6e2196f55efb118921f5ebe91cab68f5ce03d7d4ac0a2b8", 0x38, 0xfffffffffffffff8) keyctl$instantiate(0xc, r0, &(0x7f00000004c0)=@encrypted_update={'update ', 'default', 0x20, 'user:', ']%+#}'}, 0x1a, r1) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x38, 0x0, 0x310, 0x70bd28, 0x25dfdbfd, {}, [@SEG6_ATTR_SECRET={0x14, 0x4, [0x401, 0xfffffbff, 0x9, 0x80000000]}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x2}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x7}]}, 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x4000000) r2 = add_key(&(0x7f00000006c0)='dns_resolver\x00', &(0x7f0000000700)={'syz', 0x0}, 0x0, 0x0, 0x0) keyctl$link(0x8, 0x0, r2) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000740), 0xffffffffffffffff) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(0xffffffffffffffff, 0x89fb, &(0x7f0000002700)={'sit0\x00', &(0x7f0000002680)={'syztnl1\x00', 0x0, 0x29, 0x0, 0xc0, 0x100000, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x8, 0x1, 0xb55, 0x20}}) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(0xffffffffffffffff, 0x89fb, &(0x7f00000027c0)={'ip6tnl0\x00', &(0x7f0000002740)={'syztnl2\x00', r3, 0x2f, 0x3, 0x0, 0x2, 0x5, @mcast1, @private0, 0x700, 0x10, 0x2, 0x6}}) r4 = request_key(&(0x7f0000002800)='dns_resolver\x00', &(0x7f0000002840)={'syz', 0x3}, &(0x7f0000002880)='*B-\x00', 0xfffffffffffffffd) keyctl$unlink(0x9, 0x0, r4) r5 = add_key$keyring(&(0x7f0000002980), &(0x7f00000029c0)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) r6 = request_key(&(0x7f00000028c0)='.dead\x00', &(0x7f0000002900)={'syz', 0x3}, &(0x7f0000002940)='syztnl2\x00', r5) syz_genetlink_get_family_id$gtp(&(0x7f0000002a00), 0xffffffffffffffff) keyctl$read(0xb, r6, &(0x7f0000002a40)=""/4096, 0x1000) add_key$keyring(&(0x7f0000003a40), &(0x7f0000003a80)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) 03:03:22 executing program 4: getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000000)=""/37, &(0x7f0000000040)=0x25) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x6, &(0x7f0000000080)="46e43f673c9e2753a8594d8a", 0xc) r0 = syz_open_dev$vcsn(&(0x7f00000000c0), 0x8, 0x791001) getsockopt$packet_buf(r0, 0x107, 0x1, &(0x7f0000000100)=""/152, &(0x7f00000001c0)=0x98) mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x8, 0x10, r0, 0x10000000) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000200)={0x1, 0x1}, 0x4) setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000240)={0xff, [0x1, 0x20], 0x4}, 0x10) r1 = gettid() kcmp$KCMP_EPOLL_TFD(0x0, r1, 0x7, r0, &(0x7f0000000280)={r0, r0, 0x3f}) r2 = fork() prctl$PR_SCHED_CORE(0x3e, 0x0, r2, 0x0, 0x0) r3 = inotify_add_watch(r0, &(0x7f00000002c0)='./file0\x00', 0x651dd65e5075f79d) inotify_rm_watch(r0, r3) tgkill(r1, 0xffffffffffffffff, 0xc) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000300)) syz_open_dev$vcsn(&(0x7f0000000340), 0x10000, 0x0) write$rfkill(r0, &(0x7f0000000380)={0x7, 0x3, 0x1, 0x1}, 0x8) r5 = syz_open_dev$vcsn(&(0x7f00000003c0), 0xfffffffffffffffc, 0x200000) write$rfkill(r5, &(0x7f0000000400)={0x401, 0x7, 0x2}, 0x8) [ 82.964232] audit: type=1400 audit(1738033402.033:7): avc: denied { execmem } for pid=272 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 03:03:22 executing program 7: syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x0, 0x510, 0x70bd25, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8004}, 0x0) sendmsg$NLBL_MGMT_C_PROTOCOLS(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140), 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x74, 0x0, 0xa796bba41bbfa90d, 0x70bd2a, 0x25dfdbfc, {}, [@NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x2}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @loopback}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @loopback}, @NLBL_MGMT_A_DOMAIN={0x8, 0x1, 'nbd\x00'}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @remote}, @NLBL_MGMT_A_DOMAIN={0x8, 0x1, 'nbd\x00'}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @loopback}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0xffffffffffffffff}]}, 0x74}}, 0x8040) keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000000280)={0x0, 0x26, 0xef}, &(0x7f00000002c0)={'enc=', 'oaep', ' hash=', {'rmd320-generic\x00'}}, &(0x7f0000000340)="c62a9c5faf5e6b41f16c820b44ad2828e637ac2fce264055c5da7fd33930e947b3ee708ab41d", &(0x7f0000000380)=""/239) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'wpan3\x00', 0x0}) sendmsg$NL802154_CMD_GET_SEC_DEVKEY(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x38, 0x0, 0x2, 0x70bd26, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r0}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000080}, 0x1) sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x1c, 0x0, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000080}, 0x4000844) sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000780)={&(0x7f0000000700)={0x68, 0x0, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_SHORT_ADDR={0x6}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x2}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa2}, @IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0x5}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0xb9d}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0202}}]}, 0x68}, 0x1, 0x0, 0x0, 0xc090}, 0x0) sendmsg$NL802154_CMD_DEL_SEC_LEVEL(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000880)={&(0x7f0000000840)={0x1c, 0x0, 0x800, 0x70bd26, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4001}, 0x48800) sendmsg$NL802154_CMD_DEL_SEC_LEVEL(0xffffffffffffffff, &(0x7f00000009c0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x1c, 0x0, 0x8, 0x70bd27, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x11}, 0x24000000) sendmsg$NLBL_MGMT_C_ADD(0xffffffffffffffff, &(0x7f0000000ac0)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a40)={0x30, 0x0, 0x4, 0x70bd2a, 0x25dfdbfe, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0xa0414dfe5106add1}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @ipv4={'\x00', '\xff\xff', @remote}}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000b40), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000b80)={'wpan4\x00', 0x0}) sendmsg$NL802154_CMD_GET_SEC_LEVEL(r1, &(0x7f0000000c80)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000c40)={&(0x7f0000000bc0)={0x68, r2, 0x800, 0x70bd26, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r0}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r0}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}]}, 0x68}, 0x1, 0x0, 0x0, 0x2000c045}, 0x4000000) sendmsg$NLBL_MGMT_C_VERSION(r1, &(0x7f0000000d80)={&(0x7f0000000cc0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000d40)={&(0x7f0000000d00)={0x24, 0x0, 0x20, 0x70bd29, 0x25dfdbfb, {}, [@NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x1}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x28}]}, 0x24}, 0x1, 0x0, 0x0, 0x4048805}, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_DEL_DEV(r4, &(0x7f0000000e80)={&(0x7f0000000dc0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000e40)={&(0x7f0000000e00)={0x28, 0x0, 0x10, 0x70bd26, 0x25dfdbfc, {}, [@IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0x300}}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r0}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x4000891) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$bt_hci_HCI_DATA_DIR(r5, 0x0, 0x1, &(0x7f0000000ec0)=0x38, 0x4) 03:03:22 executing program 5: sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x300, 0x70bd29, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x810}, 0x40) sendmsg$NLBL_MGMT_C_LISTDEF(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, 0x0, 0x10, 0x70bd29, 0x25dfdbfe, {}, [@NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x3}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x2000800) r0 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$NLBL_MGMT_C_ADD(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x24, r0, 0x200, 0x70bd26, 0x25dfdbff, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x7}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @multicast1}]}, 0x24}, 0x1, 0x0, 0x0, 0x44000}, 0x20000041) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x20, 0x0, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [@NBD_ATTR_SERVER_FLAGS={0xc}]}, 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r1, &(0x7f00000007c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000780)={&(0x7f0000000480)={0x2d8, 0x0, 0x8, 0x70bd2c, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_SEC_DEVKEY={0x40, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0002}}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x10000}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x101}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0102}}]}, @NL802154_ATTR_SEC_DEVKEY={0x3c, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x1ff}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x6}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0202}}, @NL802154_DEVKEY_ATTR_ID={0x1c, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}]}]}, @NL802154_ATTR_SEC_DEVKEY={0x230, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0xa8, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x5}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x6}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x3c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xffff}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x280}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x24, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x7fffffff}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0xa84}]}, @NL802154_DEVKEY_ATTR_ID={0xcc, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x9b0b}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x50, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x1}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}]}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x9}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x50, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xffff}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xffff}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xffff}]}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x4}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x1}, @NL802154_DEVKEY_ATTR_ID={0xa8, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x50, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa0}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x8001}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0xc, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}]}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x18, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xffff}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}]}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x4}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x3}]}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}]}, 0x2d8}, 0x1, 0x0, 0x0, 0x20040001}, 0x4000081) sendmsg$NL802154_CMD_DEL_SEC_DEV(r1, &(0x7f00000008c0)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000880)={&(0x7f0000000840)={0x1c, 0x0, 0x1b605f521fe5c016, 0x70bd2a, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000010}, 0x1) ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000940)={'wpan0\x00', 0x0}) sendmsg$IEEE802154_LLSEC_ADD_DEV(r1, &(0x7f0000000a40)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000a00)={&(0x7f0000000980)={0x44, 0x0, 0x100, 0x70bd2c, 0x25dfdbff, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r2}, @IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0x9}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_PAN_ID={0x6}, @IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0xffffffff}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5, 0x36, 0x1}]}, 0x44}}, 0x4800) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000ac0), r1) sendmsg$NL802154_CMD_GET_SEC_DEVKEY(r1, &(0x7f0000000bc0)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x850d6e0e7cbcaaac}, 0xc, &(0x7f0000000b80)={&(0x7f0000000b00)={0x60, r3, 0x10, 0x70bd27, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x60}, 0x1, 0x0, 0x0, 0x24044001}, 0x20000000) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r4, &(0x7f0000000cc0)={&(0x7f0000000c00)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000c80)={&(0x7f0000000c40)={0x1c, 0x0, 0x800, 0x70bd28, 0x25dfdbfc, {}, [@IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004001}, 0x40000) sendmsg$NLBL_CIPSOV4_C_REMOVE(r4, &(0x7f0000000f40)={&(0x7f0000000d00)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000f00)={&(0x7f0000000d40)={0x19c, 0x0, 0x100, 0x70bd2a, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}, @NLBL_CIPSOV4_A_TAGLST={0x14, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x1}, {0x5, 0x3, 0x7}]}, @NLBL_CIPSOV4_A_TAGLST={0x1c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x5}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x1}]}, @NLBL_CIPSOV4_A_MLSLVLLST={0xcc, 0x8, 0x0, 0x1, [{0x24, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1983647c}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xb5}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xf2}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xef}]}, {0x24, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xbd}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1c8f3538}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x71}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xed}]}, {0x4c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4aeffc3e}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xbab79ce}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x47}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x210a04aa}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x26}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x38229266}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xfe}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x52}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3debb5e0}]}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x43}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xb3}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x2ef59950}]}, {0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x10}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x43}]}, {0x4}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x38, 0xc, 0x0, 0x1, [{0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x91f2}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xe830455}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x14ea3ef0}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4840df48}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbaef}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5649}]}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}, @NLBL_CIPSOV4_A_MLSCATLST={0x44, 0xc, 0x0, 0x1, [{0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x34e3}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6807f9cc}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc192}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x64b1b734}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x45095b70}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1224}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x84f8}]}]}]}, 0x19c}, 0x1, 0x0, 0x0, 0x8080}, 0x8080) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000fc0), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_VLAN(0xffffffffffffffff, &(0x7f0000001080)={&(0x7f0000000f80)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000001040)={&(0x7f0000001000)={0x3c, r5, 0x100, 0x70bd29, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x4}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20004811) ioctl$RNDADDENTROPY(0xffffffffffffffff, 0x40085203, &(0x7f00000010c0)={0x80, 0x13, "af97b0ed66037092dbd1cbe858eadd26e984ed"}) sendmsg$NLBL_CIPSOV4_C_REMOVE(r4, &(0x7f0000001200)={&(0x7f0000001100)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000011c0)={&(0x7f0000001140)={0x68, 0x0, 0x100, 0x70bd26, 0x25dfdbff, {}, [@NLBL_CIPSOV4_A_TAGLST={0x54, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x7}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x6}, {0x5, 0x3, 0x6}, {0x5, 0x3, 0x6}, {0x5}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x6}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x20000005) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r4, &(0x7f00000013c0)={&(0x7f0000001240)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000001380)={&(0x7f00000012c0)={0xa4, 0x0, 0x10, 0x70bd25, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @empty}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @multicast1}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'syz_tun\x00'}, @NLBL_UNLABEL_A_SECCTX={0x25, 0x7, 'system_u:object_r:init_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'gretap0\x00'}]}, 0xa4}, 0x1, 0x0, 0x0, 0x8811}, 0x840) 03:03:22 executing program 6: r0 = add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000080)="90bf766ab7187fc7eb1d576de4c9e5a23a543e2b89fef7225954f7b04ffaecf4d9f41975b48a29c22a5ab03872a34e4279f367e1c209946d1e3ff526a9b04e0ae13adcba70abc88faffad0d0e5652d47e67ba7c463728c586d6af2431f8baa2fdb533670f060dfd87a90e3b859a69151024160d467d1b6013a32da83786fd745ce3d243569642a2f7634279bc4bd34625e397b7187686d9993359de01ac668beca32b9c53821c9f0192294bb95a26fcfdae86ede770850bfca3ce86e63fb92089c5e", 0xc2, 0xfffffffffffffffa) keyctl$negate(0xd, r0, 0x4, 0xffffffffffffffff) r1 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0, r0) keyctl$instantiate(0xc, r1, &(0x7f0000000200)=@encrypted_update={'update ', 'ecryptfs', 0x20, 'user:'}, 0x16, r0) keyctl$negate(0xd, r0, 0x0, r1) r2 = add_key(&(0x7f0000000240)='.dead\x00', &(0x7f0000000280)={'syz', 0x2}, &(0x7f00000002c0)="b3ced43d4337685514", 0x9, 0xfffffffffffffffc) r3 = request_key(&(0x7f0000000300)='.dead\x00', &(0x7f0000000340)={'syz', 0x0}, &(0x7f0000000380)='dns_resolver\x00', r1) keyctl$negate(0xd, r2, 0x6, r3) shmctl$SHM_LOCK(0xffffffffffffffff, 0xb) r4 = request_key(&(0x7f00000003c0)='.dead\x00', &(0x7f0000000400)={'syz', 0x0}, &(0x7f0000000440)='dns_resolver\x00', 0xfffffffffffffffd) keyctl$invalidate(0x15, r4) r5 = add_key(&(0x7f0000000480)='asymmetric\x00', &(0x7f00000004c0)={'syz', 0x0}, 0x0, 0x0, r0) keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000000500)={r5, 0xfc, 0x40}, 0x0, &(0x7f0000000540)="58634aafd8961090310a06f387a69ea760503945aa08688ee7eb8e6bc2fea141ec42f563a180bf43a18af3c0bd31e9450817a55008df36bd0004b2d067270ebba13d7d3256fe529ea10bf0b7705d88657db00d08f16b8a84db3184a55d3815e33264c53bd0ef12fb46f3629dd393319bee1eea04255273da4c8e6348e4fa46b5a598a8ae32a8bac1026c7cbd27ff985c1f0bb93ec84b58684f515cdbeaff65b55084deff2ff1784ca659504f7415b8e641881aba5a26e6088bfe289733f8b26fa953b73306d3653819f8977eae12d9351f90f1588a277499d09fc796845c9e46c809dcf543831f68fcbcda0ea0d581174ce4d7c25ee9853f2a9332bb", &(0x7f0000000640)=""/64) r6 = add_key$user(&(0x7f0000000680), &(0x7f00000006c0)={'syz', 0x3}, &(0x7f0000000700)="941c88e12148ede92cd53b193002284cdc9d4ff75b3d2d1f9e22dd42711450951dafdab3909037dc95e7a006aa1f61defc270fefb866af3242bbf02daccd428061f7dea1066bc518d2a6170114974825da50cc85095a3de444a1fa743c105d1fed", 0x61, 0xffffffffffffffff) keyctl$setperm(0x5, r6, 0x8040800) r7 = add_key$keyring(&(0x7f0000000780), &(0x7f00000007c0)={'syz', 0x0}, 0x0, 0x0, r2) add_key$keyring(&(0x7f0000000800), &(0x7f0000000840)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffa) r8 = request_key(&(0x7f0000000980)='.dead\x00', &(0x7f00000009c0)={'syz', 0x1}, &(0x7f0000000a00)='ecryptfs', r0) add_key$fscrypt_v1(&(0x7f0000000880), &(0x7f00000008c0)={'fscrypt:', @desc3}, &(0x7f0000000900)={0x0, "041ea0701a4cf50c93204bf2f3add9186056c3afa9101ab1fd26493c1b2256b89c426f11cf537bc888cd565fd01bd157618c0d95730c6a5b3a117186ba4ce282", 0x34}, 0x48, r8) request_key(&(0x7f0000000a40)='id_legacy\x00', &(0x7f0000000a80)={'syz', 0x3}, &(0x7f0000000ac0)='syz', r7) [ 84.404529] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 84.411236] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 84.413921] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 84.418918] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 84.422512] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 84.425554] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 84.529250] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 84.538282] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 84.555519] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 84.560259] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 84.563033] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 84.565367] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 84.567140] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 84.569724] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 84.573338] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 84.575112] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 84.579539] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 84.586806] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 84.588074] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 84.591122] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 84.593471] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 84.594254] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 84.596572] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 84.599141] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 84.600869] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 84.601029] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 84.602807] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 84.605993] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 84.607324] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 84.610216] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 84.610407] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 84.613962] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 84.618087] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 84.625024] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 84.627038] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 84.630738] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 84.645244] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 84.649306] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 84.651424] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 84.672838] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 84.687806] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 84.691056] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 84.703908] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 84.721637] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 84.730860] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 84.754138] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 84.759636] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 84.768539] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 86.493180] Bluetooth: hci0: command tx timeout [ 86.684387] Bluetooth: hci3: command tx timeout [ 86.684809] Bluetooth: hci4: command tx timeout [ 86.686076] Bluetooth: hci5: command tx timeout [ 86.747820] Bluetooth: hci2: command tx timeout [ 86.749170] Bluetooth: hci1: command tx timeout [ 86.812829] Bluetooth: hci7: command tx timeout [ 86.814624] Bluetooth: hci6: command tx timeout [ 88.540280] Bluetooth: hci0: command tx timeout [ 88.731767] Bluetooth: hci4: command tx timeout [ 88.732263] Bluetooth: hci3: command tx timeout [ 88.733305] Bluetooth: hci5: command tx timeout [ 88.796811] Bluetooth: hci2: command tx timeout [ 88.797308] Bluetooth: hci1: command tx timeout [ 88.859910] Bluetooth: hci6: command tx timeout [ 88.860400] Bluetooth: hci7: command tx timeout [ 90.588909] Bluetooth: hci0: command tx timeout [ 90.779862] Bluetooth: hci5: command tx timeout [ 90.780359] Bluetooth: hci3: command tx timeout [ 90.781145] Bluetooth: hci4: command tx timeout [ 90.845174] Bluetooth: hci2: command tx timeout [ 90.845767] Bluetooth: hci1: command tx timeout [ 90.907916] Bluetooth: hci6: command tx timeout [ 90.908420] Bluetooth: hci7: command tx timeout [ 92.635836] Bluetooth: hci0: command tx timeout [ 92.829624] Bluetooth: hci4: command tx timeout [ 92.830158] Bluetooth: hci3: command tx timeout [ 92.830578] Bluetooth: hci5: command tx timeout [ 92.893849] Bluetooth: hci2: command tx timeout [ 92.893891] Bluetooth: hci1: command tx timeout [ 92.955825] Bluetooth: hci6: command tx timeout [ 92.955872] Bluetooth: hci7: command tx timeout [ 140.769948] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 140.770671] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 141.040838] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 141.041511] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 141.346953] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 141.347582] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 141.537187] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 141.537885] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 141.908472] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 141.909161] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 142.103705] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 142.104354] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 142.300673] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 142.301331] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 142.465702] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 142.466347] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 142.618016] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 142.618690] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 142.802267] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 142.803124] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 142.890744] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 142.891420] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 03:04:22 executing program 4: getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000000)=""/37, &(0x7f0000000040)=0x25) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x6, &(0x7f0000000080)="46e43f673c9e2753a8594d8a", 0xc) r0 = syz_open_dev$vcsn(&(0x7f00000000c0), 0x8, 0x791001) getsockopt$packet_buf(r0, 0x107, 0x1, &(0x7f0000000100)=""/152, &(0x7f00000001c0)=0x98) mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x8, 0x10, r0, 0x10000000) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000200)={0x1, 0x1}, 0x4) setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000240)={0xff, [0x1, 0x20], 0x4}, 0x10) r1 = gettid() kcmp$KCMP_EPOLL_TFD(0x0, r1, 0x7, r0, &(0x7f0000000280)={r0, r0, 0x3f}) r2 = fork() prctl$PR_SCHED_CORE(0x3e, 0x0, r2, 0x0, 0x0) r3 = inotify_add_watch(r0, &(0x7f00000002c0)='./file0\x00', 0x651dd65e5075f79d) inotify_rm_watch(r0, r3) tgkill(r1, 0xffffffffffffffff, 0xc) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000300)) syz_open_dev$vcsn(&(0x7f0000000340), 0x10000, 0x0) write$rfkill(r0, &(0x7f0000000380)={0x7, 0x3, 0x1, 0x1}, 0x8) r5 = syz_open_dev$vcsn(&(0x7f00000003c0), 0xfffffffffffffffc, 0x200000) write$rfkill(r5, &(0x7f0000000400)={0x401, 0x7, 0x2}, 0x8) [ 143.193834] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 143.194477] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 143.459749] [ 143.459966] ====================================================== [ 143.460475] WARNING: possible circular locking dependency detected [ 143.460983] 6.13.0-next-20250124 #1 Not tainted [ 143.461386] ------------------------------------------------------ [ 143.461911] kworker/u8:2/3867 is trying to acquire lock: [ 143.463341] ffffffff8621d8e8 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x1612/0x1c80 [ 143.465430] [ 143.465430] but task is already holding lock: [ 143.467042] ffff888007068768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 143.469039] [ 143.469039] which lock already depends on the new lock. [ 143.469039] [ 143.470317] [ 143.470317] the existing dependency chain (in reverse order) is: [ 143.470923] [ 143.470923] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 143.471484] __mutex_lock+0x13d/0xb50 [ 143.471885] wiphy_register+0x1b2e/0x25d0 [ 143.472311] ieee80211_register_hw+0x23a4/0x3d60 [ 143.472774] mac80211_hwsim_new_radio+0x2759/0x4d60 [ 143.473262] init_mac80211_hwsim+0x389/0x870 [ 143.473725] do_one_initcall+0xf9/0x640 [ 143.474144] kernel_init_freeable+0x53d/0x7a0 [ 143.474601] kernel_init+0x1e/0x2d0 [ 143.474968] ret_from_fork+0x48/0x80 [ 143.475339] ret_from_fork_asm+0x1a/0x30 [ 143.475763] [ 143.475763] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 143.476289] __lock_acquire+0x29fd/0x4580 [ 143.476710] lock_acquire+0x19b/0x520 [ 143.477101] __mutex_lock+0x13d/0xb50 [ 143.477503] unregister_netdevice_many_notify+0x1612/0x1c80 [ 143.478035] unregister_netdevice_queue+0x224/0x2e0 [ 143.478511] _cfg80211_unregister_wdev+0x57b/0x700 [ 143.478992] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 143.479465] ieee80211_unregister_hw+0x55/0x3a0 [ 143.479920] hwsim_exit_net+0x3a0/0x730 [ 143.480319] ops_exit_list+0xb3/0x180 [ 143.480707] cleanup_net+0x546/0xad0 [ 143.481091] process_one_work+0x8ee/0x1a10 [ 143.481546] worker_thread+0x674/0xe70 [ 143.481960] kthread+0x3ab/0x720 [ 143.482326] ret_from_fork+0x48/0x80 [ 143.482696] ret_from_fork_asm+0x1a/0x30 [ 143.483123] [ 143.483123] other info that might help us debug this: [ 143.483123] [ 143.483768] Possible unsafe locking scenario: [ 143.483768] [ 143.484262] CPU0 CPU1 [ 143.484649] ---- ---- [ 143.485035] lock(&rdev->wiphy.mtx); [ 143.485377] lock(rtnl_mutex); [ 143.485878] lock(&rdev->wiphy.mtx); [ 143.486411] lock(rtnl_mutex); [ 143.486714] [ 143.486714] *** DEADLOCK *** [ 143.486714] [ 143.487212] 4 locks held by kworker/u8:2/3867: [ 143.487599] #0: ffff888008fdb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12b6/0x1a10 [ 143.488467] #1: ffff888034897d30 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x861/0x1a10 [ 143.489302] #2: ffffffff86211910 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xca/0xad0 [ 143.490090] #3: ffff888007068768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 143.490963] [ 143.490963] stack backtrace: [ 143.491340] CPU: 1 UID: 0 PID: 3867 Comm: kworker/u8:2 Not tainted 6.13.0-next-20250124 #1 [ 143.491378] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 143.491400] Workqueue: netns cleanup_net [ 143.491441] Call Trace: [ 143.491451] [ 143.491462] dump_stack_lvl+0xca/0x120 [ 143.491521] print_circular_bug+0x47b/0x750 [ 143.491568] check_noncircular+0x2e9/0x3c0 [ 143.491610] ? __pfx_check_noncircular+0x10/0x10 [ 143.491653] ? hlock_class+0x4e/0x130 [ 143.491683] ? srso_return_thunk+0x5/0x5f [ 143.491739] ? mark_lock+0xac/0xed0 [ 143.491782] ? lockdep_lock+0xba/0x1b0 [ 143.491840] ? __pfx_lockdep_lock+0x10/0x10 [ 143.491902] __lock_acquire+0x29fd/0x4580 [ 143.491956] ? __pfx___lock_acquire+0x10/0x10 [ 143.491999] ? lock_release+0x20f/0x6f0 [ 143.492043] ? __pfx_lock_release+0x10/0x10 [ 143.492086] ? srso_return_thunk+0x5/0x5f [ 143.492146] lock_acquire+0x19b/0x520 [ 143.492189] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 143.492238] ? __pfx_lock_acquire+0x10/0x10 [ 143.492285] ? srso_return_thunk+0x5/0x5f [ 143.492340] ? lock_is_held_type+0x9e/0x120 [ 143.492395] ? srso_return_thunk+0x5/0x5f [ 143.492454] __mutex_lock+0x13d/0xb50 [ 143.492506] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 143.492551] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 143.492597] ? srso_return_thunk+0x5/0x5f [ 143.492652] ? synchronize_rcu_expedited+0x38a/0x420 [ 143.492697] ? __pfx___mutex_lock+0x10/0x10 [ 143.492751] ? srso_return_thunk+0x5/0x5f [ 143.492808] ? srso_return_thunk+0x5/0x5f [ 143.492863] ? kasan_quarantine_put+0x84/0x1e0 [ 143.492925] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 143.492960] ? srso_return_thunk+0x5/0x5f [ 143.493019] unregister_netdevice_many_notify+0x1612/0x1c80 [ 143.493071] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 143.493119] ? srso_return_thunk+0x5/0x5f [ 143.493178] ? srso_return_thunk+0x5/0x5f [ 143.493232] ? wake_up_q+0x9e/0x140 [ 143.493274] ? srso_return_thunk+0x5/0x5f [ 143.493330] ? rwsem_wake.isra.0+0xc3/0x110 [ 143.493381] ? __pfx_rwsem_wake.isra.0+0x10/0x10 [ 143.493439] ? srso_return_thunk+0x5/0x5f [ 143.493500] unregister_netdevice_queue+0x224/0x2e0 [ 143.493543] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 143.493587] ? up_write+0x208/0x520 [ 143.493641] _cfg80211_unregister_wdev+0x57b/0x700 [ 143.493693] ? srso_return_thunk+0x5/0x5f [ 143.493752] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 143.493791] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 143.493829] ? srso_return_thunk+0x5/0x5f [ 143.493884] ? srso_return_thunk+0x5/0x5f [ 143.493939] ? synchronize_rcu+0x1ff/0x260 [ 143.493982] ieee80211_unregister_hw+0x55/0x3a0 [ 143.494027] hwsim_exit_net+0x3a0/0x730 [ 143.494069] ? __pfx_hwsim_exit_net+0x10/0x10 [ 143.494110] ? srso_return_thunk+0x5/0x5f [ 143.494165] ? netdev_run_todo+0x788/0x1040 [ 143.494214] ? __pfx_hwsim_exit_net+0x10/0x10 [ 143.494257] ops_exit_list+0xb3/0x180 [ 143.494299] cleanup_net+0x546/0xad0 [ 143.494344] ? __pfx_cleanup_net+0x10/0x10 [ 143.494397] process_one_work+0x8ee/0x1a10 [ 143.494462] ? __pfx_lock_acquire+0x10/0x10 [ 143.494507] ? __pfx_process_one_work+0x10/0x10 [ 143.494565] ? srso_return_thunk+0x5/0x5f [ 143.494620] ? move_linked_works+0x172/0x270 [ 143.494665] ? srso_return_thunk+0x5/0x5f [ 143.494720] ? assign_work+0x196/0x240 [ 143.494778] worker_thread+0x674/0xe70 [ 143.494836] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 143.494888] ? srso_return_thunk+0x5/0x5f [ 143.494943] ? __pfx_worker_thread+0x10/0x10 [ 143.495002] kthread+0x3ab/0x720 [ 143.495054] ? __pfx_kthread+0x10/0x10 [ 143.495106] ? srso_return_thunk+0x5/0x5f [ 143.495161] ? finish_task_switch.isra.0+0x206/0x840 [ 143.495212] ? __pfx_kthread+0x10/0x10 [ 143.495266] ret_from_fork+0x48/0x80 [ 143.495297] ? __pfx_kthread+0x10/0x10 [ 143.495350] ret_from_fork_asm+0x1a/0x30 [ 143.495416] [ 143.718215] ieee80211 phy16: Selected rate control algorithm 'minstrel_ht' 03:04:22 executing program 4: getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000000)=""/37, &(0x7f0000000040)=0x25) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x6, &(0x7f0000000080)="46e43f673c9e2753a8594d8a", 0xc) r0 = syz_open_dev$vcsn(&(0x7f00000000c0), 0x8, 0x791001) getsockopt$packet_buf(r0, 0x107, 0x1, &(0x7f0000000100)=""/152, &(0x7f00000001c0)=0x98) mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x8, 0x10, r0, 0x10000000) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000200)={0x1, 0x1}, 0x4) setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000240)={0xff, [0x1, 0x20], 0x4}, 0x10) r1 = gettid() kcmp$KCMP_EPOLL_TFD(0x0, r1, 0x7, r0, &(0x7f0000000280)={r0, r0, 0x3f}) r2 = fork() prctl$PR_SCHED_CORE(0x3e, 0x0, r2, 0x0, 0x0) r3 = inotify_add_watch(r0, &(0x7f00000002c0)='./file0\x00', 0x651dd65e5075f79d) inotify_rm_watch(r0, r3) tgkill(r1, 0xffffffffffffffff, 0xc) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000300)) syz_open_dev$vcsn(&(0x7f0000000340), 0x10000, 0x0) write$rfkill(r0, &(0x7f0000000380)={0x7, 0x3, 0x1, 0x1}, 0x8) r5 = syz_open_dev$vcsn(&(0x7f00000003c0), 0xfffffffffffffffc, 0x200000) write$rfkill(r5, &(0x7f0000000400)={0x401, 0x7, 0x2}, 0x8) 03:04:23 executing program 4: getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000000)=""/37, &(0x7f0000000040)=0x25) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x6, &(0x7f0000000080)="46e43f673c9e2753a8594d8a", 0xc) r0 = syz_open_dev$vcsn(&(0x7f00000000c0), 0x8, 0x791001) getsockopt$packet_buf(r0, 0x107, 0x1, &(0x7f0000000100)=""/152, &(0x7f00000001c0)=0x98) mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x8, 0x10, r0, 0x10000000) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000200)={0x1, 0x1}, 0x4) setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000240)={0xff, [0x1, 0x20], 0x4}, 0x10) r1 = gettid() kcmp$KCMP_EPOLL_TFD(0x0, r1, 0x7, r0, &(0x7f0000000280)={r0, r0, 0x3f}) r2 = fork() prctl$PR_SCHED_CORE(0x3e, 0x0, r2, 0x0, 0x0) r3 = inotify_add_watch(r0, &(0x7f00000002c0)='./file0\x00', 0x651dd65e5075f79d) inotify_rm_watch(r0, r3) tgkill(r1, 0xffffffffffffffff, 0xc) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000300)) syz_open_dev$vcsn(&(0x7f0000000340), 0x10000, 0x0) write$rfkill(r0, &(0x7f0000000380)={0x7, 0x3, 0x1, 0x1}, 0x8) r5 = syz_open_dev$vcsn(&(0x7f00000003c0), 0xfffffffffffffffc, 0x200000) write$rfkill(r5, &(0x7f0000000400)={0x401, 0x7, 0x2}, 0x8) [ 145.891747] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 145.898216] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 145.903722] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 145.926013] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 145.931365] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 145.932615] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 145.952516] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 145.953386] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 145.954249] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 145.955780] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 145.961303] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 145.962439] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 146.035274] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 146.049906] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 146.052294] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 146.056015] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 146.069363] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 146.073946] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 146.119519] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 146.127826] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 146.128610] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 146.130358] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 146.131514] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 146.132572] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 146.214715] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 146.230049] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 146.242940] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 146.255952] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 146.267127] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 146.283952] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 146.315092] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 146.318942] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 146.322185] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 146.348801] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 146.350284] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 146.351412] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 147.995736] Bluetooth: hci0: command tx timeout [ 147.996213] Bluetooth: hci1: command tx timeout [ 148.123710] Bluetooth: hci2: command tx timeout [ 148.188677] Bluetooth: hci4: command tx timeout [ 148.315752] Bluetooth: hci6: command tx timeout [ 148.443711] Bluetooth: hci7: command tx timeout [ 150.043852] Bluetooth: hci1: command tx timeout [ 150.044308] Bluetooth: hci0: command tx timeout [ 150.171723] Bluetooth: hci2: command tx timeout [ 150.235699] Bluetooth: hci4: command tx timeout [ 150.363710] Bluetooth: hci6: command tx timeout [ 150.491685] Bluetooth: hci7: command tx timeout [ 152.091872] Bluetooth: hci1: command tx timeout [ 152.092342] Bluetooth: hci0: command tx timeout [ 152.219774] Bluetooth: hci2: command tx timeout [ 152.283682] Bluetooth: hci4: command tx timeout [ 152.411862] Bluetooth: hci6: command tx timeout [ 152.539756] Bluetooth: hci7: command tx timeout VM DIAGNOSIS: 03:04:22 Registers: info registers vcpu 0 RAX=ffff888018b59000 RBX=ffff888018b56e48 RCX=ffff888018af6410 RDX=ffff888012caec00 RSI=ffff888018af6398 RDI=0000000000000000 RBP=ffff8880323244a0 RSP=ffff88800ef5f650 R8 =0000000000000000 R9 =ffffed1001debebb R10=0000000000000003 R11=00000000000c2867 R12=ffff888018af6398 R13=0000000000000078 R14=0000000000000001 R15=0000000000000286 RIP=ffffffff81aef661 RFL=00000086 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fafdd9eb8c0 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ff0afc2d998 CR3=000000000d7be000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=000000000000002f002f2e2e2f002e2e XMM01=0000000000000000696c61766e49002f XMM02=ffffffffffffff0f0e0d0c0b0a090807 XMM03=0000000000000000000055fd3700302f XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=000055fd370ae8b0000055fd370e1750 XMM06=000000000000000000000004ffffffff XMM07=00000000000000000000000000000000 XMM08=2f63697361622f6372732f2e2e000d0a XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=000000000000000a RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8283f165 RDI=ffffffff886970a0 RBP=ffffffff88697060 RSP=ffff888034896d20 R8 =0000000000000000 R9 =ffffed1001d6a046 R10=0000000000000001 R11=6f6c206863696877 R12=000000000000000a R13=0000000000000010 R14=ffffffff88697060 R15=ffffffff8283f150 RIP=ffffffff8283f1bd RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f902ba6a6f4 CR3=000000000e772000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ffffffffffffff00ffffffffffffffff XMM01=ffffffffffffffffffffffffffffffff XMM02=00524f52524500400000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000