Warning: Permanently added '[localhost]:9463' (ECDSA) to the list of known hosts. 2025/01/29 23:19:23 fuzzer started 2025/01/29 23:19:24 dialing manager at localhost:36977 syzkaller login: [ 70.200585] cgroup: Unknown subsys name 'net' [ 70.308479] cgroup: Unknown subsys name 'cpuset' [ 70.342176] cgroup: Unknown subsys name 'rlimit' 2025/01/29 23:19:43 syscalls: 205 2025/01/29 23:19:43 code coverage: enabled 2025/01/29 23:19:43 comparison tracing: enabled 2025/01/29 23:19:43 extra coverage: enabled 2025/01/29 23:19:43 setuid sandbox: enabled 2025/01/29 23:19:43 namespace sandbox: enabled 2025/01/29 23:19:43 Android sandbox: enabled 2025/01/29 23:19:43 fault injection: enabled 2025/01/29 23:19:43 leak checking: enabled 2025/01/29 23:19:43 net packet injection: enabled 2025/01/29 23:19:43 net device setup: enabled 2025/01/29 23:19:43 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/01/29 23:19:43 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/01/29 23:19:43 USB emulation: enabled 2025/01/29 23:19:43 hci packet injection: enabled 2025/01/29 23:19:43 wifi device emulation: enabled 2025/01/29 23:19:43 802.15.4 emulation: enabled 2025/01/29 23:19:43 fetching corpus: 0, signal 0/0 (executing program) 2025/01/29 23:19:44 starting 8 fuzzer processes 23:19:44 executing program 0: mprotect(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x200000d) r0 = io_uring_setup(0x3df9, &(0x7f0000000000)={0x0, 0x9aa, 0x20, 0x3, 0x6f}) r1 = syz_io_uring_setup(0x67eb, &(0x7f0000000080)={0x0, 0xddef, 0x20, 0x3, 0x3, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)) r2 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000000, 0x10, r1, 0x10000000) syz_io_uring_submit(0x0, r2, &(0x7f0000000180)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x1, 0x2004, @fd_index=0x2, 0x3831fc56, 0x0, 0x0, 0x10}, 0x6) mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2, &(0x7f00000001c0)=0x3, 0x535f, 0x6) inotify_rm_watch(0xffffffffffffffff, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000000, 0x1f5033, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000200)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x5, 0x0, 0x0, 0x0, 0x1}, 0x4) mlock(&(0x7f0000ffb000/0x2000)=nil, 0x2000) inotify_rm_watch(0xffffffffffffffff, 0x0) sendmsg$MPTCP_PM_CMD_GET_ADDR(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0xb8, 0x0, 0x1, 0x70bd26, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x3}, @MPTCP_PM_ATTR_ADDR={0x48, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @remote}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @loopback}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @loopback}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x5}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x8}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @private=0xa010101}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x7}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x7}, @MPTCP_PM_ATTR_SUBFLOWS={0x8}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x3}]}, 0xb8}, 0x1, 0x0, 0x0, 0x10}, 0x4000) epoll_create1(0x0) sendmsg$TIPC_CMD_SHOW_PORTS(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x1c, 0x0, 0x20, 0x70bd2b, 0x25dfdbfd, {}, ["", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x4008000) pkey_mprotect(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x6, 0xffffffffffffffff) mlock2(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1) r4 = openat$nvram(0xffffffffffffff9c, &(0x7f00000004c0), 0x900, 0x0) sendmsg$IPVS_CMD_GET_SERVICE(r4, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x78, 0x0, 0x10, 0x70bd29, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7}, @IPVS_CMD_ATTR_SERVICE={0x28, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x5}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}}, @IPVS_SVC_ATTR_PE_NAME={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x4}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e22}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x400}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x4000848}, 0x4000810) ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000640)) sendmsg$BATADV_CMD_SET_VLAN(r4, &(0x7f0000000780)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000740)={&(0x7f00000006c0)={0x4c, 0x0, 0x200, 0x70bd2c, 0x25dfdbfc, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x100}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x81}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x80}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 23:19:44 executing program 1: pselect6(0x40, &(0x7f0000000000)={0x8, 0x2, 0x8976, 0x4, 0x3e30, 0x5, 0x80000000, 0x10d}, &(0x7f0000000040)={0x0, 0x100000001, 0x4, 0x7, 0x8, 0x1, 0xffff, 0x5}, &(0x7f0000000080)={0x2, 0x7, 0xfff, 0x7, 0x100, 0x1, 0xdd1, 0xffffffffffffff0c}, &(0x7f00000000c0)={0x77359400}, &(0x7f0000000140)={&(0x7f0000000100)={[0x2]}, 0x8}) clock_gettime(0x7, &(0x7f0000000180)) r0 = getpgrp(0xffffffffffffffff) sched_rr_get_interval(r0, &(0x7f00000001c0)) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x4, &(0x7f0000ffc000/0x1000)=nil) pselect6(0x40, &(0x7f0000000200)={0x400, 0x6, 0x80, 0x8, 0x2, 0x2, 0x20, 0x8}, &(0x7f0000000240)={0x9, 0x9, 0x70c, 0x400, 0x4, 0x1, 0x8, 0x7}, &(0x7f0000000280)={0xd6, 0x4417, 0x22f, 0x1f, 0x4, 0x7, 0x2, 0x3}, &(0x7f00000002c0)={0x0, 0x989680}, &(0x7f0000000340)={&(0x7f0000000300)={[0x9]}, 0x8}) syz_memcpy_off$IO_URING_METADATA_FLAGS(0x0, 0x118, &(0x7f0000000380)=0x1, 0x0, 0x4) r1 = syz_io_uring_setup(0x1d48, &(0x7f00000003c0)={0x0, 0x71cc, 0x4, 0x3, 0x40}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000440), &(0x7f0000000480)=0x0) r3 = accept(0xffffffffffffffff, 0x0, &(0x7f00000004c0)) syz_io_uring_submit(0x0, r2, &(0x7f0000000540)=@IORING_OP_SEND={0x1a, 0x2, 0x0, r3, 0x0, &(0x7f0000000500)="bc7ad362653cbfff5e0a485b1bb38cddecce391bcb286a306b5bb3851e93213e3303547f55ff110c4f782cd4980dc76dbd00e7d36b22", 0x36, 0x40844, 0x1}, 0x8001) move_pages(0x0, 0x3, &(0x7f0000000580)=[&(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil], &(0x7f00000005c0)=[0x60, 0x3], &(0x7f0000000600)=[0x0, 0x0], 0x0) pselect6(0x40, &(0x7f0000000640)={0x0, 0x101, 0x3a, 0x0, 0xffffffff, 0xc00000000000, 0x20, 0xac}, &(0x7f0000000680)={0x8, 0x400, 0x8, 0x0, 0x40, 0x9, 0x47bc, 0x3ff}, &(0x7f00000006c0)={0x3ff, 0x7, 0x3a5, 0x5, 0x40, 0x1ff, 0x1, 0x7791}, &(0x7f0000000700), &(0x7f0000000780)={&(0x7f0000000740)={[0x8]}, 0x8}) getsockopt$bt_BT_SECURITY(0xffffffffffffffff, 0x112, 0x4, &(0x7f00000007c0), 0x2) clock_gettime(0x2, &(0x7f0000000800)) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, &(0x7f00000009c0)={&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x0, 0x0, &(0x7f0000000840)=""/200, 0xc8, 0x0, &(0x7f0000000940)=""/96, 0x60}, &(0x7f0000000a00)=0x40) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x1000004, 0x20010, r1, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000a40)=@IORING_OP_READ_FIXED={0x4, 0x5, 0x4004, @fd_index=0x4, 0x2, 0x5, 0x4, 0x0, 0x1, {0x1}}, 0x3) pselect6(0x40, &(0x7f0000000a80)={0x0, 0x1, 0xff, 0x10000, 0x0, 0x0, 0x5, 0xfff}, &(0x7f0000000ac0)={0x2, 0x7ff, 0x9, 0x4, 0x7fffffff, 0xfffffffffffffffa, 0x6000000000, 0xfffffffffffffffa}, &(0x7f0000000b00)={0x7fff, 0x200000000000, 0x1b, 0x400000000000000, 0x2, 0x0, 0x401, 0x1f}, &(0x7f0000000b40)={0x77359400}, &(0x7f0000000bc0)={&(0x7f0000000b80)={[0x7]}, 0x8}) pselect6(0x40, &(0x7f0000000c00)={0x101, 0x0, 0x9, 0x10000, 0x1, 0x4, 0x4, 0x1}, &(0x7f0000000c40)={0x80000000, 0x8, 0x8000, 0x57, 0x3, 0x4, 0x80000000, 0x68a21cce}, &(0x7f0000000c80)={0x1, 0x5, 0x7, 0x2, 0x3aa7, 0xfffffffffffffffd, 0x1ff, 0x81}, &(0x7f0000000cc0)={0x0, 0x989680}, &(0x7f0000000d40)={&(0x7f0000000d00)={[0x1000]}, 0x8}) mincore(&(0x7f0000fee000/0x1000)=nil, 0x1000, &(0x7f0000000d80)=""/197) 23:19:44 executing program 2: setsockopt$WPAN_SECURITY_LEVEL(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000000)=0x6, 0x4) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x0, 0x10d, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000080}, 0x5) openat$cdrom(0xffffffffffffff9c, &(0x7f0000000140), 0x400100, 0x0) r0 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x24, r0, 0x8, 0x70bd2a, 0x25dfdbfe, {{}, {}, {0x8, 0x11, 0x80000000}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x814}, 0xc045) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'batadv0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCADD6RD(0xffffffffffffffff, 0x89f9, &(0x7f0000000380)={'syztnl2\x00', &(0x7f0000000300)={'sit0\x00', r1, 0x4, 0x7f, 0x87, 0x5, 0x48, @remote, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x1, 0x700, 0x3f, 0x7}}) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f00000003c0), 0x80, 0x0) ioctl$CDROM_SELECT_SPEED(r3, 0x5322, 0x9) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r3, 0x89f8, &(0x7f0000000480)={'sit0\x00', &(0x7f0000000400)={'ip6gre0\x00', r2, 0x4, 0x7, 0x4, 0x10000, 0x0, @mcast2, @empty, 0x7800, 0x1, 0x2, 0x7f}}) r4 = accept4(r3, 0x0, &(0x7f00000004c0), 0x81000) sendmsg$TIPC_CMD_SET_LINK_TOL(r4, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x68, r0, 0x800, 0x70bd2a, 0x25dfdbfd, {{}, {}, {0x4c, 0x18, {0x9, @link='syz1\x00'}}}, ["", "", "", "", "", "", "", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x800) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r4, 0x89f0, &(0x7f00000006c0)={'ip6_vti0\x00', &(0x7f0000000640)={'ip6gre0\x00', r1, 0x29, 0xdf, 0x6, 0x2, 0x1c, @loopback, @mcast1, 0x700, 0x40, 0x800, 0x101}}) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r4, 0x89fb, &(0x7f0000000780)={'sit0\x00', &(0x7f0000000700)={'ip6gre0\x00', r5, 0x2f, 0x8, 0x5, 0x3aa1, 0x5, @private2={0xfc, 0x2, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x8, 0x80, 0x4, 0x5}}) sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000880)={&(0x7f0000000800)={0x5c, 0x0, 0x20, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x4}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x9c5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x5c}, 0x1, 0x0, 0x0, 0xe1}, 0x1) r6 = socket(0xb, 0x2, 0xffffffff) sendmsg$BATADV_CMD_SET_HARDIF(r6, &(0x7f00000009c0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x3c, 0x0, 0x4, 0x70bd2a, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x2}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x9}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x20008080) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r4, 0x89f6, &(0x7f0000000ac0)={'syztnl0\x00', &(0x7f0000000a40)={'ip6_vti0\x00', r5, 0x4, 0xfb, 0x9, 0x3f, 0x0, @empty, @private2, 0x1, 0x8000, 0x4, 0xfff}}) sendmsg$BATADV_CMD_GET_MESH(r6, &(0x7f0000000bc0)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000b80)={&(0x7f0000000b00)={0x5c, 0x0, 0x100, 0x57, 0x25dfdbfc, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x32}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x9}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x2}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xffff}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x24000893}, 0x4008014) ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000c00)={0x7, 0x4, 0x5, 0x3, 0x0, 0x1}) 23:19:44 executing program 4: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0) r0 = syz_io_uring_complete(0x0) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000040)) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000080), 0x101001, 0x0) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100), r0) sendmsg$TIPC_CMD_SET_LINK_TOL(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x30, r2, 0x400, 0x70bd28, 0x25dfdbfd, {{}, {}, {0x14, 0x18, {0xfffffff8, @bearer=@udp='udp:syz2\x00'}}}, ["", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x18c1}, 0x4004010) sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfe, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x2}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x4}, @BATADV_ATTR_ISOLATION_MASK={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x4) socket$inet6_udp(0xa, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000340), r0) sendmsg$TIPC_CMD_DISABLE_BEARER(r3, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x2c, r4, 0x8, 0x70bd29, 0x25dfdbfc, {{}, {}, {0x10, 0x13, @udp='udp:syz1\x00'}}, [""]}, 0x2c}, 0x1, 0x0, 0x0, 0x20040004}, 0x4004000) ioctl$sock_ipv6_tunnel_SIOCADDPRL(r1, 0x89f5, &(0x7f00000004c0)={'sit0\x00', &(0x7f0000000440)={'sit0\x00', 0x0, 0x4, 0x1, 0x81, 0x4, 0x19, @dev={0xfe, 0x80, '\x00', 0xa}, @loopback, 0x1, 0x7800, 0x400, 0x2}}) sendmsg$TIPC_CMD_SHOW_PORTS(r0, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x1c, r4, 0x20, 0x70bd25, 0x25dfdbfc, {}, ["", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x8010}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000680)={'syztnl0\x00', &(0x7f0000000600)={'syztnl2\x00', 0x0, 0x29, 0x9, 0xe5, 0x1, 0x45, @private2={0xfc, 0x2, '\x00', 0x1}, @rand_addr=' \x01\x00', 0x7800, 0x20, 0x8, 0x8}}) r6 = socket(0x2c, 0x1, 0x7f) sendmsg$MPTCP_PM_CMD_SET_LIMITS(r6, &(0x7f0000000780)={&(0x7f00000006c0), 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x14, 0x0, 0x200, 0x70bd2a, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20000041}, 0x0) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f00000007c0)) r7 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r7, 0x89fb, &(0x7f0000000880)={'ip6gre0\x00', &(0x7f0000000800)={'ip6tnl0\x00', r5, 0x4, 0x5, 0x8, 0x5, 0x8, @private1, @mcast2, 0x1, 0x700, 0x10000, 0x10}}) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(0xffffffffffffffff, &(0x7f00000009c0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x1c, 0x0, 0x100, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x8000) [ 90.426928] audit: type=1400 audit(1738192784.474:7): avc: denied { execmem } for pid=270 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 23:19:44 executing program 3: r0 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, r0, 0x10, 0x70bd2d, 0x25dfdbfb, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x8}]}, 0x24}}, 0x20008000) r1 = fsmount(0xffffffffffffffff, 0x1, 0x4) sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x54, r0, 0x4, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x7}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_VLANID={0x6}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xa}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x54}}, 0x40080) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$NLBL_MGMT_C_LISTDEF(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280), 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x30, r2, 0x20, 0x70bd26, 0x25dfdbff, {}, [@NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @NLBL_MGMT_A_DOMAIN={0x7, 0x1, ')&\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8080}, 0x0) sendmsg$NLBL_MGMT_C_ADD(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000003c0), 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r2, 0x400, 0x70bd2c, 0x25dfdbfc, {}, [@NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @rand_addr=' \x01\x00'}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x20000891) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f00000004c0), 0x214002, 0x0) write$cgroup_pid(r3, &(0x7f0000000500)=0xffffffffffffffff, 0x12) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x24, r0, 0x400, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0xfffffffa}]}, 0x24}, 0x1, 0x0, 0x0, 0x810}, 0x0) r4 = accept4(r3, &(0x7f0000000640)=@hci, &(0x7f00000006c0)=0x80, 0x80800) sendmsg$IPVS_CMD_GET_SERVICE(r4, &(0x7f00000007c0)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x2c, 0x0, 0x4, 0x70bd26, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7f}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x81}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x40001) r5 = syz_genetlink_get_family_id$team(&(0x7f0000000840), r1) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000900)={'ip6_vti0\x00', &(0x7f0000000880)={'syztnl0\x00', 0x0, 0x2f, 0x2, 0x1, 0x26a, 0x7c, @private0, @dev={0xfe, 0x80, '\x00', 0x41}, 0x91, 0x1, 0x4, 0x9000000}}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000009c0)={'ip6tnl0\x00', &(0x7f0000000940)={'ip6tnl0\x00', 0x0, 0x2f, 0x81, 0x1f, 0x3, 0x48, @mcast2, @dev={0xfe, 0x80, '\x00', 0x2d}, 0x8740, 0x20, 0xffff, 0x76a}}) ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000a00)={'team0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCADDPRL(r4, 0x89f5, &(0x7f0000000ac0)={'syztnl2\x00', &(0x7f0000000a40)={'syztnl0\x00', 0x0, 0x29, 0x89, 0x8, 0x1, 0x48, @mcast1, @local, 0x80, 0x1, 0x2, 0x5}}) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r1, 0x89f7, &(0x7f0000000b80)={'ip6tnl0\x00', &(0x7f0000000b00)={'syztnl2\x00', 0x0, 0x2f, 0x0, 0x5, 0x2, 0x10, @dev={0xfe, 0x80, '\x00', 0x3a}, @loopback, 0x80, 0x80, 0x3d7, 0x65b}}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000bc0)={'batadv_slave_0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f00000016c0)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000001680)={&(0x7f0000000c00)={0xa6c, r5, 0x4, 0x70bd25, 0x25dfdbfd, {}, [{{0x8, 0x1, r6}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x401}}, {0x8}}}]}}, {{0x8, 0x1, r7}, {0x130, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}]}}, {{0x8}, {0xfc, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7fff}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7fffffff}}, {0x8, 0x6, r8}}}]}}, {{0x8, 0x1, r9}, {0x220, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x4c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x1c, 0x4, [{0x9, 0xff, 0x40, 0x6}, {0x2, 0x1f, 0x7f, 0x80000000}, {0x8, 0x1f, 0x9, 0x6}]}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x1ff}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x100}}}, {0x5c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x2c, 0x4, [{0x78, 0xfb, 0x1f}, {0x595c, 0x9, 0x6, 0x1}, {0x9, 0x5, 0xbb, 0x87c}, {0x483c, 0x40, 0x1f, 0xfffffffe}, {0xfff8, 0x6, 0x1c}]}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x7f}}, {0x8, 0x6, r10}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8f}}, {0x8}}}]}}, {{0x8}, {0x1dc, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8}}}]}}, {{0x8}, {0xf8, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xd137}}, {0x8, 0x6, r11}}}, {0x3c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0xc, 0x4, [{0xa0, 0x0, 0x0, 0x9}]}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}]}}, {{0x8}, {0x12c, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x69}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x6}}}]}}, {{0x8}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0xf4, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0xa66e}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x9}}, {0x8}}}]}}]}, 0xa6c}, 0x1, 0x0, 0x0, 0x1}, 0x40010) 23:19:44 executing program 5: r0 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x14002, 0x0) process_madvise(r0, &(0x7f0000000380)=[{&(0x7f0000000040)="10fc20df14c070b2b971ffdbbb3b9cc31fb19f73eb97fbb19807bf3984e4edbba883feb3b445e3d74454eae789a236cbc705f2ae2b6380bc94bf212008b60763863f676265c750509322e70f7c348d1a378e1f1ca68f1da5", 0x58}, {&(0x7f00000000c0)="145d2e3180a0d98226b54d9ec08165d420f59cd2149f3e286e0ae1c36a483d78bde7bb89597b5544b0882da242d870df8a94dc70c5b46b60ceb93cca85d8e552a2a3e2d6607ca5e95faa2863c2b36a111be168bc8e3cbe50654f93fd50456520f9c821461f2debaa99c6a07a4eb26852913f09cb93806382fb63f89a358171a705076f7f488fbf1226638829e2ed4f9a401aa01768fa4828f62d5442a1fb9c7fa375314a31212eb5e3da3fad0b971c7a898b0b332855", 0xb6}, {&(0x7f0000000180)="66718ff937e115cdfce645257d2e5cfbbeef16de507e6ac29d02708b5c0f18b5d35e0df12d33bd1761e9c66b64b2be891fe61c22e60e757c79042adf4a6fd7747c4ef0bc0c33d2cdb25ae0977dbf8b18b45c120424d6d423796a4b114d771242b408d6be478322c9d0801e1fe5960067349e139e509353ae0d986d379eb87dd0167437ab20fa35a2bc77573da95c2302df38c70bc5536e4ff8bfd743c514ebdfa5089e67264e0f82d801c9e07890338663fb260c1f2557d6f3ace94d93ff10b6f4ec3defe9e10186adfcd6b1e1ee2c47df19ac3262bc58f6c38d85", 0xdb}, {&(0x7f0000000280)="32c165792535ddaf359e", 0xa}, {&(0x7f00000002c0)="9e1e73ff9a0b16032b65102cd33c024051", 0x11}, {&(0x7f0000000300)="56a32404e4c2c82f1a9120c0d22b307f8e0bffd94dfb9ad7f75f12858982ddbf51079caccc931710fd96f03e36114f0dcd088aa9a90505dc140d1df9577760ed85985ac1b620a2098b5ba35d3bdc6a4eec35ed00aa2d0c0f8d094e1eff49", 0x5e}], 0x6, 0x3, 0x0) r1 = socket(0x15, 0x5, 0x67f) r2 = accept4(r1, &(0x7f0000000400)=@ax25={{0x3, @default}, [@null, @rose, @remote, @remote, @bcast, @bcast, @remote, @default]}, &(0x7f0000000480)=0x80, 0x80800) process_madvise(r0, &(0x7f0000000600)=[{&(0x7f00000004c0)="68cc7d2a40771c473ba02c44c91fccfa6f051fab15681fa0ff3e6827656f4a97e23e927d0664a3d7b098e4962f155fc96b95621ec18b1c41bde683a99e8418b45efbd99aed01b40b6addeac93cd99feeca1707c2314d5c6ed84f2d086649918509f5f583216d3c8ebc24f61e73b74c14596f245db44135ad2ce387", 0x7b}, {&(0x7f0000000540)="bea39fdf67df5a1549940422da317f991b2e582b9ead59397e3a453a214b2ba54684a85145584f1b862c44c8c5466658d39b2c95978eccb27d4845b55ec4e6388c42da0b734f739b2da618f166c58e5e2876a5ae5b77f28303ad", 0x5a}, {&(0x7f00000005c0)="95890c4dd049cd963273b098e3616312e7d841b6d4ef2d608ff546634e7a97318822d2fe9f", 0x25}], 0x3, 0xf, 0x0) r3 = fsmount(0xffffffffffffffff, 0x0, 0x80) sendmsg$IPVS_CMD_SET_DEST(r3, &(0x7f0000000740)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x100008}, 0xc, &(0x7f0000000700)={&(0x7f0000000680)={0x54, 0x0, 0x8, 0x70bd26, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_DAEMON={0x38, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @local}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0xba}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x4c8b}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000000}, 0x4) socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$WPAN_WANTLQI(r2, 0x0, 0x3, &(0x7f0000000780), &(0x7f00000007c0)=0x4) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCGETPRL(r2, 0x89f4, &(0x7f0000000880)={'ip6gre0\x00', &(0x7f0000000800)={'ip6gre0\x00', 0x0, 0x2f, 0x1, 0x5, 0x50, 0x50, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xe}}, @local, 0x20, 0x20, 0x5, 0x4}}) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r4, 0x89fb, &(0x7f0000000940)={'syztnl1\x00', &(0x7f00000008c0)={'syztnl0\x00', r5, 0x2f, 0xb6, 0x9, 0xfffffc00, 0x34, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, 0x40, 0x8000, 0x9, 0x6}}) syz_genetlink_get_family_id$tipc(&(0x7f0000000980), r2) sendmsg$MPTCP_PM_CMD_GET_ADDR(r1, &(0x7f0000000ac0)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a00)={0x60, 0x0, 0x400, 0x70bd2a, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x7}, @MPTCP_PM_ATTR_ADDR={0x34, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x8}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000c804}, 0x4000041) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_DAT_CACHE(r6, &(0x7f0000000bc0)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000b80)={&(0x7f0000000b40)={0x40, 0x0, 0x200, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0xff}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xffffffff}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}]}, 0x40}}, 0x1080) r7 = socket(0x1, 0x6, 0x1ff) sendmsg$BATADV_CMD_GET_MESH(r7, &(0x7f0000000cc0)={&(0x7f0000000c00)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000c80)={&(0x7f0000000c40)={0x34, 0x0, 0x900, 0x70bd29, 0x25dfdbfc, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x7}]}, 0x34}, 0x1, 0x0, 0x0, 0x20004040}, 0x40) sendmsg$802154_dgram(r7, &(0x7f0000000dc0)={&(0x7f0000000d00)={0x24, @none={0x0, 0x3}}, 0x14, &(0x7f0000000d80)={&(0x7f0000000d40)="33c3356f81aa13699dc2cd4529f86ba1d0b0576ce9f49a3d3af86a4c4e744ace0a503b945344f1471dd0874d3e", 0x2d}, 0x1, 0x0, 0x0, 0x81}, 0x20004) waitid$P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f0000000e00), 0x2, &(0x7f0000000e80)) 23:19:44 executing program 6: prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000000c0)={&(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000000)="9b8cf8c9073e328f19ce0604287c8dc46abc5ad053f32b681ca04f241cbafcd938695b6c922878a85d900d0c35115b5021f22844c5a4bd2275dfe6b9e2f8cc9ecf1e5cd67a6df4c4d20e3e877eb6a15c41be769b445155403611732bb0b9991c3a731f87e342001d72847de442443b11feac8071354416dc2dbd40447a52dae7c3d5b4532f6191630a9fe58810c95f577eeaa675e9b7612fa6204988512e4226d99e9b242bdf7aef19e6069270efb5969405ea764123bbee2ded06", 0xbb}, 0x68) sendmsg$BATADV_CMD_GET_VLAN(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, 0x0, 0x8, 0x70bd25, 0x25dfdbff, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x1c}}, 0x5) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, 0x0, 0x400, 0x70bd2d, 0x25dfdbfb, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000380), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'batadv_slave_1\x00', 0x0}) sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f00000004c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r1, 0x200, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x8}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r2}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_GW_SEL_CLASS={0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000880}, 0x4000010) syz_genetlink_get_family_id$tipc(&(0x7f0000000500), r0) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x14, r1, 0x300, 0x70bd2d, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4000010}, 0x8001) r3 = accept(0xffffffffffffffff, &(0x7f0000000640)=@nfc_llcp, &(0x7f00000006c0)=0x80) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000700)={'batadv0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000007c0)={'ip6_vti0\x00', &(0x7f0000000740)={'syztnl1\x00', r4, 0x29, 0x2, 0x3d, 0x0, 0x22, @loopback, @dev={0xfe, 0x80, '\x00', 0x34}, 0x48, 0x10, 0x0, 0x8001}}) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000840), r3) sendmsg$BATADV_CMD_GET_MESH(r3, &(0x7f0000000940)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000900)={&(0x7f0000000880)={0x58, r6, 0x8, 0x70bd29, 0x25dfdbfb, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}, @BATADV_ATTR_MULTICAST_FANOUT={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @local}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x9}]}, 0x58}, 0x1, 0x0, 0x0, 0x10}, 0x80) socketpair(0x28, 0xa, 0x1, &(0x7f0000000980)={0xffffffffffffffff}) r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000a00), r0) sendmsg$BATADV_CMD_GET_MESH(r7, &(0x7f0000000b00)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a40)={0x54, r8, 0x20, 0x70bd2b, 0x25dfdbff, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r5}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x3}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0xf17}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x80000001}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x80}]}, 0x54}, 0x1, 0x0, 0x0, 0x24000000}, 0x40000054) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_MGMT_C_LISTALL(r9, &(0x7f0000000c00)={&(0x7f0000000b40)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000bc0)={&(0x7f0000000b80)={0x1c, 0x0, 0x400, 0x70bd29, 0x25dfdbfe, {}, [@NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x1f}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40408a0}, 0x20008040) ioctl$CDROMREADMODE1(0xffffffffffffffff, 0x530d, &(0x7f0000000c40)={0x7, 0x9, 0x8, 0x9, 0x20}) 23:19:44 executing program 7: munlock(&(0x7f0000ffb000/0x4000)=nil, 0x4000) r0 = getpgrp(0xffffffffffffffff) epoll_create1(0x80000) sched_rr_get_interval(r0, &(0x7f0000000000)) move_pages(r0, 0x1, &(0x7f0000000040)=[&(0x7f0000ffc000/0x2000)=nil], 0x0, &(0x7f0000000080)=[0x0], 0x0) clock_gettime(0x5, &(0x7f00000000c0)) mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x20010, 0xffffffffffffffff, 0x0) r1 = gettid() timer_create(0x4, &(0x7f0000000180)={0x0, 0x3b, 0x0, @thr={&(0x7f0000000100), &(0x7f0000000140)="0627e15b5d715ead9cac70cb77bcd7695d67d1723694b3d84580bf4666440a9609553014b09679d1216ccb"}}, &(0x7f00000001c0)=0x0) timer_delete(r2) sigaltstack(&(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000200)) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000002c0)={'sit0\x00', &(0x7f0000000240)={'syztnl1\x00', 0x0, 0x29, 0x3f, 0x2, 0x50d0, 0x50, @local, @empty, 0x20, 0x10, 0x6}}) shmget(0x3, 0x1000, 0x8, &(0x7f0000fff000/0x1000)=nil) timer_delete(r2) getpgrp(r1) getpid() ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000300)=0x0) sched_rr_get_interval(r3, &(0x7f0000000340)) shmget(0x1, 0x2000, 0x10, &(0x7f0000ffb000/0x2000)=nil) [ 91.839799] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 91.842630] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 91.844059] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 91.847230] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 91.849208] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 91.851483] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 91.901827] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 91.907611] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 91.912797] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 91.921093] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 91.925824] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 91.936986] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 92.004089] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 92.021917] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 92.044020] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 92.056747] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 92.059775] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 92.062834] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 92.068881] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 92.070447] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 92.073504] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 92.075955] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 92.077753] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 92.081847] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 92.082787] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 92.085569] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 92.086883] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 92.091553] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 92.094223] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 92.099623] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 92.100974] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 92.101742] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 92.103807] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 92.108618] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 92.111118] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 92.112750] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 92.118949] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 92.123836] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 92.137820] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 92.138713] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 92.139862] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 92.143758] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 92.145235] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 92.152690] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 92.153969] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 92.155564] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 92.156581] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 92.161855] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 93.913999] Bluetooth: hci0: command tx timeout [ 94.041874] Bluetooth: hci1: command tx timeout [ 94.170469] Bluetooth: hci2: command tx timeout [ 94.233571] Bluetooth: hci5: command tx timeout [ 94.234741] Bluetooth: hci6: command tx timeout [ 94.235572] Bluetooth: hci4: command tx timeout [ 94.236354] Bluetooth: hci3: command tx timeout [ 94.297482] Bluetooth: hci7: command tx timeout [ 95.961588] Bluetooth: hci0: command tx timeout [ 96.089675] Bluetooth: hci1: command tx timeout [ 96.217743] Bluetooth: hci2: command tx timeout [ 96.281695] Bluetooth: hci6: command tx timeout [ 96.282837] Bluetooth: hci3: command tx timeout [ 96.286253] Bluetooth: hci4: command tx timeout [ 96.287166] Bluetooth: hci5: command tx timeout [ 96.345542] Bluetooth: hci7: command tx timeout [ 98.010470] Bluetooth: hci0: command tx timeout [ 98.137472] Bluetooth: hci1: command tx timeout [ 98.265460] Bluetooth: hci2: command tx timeout [ 98.329572] Bluetooth: hci5: command tx timeout [ 98.331668] Bluetooth: hci6: command tx timeout [ 98.331755] Bluetooth: hci3: command tx timeout [ 98.332087] Bluetooth: hci4: command tx timeout [ 98.393541] Bluetooth: hci7: command tx timeout [ 100.057714] Bluetooth: hci0: command tx timeout [ 100.185586] Bluetooth: hci1: command tx timeout [ 100.314727] Bluetooth: hci2: command tx timeout [ 100.377905] Bluetooth: hci4: command tx timeout [ 100.377966] Bluetooth: hci3: command tx timeout [ 100.378018] Bluetooth: hci5: command tx timeout [ 100.378067] Bluetooth: hci6: command tx timeout [ 100.441487] Bluetooth: hci7: command tx timeout [ 154.346695] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 154.350302] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 154.358021] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 154.363191] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 154.367157] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 154.370765] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 154.658256] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 154.662157] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 154.665961] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 154.673065] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 154.679828] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 154.681852] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 154.729146] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 154.733895] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 154.745206] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 154.748008] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 154.754773] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 154.757160] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 154.758941] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 154.763016] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 154.765533] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 154.767060] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 154.773875] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 154.778577] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 154.795076] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 154.816944] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 154.831003] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 154.836855] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 154.844615] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 154.850775] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 154.858609] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 154.860482] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 154.862336] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 154.863609] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 154.865064] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 154.866282] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 154.868751] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 154.874208] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 154.877212] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 154.883166] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 154.883307] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 154.887635] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 154.894320] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 154.899022] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 154.904239] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 154.912685] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 154.926890] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 154.928486] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 156.443018] Bluetooth: hci0: command tx timeout [ 156.761614] Bluetooth: hci1: command tx timeout [ 156.825482] Bluetooth: hci2: command tx timeout [ 156.889619] Bluetooth: hci3: command tx timeout [ 156.953576] Bluetooth: hci5: command tx timeout [ 156.954695] Bluetooth: hci4: command tx timeout [ 157.017623] Bluetooth: hci7: command tx timeout [ 157.018651] Bluetooth: hci6: command tx timeout [ 158.489691] Bluetooth: hci0: command tx timeout [ 158.811020] Bluetooth: hci1: command tx timeout [ 158.874474] Bluetooth: hci2: command tx timeout [ 158.938503] Bluetooth: hci3: command tx timeout [ 159.001519] Bluetooth: hci5: command tx timeout [ 159.002022] Bluetooth: hci4: command tx timeout [ 159.065462] Bluetooth: hci7: command tx timeout [ 159.065982] Bluetooth: hci6: command tx timeout [ 160.537976] Bluetooth: hci0: command tx timeout [ 160.858437] Bluetooth: hci1: command tx timeout [ 160.922443] Bluetooth: hci2: command tx timeout [ 160.988923] Bluetooth: hci3: command tx timeout [ 161.049454] Bluetooth: hci4: command tx timeout [ 161.049932] Bluetooth: hci5: command tx timeout [ 161.114483] Bluetooth: hci6: command tx timeout [ 161.114977] Bluetooth: hci7: command tx timeout [ 162.587536] Bluetooth: hci0: command tx timeout [ 162.906940] Bluetooth: hci1: command tx timeout [ 162.970524] Bluetooth: hci2: command tx timeout [ 163.034416] Bluetooth: hci3: command tx timeout [ 163.098454] Bluetooth: hci5: command tx timeout [ 163.098942] Bluetooth: hci4: command tx timeout [ 163.163424] Bluetooth: hci7: command tx timeout [ 163.163915] Bluetooth: hci6: command tx timeout [ 216.173059] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 216.184029] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 216.187120] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 216.199664] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 216.201819] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 216.203973] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 216.205044] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 216.207888] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 216.216875] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 216.226683] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 216.230127] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 216.232234] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 216.235827] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 216.237653] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 216.239402] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 216.246034] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 216.259963] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 216.264962] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 216.434009] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 216.438611] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 216.440306] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 216.445244] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 216.447441] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 216.448596] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 216.451662] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 216.470079] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 216.483267] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 216.497426] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 216.504834] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 216.512662] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 216.513484] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 216.539657] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 216.542504] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 216.553122] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 216.560105] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 216.562553] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 216.618633] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 216.636641] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 216.637783] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 216.665032] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 216.702906] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 216.705859] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 216.711455] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 216.712121] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 216.714812] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 216.718322] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 216.723019] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 216.724041] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 218.265452] Bluetooth: hci1: command tx timeout [ 218.266295] Bluetooth: hci0: command tx timeout [ 218.329498] Bluetooth: hci2: command tx timeout [ 218.521503] Bluetooth: hci4: command tx timeout [ 218.585448] Bluetooth: hci3: command tx timeout [ 218.649794] Bluetooth: hci5: command tx timeout [ 218.841578] Bluetooth: hci7: command tx timeout [ 218.842623] Bluetooth: hci6: command tx timeout [ 220.313537] Bluetooth: hci1: command tx timeout [ 220.314482] Bluetooth: hci0: command tx timeout [ 220.377705] Bluetooth: hci2: command tx timeout [ 220.570523] Bluetooth: hci4: command tx timeout [ 220.633606] Bluetooth: hci3: command tx timeout [ 220.697787] Bluetooth: hci5: command tx timeout [ 220.890547] Bluetooth: hci7: command tx timeout [ 220.891695] Bluetooth: hci6: command tx timeout [ 222.361522] Bluetooth: hci1: command tx timeout [ 222.362286] Bluetooth: hci0: command tx timeout [ 222.426610] Bluetooth: hci2: command tx timeout [ 222.617598] Bluetooth: hci4: command tx timeout [ 222.681433] Bluetooth: hci3: command tx timeout [ 222.745605] Bluetooth: hci5: command tx timeout [ 222.937743] Bluetooth: hci7: command tx timeout [ 222.938281] Bluetooth: hci6: command tx timeout [ 224.410077] Bluetooth: hci1: command tx timeout [ 224.410990] Bluetooth: hci0: command tx timeout [ 224.474969] Bluetooth: hci2: command tx timeout [ 224.666426] Bluetooth: hci4: command tx timeout [ 224.729414] Bluetooth: hci3: command tx timeout [ 224.793407] Bluetooth: hci5: command tx timeout [ 224.985501] Bluetooth: hci7: command tx timeout [ 224.986826] Bluetooth: hci6: command tx timeout [ 279.082158] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 279.087053] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 279.093695] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 279.102522] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 279.107772] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 279.111738] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 279.274914] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 279.277926] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 279.287472] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 279.296054] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 279.306755] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 279.312859] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 279.356258] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 279.360982] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 279.364106] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 279.376748] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 279.379787] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 279.381654] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 279.522832] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 279.549046] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 279.569643] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 279.577874] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 279.582146] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 279.586273] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 279.588568] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 279.595112] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 279.599563] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 279.609991] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 279.612197] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 279.618189] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 279.681858] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 279.692174] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 279.697040] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 279.699735] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 279.701756] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 279.708046] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 279.723857] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 279.725938] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 279.729929] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 279.735761] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 279.740014] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 279.744171] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 279.751782] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 279.756748] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 279.758594] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 279.778779] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 279.783240] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 279.867173] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 281.177479] Bluetooth: hci0: command tx timeout [ 281.369460] Bluetooth: hci1: command tx timeout [ 281.433617] Bluetooth: hci2: command tx timeout [ 281.753677] Bluetooth: hci4: command tx timeout [ 281.817651] Bluetooth: hci6: command tx timeout [ 281.818715] Bluetooth: hci3: command tx timeout [ 281.820003] Bluetooth: hci5: command tx timeout [ 282.009732] Bluetooth: hci7: command tx timeout [ 283.225440] Bluetooth: hci0: command tx timeout [ 283.417415] Bluetooth: hci1: command tx timeout [ 283.481404] Bluetooth: hci2: command tx timeout [ 283.801411] Bluetooth: hci4: command tx timeout [ 283.865487] Bluetooth: hci6: command tx timeout [ 283.866076] Bluetooth: hci5: command tx timeout [ 283.866660] Bluetooth: hci3: command tx timeout [ 284.057546] Bluetooth: hci7: command tx timeout [ 285.273443] Bluetooth: hci0: command tx timeout [ 285.466425] Bluetooth: hci1: command tx timeout [ 285.531392] Bluetooth: hci2: command tx timeout [ 285.849509] Bluetooth: hci4: command tx timeout [ 285.913499] Bluetooth: hci3: command tx timeout [ 285.913989] Bluetooth: hci5: command tx timeout [ 285.914494] Bluetooth: hci6: command tx timeout [ 286.105464] Bluetooth: hci7: command tx timeout [ 287.321434] Bluetooth: hci0: command tx timeout [ 287.515229] Bluetooth: hci1: command tx timeout [ 287.577498] Bluetooth: hci2: command tx timeout [ 287.897835] Bluetooth: hci4: command tx timeout [ 287.962449] Bluetooth: hci5: command tx timeout [ 287.963685] Bluetooth: hci3: command tx timeout [ 287.963705] Bluetooth: hci6: command tx timeout [ 288.153564] Bluetooth: hci7: command tx timeout [ 339.470466] [ 339.470911] ====================================================== [ 339.472091] WARNING: possible circular locking dependency detected [ 339.473260] 6.13.0-next-20250129 #1 Not tainted [ 339.474466] ------------------------------------------------------ [ 339.480825] kworker/u8:0/11 is trying to acquire lock: [ 339.481853] ffffffff8621d8a8 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x1612/0x1c80 [ 339.483825] [ 339.483825] but task is already holding lock: [ 339.484932] ffff8880345f8768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 339.486790] [ 339.486790] which lock already depends on the new lock. [ 339.486790] [ 339.488290] [ 339.488290] the existing dependency chain (in reverse order) is: [ 339.489670] [ 339.489670] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 339.490968] __mutex_lock+0x13d/0xb50 [ 339.491898] wiphy_register+0x1b2e/0x25d0 [ 339.492893] ieee80211_register_hw+0x23a4/0x3d60 [ 339.493956] mac80211_hwsim_new_radio+0x2759/0x4d60 [ 339.495071] init_mac80211_hwsim+0x389/0x870 [ 339.496119] do_one_initcall+0xf9/0x640 [ 339.497092] kernel_init_freeable+0x53d/0x7a0 [ 339.498131] kernel_init+0x1e/0x2d0 [ 339.498951] ret_from_fork+0x48/0x80 [ 339.499802] ret_from_fork_asm+0x1a/0x30 [ 339.500780] [ 339.500780] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 339.501965] __lock_acquire+0x29fd/0x4580 [ 339.502914] lock_acquire+0x19b/0x520 [ 339.503775] __mutex_lock+0x13d/0xb50 [ 339.504679] unregister_netdevice_many_notify+0x1612/0x1c80 [ 339.505912] unregister_netdevice_queue+0x224/0x2e0 [ 339.506997] _cfg80211_unregister_wdev+0x57b/0x700 [ 339.508105] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 339.509209] ieee80211_unregister_hw+0x55/0x3a0 [ 339.510268] hwsim_exit_net+0x3a0/0x730 [ 339.511197] ops_exit_list+0xb3/0x180 [ 339.512087] cleanup_net+0x546/0xad0 [ 339.512958] process_one_work+0x8ee/0x1a10 [ 339.513978] worker_thread+0x674/0xe70 [ 339.514927] kthread+0x3ab/0x720 [ 339.515796] ret_from_fork+0x48/0x80 [ 339.516698] ret_from_fork_asm+0x1a/0x30 [ 339.517822] [ 339.517822] other info that might help us debug this: [ 339.517822] [ 339.519442] Possible unsafe locking scenario: [ 339.519442] [ 339.520642] CPU0 CPU1 [ 339.521453] ---- ---- [ 339.522271] lock(&rdev->wiphy.mtx); [ 339.523000] lock(rtnl_mutex); [ 339.524116] lock(&rdev->wiphy.mtx); [ 339.525223] lock(rtnl_mutex); [ 339.525848] [ 339.525848] *** DEADLOCK *** [ 339.525848] [ 339.526844] 4 locks held by kworker/u8:0/11: [ 339.527623] #0: ffff888008fdb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12b6/0x1a10 [ 339.529369] #1: ffff8880095dfd30 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x861/0x1a10 [ 339.530962] #2: ffffffff862118d0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xca/0xad0 [ 339.532643] #3: ffff8880345f8768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf2/0x6b0 [ 339.534375] [ 339.534375] stack backtrace: [ 339.535148] CPU: 0 UID: 0 PID: 11 Comm: kworker/u8:0 Not tainted 6.13.0-next-20250129 #1 [ 339.535227] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 339.535274] Workqueue: netns cleanup_net [ 339.535350] Call Trace: [ 339.535370] [ 339.535391] dump_stack_lvl+0xca/0x120 [ 339.535495] print_circular_bug+0x47b/0x750 [ 339.535582] check_noncircular+0x2e9/0x3c0 [ 339.535658] ? lock_repin_lock+0x207/0x320 [ 339.535784] ? __pfx_check_noncircular+0x10/0x10 [ 339.535861] ? hlock_class+0x4e/0x130 [ 339.535918] ? mark_lock+0xac/0xed0 [ 339.535993] ? __pfx_lock_repin_lock+0x10/0x10 [ 339.536104] ? timerqueue_del+0x83/0x150 [ 339.536182] ? lockdep_lock+0xba/0x1b0 [ 339.536289] ? __pfx_lockdep_lock+0x10/0x10 [ 339.536406] __lock_acquire+0x29fd/0x4580 [ 339.536507] ? __pfx___lock_acquire+0x10/0x10 [ 339.536588] ? lock_release+0x20f/0x6f0 [ 339.536671] ? __pfx_lock_release+0x10/0x10 [ 339.536760] lock_acquire+0x19b/0x520 [ 339.536846] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 339.536936] ? __pfx_lock_acquire+0x10/0x10 [ 339.537020] ? srso_return_thunk+0x5/0x5f [ 339.537123] ? lock_release+0x20f/0x6f0 [ 339.537205] ? srso_return_thunk+0x5/0x5f [ 339.537306] ? lock_is_held_type+0x9e/0x120 [ 339.537407] ? srso_return_thunk+0x5/0x5f [ 339.537515] __mutex_lock+0x13d/0xb50 [ 339.537611] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 339.537695] ? unregister_netdevice_many_notify+0x1612/0x1c80 [ 339.537780] ? srso_return_thunk+0x5/0x5f [ 339.537881] ? synchronize_rcu_expedited+0x38a/0x420 [ 339.537963] ? __pfx___mutex_lock+0x10/0x10 [ 339.538062] ? __pfx_autoremove_wake_function+0x10/0x10 [ 339.538163] ? srso_return_thunk+0x5/0x5f [ 339.538264] ? kasan_quarantine_put+0x84/0x1e0 [ 339.538378] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 339.538443] ? srso_return_thunk+0x5/0x5f [ 339.538552] unregister_netdevice_many_notify+0x1612/0x1c80 [ 339.538637] ? __virt_addr_valid+0x2e8/0x5d0 [ 339.538735] ? __pfx_lock_release+0x10/0x10 [ 339.538819] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 339.538904] ? find_held_lock+0x2c/0x110 [ 339.539029] ? srso_return_thunk+0x5/0x5f [ 339.539148] ? kernfs_remove_by_name_ns+0xc7/0x130 [ 339.539257] ? srso_return_thunk+0x5/0x5f [ 339.539358] ? lock_release+0x20f/0x6f0 [ 339.539441] ? __pfx_lock_release+0x10/0x10 [ 339.539522] ? srso_return_thunk+0x5/0x5f [ 339.539623] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 339.539736] ? srso_return_thunk+0x5/0x5f [ 339.539847] unregister_netdevice_queue+0x224/0x2e0 [ 339.539929] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 339.540021] ? up_write+0x195/0x520 [ 339.540124] _cfg80211_unregister_wdev+0x57b/0x700 [ 339.540221] ? srso_return_thunk+0x5/0x5f [ 339.540343] ieee80211_remove_interfaces+0x2f2/0x6b0 [ 339.540425] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 339.540568] ? srso_return_thunk+0x5/0x5f [ 339.540679] ? srso_return_thunk+0x5/0x5f [ 339.540788] ? synchronize_rcu+0x1ff/0x260 [ 339.540872] ieee80211_unregister_hw+0x55/0x3a0 [ 339.540962] hwsim_exit_net+0x3a0/0x730 [ 339.541048] ? __pfx_hwsim_exit_net+0x10/0x10 [ 339.541123] ? srso_return_thunk+0x5/0x5f [ 339.541224] ? netdev_run_todo+0x788/0x1040 [ 339.541315] ? __pfx_hwsim_exit_net+0x10/0x10 [ 339.541393] ops_exit_list+0xb3/0x180 [ 339.541472] cleanup_net+0x546/0xad0 [ 339.541554] ? __pfx_cleanup_net+0x10/0x10 [ 339.541654] process_one_work+0x8ee/0x1a10 [ 339.541777] ? __pfx_lock_acquire+0x10/0x10 [ 339.541861] ? __pfx_process_one_work+0x10/0x10 [ 339.541980] ? srso_return_thunk+0x5/0x5f [ 339.542085] ? move_linked_works+0x172/0x270 [ 339.542168] ? srso_return_thunk+0x5/0x5f [ 339.542270] ? assign_work+0x196/0x240 [ 339.542377] worker_thread+0x674/0xe70 [ 339.542487] ? lockdep_hardirqs_on_prepare+0x262/0x3f0 [ 339.542585] ? __pfx_worker_thread+0x10/0x10 [ 339.542697] kthread+0x3ab/0x720 [ 339.542795] ? __pfx_kthread+0x10/0x10 [ 339.542892] ? srso_return_thunk+0x5/0x5f [ 339.543009] ? finish_task_switch.isra.0+0x206/0x840 [ 339.543127] ? __pfx_kthread+0x10/0x10 [ 339.543235] ret_from_fork+0x48/0x80 [ 339.543294] ? __pfx_kthread+0x10/0x10 [ 339.543394] ret_from_fork_asm+0x1a/0x30 [ 339.543519] [ 341.153451] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 341.155161] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 341.157381] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 341.163116] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 341.171100] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 341.173218] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 341.222276] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 341.227040] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 341.230603] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 341.240606] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 341.246056] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 341.249676] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 341.301484] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 341.305645] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 341.310757] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 341.315596] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 341.320466] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 341.322160] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 341.346058] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 341.349597] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 341.351979] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 341.357087] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 341.359736] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 341.372157] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 341.420452] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 341.422473] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 341.425098] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 341.427794] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 341.432251] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 341.434271] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 341.436051] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 341.450142] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 341.477824] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 341.509651] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 341.538623] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 341.541024] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 341.565921] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 341.567211] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 341.571487] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 341.572793] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 341.574643] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 341.576458] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 341.584982] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 341.586794] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 341.594527] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 341.597620] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 341.611898] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 341.613485] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 343.194369] Bluetooth: hci0: command tx timeout [ 343.322469] Bluetooth: hci1: command tx timeout [ 343.386369] Bluetooth: hci2: command tx timeout [ 343.450465] Bluetooth: hci3: command tx timeout [ 343.514621] Bluetooth: hci5: command tx timeout [ 343.706687] Bluetooth: hci6: command tx timeout [ 343.707186] Bluetooth: hci7: command tx timeout [ 343.708030] Bluetooth: hci4: command tx timeout [ 345.242412] Bluetooth: hci0: command tx timeout [ 345.372350] Bluetooth: hci1: command tx timeout [ 345.434613] Bluetooth: hci2: command tx timeout [ 345.497516] Bluetooth: hci3: command tx timeout [ 345.563347] Bluetooth: hci5: command tx timeout [ 345.754387] Bluetooth: hci6: command tx timeout [ 345.754883] Bluetooth: hci4: command tx timeout [ 345.755338] Bluetooth: hci7: command tx timeout [ 347.291599] Bluetooth: hci0: command tx timeout [ 347.418399] Bluetooth: hci1: command tx timeout [ 347.482498] Bluetooth: hci2: command tx timeout [ 347.546360] Bluetooth: hci3: command tx timeout [ 347.615378] Bluetooth: hci5: command tx timeout [ 347.801674] Bluetooth: hci7: command tx timeout [ 347.802656] Bluetooth: hci4: command tx timeout [ 347.803664] Bluetooth: hci6: command tx timeout [ 349.338143] Bluetooth: hci0: command tx timeout [ 349.465777] Bluetooth: hci1: command tx timeout VM DIAGNOSIS: 23:23:53 Registers: info registers vcpu 0 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff8283c500 RDI=ffffffff886970a0 RBP=ffffffff88697060 RSP=ffff8880095decc8 R8 =0000000000000000 R9 =ffffed100159d046 R10=00000000000fe503 R11=2d2d2d2d2d2d2d2d R12=0000000000000823 R13=0000000000000020 R14=fffffbfff10d2e66 R15=dffffc0000000000 RIP=ffffffff8283c555 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f4ef5ff32c0 CR3=000000000e978000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=0000000000000000411d60a000000000 XMM03=0000ff00000000000000000000000000 XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962 XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=ffff88806cf00000 RBX=0000000000000001 RCX=ffffffff84a8c9d7 RDX=ffffed100d9e6c53 RSI=0000000000000004 RDI=ffffffff814b1dba RBP=dffffc0000000000 RSP=ffff88800970fe68 R8 =0000000000000000 R9 =ffffed100d9e6c52 R10=ffff88806cf36293 R11=0000000000000000 R12=ffffffff864043d0 R13=1ffff110012e1fd2 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff84a8d97e RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000560c887d0f40 CR3=000000000e978000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=0000000000000000425f6e69aea68000 XMM02=00000000000000003fd3333333333333 XMM03=000000c0000a88b0000000c00001d7b0 XMM04=000000c0000a88d8000000c00046f6e0 XMM05=000000c0000a88f0000000c0000a88e0 XMM06=000000c0000a8900000000c00001d7f0 XMM07=000000c0000a8910000000c00001d800 XMM08=000000c0000a8968000000c00001d860 XMM09=000000c00001d880000000c00001d870 XMM10=000000c00001d890000000c0000a8980 XMM11=000000c00001d8a0000000c0000a89d0 XMM12=000000c00046f700000000c00001d8b0 XMM13=000000c00001d8e0000000c00001d8d0 XMM14=000000c00001d900000000c00001d8f0 XMM15=000000c00001d920000000c00001d910