Warning: Permanently added '[localhost]:28708' (ECDSA) to the list of known hosts. 2024/10/26 11:32:04 fuzzer started 2024/10/26 11:32:04 dialing manager at localhost:45639 syzkaller login: [ 75.638420] cgroup: Unknown subsys name 'net' [ 75.749851] cgroup: Unknown subsys name 'cpuset' [ 75.772022] cgroup: Unknown subsys name 'rlimit' 2024/10/26 11:32:21 syscalls: 206 2024/10/26 11:32:21 code coverage: enabled 2024/10/26 11:32:21 comparison tracing: enabled 2024/10/26 11:32:21 extra coverage: enabled 2024/10/26 11:32:21 setuid sandbox: enabled 2024/10/26 11:32:21 namespace sandbox: enabled 2024/10/26 11:32:21 Android sandbox: enabled 2024/10/26 11:32:21 fault injection: enabled 2024/10/26 11:32:21 leak checking: enabled 2024/10/26 11:32:21 net packet injection: enabled 2024/10/26 11:32:21 net device setup: enabled 2024/10/26 11:32:21 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2024/10/26 11:32:21 devlink PCI setup: PCI device 0000:00:10.0 is not available 2024/10/26 11:32:21 USB emulation: enabled 2024/10/26 11:32:21 hci packet injection: enabled 2024/10/26 11:32:21 wifi device emulation: enabled 2024/10/26 11:32:21 802.15.4 emulation: enabled 2024/10/26 11:32:21 fetching corpus: 0, signal 0/0 (executing program) 2024/10/26 11:32:23 starting 8 fuzzer processes 11:32:23 executing program 0: r0 = request_key(&(0x7f0000000000)='asymmetric\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)='}!:--/*}{\'}-\x00', 0x0) keyctl$KEYCTL_MOVE(0x1e, 0x0, 0xfffffffffffffff8, r0, 0x1) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r1) keyctl$read(0xb, r0, &(0x7f0000000100)=""/97, 0x61) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000180)='logon\x00', 0x0) sendmsg$BATADV_CMD_TP_METER(r1, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x5c, 0x0, 0x0, 0x70bd27, 0x25dfdbff, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x1000}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x8}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x9}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x5c}, 0x1, 0x0, 0x0, 0x200400c0}, 0x20000000) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000300)='logon\x00', &(0x7f0000000340)) socket$inet6(0xa, 0x4, 0xfffffc00) r2 = request_key(&(0x7f0000000380)='rxrpc_s\x00', &(0x7f00000003c0)={'syz', 0x0}, &(0x7f0000000400)='!\x00', r0) r3 = getuid() keyctl$get_persistent(0x16, r3, r0) r4 = syz_open_dev$vcsu(&(0x7f0000000440), 0x80, 0x282100) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r4, 0x404c534a, &(0x7f0000000480)={0x7, 0x97, 0x7}) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r4, 0xc0305302, &(0x7f0000000500)={0x81, 0x3, 0x401, 0x8, 0x101, 0x580}) r5 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000580)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff8) keyctl$link(0x8, r5, r2) getsockopt$WPAN_SECURITY_LEVEL(r4, 0x0, 0x2, &(0x7f00000005c0), &(0x7f0000000600)=0x4) r6 = syz_open_dev$vcsu(&(0x7f0000000640), 0x7, 0x800) timerfd_gettime(r6, &(0x7f0000000680)) 11:32:23 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_LIST_DEV(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x1, 0x70bd2b, 0x25dfdbfb, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4800}, 0x4000) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x3c, r1, 0x400, 0x70bd26, 0x25dfdbfd, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x3}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x10000}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x80000000}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0xffffff73}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000814}, 0x4040005) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, r1, 0x100, 0x70bd27, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x4b0b}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x4000) sendmsg$TIPC_CMD_SET_LINK_WINDOW(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x30, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {{}, {}, {0x14, 0x18, {0xf10, @bearer=@udp='udp:syz2\x00'}}}, ["", "", "", "", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x4000810}, 0x4000104) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_VLAN(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x54, r2, 0x300, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0xfffffffc}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x4}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x7}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x303}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x3}]}, 0x54}, 0x1, 0x0, 0x0, 0x4}, 0x40000) socketpair(0x5, 0x5, 0x5, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$BATADV_CMD_GET_NEIGHBORS(r3, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x34, r2, 0x2, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x2}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x40001) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r3) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, &(0x7f0000000980)={'erspan0\x00', &(0x7f0000000900)={'ip_vti0\x00', 0x0, 0x8, 0x7f08, 0x0, 0x290, {{0x13, 0x4, 0x1, 0xb, 0x4c, 0x64, 0x0, 0x5, 0x4, 0x0, @remote, @loopback, {[@timestamp_addr={0x44, 0x14, 0x4c, 0x1, 0xe, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x8}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x2}]}, @cipso={0x86, 0xf, 0x3, [{0x5, 0x9, "4d1444d81ff66d"}]}, @timestamp={0x44, 0xc, 0xa0, 0x0, 0x6, [0x3ff, 0x7]}, @end, @cipso={0x86, 0x6, 0x3}]}}}}}) sendmsg$BATADV_CMD_SET_HARDIF(r4, &(0x7f0000000a40)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000a00)={&(0x7f00000009c0)={0x2c, r5, 0x100, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x800}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x7}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008004}, 0x4404c880) r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000ac0), r3) sendmsg$BATADV_CMD_TP_METER_CANCEL(r3, &(0x7f0000000b80)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000b40)={&(0x7f0000000b00)={0x34, r7, 0x8, 0x2, 0x25dfdbfb, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x800}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}]}, 0x34}}, 0x4040084) r8 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, &(0x7f0000000bc0)={'batadv_slave_0\x00'}) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000000cc0)=[{&(0x7f0000000c00)=""/146, 0x92}], 0x1) sendmsg$IEEE802154_DISASSOCIATE_REQ(r0, &(0x7f0000000e00)={&(0x7f0000000d00)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000d40)={0x68, 0x0, 0x100, 0x70bd2b, 0x25dfdbfc, {}, [@IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa3}, @IEEE802154_ATTR_REASON={0x5, 0x12, 0x6}, @IEEE802154_ATTR_REASON={0x5}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_REASON={0x5, 0x12, 0xff}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa2}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xc0104a9460384155}]}, 0x68}, 0x1, 0x0, 0x0, 0x800}, 0x20044080) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r4, &(0x7f0000000f00)={&(0x7f0000000e40)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000ec0)={&(0x7f0000000e80)={0x3c, r1, 0x800, 0x70bd26, 0x25dfdbfc, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x80000001}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x80000000}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x1}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r6}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x800) 11:32:23 executing program 2: ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, &(0x7f0000000000)={0x4, @time={0x3, 0x9}, 0x1, {0x7f, 0x3}, 0x1a, 0x0, 0x3}) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(0xffffffffffffffff, 0xc0305302, &(0x7f0000000040)={0x3, 0x9, 0x4, 0x80000000, 0x4, 0x3}) setsockopt$inet_udp_encap(0xffffffffffffffff, 0x11, 0x64, &(0x7f0000000080)=0x2, 0x4) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(0xffffffffffffffff, 0x404c534a, &(0x7f00000000c0)={0x64c56f48, 0x5, 0x7ff}) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000140), 0xa2040) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r0, 0xc04c5349, &(0x7f0000000180)={0x7, 0x4, 0x1}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0xc0605345, &(0x7f0000000200)={0x1, 0x0, {0x2, 0x1, 0x4, 0x1, 0x5}, 0x5}) r1 = socket$inet6(0xa, 0x6, 0xff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000400)={'batadv0\x00', 0x0}) r3 = syz_open_dev$vcsu(&(0x7f0000000440), 0x7, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r3, 0xc04c5349, &(0x7f0000000480)={0x6, 0x7, 0x101}) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000500), 0x100, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r4, 0xc04c5349, &(0x7f0000000540)={0x0, 0x6, 0x413b}) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000000680)={'syztnl2\x00', &(0x7f00000005c0)={'gretap0\x00', r2, 0x8000, 0x7f28, 0xd5, 0x8, {{0x1b, 0x4, 0x3, 0x2, 0x6c, 0x68, 0x0, 0x6, 0x2f, 0x0, @multicast1, @remote, {[@timestamp_prespec={0x44, 0xc, 0xe3, 0x3, 0x5, [{@rand_addr=0x64010101, 0x9}]}, @timestamp_prespec={0x44, 0xc, 0x82, 0x3, 0x7, [{@rand_addr=0x64010102, 0x9}]}, @timestamp_addr={0x44, 0x24, 0x7e, 0x1, 0x0, [{@remote, 0xf773}, {@private=0xa010100, 0x2}, {@private=0xa010101, 0x4}, {@local, 0x8000}]}, @lsrr={0x83, 0x1b, 0xfa, [@loopback, @multicast2, @local, @private=0xa010100, @multicast1, @multicast2]}]}}}}}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r4, 0xc05c5340, &(0x7f00000006c0)={0x3, 0x80, 0x0, {0x5, 0x10000}, 0x7, 0x1}) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000740), 0x90400) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r5, 0xc08c5335, &(0x7f0000000780)={0x1f, 0x2, 0x0, 'queue1\x00', 0xcd5}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r4, 0xc04c5349, &(0x7f0000000840)={0x68, 0x7fffffff}) ioctl$sock_inet_udp_SIOCINQ(r4, 0x541b, &(0x7f00000008c0)) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000940)={0x5, 0x8, 0x1, 'queue0\x00', 0x2}) 11:32:23 executing program 3: sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x54, 0x0, 0x8, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xfff}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x9}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x7}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x800}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x10001}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}]}, 0x54}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000808) sendmsg$BATADV_CMD_GET_VLAN(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x3c, 0x0, 0xc00, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xffffffff}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xfffffc00}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000015}, 0x20) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_SETPARAMS(r0, &(0x7f0000000340)={&(0x7f0000000240), 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x6c, 0x0, 0x400, 0x70bd26, 0x25dfdbff, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0x9}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0xffff}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x1}]}, 0x6c}}, 0x4000) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8001}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x1c, 0x0, 0x421, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x8010) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000500), r1) sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x100810}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x1c, r3, 0x10, 0x70bd27, 0x25dfdbff, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x10000}]}, 0x1c}, 0x1, 0x0, 0x0, 0x2000}, 0x2) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000600)={'batadv_slave_1\x00', 0x0}) r5 = syz_open_dev$vcsu(&(0x7f0000000640), 0xe6c, 0x0) r6 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), r1) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000740)={'syztnl0\x00', &(0x7f0000000700)={'syztnl0\x00', r2, 0x10, 0x8086, 0x0, 0x7fff, {{0x8, 0x4, 0x3, 0x0, 0x20, 0x67, 0x0, 0x0, 0x29, 0x0, @empty, @broadcast, {[@generic={0x83, 0xb, "cc719305af5cdf3d02"}]}}}}}) sendmsg$BATADV_CMD_GET_NEIGHBORS(r5, &(0x7f0000000840)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000800)={&(0x7f0000000780)={0x4c, r6, 0x100, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xffff0000}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r4}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r7}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0xd}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4004044}, 0x4040010) r8 = eventfd2(0x3ff, 0x1) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r5, 0x7, &(0x7f0000000880)=r8, 0x1) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r5, 0x89f3, &(0x7f0000000980)={'gre0\x00', &(0x7f00000008c0)={'gretap0\x00', 0x0, 0x7, 0x10, 0x1, 0xf947, {{0x26, 0x4, 0x2, 0x20, 0x98, 0x68, 0x0, 0x4, 0x2f, 0x0, @multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@timestamp_prespec={0x44, 0x4c, 0xff, 0x3, 0xa, [{@rand_addr=0x64010101, 0x7}, {@private=0xa010102, 0x80}, {@remote, 0x7}, {@empty, 0x1c}, {@remote}, {@dev={0xac, 0x14, 0x14, 0x37}, 0x80000001}, {@local}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x8001}, {@remote, 0xb36}]}, @rr={0x7, 0x23, 0x6f, [@empty, @private=0xa010102, @loopback, @remote, @loopback, @empty, @broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @cipso={0x86, 0x15, 0x1, [{0x2, 0xf, "2de4a4e08f64e35a3f449b40df"}]}]}}}}}) sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(0xffffffffffffffff, &(0x7f0000000ac0)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a00)={0x44, 0x0, 0x100, 0x70bd26, 0x25dfdbfe, {}, [@IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0x200}}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x3}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x10) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r9, &(0x7f0000000bc0)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000b80)={&(0x7f0000000b40)={0x24, r6, 0x4, 0x70bd28, 0x25dfdbfc, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x7f}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000010) 11:32:23 executing program 4: ioctl$SCSI_IOCTL_GET_PCI(0xffffffffffffffff, 0x5387, &(0x7f0000000000)) r0 = syz_open_dev$vcsu(&(0x7f0000000040), 0x5d4f, 0x0) ioctl$SG_SET_COMMAND_Q(r0, 0x2271, &(0x7f0000000080)=0x1) ioctl$SG_SET_COMMAND_Q(r0, 0x2271, &(0x7f00000000c0)=0x1) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r0, 0xc08c5335, &(0x7f0000000100)={0x9, 0x1, 0x0, 'queue0\x00', 0x400}) r1 = syz_io_uring_setup(0x3ad4, &(0x7f00000001c0)={0x0, 0xab0a, 0x1, 0x1, 0x140, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000240), &(0x7f0000000280)) r2 = io_uring_setup(0x104d, &(0x7f00000002c0)={0x0, 0x552e, 0x20, 0x0, 0x7c, 0x0, r1}) r3 = syz_open_dev$vcsu(&(0x7f0000000340), 0xf325, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r3, 0x40bc5311, &(0x7f0000000380)={0x2ed23be, 0x1, 'client0\x00', 0xffffffff80000004, "11e07863d5543dc3", "1e59118378bef77746ba8e81e7ee533ed3ea7ecb99b272c8c92e79326647f1c6", 0x0, 0x9}) openat$cgroup_freezer_state(r3, &(0x7f0000000440), 0x2, 0x0) r4 = syz_io_uring_setup(0x54e5, &(0x7f0000000480)={0x0, 0xa004, 0x4, 0x2, 0x7e}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000500), &(0x7f0000000540)) r5 = syz_open_dev$vcsu(&(0x7f0000000580), 0x5f, 0x68000) sendmsg$BATADV_CMD_GET_MESH(r5, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x1c, 0x0, 0x400, 0x70bd29, 0x25dfdbff, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x4000) r6 = socket$inet6(0xa, 0x800, 0x5) r7 = syz_io_uring_setup(0x6142, &(0x7f00000006c0)={0x0, 0x778, 0x20, 0x1, 0x236, 0x0, r2}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000740), &(0x7f0000000780)) mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x2000003, 0x4f9c234cd4cf3975, r7, 0x10000000) getpeername(r6, &(0x7f00000007c0)=@ethernet={0x0, @dev}, &(0x7f0000000840)=0x80) io_uring_register$IORING_UNREGISTER_PERSONALITY(r4, 0xa, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000000980)={'syztnl1\x00', &(0x7f00000008c0)={'syztnl0\x00', 0x0, 0x40, 0x20, 0x4, 0x2, {{0x1d, 0x4, 0x1, 0x1, 0x74, 0x66, 0x0, 0xe1, 0x29, 0x0, @empty, @local, {[@rr={0x7, 0x1f, 0x71, [@rand_addr=0x64010100, @empty, @rand_addr=0x64010101, @broadcast, @dev={0xac, 0x14, 0x14, 0x27}, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote]}, @generic={0x7, 0xd, "a8c9787a27fac3d2ac0f90"}, @lsrr={0x83, 0xf, 0xd, [@private=0xa010101, @empty, @local]}, @ssrr={0x89, 0x3, 0xa9}, @rr={0x7, 0x1f, 0x1b, [@dev={0xac, 0x14, 0x14, 0xa}, @remote, @loopback, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast]}]}}}}}) [ 93.390179] audit: type=1400 audit(1729942343.305:7): avc: denied { execmem } for pid=274 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:32:23 executing program 5: sendmsg$BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x0, 0x100, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3c}}]}, 0x20}, 0x1, 0x0, 0x0, 0x10000000}, 0x81) r0 = syz_open_dev$vcsu(&(0x7f0000000100), 0xe0, 0xa0100) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, 0x0, 0x2, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x40}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000010}, 0x20009880) sendmsg$BATADV_CMD_GET_ORIGINATORS(r0, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000100}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, 0x0, 0x20, 0x70bd26, 0x25dfdbfc, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x844}, 0x80) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x50, 0x0, 0x8, 0x70bd29, 0x25dfdbfb, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x6}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0xfff}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @local}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x50}, 0x1, 0x0, 0x0, 0x24000801}, 0x20000000) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x14, 0x0, 0x2, 0x70bd25, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x8c5}, 0x84) sendmsg$BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x24, 0x0, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_VLANID={0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x808}, 0x2400c410) r2 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), r0) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000780)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x30, r2, 0x200, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xafe}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}]}, 0x30}, 0x1, 0x0, 0x0, 0x90}, 0x10) r3 = openat$full(0xffffffffffffff9c, &(0x7f00000007c0), 0x420040, 0x0) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000840), r1) sendmsg$BATADV_CMD_SET_MESH(r3, &(0x7f0000000940)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000900)={&(0x7f0000000880)={0x64, r4, 0x800, 0x70bd27, 0x25dfdbfc, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x7}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x1000}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x8001}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x8}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x10001}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x6}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8}]}, 0x64}, 0x1, 0x0, 0x0, 0x40}, 0x4000010) sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f0000000a40)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000a00)={&(0x7f00000009c0)={0x3c, r4, 0x4, 0x70bd25, 0x25dfdbfd, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0xffffffff}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x9}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xf797}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_ELP_INTERVAL={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4}, 0x2005) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000ac0)={'batadv_slave_0\x00', 0x0}) sendmsg$BATADV_CMD_GET_ORIGINATORS(r0, &(0x7f0000000bc0)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000b80)={&(0x7f0000000b00)={0x44, r4, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r5}, @BATADV_ATTR_GW_SEL_CLASS={0x8}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x4}, @BATADV_ATTR_VLANID={0x6}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x101}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x7}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r3, &(0x7f0000000d00)={&(0x7f0000000c00)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000c40)={0x60, r2, 0xa30, 0x70bd28, 0x25dfdbfb, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x8}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x4}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x101}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x3}]}, 0x60}, 0x1, 0x0, 0x0, 0x448c0}, 0x8000) ioctl$sock_SIOCGIFCONF(r0, 0x8912, &(0x7f0000000d80)=@req={0x28, &(0x7f0000000d40)={'veth1_vlan\x00', @ifru_flags}}) socketpair(0x2a, 0x2, 0xd8, &(0x7f0000000dc0)={0xffffffffffffffff}) sendmsg$BATADV_CMD_GET_GATEWAYS(r6, &(0x7f0000000ec0)={&(0x7f0000000e00)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000e80)={&(0x7f0000000e40)={0x34, 0x0, 0x2, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x80) 11:32:23 executing program 6: keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/26, 0x1a) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x88380, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000140)={'sit0\x00', &(0x7f00000000c0)={'ip6_vti0\x00', 0x0, 0x4, 0x7f, 0x6, 0x0, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}, @private1, 0x7800, 0x1, 0x5, 0x5}}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00', 0x0}) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x70, 0x0, 0x8, 0x70bd25, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x1}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x8}, @MPTCP_PM_ATTR_ADDR={0x3c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r1}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r2}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x3}, @MPTCP_PM_ATTR_SUBFLOWS={0x8}]}, 0x70}}, 0x0) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000300), r0) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r0, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x3c, r3, 0x20, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x8}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x9}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc040}, 0x40840) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, &(0x7f0000000400)={0x4, 0x0, {0x2, 0x2, 0x7, 0x3, 0x8}}) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x34, r3, 0x200, 0x70bd29, 0x25dfdbff, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x10001}]}, 0x34}, 0x1, 0x0, 0x0, 0x44}, 0x20000040) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000640)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x2c, r3, 0x20, 0x70bd27, 0x25dfdbfe, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4054}, 0x40010) r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000006c0), r0) sendmsg$TIPC_CMD_GET_MAX_PORTS(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x1c, r4, 0x800, 0x70bd2a, 0x25dfdbfe, {}, ["", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x41) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f00000008c0)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000880)={&(0x7f0000000840)={0x1c, r5, 0x400, 0x70bd2a, 0x25dfdbfd, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000100}, 0x20000004) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000a00)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000009c0)={&(0x7f0000000940)={0x68, r5, 0x10, 0x70bd2c, 0x25dfdbfc, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x1000}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x7fffffff}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x6}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x180}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x2}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x40}]}, 0x68}, 0x1, 0x0, 0x0, 0x20008000}, 0x40084) setsockopt$WPAN_WANTLQI(0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000a40), 0x4) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r6, &(0x7f0000000b80)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000b40)={&(0x7f0000000ac0)={0x44, r3, 0x8, 0x70bd25, 0x25dfdbff, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x10001}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x1c}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xc7}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000000}, 0x48004) sendmsg$BATADV_CMD_GET_HARDIF(r0, &(0x7f0000000c80)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000c40)={&(0x7f0000000c00)={0x2c, r5, 0x100, 0x70bd2d, 0x25dfdbfd, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x7}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x4) 11:32:23 executing program 7: getgid() r0 = syz_open_dev$sg(&(0x7f0000000000), 0x1, 0x80) ioctl$SCSI_IOCTL_PROBE_HOST(r0, 0x5385, &(0x7f0000000040)={0xbb, ""/187}) setsockopt$WPAN_WANTACK(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000100), 0x4) r1 = syz_open_dev$sg(&(0x7f0000000140), 0x8, 0x4580c3) ioctl$SG_EMULATED_HOST(r1, 0x2203, &(0x7f0000000180)) ioctl$SG_IO(r0, 0x2285, &(0x7f0000001400)={0x53, 0xfffffffffffffffc, 0xd4, 0x59, @scatter={0x1, 0x0, &(0x7f00000011c0)=[{&(0x7f00000001c0)=""/4096, 0x1000}]}, &(0x7f0000001200)="9eb9a088bef14b0183de0386ef2dbf4ac98677b530902ee3801023e5e01e8fe3565e5ce09c57f7f01ff3c77014f57bdf461949b742010de06deb8aca77af0ac428725d603bf45ec8a1722aaca6a4446558a2eb10c2a62790d30acdf008fbce90f62aeac5f784fe3752338abef4312fd77263d6e17177a6c39eaad642335c75bf02741a4116ed21a255d447a39a470c9be20762dae8d17f295dd1ee372f8c1c8289cf03a3e5fbb8df1090f1ef7f4cdfbdb1adbfdbd233c6991ed395c784eff96d5fa73780ddf2d1439f1d1d7f69a85ee2b8caeb40", &(0x7f0000001300)=""/164, 0x0, 0x26, 0xffffffffffffffff, &(0x7f00000013c0)}) r2 = syz_open_dev$sg(&(0x7f0000001480), 0x5, 0x408840) ioctl$SCSI_IOCTL_GET_PCI(r2, 0x5387, &(0x7f00000014c0)) ioctl$SG_GET_RESERVED_SIZE(r1, 0x2272, &(0x7f0000001500)) ioctl$SG_GET_REQUEST_TABLE(r2, 0x2286, &(0x7f0000001540)) socketpair(0x10, 0x800, 0x0, &(0x7f00000016c0)={0xffffffffffffffff}) setsockopt$WPAN_WANTACK(r3, 0x0, 0x0, &(0x7f0000001700), 0x4) mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x2000002, 0x80010, 0xffffffffffffffff, 0x10000000) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000001740), 0x440, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000000, 0x40010, r4, 0x8000000) r5 = socket$inet_udp(0x2, 0x2, 0x0) r6 = openat$cgroup_freezer_state(r4, &(0x7f0000001780), 0x2, 0x0) r7 = socket(0x3, 0x5, 0x8) io_uring_register$IORING_REGISTER_FILES_UPDATE(r4, 0x6, &(0x7f0000001800)={0x1, 0x0, &(0x7f00000017c0)=[r4, r2, r5, r6, r7, 0xffffffffffffffff, r0, r2, r3]}, 0x9) [ 94.795752] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 94.799698] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 94.801363] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 94.802378] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 94.808708] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 94.810299] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 94.813089] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 94.814690] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 94.816117] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 94.823062] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 94.824699] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 94.825953] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 94.866787] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 94.870147] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 94.871751] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 94.877098] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 94.878769] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 94.882432] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 94.883773] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 94.887912] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 94.889752] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 94.890346] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 94.895104] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 94.909436] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 94.912097] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 94.917106] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 94.918660] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 94.925531] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 94.931696] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 94.933668] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 94.936738] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 94.939164] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 94.941361] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 94.943073] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 94.950999] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 94.952636] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 94.962382] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 94.967056] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 94.980489] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 94.982170] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 94.998430] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 95.000127] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 95.006589] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 95.007672] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 95.011092] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 95.077705] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 95.085085] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 95.086255] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 96.879234] Bluetooth: hci1: command tx timeout [ 96.879237] Bluetooth: hci0: command tx timeout [ 96.943917] Bluetooth: hci3: command tx timeout [ 97.007076] Bluetooth: hci4: command tx timeout [ 97.007180] Bluetooth: hci5: command tx timeout [ 97.008263] Bluetooth: hci2: command tx timeout [ 97.070903] Bluetooth: hci6: command tx timeout [ 97.135591] Bluetooth: hci7: command tx timeout [ 98.926980] Bluetooth: hci1: command tx timeout [ 98.929945] Bluetooth: hci0: command tx timeout [ 98.991214] Bluetooth: hci3: command tx timeout [ 99.055013] Bluetooth: hci2: command tx timeout [ 99.055165] Bluetooth: hci4: command tx timeout [ 99.056196] Bluetooth: hci5: command tx timeout [ 99.118896] Bluetooth: hci6: command tx timeout [ 99.182929] Bluetooth: hci7: command tx timeout [ 100.975887] Bluetooth: hci0: command tx timeout [ 100.975920] Bluetooth: hci1: command tx timeout [ 101.038903] Bluetooth: hci3: command tx timeout [ 101.103627] Bluetooth: hci5: command tx timeout [ 101.103649] Bluetooth: hci2: command tx timeout [ 101.105091] Bluetooth: hci4: command tx timeout [ 101.167915] Bluetooth: hci6: command tx timeout [ 101.230890] Bluetooth: hci7: command tx timeout [ 103.031678] Bluetooth: hci1: command tx timeout [ 103.033309] Bluetooth: hci0: command tx timeout [ 103.088539] Bluetooth: hci3: command tx timeout [ 103.151201] Bluetooth: hci2: command tx timeout [ 103.151745] Bluetooth: hci4: command tx timeout [ 103.152986] Bluetooth: hci5: command tx timeout [ 103.216129] Bluetooth: hci6: command tx timeout [ 103.280890] Bluetooth: hci7: command tx timeout [ 154.837364] syz-executor.0 (286) used greatest stack depth: 24496 bytes left [ 157.630370] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 157.640546] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 157.645711] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 157.649925] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 157.655677] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 157.659249] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 157.661533] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 157.673132] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 157.675261] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 157.676919] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 157.680707] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 157.684368] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 157.686017] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 157.687962] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 157.689530] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 157.691102] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 157.692202] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 157.700888] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 157.707697] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 157.709629] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 157.711398] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 157.713127] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 157.717242] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 157.722949] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 157.731701] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 157.735991] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 157.737247] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 157.748281] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 157.751321] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 157.753685] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 157.770435] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 157.784289] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 157.791092] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 157.800213] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 157.809588] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 157.823107] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 157.842999] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 157.851022] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 157.855201] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 157.857340] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 157.870289] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 157.874242] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 157.876697] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 157.882909] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 157.902256] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 157.920885] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 157.923887] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 157.926501] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 159.727525] Bluetooth: hci0: command tx timeout [ 159.728724] Bluetooth: hci1: command tx timeout [ 159.791927] Bluetooth: hci4: command tx timeout [ 159.792771] Bluetooth: hci2: command tx timeout [ 159.854944] Bluetooth: hci3: command tx timeout [ 159.918895] Bluetooth: hci5: command tx timeout [ 159.982951] Bluetooth: hci7: command tx timeout [ 160.239904] Bluetooth: hci6: command tx timeout [ 161.775974] Bluetooth: hci1: command tx timeout [ 161.776510] Bluetooth: hci0: command tx timeout [ 161.839954] Bluetooth: hci2: command tx timeout [ 161.840459] Bluetooth: hci4: command tx timeout [ 161.903930] Bluetooth: hci3: command tx timeout [ 161.968150] Bluetooth: hci5: command tx timeout [ 162.032139] Bluetooth: hci7: command tx timeout [ 162.287913] Bluetooth: hci6: command tx timeout [ 163.822901] Bluetooth: hci1: command tx timeout [ 163.823446] Bluetooth: hci0: command tx timeout [ 163.886999] Bluetooth: hci4: command tx timeout [ 163.887504] Bluetooth: hci2: command tx timeout [ 163.950896] Bluetooth: hci3: command tx timeout [ 164.015187] Bluetooth: hci5: command tx timeout [ 164.078854] Bluetooth: hci7: command tx timeout [ 164.336325] Bluetooth: hci6: command tx timeout [ 165.871984] Bluetooth: hci1: command tx timeout [ 165.872513] Bluetooth: hci0: command tx timeout [ 165.935897] Bluetooth: hci4: command tx timeout [ 165.936396] Bluetooth: hci2: command tx timeout [ 165.999992] Bluetooth: hci3: command tx timeout [ 166.063845] Bluetooth: hci5: command tx timeout [ 166.128041] Bluetooth: hci7: command tx timeout [ 166.384124] Bluetooth: hci6: command tx timeout [ 219.843090] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 219.847415] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 219.849755] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 219.858039] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 219.862255] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 219.874296] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 219.905381] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 219.912306] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 219.914067] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 219.919141] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 219.924141] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 219.925358] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 219.966606] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 219.970635] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 219.971819] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 219.975238] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 219.977508] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 219.979837] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 220.047554] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 220.058914] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 220.066633] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 220.077756] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 220.088606] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 220.093456] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 220.099148] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 220.101074] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 220.105758] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 220.112228] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 220.115215] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 220.116392] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 220.164058] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 220.172594] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 220.174520] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 220.174612] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 220.187397] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 220.196355] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 220.197697] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 220.206615] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 220.215923] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 220.217750] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 220.238103] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 220.246043] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 220.254763] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 220.257437] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 220.260999] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 220.265215] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 220.267294] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 220.268869] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 221.934987] Bluetooth: hci0: command tx timeout [ 221.998903] Bluetooth: hci2: command tx timeout [ 221.999602] Bluetooth: hci1: command tx timeout [ 222.127342] Bluetooth: hci3: command tx timeout [ 222.190895] Bluetooth: hci4: command tx timeout [ 222.318892] Bluetooth: hci6: command tx timeout [ 222.318924] Bluetooth: hci5: command tx timeout [ 222.382912] Bluetooth: hci7: command tx timeout [ 223.982868] Bluetooth: hci0: command tx timeout [ 224.048830] Bluetooth: hci1: command tx timeout [ 224.048917] Bluetooth: hci2: command tx timeout [ 224.175928] Bluetooth: hci3: command tx timeout [ 224.239938] Bluetooth: hci4: command tx timeout [ 224.366849] Bluetooth: hci5: command tx timeout [ 224.369807] Bluetooth: hci6: command tx timeout [ 224.430924] Bluetooth: hci7: command tx timeout [ 226.030893] Bluetooth: hci0: command tx timeout [ 226.096851] Bluetooth: hci1: command tx timeout [ 226.096874] Bluetooth: hci2: command tx timeout [ 226.223906] Bluetooth: hci3: command tx timeout [ 226.287843] Bluetooth: hci4: command tx timeout [ 226.414960] Bluetooth: hci6: command tx timeout [ 226.414979] Bluetooth: hci5: command tx timeout [ 226.478848] Bluetooth: hci7: command tx timeout [ 228.080064] Bluetooth: hci0: command tx timeout [ 228.143454] Bluetooth: hci2: command tx timeout [ 228.144036] Bluetooth: hci1: command tx timeout [ 228.271828] Bluetooth: hci3: command tx timeout [ 228.334849] Bluetooth: hci4: command tx timeout [ 228.462966] Bluetooth: hci6: command tx timeout [ 228.464356] Bluetooth: hci5: command tx timeout [ 228.527033] Bluetooth: hci7: command tx timeout [ 282.303380] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 282.306310] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 282.309569] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 282.319964] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 282.322560] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 282.325421] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 282.498568] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 282.500708] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 282.507049] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 282.507453] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 282.509034] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 282.511624] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 282.517342] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 282.518335] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 282.560965] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 282.566206] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 282.575257] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 282.576327] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 282.577425] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 282.578560] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 282.579867] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 282.580706] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 282.582053] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 282.583489] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 282.584240] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 282.585272] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 282.585973] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 282.591556] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 282.593182] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 282.594375] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 282.599406] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 282.600783] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 282.602123] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 282.603691] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 282.617280] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 282.625061] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 282.626672] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 282.647818] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 282.649187] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 282.661406] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 282.665022] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 282.704461] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 282.705504] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 282.710388] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 282.711705] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 282.714343] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 282.715993] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 282.716983] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 284.402892] Bluetooth: hci0: command tx timeout [ 284.590858] Bluetooth: hci2: command tx timeout [ 284.655989] Bluetooth: hci4: command tx timeout [ 284.657802] Bluetooth: hci1: command tx timeout [ 284.719909] Bluetooth: hci6: command tx timeout [ 284.721723] Bluetooth: hci5: command tx timeout [ 284.784046] Bluetooth: hci7: command tx timeout [ 284.846868] Bluetooth: hci3: command tx timeout [ 286.447366] Bluetooth: hci0: command tx timeout [ 286.640372] Bluetooth: hci2: command tx timeout [ 286.705979] Bluetooth: hci4: command tx timeout [ 286.707504] Bluetooth: hci1: command tx timeout [ 286.767952] Bluetooth: hci5: command tx timeout [ 286.769337] Bluetooth: hci6: command tx timeout [ 286.831856] Bluetooth: hci7: command tx timeout [ 286.896960] Bluetooth: hci3: command tx timeout [ 288.496111] Bluetooth: hci0: command tx timeout [ 288.687915] Bluetooth: hci2: command tx timeout [ 288.752114] Bluetooth: hci4: command tx timeout [ 288.753729] Bluetooth: hci1: command tx timeout [ 288.814893] Bluetooth: hci5: command tx timeout [ 288.816245] Bluetooth: hci6: command tx timeout [ 288.879835] Bluetooth: hci7: command tx timeout [ 288.951870] Bluetooth: hci3: command tx timeout [ 290.543845] Bluetooth: hci0: command tx timeout [ 290.735821] Bluetooth: hci2: command tx timeout [ 290.800052] Bluetooth: hci1: command tx timeout [ 290.800546] Bluetooth: hci4: command tx timeout [ 290.864001] Bluetooth: hci5: command tx timeout [ 290.864789] Bluetooth: hci6: command tx timeout [ 290.927536] Bluetooth: hci7: command tx timeout [ 290.991301] Bluetooth: hci3: command tx timeout [ 333.531563] modprobe (12861) used greatest stack depth: 23344 bytes left [ 344.572407] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 344.573801] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 344.576033] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 344.577168] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 344.580113] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 344.581588] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 344.582708] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 344.584233] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 344.589526] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 344.597474] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 344.618491] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 344.619651] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 344.708565] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 344.721187] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 344.724204] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 344.742436] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 344.757715] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 344.760960] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 344.792342] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 344.796512] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 344.798069] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 344.799289] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 344.807064] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 344.808646] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 344.809897] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 344.817497] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 344.821169] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 344.822225] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 344.824092] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 344.825887] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 344.827586] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 344.828610] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 344.840226] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 344.843244] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 344.843472] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 344.848089] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 344.852304] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 344.853332] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 344.855634] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 344.857189] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 344.857273] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 344.860135] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 344.861628] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 344.862863] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 344.878007] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 344.885978] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 344.890916] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 344.913149] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 346.607877] Bluetooth: hci1: command tx timeout [ 346.671037] Bluetooth: hci0: command tx timeout [ 346.862863] Bluetooth: hci6: command tx timeout [ 346.863716] Bluetooth: hci5: command tx timeout [ 346.864334] Bluetooth: hci2: command tx timeout [ 346.926929] Bluetooth: hci7: command tx timeout [ 347.119023] Bluetooth: hci3: command tx timeout [ 347.121025] Bluetooth: hci4: command tx timeout [ 348.654828] Bluetooth: hci1: command tx timeout [ 348.719852] Bluetooth: hci0: command tx timeout [ 348.911124] Bluetooth: hci2: command tx timeout [ 348.911650] Bluetooth: hci5: command tx timeout [ 348.912331] Bluetooth: hci6: command tx timeout [ 348.977772] Bluetooth: hci7: command tx timeout [ 349.167975] Bluetooth: hci3: command tx timeout [ 349.168497] Bluetooth: hci4: command tx timeout [ 350.703808] Bluetooth: hci1: command tx timeout [ 350.769782] Bluetooth: hci0: command tx timeout [ 350.959994] Bluetooth: hci2: command tx timeout [ 350.960521] Bluetooth: hci6: command tx timeout [ 350.961569] Bluetooth: hci5: command tx timeout [ 351.022972] Bluetooth: hci7: command tx timeout [ 351.216043] Bluetooth: hci3: command tx timeout [ 351.216576] Bluetooth: hci4: command tx timeout [ 352.750834] Bluetooth: hci1: command tx timeout [ 352.814819] Bluetooth: hci0: command tx timeout [ 353.008342] Bluetooth: hci5: command tx timeout [ 353.008900] Bluetooth: hci2: command tx timeout [ 353.009404] Bluetooth: hci6: command tx timeout [ 353.071854] Bluetooth: hci7: command tx timeout [ 353.263828] Bluetooth: hci3: command tx timeout [ 353.264356] Bluetooth: hci4: command tx timeout VM DIAGNOSIS: 11:37:23 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=0000000000000000 RCX=ffff8880355edee0 RDX=ffff888018df9b80 RSI=ffffffff847a415e RDI=ffffffff852c8ac0 RBP=ffffffff852c8ac0 RSP=ffff8880225672a0 R8 =0000000000000001 R9 =fffffbfff0fda9d9 R10=ffffffff87ed4ecf R11=0000000000000116 R12=ffff8880225677c8 R13=0000000000000000 R14=0000000000000002 R15=000000000003a6cc RIP=ffffffff847a4162 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055796d087080 CR3=00000000354b6000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00ff00000000000000000000000000ff XMM01=ff00ffffffffffffffffffffffffff00 XMM02=4f0063305f315f315f4c53534e45504f XMM03=000000000000000000656d69745f6f73 XMM04=65675f6b636f6c635f6f7364765f5f00 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000001 RBX=ffffffff863f34b4 RCX=ffffffff812e9e7c RDX=ffffed1006139b61 RSI=0000000000000008 RDI=ffff8880309cdb00 RBP=ffff8880309cdaf8 RSP=ffff888033cbf990 R8 =0000000000000000 R9 =ffffed1006139b60 R10=ffff8880309cdb07 R11=00000000000c2f81 R12=ffff8880309cdb00 R13=ffff8880309cdb60 R14=ffff888013ad956c R15=0000000000000010 RIP=ffffffff812e9e7c RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ffe467e3ff8 CR3=000000002953e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000ff000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000