Warning: Permanently added '[localhost]:32884' (ECDSA) to the list of known hosts. 2024/12/10 14:08:39 fuzzer started 2024/12/10 14:08:40 dialing manager at localhost:42157 syzkaller login: [ 77.385414] cgroup: Unknown subsys name 'net' [ 77.506608] cgroup: Unknown subsys name 'cpuset' [ 77.549124] cgroup: Unknown subsys name 'rlimit' 2024/12/10 14:09:06 syscalls: 200 2024/12/10 14:09:06 code coverage: enabled 2024/12/10 14:09:06 comparison tracing: enabled 2024/12/10 14:09:06 extra coverage: enabled 2024/12/10 14:09:06 setuid sandbox: enabled 2024/12/10 14:09:06 namespace sandbox: enabled 2024/12/10 14:09:06 Android sandbox: enabled 2024/12/10 14:09:06 fault injection: enabled 2024/12/10 14:09:06 leak checking: enabled 2024/12/10 14:09:06 net packet injection: enabled 2024/12/10 14:09:06 net device setup: enabled 2024/12/10 14:09:06 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2024/12/10 14:09:06 devlink PCI setup: PCI device 0000:00:10.0 is not available 2024/12/10 14:09:06 USB emulation: enabled 2024/12/10 14:09:06 hci packet injection: enabled 2024/12/10 14:09:06 wifi device emulation: enabled 2024/12/10 14:09:06 802.15.4 emulation: enabled 2024/12/10 14:09:06 fetching corpus: 0, signal 0/0 (executing program) 2024/12/10 14:09:08 starting 8 fuzzer processes 14:09:08 executing program 0: ioctl$CDROMRESET(0xffffffffffffffff, 0x5312) r0 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0) ioctl$CDROM_MEDIA_CHANGED(r0, 0x5325, 0x400000) ioctl$CDROMVOLCTRL(r0, 0x530a, &(0x7f0000000040)={0xfd, 0x6b, 0xbd, 0x81}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_MPATH(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x7e9485a993c47ea4}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x40, 0x0, 0x200, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x2, 0x3a}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x40}, 0x1, 0x0, 0x0, 0x80}, 0x4004) sendmsg$NL80211_CMD_SET_QOS_MAP(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x60, 0x0, 0x1, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_QOS_MAP={0x34, 0xc7, {[{0x0, 0x1}, {0x5, 0x6}, {0x3, 0x1f}, {0x1, 0x3}, {0x7f, 0x3}, {0x3, 0x1}, {0x3, 0x4}, {0x7, 0x7}, {0x7, 0x6}, {0x20, 0x3}, {0x40, 0x1}, {0x7, 0x3}, {0x7, 0x4}, {0x7f, 0x4}, {0x80, 0x3}, {0xff, 0x3}, {0xfb, 0x4}, {0xe4, 0x5}, {0xff, 0x2}, {0x6, 0x2}], "54439559ff683cba"}}, @NL80211_ATTR_QOS_MAP={0xe, 0xc7, {[{0x7}], "0e7951b50d66cb46"}}]}, 0x60}}, 0x4008811) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_P2P_DEVICE(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x14, r2, 0x20, 0x70bd29, 0x25dfdbfb, {{}, {@void, @void}}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000401}, 0xc841) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000440), 0x800, 0x0) ioctl$CDROM_GET_MCN(r3, 0x5311, &(0x7f0000000480)) r4 = openat$cgroup_ro(r3, &(0x7f00000004c0)='cpuset.effective_mems\x00', 0x0, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), r3) sendmsg$NL80211_CMD_SET_QOS_MAP(r4, &(0x7f0000000680)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000640)={&(0x7f0000000580)={0xa0, r5, 0x2, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_QOS_MAP={0x18, 0xc7, {[{0x7}, {0x4}, {0x27, 0x7}, {0x0, 0x1}, {0x1, 0x7}, {0x5, 0x5}], "de66a93233f1f7d9"}}, @NL80211_ATTR_QOS_MAP={0x30, 0xc7, {[{0x6, 0x1}, {0x1, 0x3}, {0x8}, {0x1f}, {0x2, 0x1}, {0xe4, 0x5}, {0x6, 0x5}, {0x5, 0x4}, {0x7f, 0x6}, {0xb3, 0x2}, {0x9}, {0x11, 0x4}, {0x7}, {0x1f, 0x2}, {0x1, 0x6}, {0x7, 0x5}, {0x5, 0x3}, {0x5}], "eab7b17a807c2ceb"}}, @NL80211_ATTR_QOS_MAP={0x12, 0xc7, {[{0x80, 0x7}, {0x9, 0x5}, {0x2, 0x1}], "e1c93b8cdd7e64e5"}}, @NL80211_ATTR_QOS_MAP={0x2e, 0xc7, {[{0x0, 0x1}, {0x5, 0x6}, {0x9, 0x6}, {0xf8, 0x6}, {0x80, 0x7}, {0xe9, 0x1}, {0x2, 0x7}, {0x67, 0x3}, {0xc, 0x6}, {0x7f, 0x6}, {0xf7, 0x5}, {0x3f, 0x1}, {0x80, 0x2}, {0x0, 0x4}, {0x3, 0xfc}, {0x3, 0x5}, {0x8, 0x5}], "f1d6078d1f644c70"}}]}, 0xa0}, 0x1, 0x0, 0x0, 0x10}, 0x10) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f00000006c0)={{0x1, 0x1, 0x18, r0, {0xa22}}, './file0\x00'}) sendmsg$NL80211_CMD_SET_POWER_SAVE(r6, &(0x7f00000007c0)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_PS_STATE={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x800) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000800)={{0x1, 0x1, 0x18, r0, {0x9}}, './file0\x00'}) sendmsg$NL80211_CMD_SET_MPATH(r7, &(0x7f0000000940)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000900)={&(0x7f0000000880)={0x5c, r5, 0x1, 0x70bd2d, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x92c8, 0x18}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4010}, 0x0) sendmsg$NL80211_CMD_DISCONNECT(r6, &(0x7f0000000a40)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000a00)={&(0x7f00000009c0)={0x38, 0x0, 0x4, 0x70bd2b, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x6, 0x1f}}}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x1}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x29}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x34}]}, 0x38}, 0x1, 0x0, 0x0, 0xc040840}, 0x8) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000ac0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xfffffffffffffff7}}, './file0\x00'}) 14:09:08 executing program 1: r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000008, 0x4000010, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x5fa0b59e}}, './file0\x00'}) syz_io_uring_submit(r0, 0x0, &(0x7f0000000040)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd=r1}, 0x8) r2 = io_uring_setup(0x2f4f, &(0x7f0000000080)={0x0, 0x87d2, 0x28, 0x0, 0x18f}) ioctl$sock_inet_SIOCADDRT(r1, 0x890b, &(0x7f0000000140)={0x0, {0x2, 0x4e24, @multicast1}, {0x2, 0x4e24, @remote}, {0x2, 0x4e22, @local}, 0x23, 0x0, 0x0, 0x0, 0xfffa, &(0x7f0000000100)='ip6tnl0\x00', 0x76b, 0x2, 0x7}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r1) sendmsg$NL80211_CMD_GET_SCAN(r1, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r3, 0x10, 0x70bd2d, 0x25dfdbff, {{}, {@void, @void}}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x40000) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000300)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) ioctl$CDROM_DEBUG(r4, 0x5330, 0x0) ioctl$AUTOFS_DEV_IOCTL_VERSION(r1, 0xc0189371, &(0x7f0000000340)={{0x1, 0x1, 0x18, r2}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r5, 0xc0189379, &(0x7f0000000380)={{0x1, 0x1, 0x18, r4}, './file0\x00'}) getsockopt$inet_buf(r4, 0x0, 0x28, &(0x7f00000003c0)=""/149, &(0x7f0000000480)=0x95) r7 = socket$packet(0x11, 0x2, 0x300) syz_io_uring_submit(r0, 0x0, &(0x7f0000000540)=@IORING_OP_CONNECT={0x10, 0x3, 0x0, r7, 0x80, &(0x7f00000004c0)=@l2={0x1f, 0x6, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x6, 0x2}, 0x0, 0x0, 0x1}, 0x0) r8 = syz_io_uring_complete(r0) syz_genetlink_get_family_id$wireguard(&(0x7f0000000580), r8) ioctl$AUTOFS_DEV_IOCTL_VERSION(r1, 0xc0189371, &(0x7f00000005c0)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) ioctl$CDROM_GET_MCN(r6, 0x5311, &(0x7f0000000600)) ioctl$BLKIOMIN(r8, 0x1278, &(0x7f0000000640)) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000680)={0x5c, @loopback, 0x4e20, 0x2, 'wrr\x00', 0x38, 0x0, 0xd}, 0x2c) 14:09:08 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x0, 0x0) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x58, r1, 0x100, 0x70bd2b, 0x25dfdbff, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x58ec76a4}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x3}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0xfff}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x581}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x2}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @multicast}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000810}, 0x4000) r2 = openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f00000001c0), 0x2, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x240001, 0x0) openat$cgroup_type(r3, &(0x7f0000000240), 0x2, 0x0) r4 = io_uring_setup(0x755, &(0x7f0000000280)={0x0, 0x106e, 0x2, 0x2, 0x290, 0x0, r3}) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r3, 0xc0189375, &(0x7f0000000300)={{0x1, 0x1, 0x18, r4}, './file0\x00'}) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x40, r1, 0x7b625557955ce6b8, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x4}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x10001}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x4}, 0x4) ioctl$AUTOFS_DEV_IOCTL_VERSION(r5, 0xc0189371, &(0x7f0000000440)={{0x1, 0x1, 0x18, r2}, './file0\x00'}) ioctl$HIDIOCSUSAGE(r6, 0x4018480c, &(0x7f0000000480)={0x2, 0x200, 0x0, 0x6af2, 0x1, 0x8}) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r6, 0xc018937a, &(0x7f00000004c0)={{0x1, 0x1, 0x18, r4, {0x9e9a}}, './file0\x00'}) r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000540), r0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000580)={'batadv_slave_0\x00', 0x0}) sendmsg$BATADV_CMD_SET_HARDIF(r7, &(0x7f0000000640)={&(0x7f0000000500), 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x38, r8, 0x10, 0x70bd29, 0x25dfdbfc, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x7}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r9}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x2}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}]}, 0x38}, 0x1, 0x0, 0x0, 0x20040004}, 0x1) r10 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), r10) ioctl$CDROMREADMODE1(r0, 0x530d, &(0x7f00000006c0)={0x20, 0x7a, 0x8, 0x2, 0x74, 0x3}) sendmsg$NL80211_CMD_SET_POWER_SAVE(r5, &(0x7f0000001200)={&(0x7f0000001140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000011c0)={&(0x7f0000001180)={0x3c, 0x0, 0x200, 0x70bd25, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_PS_STATE={0x8}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x20000800) setsockopt$inet_IP_XFRM_POLICY(r6, 0x0, 0x11, &(0x7f0000001240)={{{@in=@dev={0xac, 0x14, 0x14, 0x12}, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4e23, 0x0, 0x4e24, 0x8, 0xa, 0x80, 0x80, 0x2f, r9}, {0x6, 0x1, 0x20, 0x10000, 0x2, 0x0, 0x6, 0x3ff}, {0x3, 0x3, 0xbde5, 0x2}, 0x427, 0x6e6bbf, 0x1, 0x1, 0x3, 0x3}, {{@in=@multicast1, 0x4d2, 0xff}, 0xa, @in=@local, 0x34ff, 0x4, 0x1, 0x1f, 0x1, 0x9, 0x459b}}, 0xe8) 14:09:08 executing program 3: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x420300, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r0, 0xc018937a, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file0\x00'}) r2 = mmap$IORING_OFF_SQES(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1000002, 0x10, r1, 0x10000000) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x80040, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f00000000c0)=@IORING_OP_POLL_ADD={0x6, 0x1, 0x0, @fd=r3, 0x0, 0x0, 0x0, {0x10a1}, 0x1}, 0x9) openat$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000100)='memory.pressure\x00', 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc0189379, &(0x7f0000000140)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r4, 0xc0189375, &(0x7f0000000180)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r5, 0xc0189373, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r5, {0x9b}}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r6, 0xc0189379, &(0x7f0000000200)={{0x1, 0x1, 0x18, r3}, './file0\x00'}) openat$cgroup_netprio_ifpriomap(r6, &(0x7f0000000240), 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r7, 0xc0189372, &(0x7f0000000280)={{0x1, 0x1, 0x18, r3, {0x5}}, './file0\x00'}) r9 = openat$cdrom(0xffffffffffffff9c, &(0x7f00000002c0), 0x200, 0x0) ioctl$AUTOFS_DEV_IOCTL_READY(r8, 0xc0189376, &(0x7f0000000300)={{0x1, 0x1, 0x18, r9, {0x8001}}, './file0\x00'}) sendmsg$NL80211_CMD_SET_WIPHY(r6, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x3c, 0x0, 0x400, 0x70bd28, 0x25dfdbfb, {}, [@NL80211_ATTR_WIPHY_COVERAGE_CLASS={0x5, 0x59, 0xff}, @NL80211_ATTR_TXQ_LIMIT={0x8, 0x10a, 0xf0}, @NL80211_ATTR_TXQ_LIMIT={0x8, 0x10a, 0x401}, @NL80211_ATTR_TXQ_QUANTUM={0x8, 0x10c, 0xfc5}, @NL80211_ATTR_WIPHY_COVERAGE_CLASS={0x5, 0x59, 0x20}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) sendmsg$WG_CMD_GET_DEVICE(r6, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x24, 0x0, 0x100, 0x70bd27, 0x25dfdbfd, {}, [@WGDEVICE_A_FWMARK={0x8, 0x7, 0x5}, @WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x4040}, 0x2000c080) r10 = syz_genetlink_get_family_id$batadv(&(0x7f0000000580), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r9, &(0x7f0000000640)={&(0x7f0000000540), 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x24, r10, 0x2, 0x70bd29, 0x25dfdbfb, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xb494}]}, 0x24}, 0x1, 0x0, 0x0, 0x880}, 0x40) ioctl$HIDIOCSUSAGE(r4, 0x4018480c, &(0x7f0000000680)={0x2, 0x2, 0x7ff, 0xfffffe00, 0x8}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000740)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x96}}, './file0/file0\x00'}) [ 104.834366] audit: type=1400 audit(1733839748.738:7): avc: denied { execmem } for pid=273 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 14:09:08 executing program 5: sendmsg$WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, 0x0, 0x8, 0x70bd2b, 0x25dfdbfd, {}, [@WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e21}, @WGDEVICE_A_IFINDEX={0x8}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e22}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x40000) sendmsg$NLBL_MGMT_C_REMOVE(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x50, 0x0, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@NLBL_MGMT_A_DOMAIN={0x5, 0x1, '\x00'}, @NLBL_MGMT_A_DOMAIN={0x5, 0x1, '\x00'}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x3}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @rand_addr=0x64010100}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @loopback}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @private1}]}, 0x50}, 0x1, 0x0, 0x0, 0x20008080}, 0x800) sendmsg$NL80211_CMD_SET_MAC_ACL(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x20, 0x0, 0x8, 0x70bd28, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x7, 0x2c}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x4040}, 0x0) sendmsg$IEEE802154_SET_MACPARAMS(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x5c, 0x0, 0x4, 0x70bd27, 0x25dfdbfb, {}, [@IEEE802154_ATTR_CSMA_RETRIES={0x5, 0x25, 0x20}, @IEEE802154_ATTR_CCA_MODE={0x5, 0x23, 0x5}, @IEEE802154_ATTR_CSMA_MAX_BE={0x5, 0x27, 0x81}, @IEEE802154_ATTR_CSMA_MIN_BE={0x5, 0x26, 0xbf}, @IEEE802154_ATTR_CSMA_MAX_BE={0x5, 0x27, 0xbb}, @IEEE802154_ATTR_CCA_ED_LEVEL={0x8, 0x24, 0x2}, @IEEE802154_ATTR_LBT_ENABLED={0x5, 0x22, 0x1}, @IEEE802154_ATTR_CCA_MODE={0x5}, @IEEE802154_ATTR_LBT_ENABLED={0x5}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4}, 0x48) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x1c, 0x0, 0x400, 0x70bd27, 0x25dfdbfe, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x404}, 0x20008004) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000740)={&(0x7f0000000600)={0x11c, r0, 0x20, 0x70bd27, 0x25dfdbfb, {{}, {@void, @void}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x7c10}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x1}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0xbf}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x2d0}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}], @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x5}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x4}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xfffffff7}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x5}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x5}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x10}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x3}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0xc}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}], @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1c6}], @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x7}], @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x31}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x4}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x8}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x5}, @NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_DURATION={0x8, 0x57, 0x9}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x1f}]}, 0x11c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40010) sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f0000000880)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)={0x20, r0, 0x300, 0x70bd2c, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x1f8, 0x14}}}}, [""]}, 0x20}}, 0x40a1) sendmsg$IEEE802154_LLSEC_GETPARAMS(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x20, 0x0, 0x2, 0x70bd27, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000}, 0x4004) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_DEL_DEV(r1, &(0x7f0000000ac0)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a00)={0x64, 0x0, 0x101, 0x70bd26, 0x25dfdbff, {}, [@IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8}]}, 0x64}, 0x1, 0x0, 0x0, 0x48000}, 0x20000000) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000b00), r2) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000b40), r1) sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000cc0)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000c80)={&(0x7f0000000bc0)={0x8c, r0, 0x10, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x68, 0x71}}}}, [@NL80211_ATTR_KEY_DEFAULT_TYPES={0x18, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0xc, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}, @NL80211_ATTR_KEY_SEQ={0x4}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x18, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac01}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x8c}, 0x1, 0x0, 0x0, 0x10}, 0x44890) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000d40), 0xffffffffffffffff) sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000f00)={&(0x7f0000000d00)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000ec0)={&(0x7f0000000d80)={0x114, r3, 0x400, 0x70bd27, 0x25dfdbfb, {{}, {@void, @val={0x8}, @void}}, [@NL80211_ATTR_VENDOR_DATA={0xcf, 0xc5, "c1786b888309227b0b6ca2eb03657dbe2ab126f3f553544b87e485221e89218f5204e5536b7f8643b66f32a0b296ce19b3b52266b9b0ad891019d1a11c36da9c6e270c0b69c3f1ff770c7d13fe8a272c6ad8dd2ced3358832d822b65d15abfadbc1c73f7490a91750d4d610cce95fa13e698c262fd718294d0494ec322729c87f0ed2585e0d2a6194589ec1148f0615c4925c246fa6f864af29b0e2aff8b2d9111b6e950bad6928001610132dd810ef191af9a31c88731a6ea83eea197b62953150e3c781a720a8885af6b"}, @NL80211_ATTR_VENDOR_DATA={0x16, 0xc5, "fa02da4fb9a02bb2fc3fd9db8dec8f006bd8"}, @NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0x7fff}, @NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x1}]}, 0x114}}, 0x40) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000f80)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_INTERFACE(0xffffffffffffffff, &(0x7f0000001040)={&(0x7f0000000f40)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001000)={&(0x7f0000000fc0)={0x28, r3, 0x400, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x47, 0x55}}}}, ["", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x840}, 0x8450) sendmsg$NLBL_MGMT_C_LISTALL(0xffffffffffffffff, &(0x7f0000001180)={&(0x7f0000001080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000001140)={&(0x7f0000001100)={0x38, 0x0, 0x300, 0x70bd2d, 0x25dfdbfd, {}, [@NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @initdev={0xac, 0x1e, 0x0, 0x0}}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @remote}]}, 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x0) 14:09:08 executing program 4: r0 = socket$inet(0x2, 0x6, 0xffffff00) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x6, @private=0xa010102, 0x4e20, 0x2, 'lblcr\x00', 0x0, 0x7fffffff, 0x5e}, 0x2c) setsockopt$inet_mreq(r0, 0x0, 0x4, &(0x7f0000000040)={@dev={0xac, 0x14, 0x14, 0x1b}, @local}, 0x8) getsockopt$inet_buf(r0, 0x0, 0x33, &(0x7f0000000080)=""/101, &(0x7f0000000100)=0x65) getsockopt$EBT_SO_GET_INIT_ENTRIES(0xffffffffffffffff, 0x0, 0x83, &(0x7f0000000280)={'nat\x00', 0x0, 0x3, 0xcc, [0x8a, 0x3, 0x6, 0x6, 0x101, 0x6], 0x3, &(0x7f0000000140)=[{}, {}, {}], &(0x7f0000000180)=""/204}, &(0x7f0000000300)=0x78) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000340)={'wg1\x00'}) getsockopt$inet_mreq(r0, 0x0, 0x20, &(0x7f0000000380)={@broadcast, @multicast2}, &(0x7f00000003c0)=0x8) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000400)={{0x1, 0x1, 0x18, r0, @out_args}, './file0\x00'}) getsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000440)={@private, @initdev}, &(0x7f0000000480)=0x8) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r1, 0xc018937e, &(0x7f00000004c0)={{0x1, 0x1, 0x18, r0, @out_args}, './file0\x00'}) setsockopt$inet_mreq(r2, 0x0, 0x2c, &(0x7f0000000500)={@multicast2, @broadcast}, 0x8) openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000540)='devices.deny\x00', 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000580)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) setsockopt$inet_mreq(r0, 0x0, 0x23, &(0x7f00000005c0)={@local, @broadcast}, 0x8) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r3, 0xc018937e, &(0x7f0000000600)={{0x1, 0x1, 0x18, 0xffffffffffffffff, @out_args}, './file0\x00'}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_KEY(r4, &(0x7f0000000740)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x40, r5, 0x1, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_KEY={0x14, 0x50, 0x0, 0x1, [@NL80211_KEY_MODE={0x5, 0x9, 0x2}, @NL80211_KEY_IDX={0x5, 0x2, 0x2}]}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac05}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x8, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r1, 0xc018937d, &(0x7f0000000780)={{0x1, 0x1, 0x18, r4, {0x4}}, './file0\x00'}) getsockopt$ARPT_SO_GET_REVISION_TARGET(r6, 0x0, 0x63, &(0x7f00000007c0)={'TPROXY\x00'}, &(0x7f0000000800)=0x1e) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000880)=@req3={0x6, 0x7fff, 0x58, 0x0, 0x4, 0x40000}, 0x1c) 14:09:08 executing program 6: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, r1, 0x20, 0x70bd2d, 0x25dfdbfb, {}, [@NLBL_MGMT_A_DOMAIN={0x8, 0x1, '+w@\x00'}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @mcast1}]}, 0x30}, 0x1, 0x0, 0x0, 0x40081}, 0x20000000) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r0) sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r2, 0x300, 0x70bd26, 0x25dfdbfd, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x44000}, 0x8880) sendmsg$IEEE802154_LLSEC_DEL_DEV(r0, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80100100}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x54, 0x0, 0x800, 0x70bd29, 0x25dfdbfe, {}, [@IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0002}}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000) r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), r0) sendmsg$IEEE802154_ASSOCIATE_RESP(r0, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x38, r3, 0x300, 0x70bd27, 0x25dfdbfe, {}, [@IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa2}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xfffe}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc}, @IEEE802154_ATTR_STATUS={0x5}]}, 0x38}, 0x1, 0x0, 0x0, 0x11}, 0x4040050) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_MGMT_C_REMOVEDEF(r4, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x50, r2, 0x200, 0x70bd28, 0x25dfdbfd, {}, [@NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x3}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x26}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x21}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x22}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @remote}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x1}]}, 0x50}, 0x1, 0x0, 0x0, 0x20000000}, 0x8800) r5 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$NLBL_MGMT_C_LISTDEF(r4, &(0x7f0000000780)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000740)={&(0x7f00000006c0)={0x54, r5, 0x20, 0x70bd2c, 0x25dfdbfd, {}, [@NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x2c}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}}, @NLBL_MGMT_A_CV4DOI={0x8}, @NLBL_MGMT_A_DOMAIN={0x11, 0x1, '\')-#)+#{\\.!-\x00'}, @NLBL_MGMT_A_DOMAIN={0x5, 0x1, '\x00'}]}, 0x54}, 0x1, 0x0, 0x0, 0xc800}, 0x0) syz_genetlink_get_family_id$ieee802154(&(0x7f00000007c0), r4) r6 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000840), r0) sendmsg$NLBL_MGMT_C_REMOVE(r4, &(0x7f0000000900)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x30, r6, 0x8, 0x70bd2c, 0x25dfdbfe, {}, [@NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x18}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @private2}]}, 0x30}, 0x1, 0x0, 0x0, 0x40040}, 0x4000000) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000980), r4) sendmsg$NLBL_MGMT_C_REMOVE(r7, &(0x7f0000000a40)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000a00)={&(0x7f00000009c0)={0x1c, r8, 0x2, 0x70bd27, 0xd7d4, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @private=0xa010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004000}, 0x20000000) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000a80)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x7}}, './file0\x00'}) sendmsg$NL80211_CMD_ABORT_SCAN(r9, &(0x7f0000000b80)={&(0x7f0000000ac0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000b40)={&(0x7f0000000b00)={0x14, 0x0, 0x20, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @void}}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20004160}, 0x40040) 14:09:08 executing program 7: ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xff, 0xfffffffc}}, './file0\x00'}) ioctl$BLKGETSIZE64(r0, 0x80081272, &(0x7f0000000040)) ioctl$HIDIOCAPPLICATION(r0, 0x4802, 0x4) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc0189379, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) ioctl$BLKALIGNOFF(r1, 0x127a, &(0x7f00000000c0)) ioctl$BLKALIGNOFF(r1, 0x127a, &(0x7f0000000100)) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r1, 0xc018937c, &(0x7f0000000140)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) ioctl$BLKZEROOUT(r2, 0x127f, &(0x7f0000000180)={0x7, 0x1}) ioctl$HIDIOCSUSAGE(r0, 0x4018480c, &(0x7f00000001c0)={0x2, 0xfffffeff, 0x9, 0xffffffff, 0x4, 0x400}) openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$CDROMSETSPINDOWN(r1, 0x531e, &(0x7f0000000240)=0x6) sendmsg$BATADV_CMD_GET_HARDIF(r2, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x4c, 0x0, 0x8, 0x70bd2d, 0x25dfdbfd, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x2}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0xff}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x10000}, 0x4000010) r3 = accept4$inet(r2, &(0x7f00000003c0)={0x2, 0x0, @initdev}, &(0x7f0000000400)=0x10, 0x800) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000440)={0x6c, @loopback, 0x4e24, 0x4, 'wrr\x00', 0x2, 0x0, 0x27}, 0x2c) ioctl$HIDIOCINITREPORT(r2, 0x4805, 0x0) epoll_create1(0x80000) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r1, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x1c, 0x0, 0x200, 0x70bd2d, 0x25dfdbfc, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4044094}, 0x0) epoll_create1(0x0) sendmsg$NL80211_CMD_PROBE_CLIENT(r0, &(0x7f0000000680)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x68, 0x0, 0x108, 0x70bd25, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0xfff}}}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x68}, 0x1, 0x0, 0x0, 0x40001}, 0x9e6850905758b352) sendmsg$NL80211_CMD_STOP_P2P_DEVICE(r0, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x2804000}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x14, 0x0, 0x1, 0x70bd28, 0x25dfdbfe, {{}, {@void, @void}}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40800}, 0x1) [ 106.238828] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 106.241078] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 106.242337] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 106.245217] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 106.250781] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 106.256266] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 106.259086] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 106.263267] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 106.265468] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 106.269389] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 106.276400] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 106.281841] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 106.342608] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 106.345820] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 106.346613] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 106.348481] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 106.348960] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 106.354755] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 106.355710] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 106.356646] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 106.358592] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 106.363404] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 106.366005] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 106.368838] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 106.369871] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 106.372688] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 106.375893] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 106.377993] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 106.378501] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 106.381045] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 106.382188] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 106.384014] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 106.384141] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 106.386924] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 106.388290] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 106.388753] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 106.391354] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 106.391858] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 106.394397] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 106.396611] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 106.404143] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 106.405024] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 106.407248] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 106.409845] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 106.415742] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 106.420949] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 106.422783] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 106.443048] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 108.283417] Bluetooth: hci0: command tx timeout [ 108.346642] Bluetooth: hci1: command tx timeout [ 108.411248] Bluetooth: hci5: command tx timeout [ 108.474738] Bluetooth: hci6: command tx timeout [ 108.474820] Bluetooth: hci3: command tx timeout [ 108.475717] Bluetooth: hci2: command tx timeout [ 108.477050] Bluetooth: hci4: command tx timeout [ 108.538658] Bluetooth: hci7: command tx timeout [ 110.331261] Bluetooth: hci0: command tx timeout [ 110.394626] Bluetooth: hci1: command tx timeout [ 110.458664] Bluetooth: hci5: command tx timeout [ 110.522694] Bluetooth: hci3: command tx timeout [ 110.523205] Bluetooth: hci6: command tx timeout [ 110.524190] Bluetooth: hci2: command tx timeout [ 110.524730] Bluetooth: hci4: command tx timeout [ 110.586768] Bluetooth: hci7: command tx timeout [ 112.380570] Bluetooth: hci0: command tx timeout [ 112.442651] Bluetooth: hci1: command tx timeout [ 112.507557] Bluetooth: hci5: command tx timeout [ 112.571304] Bluetooth: hci3: command tx timeout [ 112.572711] Bluetooth: hci2: command tx timeout [ 112.573173] Bluetooth: hci4: command tx timeout [ 112.573894] Bluetooth: hci6: command tx timeout [ 112.635560] Bluetooth: hci7: command tx timeout [ 114.428601] Bluetooth: hci0: command tx timeout [ 114.490753] Bluetooth: hci1: command tx timeout [ 114.554770] Bluetooth: hci5: command tx timeout [ 114.619554] Bluetooth: hci3: command tx timeout [ 114.620891] Bluetooth: hci6: command tx timeout [ 114.621978] Bluetooth: hci4: command tx timeout [ 114.623035] Bluetooth: hci2: command tx timeout [ 114.683263] Bluetooth: hci7: command tx timeout [ 166.297537] syz-executor.6 (283) used greatest stack depth: 24496 bytes left [ 168.884709] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 168.891658] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 168.895874] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 168.900421] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 168.903915] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 168.911588] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 168.912232] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 168.914786] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 168.921589] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 168.924432] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 168.926074] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 168.927349] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 168.966377] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 168.976784] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 168.978782] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 168.984347] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 168.987992] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 168.991030] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 169.052868] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 169.059751] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 169.063146] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 169.065405] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 169.071832] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 169.078419] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 169.082524] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 169.086684] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 169.088932] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 169.092203] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 169.094359] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 169.098424] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 169.102427] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 169.105236] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 169.107623] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 169.118698] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 169.121788] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 169.123974] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 169.139260] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 169.164106] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 169.166239] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 169.180731] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 169.187711] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 169.190043] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 169.210711] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 169.225776] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 169.229312] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 169.258432] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 169.312389] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 169.316995] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 170.938793] Bluetooth: hci0: command tx timeout [ 171.002670] Bluetooth: hci1: command tx timeout [ 171.067593] Bluetooth: hci2: command tx timeout [ 171.195998] Bluetooth: hci3: command tx timeout [ 171.196989] Bluetooth: hci4: command tx timeout [ 171.386770] Bluetooth: hci6: command tx timeout [ 171.386944] Bluetooth: hci7: command tx timeout [ 171.389187] Bluetooth: hci5: command tx timeout [ 172.987842] Bluetooth: hci0: command tx timeout [ 173.050772] Bluetooth: hci1: command tx timeout [ 173.115619] Bluetooth: hci2: command tx timeout [ 173.242700] Bluetooth: hci4: command tx timeout [ 173.244422] Bluetooth: hci3: command tx timeout [ 173.434598] Bluetooth: hci5: command tx timeout [ 173.436167] Bluetooth: hci7: command tx timeout [ 173.436214] Bluetooth: hci6: command tx timeout [ 175.034600] Bluetooth: hci0: command tx timeout [ 175.098836] Bluetooth: hci1: command tx timeout [ 175.163290] Bluetooth: hci2: command tx timeout [ 175.291759] Bluetooth: hci3: command tx timeout [ 175.291864] Bluetooth: hci4: command tx timeout [ 175.482668] Bluetooth: hci5: command tx timeout [ 175.483242] Bluetooth: hci7: command tx timeout [ 175.483991] Bluetooth: hci6: command tx timeout [ 177.083592] Bluetooth: hci0: command tx timeout [ 177.147562] Bluetooth: hci1: command tx timeout [ 177.211605] Bluetooth: hci2: command tx timeout [ 177.340584] Bluetooth: hci4: command tx timeout [ 177.342028] Bluetooth: hci3: command tx timeout [ 177.530759] Bluetooth: hci6: command tx timeout [ 177.530828] Bluetooth: hci7: command tx timeout [ 177.532280] Bluetooth: hci5: command tx timeout [ 231.180294] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 231.183125] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 231.185890] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 231.191426] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 231.198725] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 231.202712] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 231.238120] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 231.241830] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 231.244350] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 231.258786] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 231.272885] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 231.275927] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 231.305066] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 231.308572] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 231.311072] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 231.321802] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 231.325083] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 231.326388] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 231.367517] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 231.375357] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 231.389098] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 231.410612] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 231.414804] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 231.422718] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 231.457157] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 231.461882] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 231.482678] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 231.509311] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 231.512619] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 231.516136] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 231.519060] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 231.520587] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 231.523815] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 231.524893] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 231.526390] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 231.530826] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 231.545559] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 231.546935] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 231.547957] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 231.550911] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 231.559899] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 231.565957] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 231.600775] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 231.611067] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 231.613726] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 231.619230] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 231.637746] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 231.640346] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 233.275765] Bluetooth: hci0: command tx timeout [ 233.338619] Bluetooth: hci1: command tx timeout [ 233.403538] Bluetooth: hci2: command tx timeout [ 233.531678] Bluetooth: hci3: command tx timeout [ 233.594586] Bluetooth: hci4: command tx timeout [ 233.659696] Bluetooth: hci5: command tx timeout [ 233.724569] Bluetooth: hci6: command tx timeout [ 233.725185] Bluetooth: hci7: command tx timeout [ 235.323637] Bluetooth: hci0: command tx timeout [ 235.386595] Bluetooth: hci1: command tx timeout [ 235.451570] Bluetooth: hci2: command tx timeout [ 235.579571] Bluetooth: hci3: command tx timeout [ 235.644662] Bluetooth: hci4: command tx timeout [ 235.707834] Bluetooth: hci5: command tx timeout [ 235.771927] Bluetooth: hci6: command tx timeout [ 235.773266] Bluetooth: hci7: command tx timeout [ 237.371608] Bluetooth: hci0: command tx timeout [ 237.435655] Bluetooth: hci1: command tx timeout [ 237.499650] Bluetooth: hci2: command tx timeout [ 237.627566] Bluetooth: hci3: command tx timeout [ 237.692797] Bluetooth: hci4: command tx timeout [ 237.755739] Bluetooth: hci5: command tx timeout [ 237.819600] Bluetooth: hci6: command tx timeout [ 237.820098] Bluetooth: hci7: command tx timeout [ 239.419567] Bluetooth: hci0: command tx timeout [ 239.483612] Bluetooth: hci1: command tx timeout [ 239.547649] Bluetooth: hci2: command tx timeout [ 239.674612] Bluetooth: hci3: command tx timeout [ 239.739565] Bluetooth: hci4: command tx timeout [ 239.803543] Bluetooth: hci5: command tx timeout [ 239.867697] Bluetooth: hci6: command tx timeout [ 239.868170] Bluetooth: hci7: command tx timeout [ 291.732711] syz-executor.7 (6907) used greatest stack depth: 23104 bytes left [ 293.797890] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 293.799443] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 293.800970] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 293.803966] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 293.805755] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 293.806936] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 293.828022] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 293.829724] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 293.830892] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 293.840716] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 293.842820] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 293.844842] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 293.872994] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 293.876704] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 293.877954] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 293.881188] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 293.885949] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 293.892882] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 294.024381] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 294.028753] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 294.030124] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 294.033346] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 294.035132] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 294.036303] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 294.100026] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 294.106914] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 294.111602] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 294.120688] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 294.125699] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 294.128583] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 294.132112] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 294.135260] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 294.167599] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 294.169774] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 294.169969] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 294.175207] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 294.214731] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 294.216631] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 294.216798] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 294.225011] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 294.228026] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 294.231871] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 294.235277] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 294.237249] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 294.239763] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 294.239802] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 294.246844] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 294.248271] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 295.866617] Bluetooth: hci1: command tx timeout [ 295.866764] Bluetooth: hci0: command tx timeout [ 295.931576] Bluetooth: hci2: command tx timeout [ 296.122576] Bluetooth: hci3: command tx timeout [ 296.186590] Bluetooth: hci7: command tx timeout [ 296.316156] Bluetooth: hci4: command tx timeout [ 296.442626] Bluetooth: hci5: command tx timeout [ 296.762664] Bluetooth: hci6: command tx timeout [ 297.914618] Bluetooth: hci1: command tx timeout [ 297.914744] Bluetooth: hci0: command tx timeout [ 297.978554] Bluetooth: hci2: command tx timeout [ 298.171592] Bluetooth: hci3: command tx timeout [ 298.234574] Bluetooth: hci7: command tx timeout [ 298.363548] Bluetooth: hci4: command tx timeout [ 298.490642] Bluetooth: hci5: command tx timeout [ 298.811988] Bluetooth: hci6: command tx timeout [ 299.963273] Bluetooth: hci0: command tx timeout [ 299.964862] Bluetooth: hci1: command tx timeout [ 300.027513] Bluetooth: hci2: command tx timeout [ 300.219597] Bluetooth: hci3: command tx timeout [ 300.282580] Bluetooth: hci7: command tx timeout [ 300.410827] Bluetooth: hci4: command tx timeout [ 300.557550] Bluetooth: hci5: command tx timeout [ 300.903557] Bluetooth: hci6: command tx timeout [ 302.010695] Bluetooth: hci0: command tx timeout [ 302.011670] Bluetooth: hci1: command tx timeout [ 302.074621] Bluetooth: hci2: command tx timeout [ 302.266564] Bluetooth: hci3: command tx timeout [ 302.332508] Bluetooth: hci7: command tx timeout [ 302.459056] Bluetooth: hci4: command tx timeout [ 302.586535] Bluetooth: hci5: command tx timeout [ 302.906557] Bluetooth: hci6: command tx timeout [ 356.382051] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 356.394665] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 356.399866] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 356.404881] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 356.406498] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 356.407584] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 356.420220] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 356.422700] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 356.423834] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 356.436754] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 356.439232] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 356.441753] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 356.493739] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 356.504742] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 356.508019] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 356.509719] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 356.510762] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 356.512890] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 356.514364] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 356.516118] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 356.521407] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 356.534143] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 356.551794] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 356.563110] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 356.566339] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 356.568104] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 356.573670] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 356.581094] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 356.588708] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 356.589781] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 356.593660] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 356.611575] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 356.623701] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 356.639849] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 356.647388] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 356.659819] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 356.666728] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 356.668287] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 356.670251] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 356.673734] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 356.681116] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 356.699760] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 356.701207] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 356.710743] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 356.712279] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 356.713669] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 356.717323] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 356.722318] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 358.458578] Bluetooth: hci0: command tx timeout [ 358.522570] Bluetooth: hci1: command tx timeout [ 358.586747] Bluetooth: hci2: command tx timeout [ 358.587900] Bluetooth: hci3: command tx timeout [ 358.714712] Bluetooth: hci5: command tx timeout [ 358.714799] Bluetooth: hci4: command tx timeout [ 358.778658] Bluetooth: hci7: command tx timeout [ 358.778734] Bluetooth: hci6: command tx timeout [ 360.506548] Bluetooth: hci0: command tx timeout [ 360.572670] Bluetooth: hci1: command tx timeout [ 360.634584] Bluetooth: hci3: command tx timeout [ 360.634606] Bluetooth: hci2: command tx timeout [ 360.762773] Bluetooth: hci4: command tx timeout [ 360.765519] Bluetooth: hci5: command tx timeout [ 360.826572] Bluetooth: hci7: command tx timeout [ 360.828683] Bluetooth: hci6: command tx timeout [ 362.555645] Bluetooth: hci0: command tx timeout [ 362.618789] Bluetooth: hci1: command tx timeout [ 362.682854] Bluetooth: hci2: command tx timeout [ 362.685516] Bluetooth: hci3: command tx timeout [ 362.810576] Bluetooth: hci5: command tx timeout [ 362.810609] Bluetooth: hci4: command tx timeout [ 362.876540] Bluetooth: hci6: command tx timeout [ 362.876624] Bluetooth: hci7: command tx timeout [ 364.602533] Bluetooth: hci0: command tx timeout [ 364.666650] Bluetooth: hci1: command tx timeout [ 364.730558] Bluetooth: hci3: command tx timeout [ 364.730579] Bluetooth: hci2: command tx timeout [ 364.858680] Bluetooth: hci5: command tx timeout [ 364.859317] Bluetooth: hci4: command tx timeout [ 364.922555] Bluetooth: hci6: command tx timeout [ 364.922582] Bluetooth: hci7: command tx timeout VM DIAGNOSIS: 14:14:09 Registers: info registers vcpu 0 RAX=0000000000000007 RBX=1ffff11005207fc4 RCX=0000000000000000 RDX=0000000000000000 RSI=0000000000000000 RDI=0000000000000000 RBP=ffff8880342b9bc0 RSP=ffff88802903fe08 R8 =0000000000000001 R9 =0000000000000000 R10=ffff8880342ba604 R11=0000000000000000 R12=ffff8880296d1b18 R13=ffff8880296d1a40 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff815030d8 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f161425b540 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f16143f64a1 CR3=000000003183c000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=0000ffff000000000000000000000000 XMM02=ffffffffffffffff0f0e0d0c0b0a0908 XMM03=756e20796d6d756420736e6f6974706f XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=676f6c206d6f74737563000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=00000000000007ca RBX=00007fe58ffb7510 RCX=0000000000001003 RDX=00000000000006b5 RSI=00000000000010a3 RDI=00000000b0b1d1d6 RBP=0000000000000002 RSP=00007ffee0d8dfd0 R8 =00007ffee0d8e110 R9 =00007fe58ffef440 R10=00007fe58fdb6850 R11=0000000000000007 R12=0000000000000007 R13=00007fe58ffb8a90 R14=0000000000000001 R15=0000000000000000 RIP=00007fe58ffcd2e4 RFL=00000212 [----A--] CPL=3 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0033 0000000000000000 ffffffff 00a0fb00 DPL=3 CS64 [-RA] SS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fe58faad540 00000000 00000000 GS =0000 0000000000000000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fe58ff87000 CR3=00000000333a4000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00ff00000000000000000000000000ff XMM01=ff00ffffffffffffffffffffffffff00 XMM02=42494c4700352e322e325f4342494c47 XMM03=0000000000000000006572635f79656b XMM04=737465675f6461657268747000657461 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000