Warning: Permanently added '[localhost]:45424' (ECDSA) to the list of known hosts. 2024/12/13 09:54:19 fuzzer started 2024/12/13 09:54:20 dialing manager at localhost:43887 syzkaller login: [ 75.374149] cgroup: Unknown subsys name 'net' [ 75.497763] cgroup: Unknown subsys name 'cpuset' [ 75.512869] cgroup: Unknown subsys name 'rlimit' 2024/12/13 09:54:37 syscalls: 209 2024/12/13 09:54:37 code coverage: enabled 2024/12/13 09:54:37 comparison tracing: enabled 2024/12/13 09:54:37 extra coverage: enabled 2024/12/13 09:54:37 setuid sandbox: enabled 2024/12/13 09:54:37 namespace sandbox: enabled 2024/12/13 09:54:37 Android sandbox: enabled 2024/12/13 09:54:37 fault injection: enabled 2024/12/13 09:54:37 leak checking: enabled 2024/12/13 09:54:37 net packet injection: enabled 2024/12/13 09:54:37 net device setup: enabled 2024/12/13 09:54:37 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2024/12/13 09:54:37 devlink PCI setup: PCI device 0000:00:10.0 is not available 2024/12/13 09:54:37 USB emulation: enabled 2024/12/13 09:54:37 hci packet injection: enabled 2024/12/13 09:54:37 wifi device emulation: enabled 2024/12/13 09:54:37 802.15.4 emulation: enabled 2024/12/13 09:54:37 fetching corpus: 0, signal 0/0 (executing program) 2024/12/13 09:54:38 starting 8 fuzzer processes 09:54:38 executing program 0: ioctl$SCSI_IOCTL_DOORLOCK(0xffffffffffffffff, 0x5380) ioctl$SG_GET_PACK_ID(0xffffffffffffffff, 0x227c, &(0x7f0000000000)) r0 = syz_io_uring_complete(0x0) ioctl$SCSI_IOCTL_GET_IDLUN(r0, 0x5382, &(0x7f0000000040)) ioctl$SG_GET_PACK_ID(r0, 0x227c, &(0x7f0000000080)) ioctl$SG_GET_SCSI_ID(r0, 0x2276, &(0x7f00000000c0)) ioctl$SCSI_IOCTL_DOORUNLOCK(r0, 0x5381) ioctl$SG_GET_VERSION_NUM(r0, 0x2282, &(0x7f0000000100)) r1 = syz_io_uring_complete(0x0) getresuid(&(0x7f0000000440)=0x0, &(0x7f0000000480), &(0x7f00000004c0)) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x820008, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@afid={'afid', 0x3d, 0x1}}, {@cache_loose}, {@msize={'msize', 0x3d, 0xd013}}], [{@fsmagic={'fsmagic', 0x3d, 0x4}}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}, {@subj_user={'subj_user', 0x3d, '.\\&)\\#'}}, {@euid_gt={'euid>', r2}}, {@fscontext={'fscontext', 0x3d, 'root'}}, {@dont_hash}, {@smackfsdef={'smackfsdef', 0x3d, '-'}}]}}) ioctl$SCSI_IOCTL_STOP_UNIT(r1, 0x6) epoll_create1(0x0) ioctl$MON_IOCT_RING_SIZE(r0, 0x9204, 0x5c97a) pkey_alloc(0x0, 0x2) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x100) r3 = syz_open_dev$sg(&(0x7f0000000640), 0x4, 0x50001) ioctl$SG_SET_TIMEOUT(r3, 0x2201, &(0x7f0000000680)=0x2) r4 = socket(0xf, 0x80000, 0x1) syz_genetlink_get_family_id$gtp(&(0x7f00000006c0), r4) 09:54:38 executing program 1: sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000280)={&(0x7f0000000040)={0x240, 0x0, 0x0, 0x70bd28, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_SEC_DEVKEY={0x204, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x34, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x400}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x10001}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x5d19}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x75}, @NL802154_KEY_ID_ATTR_MODE={0x8}]}, @NL802154_DEVKEY_ATTR_ID={0x5c, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x7}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x7fff}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x180}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}, @NL802154_KEY_ID_ATTR_IMPLICIT={0xc, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}]}, @NL802154_DEVKEY_ATTR_ID={0x58, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x4c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa3}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa0}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0xca8}, @NL802154_DEVKEY_ATTR_ID={0x64, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x3c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xfffe}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa1}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x8}, @NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}]}, @NL802154_DEVKEY_ATTR_ID={0x70, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_IMPLICIT={0xc, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0xfffffbff}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x48, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x1}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xfffe}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa1}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}]}, @NL802154_DEVKEY_ATTR_ID={0xc, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8}]}, @NL802154_DEVKEY_ATTR_ID={0x10, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x7}]}, @NL802154_DEVKEY_ATTR_ID={0x20, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x100}]}]}, @NL802154_ATTR_SEC_DEVKEY={0x1c, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x18, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x8000}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x3}]}]}]}, 0x240}, 0x1, 0x0, 0x0, 0x800}, 0x8d4) sendmsg$NL802154_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x5c, 0x0, 0x0, 0x70bd27, 0x25dfdbff, {}, [@NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, {0xaaaaaaaaaaaa0202}}, @NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan1\x00'}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, {0xaaaaaaaaaaaa0202}}, @NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan3\x00'}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFTYPE={0x8, 0x5, 0xfffffffffffffffc}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x14}, 0x20000000) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_SET_PAN_ID(r0, &(0x7f0000000580)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x58, 0x0, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_PAN_ID={0x6, 0x9, 0x1}, @NL802154_ATTR_PAN_ID={0x6, 0x9, 0x1}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}]}, 0x58}, 0x1, 0x0, 0x0, 0x40010}, 0x200208e0) keyctl$restrict_keyring(0x1d, 0xfffffffffffffffd, &(0x7f00000005c0)='rxrpc\x00', 0x0) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000600)={'wpan3\x00'}) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_MAX_FRAME_RETRIES(r2, &(0x7f0000000700)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x1c, 0x0, 0x100, 0x70bd28, 0x25dfdbfc, {}, [@NL802154_ATTR_MAX_FRAME_RETRIES={0x5, 0xf, 0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4040000}, 0x40) sendmsg$NBD_CMD_STATUS(r0, &(0x7f0000000840)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000800)={&(0x7f0000000780)={0x58, 0x0, 0x10, 0x70bd27, 0x25dfdbfc, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x100}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x89d}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x101}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x2c}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x58}, 0x1, 0x0, 0x0, 0x80}, 0x1000) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r2, &(0x7f0000000980)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000940)={&(0x7f00000008c0)={0x4c, 0x0, 0x401, 0x70bd2a, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_SEC_DEVKEY={0x2c, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0302}}, @NL802154_DEVKEY_ATTR_ID={0x14, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x80000000}, @NL802154_KEY_ID_ATTR_MODE={0x8}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x8}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4002810}, 0x40000) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000a00), r0) sendmsg$NL802154_CMD_SET_PAN_ID(r2, &(0x7f0000000ac0)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a40)={0x3c, r3, 0x2, 0x70bd2d, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_PAN_ID={0x6, 0x9, 0x2}, @NL802154_ATTR_PAN_ID={0x6, 0x9, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x40) move_pages(0x0, 0x8, &(0x7f0000000b00)=[&(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil], &(0x7f0000000b40)=[0x5], &(0x7f0000000b80)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x4) sendmsg$NL802154_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000cc0)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x40000100}, 0xc, &(0x7f0000000c80)={&(0x7f0000000c00)={0x48, r3, 0x100, 0x70bd25, 0x25dfdbff, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan1\x00'}, @NL802154_ATTR_IFTYPE={0x8, 0x5, 0x2}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, {0xaaaaaaaaaaaa0102}}, @NL802154_ATTR_IFTYPE={0x8, 0x5, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000004}, 0x20000080) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000d00), 0x400880, 0x0) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000d80), 0xffffffffffffffff) sendmsg$NL80211_CMD_LEAVE_OCB(0xffffffffffffffff, &(0x7f0000000e40)={&(0x7f0000000d40)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000e00)={&(0x7f0000000dc0)={0x28, r4, 0x10, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x2, 0xa}}}}, ["", "", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x20000020}, 0x1) syz_genetlink_get_family_id$gtp(&(0x7f0000000e80), 0xffffffffffffffff) 09:54:38 executing program 2: r0 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, r0, 0x2, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x5c}, @BATADV_ATTR_BONDING_ENABLED={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x40000) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000140), 0x8a40, 0x0) r2 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x38, r2, 0x8, 0x70bd25, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x97144bdf8b150a4d}, 0x20000000) socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x24, 0x0, 0x8, 0x70bd29, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x2}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r1}]}, 0x24}, 0x1, 0x0, 0x0, 0x4004017}, 0x20004000) io_uring_setup(0x651e, &(0x7f00000003c0)={0x0, 0x3ca1, 0x0, 0x1, 0x18b, 0x0, r1}) r3 = syz_open_dev$loop(&(0x7f0000000440), 0xc95a, 0x1) ioctl$LOOP_CLR_FD(r3, 0x4c01) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$batadv(&(0x7f00000004c0), r1) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r4, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x34, r5, 0x100, 0x70bd26, 0x25dfdbfc, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_VLANID={0x6}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x2274}]}, 0x34}, 0x1, 0x0, 0x0, 0xbb2c5e940e06503d}, 0x80048d0) r6 = openat$vcs(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000640)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r6, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x3c, 0x0, 0x20, 0x70bd29, 0x25dfdbfd, {{}, {@void, @void, @val={0xc, 0x99, {0x8, 0x40}}}}, [@NL80211_ATTR_WDEV={0xc, 0x99, {0x1, 0x70}}, @NL80211_ATTR_PID={0x8}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20008089}, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = getpid() ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000780)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r8, &(0x7f0000000880)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000840)={&(0x7f00000007c0)={0x48, 0x0, 0x73c, 0x70bd29, 0x25dfdbfc, {{}, {@void, @void, @val={0xc, 0x99, {0x0, 0x60}}}}, [@NL80211_ATTR_PID={0x8, 0x52, r9}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r10}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x6, 0xa}}, @NL80211_ATTR_WDEV={0xc, 0x99, {0xffffffff, 0x6d}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4845}, 0x44004) 09:54:38 executing program 3: getitimer(0x1, &(0x7f0000000000)) r0 = getpid() waitid(0x0, r0, &(0x7f0000000040), 0x1000000, &(0x7f00000000c0)) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000002c0)={&(0x7f00000001c0)={0xe4, 0x0, 0x251a5c228e6bafe6, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0xd5d, 0x2a}}}}, [@NL80211_ATTR_STA_EXT_CAPABILITY={0x9c, 0xac, "aca2aa90ad68ff1f276525ea43e4e273fbaf102a8c1f7a1eda3f945514c2c2e7fb029b00a5e05ea5bd14df959bab98ab759dba5ae1f6f81d7bb48626b2383adb8dba310b29727be934efe66255e05926cf002711b4ec8194ffd3e151e3ddaa68581d1e5bb7c313b62ac5845a8789593b4819c037e4148b1a6ad1921f964f30d70b734a01174226c1cc7448f52f1e21997b7a7c44897dcead"}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x6}, @NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0x7}, @NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_LOCAL_MESH_POWER_MODE={0x8, 0xa4, 0x3}]}, 0xe4}, 0x1, 0x0, 0x0, 0x20040001}, 0x1) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x3c, r1, 0x200, 0x70bd26, 0x25dfdbfb, {{}, {@void, @void, @val={0xc, 0x99, {0x10001, 0x13}}}}, [@NL80211_ATTR_WDEV={0xc, 0x99, {0x8, 0x22}}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x3a}, @NL80211_ATTR_IFINDEX={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x8082) sendmsg$NL80211_CMD_SET_MPATH(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x44, r1, 0x300, 0x70bd29, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000088}, 0x20024800) r2 = socket(0x25, 0x5, 0x4) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000600), r2) sendmsg$NL80211_CMD_STOP_NAN(r2, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x20, r3, 0x0, 0x70bd2d, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0xfffffffa, 0x1e}}}}, ["", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x4101}, 0x41) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, &(0x7f0000000700)={0x222, @time={0x1, 0x100}, 0x0, {0x81, 0x8}, 0x4, 0x1, 0x40}) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000740), 0xc4000) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r4, 0xc0105303, &(0x7f0000000780)={0x0, 0x81}) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r2) r5 = getpid() r6 = getpgid(r0) sendmsg$DEVLINK_CMD_RELOAD(r2, &(0x7f00000009c0)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000980)={&(0x7f0000000800)={0x160, 0x0, 0x500, 0x70bd27, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r0}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x4}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x2}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x2}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r6}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r2}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x3}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_FD={0x8}}]}, 0x160}}, 0x4000) sendmsg$IEEE802154_LIST_IFACE(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a40)={0x60, 0x0, 0x8, 0x70bd27, 0x25dfdbfb, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_INDEX={0x8}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000000}, 0x8004) r7 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000c40)={&(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000b40)="37526241bc7902050db02176f6ab55966abd6ee027f40bfb1f61ad74568eea2f97a78219c2a4ee58f99b44c1ce21263558d7b2b89b6a2c6f67b3b7e068aabc0ab6e3279a4176d59cabd985ad1538f7c0835058be6b506d0e6c35b04414da5d712289c6ea46ca1d889629790580b79949d09e8e27255fc3224186a3629a31f43ccc63b7adb8b3cf804b1db4654bf253325c25aa82f872645a2f9ec8e1ea257124d167988746adc55b8e92314bf91790d277f7b4e5879d142eb109f6aec026b4400dbb58a02d59286daf0b9d828786a2745e0aae3d010be8e2b8447e8d8a18285d73b5ab84a5e1bb40", 0xe8, r7}, 0x68) 09:54:38 executing program 4: mlock2(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1) munmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000) r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x3, 0x80010, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x7c95, &(0x7f0000000000)={0x0, 0x8cb4, 0x8, 0x3, 0x195}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000080)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r0, r3, &(0x7f0000000100)=@IORING_OP_CLOSE={0x13, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0) r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000140), 0xffffffffffffffff) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x108, &(0x7f0000000180)=0x7, 0x0, 0x4) io_uring_setup(0x6252, &(0x7f00000001c0)={0x0, 0xeb18, 0x8, 0x1, 0x30a, 0x0, r1}) r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000240), 0xffffffffffffffff) syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x118, &(0x7f0000000280), 0x0, 0x4) madvise(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x13) syz_io_uring_setup(0x36ff, &(0x7f00000002c0)={0x0, 0xb963, 0x2, 0x1, 0x2b4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000340), &(0x7f0000000380)) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_STATUS(r6, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x48, 0x0, 0x200, 0x70bd2b, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x7}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x1}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x400}]}, 0x48}, 0x1, 0x0, 0x0, 0x80}, 0x4048000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000540)={0xffffffffffffffff}) r8 = socket(0x1a, 0x4, 0x3) r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000580), 0x200000, 0x0) sendmsg$NBD_CMD_CONNECT(r6, &(0x7f00000006c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000680)={&(0x7f00000005c0)={0x8c, r4, 0x800, 0x70bd27, 0x25dfdbff, {}, [@NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x8}, @NBD_ATTR_SOCKETS={0x54, 0x7, 0x0, 0x1, [{0x8}, {0x8}, {0x8, 0x1, r7}, {0x8, 0x1, r8}, {0x8}, {0x8}, {0x8}, {0x8, 0x1, r9}, {0x8}, {0x8}]}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x200}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x8c}}, 0x11) io_uring_setup(0x7060, &(0x7f0000000700)={0x0, 0xf626, 0x10, 0x80000000, 0x279}) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x2c, r5, 0x400, 0x70bd2d, 0x25dfdbfb, {}, [@NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0xcc9}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x120}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20045880}, 0x48084) [ 93.307930] audit: type=1400 audit(1734083678.989:7): avc: denied { execmem } for pid=273 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 09:54:39 executing program 5: perf_event_open(&(0x7f0000000040)={0x3, 0x80, 0x9, 0x4, 0x2, 0x3, 0x0, 0x0, 0x26201, 0x8, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000000), 0x7}, 0x40400, 0x1, 0xfff, 0x2, 0x7, 0xffffffff, 0x200, 0x0, 0xf8000, 0x0, 0x8}, 0x0, 0x1, 0xffffffffffffffff, 0x9) ioctl$LOOP_SET_DIRECT_IO(0xffffffffffffffff, 0x4c08, 0x8) ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x4c05, &(0x7f00000000c0)) ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, &(0x7f00000001c0)={0x0, {}, 0x0, {}, 0x0, 0x0, 0x1e, 0x0, "f61d8674c6197e4d50b023a8cf6f58d22cac197b40ee017a41441f3fc32c45f29725a9fdc4b093fd189562dbe83e9d8b6e288c3278ff8ac59116b5d5a7f7c3b4", "064d7abab7a66088a09509eb51ada098614b2177e859652a5828718886030f48", [0x2458472f, 0x10000]}) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000280), 0x800, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x5, 0xfff, 0x0, 0x4, 0x10, 0x5, "34e475cca4d924d289932bf45a5234fa963b15244dfa29af44a18aad4d3fb2e95f37d108542d12958bb93f4798a3d71afc5ae9032633d70f45196e1a1375c581", "9aa50f95859213821c714b35141519e3c9adf5295ab970234a727f9256f1e6a75a4537b3cbd6e6332508fa2e1ce217ad10b9ac718b16cc5a16fc8f9049711c04", "463fc57fe2d2ec89f7a2f5a035be8d15d7d6ecfacdf537dc27746b35cd893e2d", [0x100, 0x6c09]}) r1 = getpid() getpgid(r1) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$PTP_EXTTS_REQUEST2(r2, 0x40103d0b, &(0x7f0000000400)={0x7, 0x6}) r3 = getpid() move_pages(r3, 0x6, &(0x7f0000000440)=[&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000400000/0xc00000)=nil, &(0x7f000067f000/0x14000)=nil, &(0x7f0000473000/0x1000)=nil, &(0x7f00008aa000/0x1000)=nil], &(0x7f0000000480)=[0xd06, 0xe37f01ab, 0x4, 0x5, 0x8], &(0x7f00000004c0)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x2) getpgid(r1) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f0000000500)={0x4, 0x1, 0x200}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r4) r5 = gettid() waitid(0x0, r5, &(0x7f00000005c0), 0x80000000, &(0x7f0000000640)) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x3c, 0x0, 0x800, 0x70bd2c, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r0}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x28084) waitid(0x0, r5, &(0x7f0000000800), 0x80000000, &(0x7f0000000880)) 09:54:39 executing program 6: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x30800, 0x0) ioctl$SG_GET_SCSI_ID(r0, 0x2276, &(0x7f0000000040)) ioctl$PTP_PEROUT_REQUEST2(r0, 0x40383d0c, &(0x7f0000000080)={{0x7fffffff, 0x7}, {0x7fffffff, 0x6}, 0x1}) r1 = syz_open_dev$sg(&(0x7f00000000c0), 0x3f, 0x101000) syz_genetlink_get_family_id$devlink(&(0x7f0000000100), r0) ioctl$SG_GET_ACCESS_COUNT(r1, 0x2289, &(0x7f0000000140)) ioctl$MON_IOCX_GET(r0, 0x40189206, &(0x7f00000002c0)={&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f00000001c0)=""/239, 0xef}) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000300)={{0x0, 0x94}, 'port0\x00', 0xcc, 0xc1800, 0x4, 0x7f, 0xfdc, 0x20, 0x40, 0x0, 0x4}) madvise(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xb) ioctl$SCSI_IOCTL_STOP_UNIT(r1, 0x6) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x4000010, r0, 0x10000000) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000003c0), 0x40) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f0000000400)={0x1, 0x1, {0x1, 0x0, 0x7ff, 0x3, 0x8}, 0x5}) r3 = syz_io_uring_complete(0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2000001, 0x40010, r3, 0x10000000) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r0, 0xc08c5334, &(0x7f0000000480)={0x1, 0x400, 0x1, 'queue1\x00', 0x1}) r4 = syz_open_dev$usbmon(&(0x7f0000000540), 0x40, 0x40040) ioctl$MON_IOCX_GET(r4, 0x40189206, &(0x7f0000000640)={&(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f00000005c0)=""/109, 0x6d}) r5 = syz_open_dev$sg(&(0x7f0000000680), 0x6c9, 0x40) ioctl$SG_SET_TIMEOUT(r5, 0x2201, &(0x7f00000006c0)=0x7fffffff) 09:54:39 executing program 7: r0 = socket(0x2b, 0x800, 0x6) sendmsg$NL80211_CMD_GET_WOWLAN(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x0, 0x20, 0x70bd25, 0x25dfdbff, {{}, {@void, @void, @val={0xc, 0x99, {0xfffffffa, 0x15}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x8c0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00'}) sendmsg$NL80211_CMD_GET_STATION(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x70, 0x0, 0x0, 0x70bd2d, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x290}, @NL80211_ATTR_STA_WME={0x34, 0x81, [@NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x3}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x1}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x5}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x4}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x80}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0xc0}]}, @NL80211_ATTR_STA_FLAGS2={0xc, 0x43, {0x200, 0x1}}, @NL80211_ATTR_STA_FLAGS2={0xc, 0x43, {0x0, 0x1}}]}, 0x70}, 0x1, 0x0, 0x0, 0x10}, 0x4000094) r3 = socket(0xb, 0x1, 0x4) sendmsg$NL80211_CMD_LEAVE_MESH(r3, 0x0, 0x40010) r4 = accept$packet(r3, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$NL80211_CMD_LEAVE_MESH(r3, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x0, 0x100, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0xd4, 0xa}}}}, [""]}, 0x28}, 0x1, 0x0, 0x0, 0x20004000}, 0x810) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000400)={'wlan0\x00'}) accept$packet(r4, &(0x7f0000000440)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000480)=0x14) sendmsg$BATADV_CMD_TP_METER(r0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x44, 0x0, 0x1, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x7}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x7fffffff}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x3f}]}, 0x44}, 0x1, 0x0, 0x0, 0x40c0}, 0x20004010) sendmsg$NL802154_CMD_SET_CCA_MODE(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x3c, 0x0, 0x10, 0x70bd26, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x2}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_CCA_MODE={0x8, 0xc, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24040010}, 0x4000) ioctl$SCSI_IOCTL_GET_IDLUN(0xffffffffffffffff, 0x5382, &(0x7f0000000700)) ioctl$SG_GET_SCSI_ID(0xffffffffffffffff, 0x2276, &(0x7f0000000740)) ioctl$SG_GET_NUM_WAITING(0xffffffffffffffff, 0x227d, &(0x7f0000000780)) ioctl$SG_GET_NUM_WAITING(0xffffffffffffffff, 0x227d, &(0x7f00000007c0)) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000840), r3) sendmsg$BATADV_CMD_GET_HARDIF(r3, &(0x7f0000000900)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x24, r6, 0x100, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x9}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r5}]}, 0x24}}, 0x0) [ 94.870510] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 94.871905] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 94.873536] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 94.874481] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 94.875438] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 94.877064] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 94.878093] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 94.879164] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 94.880041] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 94.881155] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 94.882228] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 94.882985] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 94.887632] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 94.889935] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 94.890813] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 94.892391] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 94.893944] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 94.895146] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 94.896044] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 94.897044] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 94.898396] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 94.899421] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 94.900938] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 94.906490] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 94.908531] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 94.910434] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 94.916381] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 94.936590] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 94.938187] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 94.940094] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 94.969423] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 94.980878] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 94.982437] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 94.984734] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 94.988121] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 94.989047] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 94.990233] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 94.990446] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 94.991413] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 94.995051] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 94.997463] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 94.997477] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 94.999611] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 95.000822] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 95.002034] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 95.017938] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 95.019855] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 95.033200] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 96.938059] Bluetooth: hci2: command tx timeout [ 96.938062] Bluetooth: hci0: command tx timeout [ 96.938283] Bluetooth: hci3: command tx timeout [ 97.002027] Bluetooth: hci1: command tx timeout [ 97.002899] Bluetooth: hci4: command tx timeout [ 97.066023] Bluetooth: hci5: command tx timeout [ 97.066640] Bluetooth: hci7: command tx timeout [ 97.129850] Bluetooth: hci6: command tx timeout [ 98.985914] Bluetooth: hci3: command tx timeout [ 98.988747] Bluetooth: hci0: command tx timeout [ 98.989214] Bluetooth: hci2: command tx timeout [ 99.049801] Bluetooth: hci4: command tx timeout [ 99.050280] Bluetooth: hci1: command tx timeout [ 99.113781] Bluetooth: hci5: command tx timeout [ 99.114264] Bluetooth: hci7: command tx timeout [ 99.177737] Bluetooth: hci6: command tx timeout [ 101.033806] Bluetooth: hci2: command tx timeout [ 101.034354] Bluetooth: hci0: command tx timeout [ 101.034422] Bluetooth: hci3: command tx timeout [ 101.097864] Bluetooth: hci1: command tx timeout [ 101.097922] Bluetooth: hci4: command tx timeout [ 101.161950] Bluetooth: hci5: command tx timeout [ 101.162081] Bluetooth: hci7: command tx timeout [ 101.227806] Bluetooth: hci6: command tx timeout [ 103.081767] Bluetooth: hci3: command tx timeout [ 103.081893] Bluetooth: hci2: command tx timeout [ 103.082279] Bluetooth: hci0: command tx timeout [ 103.145779] Bluetooth: hci4: command tx timeout [ 103.146831] Bluetooth: hci1: command tx timeout [ 103.209899] Bluetooth: hci5: command tx timeout [ 103.211030] Bluetooth: hci7: command tx timeout [ 103.273828] Bluetooth: hci6: command tx timeout [ 157.494010] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 157.495903] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 157.497326] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 157.504583] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 157.506310] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 157.507859] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 157.563489] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 157.564980] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 157.566466] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 157.568114] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 157.569308] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 157.570489] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 157.576497] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 157.576582] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 157.581568] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 157.582876] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 157.587122] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 157.587138] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 157.636905] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 157.644170] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 157.646012] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 157.659977] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 157.662463] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 157.663981] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 157.693574] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 157.697961] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 157.702813] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 157.707990] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 157.711916] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 157.714121] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 157.722185] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 157.729872] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 157.734029] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 157.736131] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 157.754533] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 157.756409] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 157.758128] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 157.771500] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 157.780937] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 157.791126] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 157.801553] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 157.811632] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 157.827384] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 157.840906] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 157.846259] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 157.848443] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 157.854922] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 157.858125] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 159.529909] Bluetooth: hci0: command tx timeout [ 159.658786] Bluetooth: hci1: command tx timeout [ 159.659547] Bluetooth: hci2: command tx timeout [ 159.722827] Bluetooth: hci3: command tx timeout [ 159.850594] Bluetooth: hci4: command tx timeout [ 159.852514] Bluetooth: hci5: command tx timeout [ 159.914327] Bluetooth: hci6: command tx timeout [ 159.916146] Bluetooth: hci7: command tx timeout [ 161.578852] Bluetooth: hci0: command tx timeout [ 161.705907] Bluetooth: hci1: command tx timeout [ 161.706474] Bluetooth: hci2: command tx timeout [ 161.769904] Bluetooth: hci3: command tx timeout [ 161.898892] Bluetooth: hci4: command tx timeout [ 161.899444] Bluetooth: hci5: command tx timeout [ 161.962956] Bluetooth: hci6: command tx timeout [ 161.963550] Bluetooth: hci7: command tx timeout [ 163.625784] Bluetooth: hci0: command tx timeout [ 163.753935] Bluetooth: hci2: command tx timeout [ 163.754476] Bluetooth: hci1: command tx timeout [ 163.817759] Bluetooth: hci3: command tx timeout [ 163.946982] Bluetooth: hci5: command tx timeout [ 163.948574] Bluetooth: hci4: command tx timeout [ 164.011066] Bluetooth: hci6: command tx timeout [ 164.021224] Bluetooth: hci7: command tx timeout [ 165.674763] Bluetooth: hci0: command tx timeout [ 165.802769] Bluetooth: hci1: command tx timeout [ 165.803349] Bluetooth: hci2: command tx timeout [ 165.866744] Bluetooth: hci3: command tx timeout [ 165.993783] Bluetooth: hci4: command tx timeout [ 165.993831] Bluetooth: hci5: command tx timeout [ 166.057894] Bluetooth: hci6: command tx timeout [ 166.060728] Bluetooth: hci7: command tx timeout [ 219.771886] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 219.774758] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 219.777103] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 219.779454] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 219.783905] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 219.786280] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 219.790978] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 219.798291] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 219.800493] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 219.800934] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 219.804159] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 219.808579] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 219.966549] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 219.969754] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 219.977888] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 219.981510] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 219.990489] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 219.998912] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 220.028843] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 220.031874] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 220.033131] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 220.035766] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 220.037323] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 220.038538] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 220.100885] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 220.104413] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 220.110980] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 220.121490] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 220.121825] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 220.138614] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 220.153763] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 220.157400] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 220.162398] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 220.175902] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 220.191013] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 220.195892] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 220.220059] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 220.222943] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 220.223181] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 220.226030] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 220.228719] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 220.233374] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 220.233459] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 220.273996] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 220.310361] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 220.360981] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 220.368537] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 220.381940] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 221.866806] Bluetooth: hci0: command tx timeout [ 221.867596] Bluetooth: hci1: command tx timeout [ 222.058756] Bluetooth: hci3: command tx timeout [ 222.059518] Bluetooth: hci2: command tx timeout [ 222.313791] Bluetooth: hci4: command tx timeout [ 222.314512] Bluetooth: hci6: command tx timeout [ 222.315200] Bluetooth: hci5: command tx timeout [ 222.441967] Bluetooth: hci7: command tx timeout [ 223.914748] Bluetooth: hci1: command tx timeout [ 223.916187] Bluetooth: hci0: command tx timeout [ 224.106906] Bluetooth: hci3: command tx timeout [ 224.108758] Bluetooth: hci2: command tx timeout [ 224.362792] Bluetooth: hci5: command tx timeout [ 224.363290] Bluetooth: hci6: command tx timeout [ 224.363793] Bluetooth: hci4: command tx timeout [ 224.490760] Bluetooth: hci7: command tx timeout [ 225.962733] Bluetooth: hci1: command tx timeout [ 225.963270] Bluetooth: hci0: command tx timeout [ 226.154881] Bluetooth: hci3: command tx timeout [ 226.155372] Bluetooth: hci2: command tx timeout [ 226.410822] Bluetooth: hci6: command tx timeout [ 226.411317] Bluetooth: hci5: command tx timeout [ 226.411842] Bluetooth: hci4: command tx timeout [ 226.540690] Bluetooth: hci7: command tx timeout [ 228.010900] Bluetooth: hci1: command tx timeout [ 228.011425] Bluetooth: hci0: command tx timeout [ 228.202755] Bluetooth: hci2: command tx timeout [ 228.203243] Bluetooth: hci3: command tx timeout [ 228.457870] Bluetooth: hci4: command tx timeout [ 228.458367] Bluetooth: hci5: command tx timeout [ 228.458978] Bluetooth: hci6: command tx timeout [ 228.585866] Bluetooth: hci7: command tx timeout [ 282.188311] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 282.191416] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 282.193785] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 282.204485] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 282.206416] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 282.208288] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 282.208705] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 282.210454] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 282.212004] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 282.214372] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 282.216975] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 282.218874] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 282.219992] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 282.222418] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 282.223794] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 282.228874] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 282.230008] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 282.240407] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 282.362372] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 282.374840] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 282.382775] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 282.389064] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 282.393846] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 282.395094] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 282.429444] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 282.432937] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 282.439978] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 282.443292] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 282.450858] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 282.452042] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 282.467217] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 282.469360] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 282.470867] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 282.475306] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 282.476600] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 282.484174] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 282.485220] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 282.494846] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 282.528902] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 282.545809] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 282.549854] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 282.554899] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 282.560174] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 282.562253] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 282.563347] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 282.588949] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 282.635102] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 282.658038] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 284.266860] Bluetooth: hci2: command tx timeout [ 284.267853] Bluetooth: hci0: command tx timeout [ 284.330815] Bluetooth: hci1: command tx timeout [ 284.458728] Bluetooth: hci3: command tx timeout [ 284.522727] Bluetooth: hci4: command tx timeout [ 284.585896] Bluetooth: hci6: command tx timeout [ 284.841726] Bluetooth: hci5: command tx timeout [ 284.906879] Bluetooth: hci7: command tx timeout [ 286.313979] Bluetooth: hci2: command tx timeout [ 286.314826] Bluetooth: hci0: command tx timeout [ 286.377705] Bluetooth: hci1: command tx timeout [ 286.507662] Bluetooth: hci3: command tx timeout [ 286.569728] Bluetooth: hci4: command tx timeout [ 286.634675] Bluetooth: hci6: command tx timeout [ 286.891685] Bluetooth: hci5: command tx timeout [ 286.953723] Bluetooth: hci7: command tx timeout [ 288.361912] Bluetooth: hci2: command tx timeout [ 288.362528] Bluetooth: hci0: command tx timeout [ 288.425708] Bluetooth: hci1: command tx timeout [ 288.554757] Bluetooth: hci3: command tx timeout [ 288.618706] Bluetooth: hci4: command tx timeout [ 288.682790] Bluetooth: hci6: command tx timeout [ 288.938815] Bluetooth: hci5: command tx timeout [ 289.003754] Bluetooth: hci7: command tx timeout [ 290.409998] Bluetooth: hci0: command tx timeout [ 290.410927] Bluetooth: hci2: command tx timeout [ 290.474673] Bluetooth: hci1: command tx timeout [ 290.601708] Bluetooth: hci3: command tx timeout [ 290.665984] Bluetooth: hci4: command tx timeout [ 290.729784] Bluetooth: hci6: command tx timeout [ 290.987164] Bluetooth: hci5: command tx timeout [ 291.050707] Bluetooth: hci7: command tx timeout [ 342.581746] syz-executor.5 (9711) used greatest stack depth: 23648 bytes left [ 344.637759] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 344.639856] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 344.643181] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 344.650559] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 344.652402] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 344.653518] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 344.689941] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 344.692962] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 344.694265] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 344.697103] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 344.698517] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 344.699736] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 344.821163] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 344.834920] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 344.840826] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 344.845114] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 344.850321] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 344.857575] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 344.898204] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 344.904445] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 344.908155] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 344.917177] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 344.918875] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 344.920365] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 344.953459] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 344.955887] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 344.957238] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 344.959272] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 344.960097] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 344.961847] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 344.970394] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 344.971811] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 344.972908] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 344.973376] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 344.976035] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 344.978298] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 345.048730] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 345.056976] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 345.095887] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 345.127564] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 345.130411] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 345.137382] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 345.142175] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 345.145158] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 345.147480] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 345.158808] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 345.208447] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 345.210695] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 346.729754] Bluetooth: hci1: command tx timeout [ 346.730693] Bluetooth: hci0: command tx timeout [ 346.922901] Bluetooth: hci2: command tx timeout [ 346.986703] Bluetooth: hci3: command tx timeout [ 347.050830] Bluetooth: hci5: command tx timeout [ 347.050925] Bluetooth: hci4: command tx timeout [ 347.242772] Bluetooth: hci6: command tx timeout [ 347.305685] Bluetooth: hci7: command tx timeout [ 348.777717] Bluetooth: hci0: command tx timeout [ 348.778236] Bluetooth: hci1: command tx timeout [ 348.969740] Bluetooth: hci2: command tx timeout [ 349.034856] Bluetooth: hci3: command tx timeout [ 349.097734] Bluetooth: hci5: command tx timeout [ 349.097760] Bluetooth: hci4: command tx timeout [ 349.291776] Bluetooth: hci6: command tx timeout [ 349.353865] Bluetooth: hci7: command tx timeout [ 350.825684] Bluetooth: hci0: command tx timeout [ 350.825721] Bluetooth: hci1: command tx timeout [ 351.017808] Bluetooth: hci2: command tx timeout [ 351.081718] Bluetooth: hci3: command tx timeout [ 351.145740] Bluetooth: hci5: command tx timeout [ 351.147031] Bluetooth: hci4: command tx timeout [ 351.347189] Bluetooth: hci6: command tx timeout [ 351.401719] Bluetooth: hci7: command tx timeout [ 352.873716] Bluetooth: hci0: command tx timeout [ 352.873749] Bluetooth: hci1: command tx timeout [ 353.071511] Bluetooth: hci2: command tx timeout [ 353.130242] Bluetooth: hci3: command tx timeout [ 353.193758] Bluetooth: hci4: command tx timeout [ 353.193881] Bluetooth: hci5: command tx timeout [ 353.385798] Bluetooth: hci6: command tx timeout [ 353.449987] Bluetooth: hci7: command tx timeout VM DIAGNOSIS: 09:59:39 Registers: info registers vcpu 0 RAX=1ffff11002aee1fd RBX=dffffc0000000000 RCX=ffffffff849d8401 RDX=0000000000000000 RSI=ffffffff819a7b4d RDI=0000000000000005 RBP=ffff888015770fec RSP=ffff888029f4fdb0 R8 =0000000000000001 R9 =fffffbfff0fddddc R10=0000000000000000 R11=0000000000000000 R12=ffff888015770fc0 R13=00007f2407857478 R14=ffff888022a74c00 R15=ffff888022a74c00 RIP=ffffffff819a7b5d RFL=00000213 [----A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f24076a3540 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f2407857478 CR3=000000002345a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=4700352e322e325f4342494c4700362e XMM02=ff00ffffffffffffffffffffff000000 XMM03=00000000000000000000006d69747465 XMM04=006d6f72667663657200796164666f65 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=1ffffffff0ce7737 RBX=ffffffff8673b9bc RCX=ffffffff849d94b6 RDX=0000000000000000 RSI=ffffffff86bec86c RDI=ffffffff8673b9bc RBP=ffffffff8673b9bc RSP=ffff88802b7a7280 R8 =ffffffff86bec86c R9 =ffff88802b7a7378 R10=000000000003a7f3 R11=00000000000c0b56 R12=ffffffff8673b9bc R13=ffffffff8673b9bc R14=ffffffff8673b9bc R15=dffffc0000000000 RIP=ffffffff8134926f RFL=00000213 [----A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fa193557540 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe3300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fd313a96260 CR3=0000000030c94000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=2e6f747079726362696c2f756e672d78 XMM02=00312e312e6f732e6f74707972636269 XMM03=6c2f756e672d78756e696c2d34365f36 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000