Warning: Permanently added '[localhost]:38412' (ECDSA) to the list of known hosts. 2025/01/14 12:30:34 fuzzer started 2025/01/14 12:30:35 dialing manager at localhost:35571 syzkaller login: [ 80.329002] cgroup: Unknown subsys name 'net' [ 80.443897] cgroup: Unknown subsys name 'cpuset' [ 80.488435] cgroup: Unknown subsys name 'rlimit' [ 86.091259] kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak) [ 96.403047] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 2025/01/14 12:31:00 syscalls: 220 2025/01/14 12:31:00 code coverage: enabled 2025/01/14 12:31:00 comparison tracing: enabled 2025/01/14 12:31:00 extra coverage: enabled 2025/01/14 12:31:00 setuid sandbox: enabled 2025/01/14 12:31:00 namespace sandbox: enabled 2025/01/14 12:31:00 Android sandbox: enabled 2025/01/14 12:31:00 fault injection: enabled 2025/01/14 12:31:00 leak checking: enabled 2025/01/14 12:31:00 net packet injection: enabled 2025/01/14 12:31:00 net device setup: enabled 2025/01/14 12:31:00 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/01/14 12:31:00 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/01/14 12:31:00 USB emulation: enabled 2025/01/14 12:31:00 hci packet injection: enabled 2025/01/14 12:31:00 wifi device emulation: enabled 2025/01/14 12:31:00 802.15.4 emulation: enabled 2025/01/14 12:31:01 fetching corpus: 0, signal 0/0 (executing program) 2025/01/14 12:31:02 starting 8 fuzzer processes 12:31:02 executing program 0: shmctl$IPC_INFO(0x0, 0x3, &(0x7f0000000000)=""/94) shmctl$SHM_STAT_ANY(0xffffffffffffffff, 0xf, &(0x7f0000000080)=""/38) r0 = shmget$private(0x0, 0x2000, 0x80, &(0x7f0000ffe000/0x2000)=nil) ioctl$SIOCGSTAMPNS(0xffffffffffffffff, 0x8907, &(0x7f00000000c0)) r1 = shmget$private(0x0, 0x2000, 0x78000000, &(0x7f0000ffe000/0x2000)=nil) shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000100)=""/60) shmat(r1, &(0x7f0000ffe000/0x1000)=nil, 0x1000) r2 = shmget$private(0x0, 0x2000, 0x4, &(0x7f0000ffe000/0x2000)=nil) shmctl$SHM_STAT_ANY(r2, 0xf, &(0x7f0000000140)=""/4096) semctl$GETVAL(0xffffffffffffffff, 0x1, 0xc, &(0x7f0000001140)=""/65) shmctl$SHM_UNLOCK(r0, 0xc) r3 = shmget(0x3, 0x1000, 0x100, &(0x7f0000fff000/0x1000)=nil) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xc) shmctl$IPC_STAT(r0, 0x2, &(0x7f00000011c0)=""/4096) r4 = syz_genetlink_get_family_id$wireguard(&(0x7f0000002200), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000002300)={&(0x7f00000021c0)={0x10, 0x0, 0x0, 0x14151011}, 0xc, &(0x7f00000022c0)={&(0x7f0000002240)={0x48, r4, 0x200, 0x70bd26, 0x25dfdbfe, {}, [@WGDEVICE_A_FLAGS={0x8}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @c}, @WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x8004) shmctl$SHM_STAT_ANY(r3, 0xf, &(0x7f0000002340)=""/247) shmctl$IPC_STAT(r0, 0x2, &(0x7f0000002440)=""/193) shmat(0x0, &(0x7f0000fff000/0x1000)=nil, 0x2000) write$P9_RREMOVE(0xffffffffffffffff, &(0x7f0000002580)={0x7, 0x7b, 0x1}, 0x7) 12:31:02 executing program 1: mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz1\x00', 0x1ff) r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000080), 0x400000, 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000000040), r0) mkdirat$cgroup(r0, &(0x7f00000000c0)='syz0\x00', 0x1ff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) sendmsg$802154_raw(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x24, @short={0x2, 0xffff, 0xaaa3}}, 0x14, &(0x7f0000000200)={&(0x7f0000000180)="d49d06331a47db454f4f085c7039a9171f95abb589bd7cbbe2f45d02a0b986630733f7993bfce68feedbc9d259ebb35965f20e30d8c3b01c9efebbe4b057937a6f14092c39230ee5dbe5394cd878f4aa14fa2d8a34d4c04b9c51328630b54e0d59617ea65d8f818286a1639b829b49052d8529d72bb08c96", 0x78}, 0x1, 0x0, 0x0, 0x44b0}, 0x4000004) r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000002c0), r0) sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x44, r1, 0x20, 0x70bd2c, 0x401, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x2d3a}, @BATADV_ATTR_GW_SEL_CLASS={0x8}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x80}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x14}, 0x20000000) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000580)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0xc000}, 0xc, &(0x7f0000000540)={&(0x7f0000000440)={0xd8, 0x0, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@WGDEVICE_A_PEERS={0xbc, 0x8, 0x0, 0x1, [{0x88, 0x0, 0x0, 0x1, [@WGPEER_A_PRESHARED_KEY={0x24, 0x2, "22f3655e6f0a894a2d98e3ba196936e87e860d481831f44049e8a45a7e12b004"}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e20, 0x3bf, @private1={0xfc, 0x1, '\x00', 0x1}, 0x2}}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}, @WGPEER_A_FLAGS={0x8, 0x3, 0x2}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e23, @remote}}]}, {0x30, 0x0, 0x0, 0x1, [@WGPEER_A_FLAGS={0x8, 0x3, 0x7}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}]}]}, @WGDEVICE_A_FWMARK={0x8, 0x7, 0x3}]}, 0xd8}, 0x1, 0x0, 0x0, 0x8090}, 0x20000015) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000600), 0x5a1800, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f00000005c0), r2) sendmsg$BATADV_CMD_GET_ORIGINATORS(r2, &(0x7f0000000700)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x3c, r1, 0x0, 0x70bd2b, 0x25dfdbfb, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x7fff}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x4}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0xff}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x4000000) sendmsg$BATADV_CMD_TP_METER(r0, &(0x7f0000000800)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x3c, r1, 0x300, 0x70bd2b, 0x25dfdbff, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x400}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x3ff}, @BATADV_ATTR_ISOLATION_MARK={0x8}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x6}]}, 0x3c}}, 0x44000) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000880), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000008c0)={0xffffffffffffffff}) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000900), 0x101041, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000940)={0xffffffffffffffff}) r7 = memfd_secret(0x0) r8 = socket(0xb, 0x4, 0xa303) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000ac0)={&(0x7f00000009c0)={0xd4, r3, 0x4, 0x70bd25, 0x25dfdbfc, {}, [@NBD_ATTR_SOCKETS={0x34, 0x7, 0x0, 0x1, [{0x8, 0x1, r4}, {0x8, 0x1, r2}, {0x8, 0x1, r0}, {0x8, 0x1, r2}, {0x8, 0x1, r0}, {0x8, 0x1, r5}]}, @NBD_ATTR_SOCKETS={0x24, 0x7, 0x0, 0x1, [{0x8, 0x1, r6}, {0x8, 0x1, r2}, {0x8, 0x1, r7}, {0x8, 0x1, r8}]}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x100000001}, @NBD_ATTR_SOCKETS={0x44, 0x7, 0x0, 0x1, [{0x8, 0x1, r0}, {0x8, 0x1, r0}, {0x8}, {0x8}, {0x8, 0x1, r2}, {0x8, 0x1, r2}, {0x8, 0x1, r0}, {0x8, 0x1, r2}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x120}]}, 0xd4}, 0x1, 0x0, 0x0, 0x8800}, 0x40) 12:31:02 executing program 2: r0 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NLBL_CALIPSO_C_LISTALL(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x44, r0, 0x400, 0x70bd26, 0x25dfdbfb, {}, [@NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_DOI={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x1) syz_open_dev$usbmon(&(0x7f0000000180), 0x8, 0x200880) sendmsg$BATADV_CMD_GET_VLAN(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x4c, 0x0, 0x8, 0x70bd2d, 0x25dfdbfd, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_ISOLATION_MARK={0x8}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x20}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xfffffffb}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000300), r1) write$P9_RATTACH(0xffffffffffffffff, &(0x7f0000000340)={0x14, 0x69, 0x1, {0x0, 0x0, 0x5}}, 0x14) ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000380)={'wpan0\x00'}) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000400), r1) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x20, r4, 0x400, 0x70bd2c, 0x25dfdbfb, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x40) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000500), r1) r5 = syz_open_dev$ttys(0xc, 0x2, 0x0) syz_genetlink_get_family_id$nl802154(&(0x7f0000000540), r3) sendmsg$NLBL_CALIPSO_C_LISTALL(r1, &(0x7f0000000680)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x44, r0, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x40}, 0x20008805) ioctl$KDSETMODE(r5, 0x4b3a, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000007c0)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000780)={&(0x7f0000000700)={0x74, r4, 0x400, 0x70bd2d, 0x25dfdbfd, {}, [@NBD_ATTR_SERVER_FLAGS={0xc}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x108}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x8d7}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x100000001}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x20}, @NBD_ATTR_SIZE_BYTES={0xc}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x74}, 0x1, 0x0, 0x0, 0x40}, 0x80) ioctl$VT_SETMODE(r5, 0x5602, &(0x7f0000000800)={0x0, 0xc6, 0x4, 0x3c, 0x800}) sendmsg$BATADV_CMD_TP_METER_CANCEL(0xffffffffffffffff, &(0x7f0000000900)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x24, 0x0, 0x400, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x200c4044) sendmsg$IEEE802154_LIST_PHY(r1, &(0x7f0000000a00)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000009c0)={&(0x7f0000000980)={0x14, r2, 0x8, 0x70bd2b, 0x25dfdbfd, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4044000}, 0x0) 12:31:02 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000000), r0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000200)={'tunl0\x00', &(0x7f0000000040)={'syztnl1\x00', 0x0, 0x40, 0x700, 0x8001, 0xa56, {{0x5f, 0x4, 0x0, 0x3d, 0x17c, 0x67, 0x0, 0x5, 0x29, 0x0, @rand_addr=0x64010102, @loopback, {[@timestamp_addr={0x44, 0x1c, 0x43, 0x1, 0x0, [{@broadcast, 0x3}, {@remote, 0x1}, {@dev={0xac, 0x14, 0x14, 0x3d}, 0x3}]}, @cipso={0x86, 0x63, 0x3, [{0x1, 0xa, "d688a863291bb0c6"}, {0x6, 0x12, "233a7ca11833f1ec8d4de757ba5ec757"}, {0x1, 0x5, "c2d947"}, {0x0, 0x2}, {0x1, 0x9, "f85a39d194704e"}, {0x1, 0xc, "bbc76d858020a8f40419"}, {0x5, 0x8, "fcd9e9c09691"}, {0x6, 0xd, "7ed3997a9901f526499133"}, {0x7, 0x10, "a0134a7d542088f09bdf0a70b3c4"}]}, @timestamp_prespec={0x44, 0x34, 0xd9, 0x3, 0xd, [{@remote, 0xffff}, {@broadcast, 0x2}, {@loopback, 0xb008}, {@dev={0xac, 0x14, 0x14, 0x1d}, 0x8001}, {@broadcast, 0x1f}, {@loopback, 0x81}]}, @end, @ssrr={0x89, 0x13, 0x25, [@remote, @remote, @dev={0xac, 0x14, 0x14, 0x19}, @loopback]}, @lsrr={0x83, 0x1b, 0x6a, [@multicast2, @local, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast2, @rand_addr=0x64010101, @loopback]}, @timestamp={0x44, 0x2c, 0xdf, 0x0, 0xc, [0x5, 0xfffffbff, 0x40, 0x9, 0x1ff, 0xfc000000, 0x0, 0x621, 0x4, 0x5]}, @timestamp_prespec={0x44, 0x3c, 0xdd, 0x3, 0x6, [{@remote, 0x3}, {@multicast2, 0x7}, {@loopback, 0x1000}, {@multicast2, 0x7fffffff}, {@local, 0x1800000}, {@remote, 0xfffffffa}, {@loopback}]}, @timestamp_addr={0x44, 0x1c, 0x19, 0x1, 0x0, [{@remote, 0x4}, {@loopback, 0x1f}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x401}]}]}}}}}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000340)={'tunl0\x00', &(0x7f0000000240)={'gre0\x00', r1, 0x7800, 0x7, 0x7, 0x4b, {{0x2d, 0x4, 0x1, 0x37, 0xb4, 0x65, 0x0, 0x0, 0x2f, 0x0, @multicast2, @loopback, {[@lsrr={0x83, 0x13, 0x79, [@local, @local, @multicast1, @remote]}, @lsrr={0x83, 0xb, 0xa5, [@local, @empty]}, @generic={0x7, 0xc, "b9799ab01ebc8d83e00e"}, @rr={0x7, 0x17, 0x1b, [@local, @empty, @multicast2, @private=0xa010101, @multicast2]}, @timestamp_prespec={0x44, 0x2c, 0x5, 0x3, 0xa, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0xffffffff}, {@empty, 0x4fa}, {@private=0xa010101, 0x400}, {@loopback, 0xdac}, {@remote, 0x7772}]}, @timestamp_addr={0x44, 0x1c, 0xa7, 0x1, 0xf, [{@empty, 0x6}, {@broadcast, 0xfffff801}, {@loopback, 0x7}]}, @rr={0x7, 0x13, 0x77, [@dev={0xac, 0x14, 0x14, 0x1f}, @multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast]}, @end, @end]}}}}}) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000380)='hugetlb.1GB.rsvd.max_usage_in_bytes\x00', 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), r0) sendmsg$BATADV_CMD_SET_HARDIF(r3, &(0x7f00000004c0)={&(0x7f00000003c0), 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x3c, r4, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x2}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x5}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0x44}, 0x4000000) r5 = socket$inet6_udp(0xa, 0x2, 0x0) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000540), r3) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r3, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x11}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x30, r6, 0x8, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x3f}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0xd51}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}]}, 0x30}, 0x1, 0x0, 0x0, 0x4040}, 0x894) r7 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000640), 0x2000, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f00000006c0)={'batadv_slave_1\x00', 0x0}) sendmsg$FOU_CMD_GET(r7, &(0x7f0000000780)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x20, 0x0, 0x4, 0x70bd2d, 0x25dfdbfc, {}, [@FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_IFINDEX={0x8, 0xb, r8}]}, 0x20}, 0x1, 0x0, 0x0, 0x8840}, 0x4000084) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), r7) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000008c0)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000880)={&(0x7f0000000840)={0x24, r9, 0x800, 0x70bd28, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x1}, @NL80211_ATTR_SMPS_MODE={0x5, 0xd5, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x4040800}, 0x20000000) sendmsg$FOU_CMD_DEL(r3, &(0x7f0000000a00)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000009c0)={&(0x7f0000000940)={0x80, 0x0, 0x405, 0x70bd28, 0x25dfdbfe, {}, [@FOU_ATTR_IFINDEX={0x8, 0xb, r2}, @FOU_ATTR_PEER_V6={0x14, 0x9, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @private2}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e24}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @dev={0xfe, 0x80, '\x00', 0xe}}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e22}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e22}, @FOU_ATTR_TYPE={0x5, 0x4, 0x2}, @FOU_ATTR_IPPROTO={0x5, 0x3, 0x8}]}, 0x80}}, 0x4040) socketpair(0x9, 0x1, 0x8, &(0x7f0000000a40)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TIOCSISO7816(r7, 0xc0285443, &(0x7f0000000a80)={0x2, 0xc6b9, 0x0, 0x9}) sendmsg$NL80211_CMD_START_AP(r10, &(0x7f0000000bc0)={&(0x7f0000000ac0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000b80)={&(0x7f0000000b00)={0x6c, r9, 0x2, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x50}}}}, [@chandef_params, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x3}, @NL80211_ATTR_P2P_OPPPS={0x5, 0xa3, 0x1}, @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_P2P_OPPPS={0x5, 0xa3, 0x1}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98a}], @NL80211_ATTR_INACTIVITY_TIMEOUT={0x6, 0x96, 0x4}]}, 0x6c}, 0x1, 0x0, 0x0, 0x24000084}, 0x44000) [ 106.705157] audit: type=1400 audit(1736857862.930:7): avc: denied { execmem } for pid=273 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 12:31:02 executing program 4: ioctl$PTP_PIN_SETFUNC(0xffffffffffffffff, 0x40603d07, &(0x7f0000000000)={'\x00', 0x7fff, 0x2, 0x7}) sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x54, 0x0, 0x100, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xdc0}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x7fff}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x7}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x80}, @BATADV_ATTR_GW_MODE={0x5}]}, 0x54}, 0x1, 0x0, 0x0, 0xc0}, 0x24000044) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f00000001c0), 0xffffffffffffffff) r0 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x81002000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x2c, r0, 0x0, 0x70bd25, 0x25dfdbfd, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0xa68a}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x9}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x8000) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000380), r1) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), r1) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r1, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x2c, r3, 0x0, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x77}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40}, 0x400a4) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000500), r4) r5 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540), 0x100, 0x0) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r5, &(0x7f0000000640)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x24, r3, 0x1d00, 0x70bd27, 0x25dfdbfc, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x10000000}, 0x8000000) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000740)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x24, r2, 0x20, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x40) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$batadv(&(0x7f00000007c0), r5) sendmsg$BATADV_CMD_GET_VLAN(r6, &(0x7f0000000880)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)={0x34, r7, 0x200, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x81}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x10000}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x100}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x4000) r8 = openat$full(0xffffffffffffff9c, &(0x7f00000008c0), 0x101c41, 0x0) ioctl$PTP_SYS_OFFSET(r8, 0x43403d05, &(0x7f0000000900)={0xc}) 12:31:02 executing program 5: r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x181000, 0x0) ioctl$TIOCGLCKTRMIOS(r0, 0x5456, &(0x7f0000000040)={0xffffffff, 0x1f, 0x8c, 0x9, 0x1, "551ac3857cd5e330a06095325afc20d95f9142"}) ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00'}) socketpair(0xa, 0x6, 0x10000, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$BATADV_CMD_GET_VLAN(r1, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, 0x0, 0x300, 0x70bd27, 0x25dfdbfd, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_VLANID={0x6}]}, 0x24}}, 0x801) socketpair(0x0, 0x800, 0x2, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) accept$packet(r3, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000280)=0x14) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_wireguard(r6, 0x8933, &(0x7f00000002c0)={'wg1\x00'}) r7 = openat$zero(0xffffffffffffff9c, &(0x7f0000000300), 0x1f1201, 0x0) ioctl$sock_ipv6_tunnel_SIOCADD6RD(r7, 0x89f9, &(0x7f00000003c0)={'syztnl1\x00', &(0x7f0000000340)={'ip6_vti0\x00', 0x0, 0x2f, 0xfa, 0x3f, 0x5, 0x50, @empty, @mcast2, 0x0, 0x707, 0xffffff00, 0xe8f}}) ioctl$KDGETLED(r7, 0x4b31, &(0x7f0000000400)) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r7, 0x89f0, &(0x7f0000000480)={'ip_vti0\x00', &(0x7f0000000440)={'gretap0\x00', r5, 0x40, 0x7800, 0x9, 0x0, {{0x6, 0x4, 0x3, 0x30, 0x18, 0x64, 0x0, 0x20, 0x29, 0x0, @empty, @private=0xa010102, {[@ra={0x94, 0x4}]}}}}}) r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000500), r2) sendmsg$BATADV_CMD_GET_VLAN(r2, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x1c, r8, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004000}, 0xc000) syz_genetlink_get_family_id$fou(&(0x7f0000000600), r4) memfd_secret(0x0) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000700)={&(0x7f0000000680)={0x58, 0x0, 0x10, 0x70bd2c, 0x25dfdbfd, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0xc1}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0xf09}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x20}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xfffffffffffffffb}]}, 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x1) sendmsg$NLBL_CALIPSO_C_LIST(0xffffffffffffffff, &(0x7f0000000880)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000840)={&(0x7f00000007c0)={0x44, 0x0, 0x8, 0x70bd26, 0x25dfdbff, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}]}, 0x44}, 0x1, 0x0, 0x0, 0x20008000}, 0x4004015) 12:31:03 executing program 6: r0 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x40, r0, 0x300, 0x70bd27, 0x25dfdbfc, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_SERVER_FLAGS={0xc}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0xff}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x40}}, 0x8000) sendmsg$NLBL_CALIPSO_C_ADD(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x24, 0x0, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}]}, 0x24}}, 0x4008011) r1 = getgid() ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'wpan3\x00'}) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'wpan3\x00'}) r2 = getegid() getgroups(0x2, &(0x7f00000002c0)=[r1, r2]) r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'wpan4\x00', 0x0}) sendmsg$IEEE802154_LLSEC_GETPARAMS(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000300), 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, r3, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r4}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc000}, 0x40000) sendmsg$NLBL_CALIPSO_C_ADD(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000480), 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x4c, 0x0, 0x100, 0x70bd28, 0x25dfdbff, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}, @NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8800}, 0x4000) r5 = openat$zero(0xffffffffffffff9c, &(0x7f00000005c0), 0x185000, 0x0) ioctl$PTP_ENABLE_PPS(r5, 0x40043d04, 0x1) sendmsg$NLBL_CALIPSO_C_REMOVE(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x24, 0x0, 0x100, 0x70bd2c, 0x25dfdbff, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x40094) ioctl$PTP_PIN_GETFUNC2(0xffffffffffffffff, 0xc0603d0f, &(0x7f0000000700)={'\x00', 0x101, 0x2, 0x6}) pipe2$9p(&(0x7f0000000780)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) write$P9_RXATTRWALK(r6, &(0x7f00000007c0)={0xf, 0x1f, 0x1, 0x2}, 0xf) r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000840), 0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000900)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x2c, r7, 0x800, 0x70bd2a, 0x25dfdbff, {}, [@NBD_ATTR_DEAD_CONN_TIMEOUT={0xc}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x10) 12:31:03 executing program 7: ioctl$KDGETKEYCODE(0xffffffffffffffff, 0x4b4c, &(0x7f0000000000)={0xb, 0x9}) r0 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x5) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000040)={0x7, 0x0, 0x40, 0x6, 0x2, "9d4681d2b0007e2ccb1422622d0313a0d5bd3f"}) ioctl$KDSETMODE(r0, 0x4b3a, 0x1) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000080), 0x2c0040, 0x0) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x44, r2, 0x400, 0x70bd25, 0x25dfdbfe, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xffffffff}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x4}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x6d8}]}, 0x44}, 0x1, 0x0, 0x0, 0x20002010}, 0x4000) syz_open_dev$ttys(0xc, 0x2, 0x1) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000240), 0x448d80, 0x0) sendmsg$BATADV_CMD_GET_NEIGHBORS(r3, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x34, r2, 0x500, 0x70bd26, 0x25dfdbfb, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x10001}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x1200}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xfffffc01}]}, 0x34}, 0x1, 0x0, 0x0, 0xb32082f98a69ae7e}, 0x4080) r4 = openat$nvram(0xffffffffffffff9c, &(0x7f00000003c0), 0x540, 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000000380), r4) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000440), r1) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r3, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x3c, r5, 0x10, 0x70bd2c, 0x25dfdbfc, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xef0c}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x6}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x49}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4800}, 0x4000040) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000580), r4) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r4, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x401}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x1c, r6, 0x20, 0x70bd27, 0x25dfdbff, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x4004) r7 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000680), 0x400800, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000700)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_START_AP(r7, &(0x7f00000009c0)={&(0x7f00000006c0), 0xc, &(0x7f0000000980)={&(0x7f0000000740)={0x230, 0x0, 0x300, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x50a, 0x1d}}}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_HIDDEN_SSID={0x8, 0x7e, 0x1}, @NL80211_ATTR_PBSS={0x4}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x20}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x7}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x19}], @acl_policy=[@NL80211_ATTR_MAC_ADDRS={0x1c, 0xa6, 0x0, 0x1, [{0xa, 0x6, @device_b}, {0xa}]}], @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0x2}, @acl_policy=[@NL80211_ATTR_MAC_ADDRS={0x34, 0xa6, 0x0, 0x1, [{0xa, 0x6, @device_b}, {0xa, 0x6, @broadcast}, {0xa, 0x6, @broadcast}, {0xa, 0x6, @broadcast}]}, @NL80211_ATTR_ACL_POLICY={0x8, 0xa5, 0x1}, @NL80211_ATTR_ACL_POLICY={0x8}, @NL80211_ATTR_ACL_POLICY={0x8}], @beacon=[@NL80211_ATTR_IE_PROBE_RESP={0x16, 0x7f, [@mic={0x8c, 0x10, {0xabd, "5b6d1e8ad44e", @short="58c4d176ff251dba"}}]}, @NL80211_ATTR_IE={0x4}], @NL80211_ATTR_HE_BSS_COLOR={0xc, 0x11b, 0x0, 0x1, [@NL80211_HE_BSS_COLOR_ATTR_COLOR={0x5, 0x1, 0x39}]}, @NL80211_ATTR_TX_RATES={0x140, 0x5a, 0x0, 0x1, [@NL80211_BAND_60GHZ={0xb4, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x4a, 0x2, [{0x0, 0xa}, {0x1, 0x2}, {0x4, 0x6}, {0x1, 0x7}, {0x7, 0x1}, {0x7}, {0x5, 0x3}, {0x4, 0xa}, {0x0, 0x5}, {}, {0x4, 0x3}, {0x4, 0x6}, {0x2, 0x1}, {0x2, 0x5}, {0x5, 0xa}, {0x3, 0x7}, {0x0, 0x3}, {0x4, 0x3}, {}, {0x2, 0x2}, {0x7, 0x4}, {0x1, 0x6}, {0x1, 0x6}, {0x1, 0x4}, {0x0, 0x2}, {0x2, 0x6}, {0x5, 0x7}, {0x0, 0x5}, {0x7, 0x3}, {0x6, 0x2}, {0x3, 0xa}, {0x5, 0x6}, {0x0, 0x1}, {0x0, 0x2}, {0x0, 0x6}, {0x5, 0x1}, {0x2, 0x3}, {0x5, 0x1}, {0x4, 0x9}, {0x6, 0x4}, {0x3, 0x1}, {0x4, 0x6}, {0x4, 0x7}, {0x4, 0x3}, {0x0, 0x6}, {0x1, 0x3}, {0x7, 0x3}, {0x5}, {0x4, 0x4}, {0x7}, {0x0, 0xa}, {0x3}, {0x5, 0x8}, {0x1, 0x1}, {0x1, 0x9}, {0x3, 0x3}, {0x0, 0x2}, {0x4}, {0x1, 0x1}, {0x6, 0x4}, {0x3, 0x2}, {0x2, 0x9}, {0x2, 0x7}, {0x2, 0x9}, {0x6, 0x9}, {0x1, 0x5}, {0x5, 0x3}, {0x6, 0x9}, {0x1}, {0x2, 0x7}]}, @NL80211_TXRATE_LEGACY={0x12, 0x1, [0x3, 0x3, 0xc4425bd9ff1bab10, 0x41, 0x4, 0x1b, 0x24, 0x3, 0x9, 0xc, 0x5, 0x48, 0x1d, 0x1]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x885c, 0x562f, 0x1ff, 0xfff, 0xfc4f, 0x81, 0x5, 0x40]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xf35, 0x2, 0xfff, 0x1f, 0x20, 0x9, 0xf71a, 0xfffa]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0x1, 0x3b3, 0x7fff, 0x0, 0x1, 0xff90, 0x8]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xff, 0x6be3, 0x3ff, 0x8, 0x2, 0x0, 0x8, 0x3f]}}]}, @NL80211_BAND_5GHZ={0x88, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x7f, 0x0, 0x3473, 0xe000, 0x3, 0x7, 0xfff7, 0x1]}}, @NL80211_TXRATE_HT={0x32, 0x2, [{0x0, 0x7}, {0x0, 0x5}, {0x0, 0x5}, {0x4, 0x1}, {0x0, 0x4}, {0x1, 0x1}, {0x7, 0x9}, {0x1, 0x1}, {0x2, 0x6}, {0x1, 0x4}, {0x3, 0x8}, {0x3, 0x2}, {0x0, 0x9}, {0x6, 0x3}, {0x1, 0x2}, {0x6, 0x9}, {0x0, 0x2}, {0x7, 0x7}, {0x3, 0x2}, {0x3, 0x3}, {0x2}, {0x4, 0x9}, {0x4, 0x5}, {0x6, 0x2}, {0x3, 0xa}, {0x6, 0x3}, {0x0, 0x1}, {0x5, 0x5}, {0x4, 0x7}, {0x3, 0xa}, {0x2, 0x6}, {0x0, 0x3}, {0x5, 0xa}, {0x1, 0x7}, {0x5, 0x3}, {0x6, 0x6}, {0x6, 0x8}, {0x0, 0x9}, {0x4, 0x2}, {0x2, 0x5}, {0x7, 0x2}, {0x3, 0xa}, {0x7, 0x9}, {0x3, 0x5}, {0x5, 0x17}, {0x0, 0x6}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x800, 0x8, 0x401, 0x4, 0xdb3, 0x6, 0x81, 0x3]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7fff, 0x0, 0x8, 0x47, 0x33, 0x3, 0x7fff, 0xffff]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x2, 0x7, 0x51, 0x81, 0x7, 0xffc0, 0x401, 0xff7b]}}]}]}]}, 0x230}, 0x1, 0x0, 0x0, 0x20004041}, 0x4004801) sendmsg$BATADV_CMD_SET_VLAN(r7, &(0x7f0000000b00)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x24, 0x0, 0x800, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000800}, 0x20000080) [ 108.035255] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 108.036335] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 108.044366] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 108.052832] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 108.055091] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 108.056045] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 108.078564] hrtimer: interrupt took 5712846 ns [ 108.090231] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 108.091018] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 108.091473] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 108.093014] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 108.094204] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 108.094628] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 108.108881] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 108.114077] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 108.120865] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 108.135958] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 108.144136] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 108.145095] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 108.157292] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 108.158042] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 108.158480] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 108.160249] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 108.161078] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 108.161511] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 108.233151] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 108.235508] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 108.236026] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 108.239663] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 108.240536] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 108.241248] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 108.244973] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 108.253050] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 108.273195] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 108.321977] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 108.324212] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 108.328997] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 108.330659] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 108.331945] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 108.338976] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 108.340613] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 108.343432] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 108.344290] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 108.364598] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 108.365446] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 108.366070] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 108.367668] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 108.377106] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 108.377588] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 110.118685] Bluetooth: hci0: command tx timeout [ 110.182327] Bluetooth: hci3: command tx timeout [ 110.182784] Bluetooth: hci2: command tx timeout [ 110.182931] Bluetooth: hci1: command tx timeout [ 110.374834] Bluetooth: hci4: command tx timeout [ 110.440786] Bluetooth: hci6: command tx timeout [ 110.440996] Bluetooth: hci7: command tx timeout [ 110.441132] Bluetooth: hci5: command tx timeout [ 112.165848] Bluetooth: hci0: command tx timeout [ 112.232782] Bluetooth: hci1: command tx timeout [ 112.232893] Bluetooth: hci2: command tx timeout [ 112.232949] Bluetooth: hci3: command tx timeout [ 112.422902] Bluetooth: hci4: command tx timeout [ 112.487793] Bluetooth: hci5: command tx timeout [ 112.487906] Bluetooth: hci7: command tx timeout [ 112.487964] Bluetooth: hci6: command tx timeout [ 114.214203] Bluetooth: hci0: command tx timeout [ 114.277955] Bluetooth: hci3: command tx timeout [ 114.278083] Bluetooth: hci2: command tx timeout [ 114.278197] Bluetooth: hci1: command tx timeout [ 114.470908] Bluetooth: hci4: command tx timeout [ 114.533942] Bluetooth: hci6: command tx timeout [ 114.534602] Bluetooth: hci7: command tx timeout [ 114.535206] Bluetooth: hci5: command tx timeout [ 116.262068] Bluetooth: hci0: command tx timeout [ 116.326987] Bluetooth: hci1: command tx timeout [ 116.327991] Bluetooth: hci2: command tx timeout [ 116.328102] Bluetooth: hci3: command tx timeout [ 116.517904] Bluetooth: hci4: command tx timeout [ 116.583811] Bluetooth: hci5: command tx timeout [ 116.583916] Bluetooth: hci7: command tx timeout [ 116.584014] Bluetooth: hci6: command tx timeout [ 170.881992] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 170.882400] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 170.890492] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 170.892580] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 170.895318] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 170.898037] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 170.899176] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 170.908758] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 170.911808] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 170.924492] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 170.926188] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 170.930859] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 170.954482] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 170.961129] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 170.963570] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 170.967228] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 170.970158] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 170.987143] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 171.084485] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 171.089982] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 171.091342] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 171.093692] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 171.095475] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 171.096897] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 171.099596] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 171.108767] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 171.110623] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 171.112370] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 171.114006] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 171.117044] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 171.119386] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 171.120656] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 171.122438] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 171.124128] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 171.124558] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 171.126310] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 171.126867] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 171.129003] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 171.129298] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 171.133181] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 171.135411] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 171.138594] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 171.143542] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 171.144098] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 171.176589] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 171.233210] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 171.237100] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 171.253079] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 172.965878] Bluetooth: hci1: command tx timeout [ 172.965939] Bluetooth: hci0: command tx timeout [ 173.094954] Bluetooth: hci2: command tx timeout [ 173.157929] Bluetooth: hci3: command tx timeout [ 173.223616] Bluetooth: hci6: command tx timeout [ 173.223665] Bluetooth: hci4: command tx timeout [ 173.286063] Bluetooth: hci5: command tx timeout [ 173.413845] Bluetooth: hci7: command tx timeout [ 175.014803] Bluetooth: hci1: command tx timeout [ 175.015510] Bluetooth: hci0: command tx timeout [ 175.143210] Bluetooth: hci2: command tx timeout [ 175.207003] Bluetooth: hci3: command tx timeout [ 175.269961] Bluetooth: hci6: command tx timeout [ 175.271532] Bluetooth: hci4: command tx timeout [ 175.333847] Bluetooth: hci5: command tx timeout [ 175.461835] Bluetooth: hci7: command tx timeout [ 177.063798] Bluetooth: hci0: command tx timeout [ 177.063916] Bluetooth: hci1: command tx timeout [ 177.189914] Bluetooth: hci2: command tx timeout [ 177.255998] Bluetooth: hci3: command tx timeout [ 177.318300] Bluetooth: hci6: command tx timeout [ 177.318370] Bluetooth: hci4: command tx timeout [ 177.383304] Bluetooth: hci5: command tx timeout [ 177.510932] Bluetooth: hci7: command tx timeout [ 179.111848] Bluetooth: hci1: command tx timeout [ 179.111876] Bluetooth: hci0: command tx timeout [ 179.237936] Bluetooth: hci2: command tx timeout [ 179.302014] Bluetooth: hci3: command tx timeout [ 179.365895] Bluetooth: hci6: command tx timeout [ 179.366853] Bluetooth: hci4: command tx timeout [ 179.430459] Bluetooth: hci5: command tx timeout [ 179.557844] Bluetooth: hci7: command tx timeout [ 231.265563] syz-executor.6 (3228) used greatest stack depth: 24344 bytes left [ 233.293475] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 233.301261] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 233.312362] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 233.354183] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 233.357644] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 233.359227] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 233.360075] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 233.361903] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 233.362797] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 233.363232] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 233.373346] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 233.374669] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 233.402967] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 233.404321] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 233.405837] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 233.409543] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 233.411000] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 233.411973] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 233.677311] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 233.679885] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 233.681837] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 233.684471] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 233.686546] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 233.688166] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 233.737928] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 233.738329] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 233.739043] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 233.782325] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 233.822978] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 233.832057] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 233.833407] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 233.840929] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 233.842436] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 233.846665] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 233.850777] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 233.956845] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 233.957099] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 233.957120] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 233.982051] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 233.987327] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 233.990347] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 233.992516] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 234.056012] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 234.075068] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 234.077052] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 234.089974] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 234.096825] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 234.102075] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 235.430870] Bluetooth: hci0: command tx timeout [ 235.430876] Bluetooth: hci1: command tx timeout [ 235.558261] Bluetooth: hci2: command tx timeout [ 235.749954] Bluetooth: hci3: command tx timeout [ 236.135127] Bluetooth: hci5: command tx timeout [ 236.198836] Bluetooth: hci6: command tx timeout [ 236.198953] Bluetooth: hci4: command tx timeout [ 236.199407] Bluetooth: hci7: command tx timeout [ 237.477836] Bluetooth: hci1: command tx timeout [ 237.478570] Bluetooth: hci0: command tx timeout [ 237.628786] Bluetooth: hci2: command tx timeout [ 237.839439] Bluetooth: hci3: command tx timeout [ 238.181885] Bluetooth: hci5: command tx timeout [ 238.246238] Bluetooth: hci6: command tx timeout [ 238.246440] Bluetooth: hci7: command tx timeout [ 238.246555] Bluetooth: hci4: command tx timeout [ 239.525859] Bluetooth: hci0: command tx timeout [ 239.526512] Bluetooth: hci1: command tx timeout [ 239.653784] Bluetooth: hci2: command tx timeout [ 239.845819] Bluetooth: hci3: command tx timeout [ 240.229820] Bluetooth: hci5: command tx timeout [ 240.294966] Bluetooth: hci4: command tx timeout [ 240.296614] Bluetooth: hci7: command tx timeout [ 240.296871] Bluetooth: hci6: command tx timeout [ 241.573850] Bluetooth: hci1: command tx timeout [ 241.586848] Bluetooth: hci0: command tx timeout [ 241.701816] Bluetooth: hci2: command tx timeout [ 241.894403] Bluetooth: hci3: command tx timeout [ 242.277933] Bluetooth: hci5: command tx timeout [ 242.341804] Bluetooth: hci7: command tx timeout [ 242.342969] Bluetooth: hci6: command tx timeout [ 242.343009] Bluetooth: hci4: command tx timeout [ 262.900633] modprobe (7507) used greatest stack depth: 24216 bytes left [ 295.996347] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 296.024972] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 296.035586] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 296.087909] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 296.088794] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 296.089914] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 296.327597] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 296.330594] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 296.338971] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 296.344121] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 296.346818] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 296.357781] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 296.377336] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 296.377979] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 296.390113] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 296.390127] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 296.394228] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 296.397374] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 296.407944] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 296.408267] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 296.426882] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 296.427320] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 296.433589] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 296.434199] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 296.460350] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 296.468222] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 296.482357] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 296.485905] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 296.499213] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 296.505999] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 296.509582] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 296.516039] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 296.523613] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 296.525909] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 296.528410] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 296.531215] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 296.544597] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 296.562935] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 296.599935] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 296.600006] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 296.603606] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 296.603851] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 296.610503] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 296.617300] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 296.639008] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 296.700144] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 296.704528] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 296.708352] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 298.149800] Bluetooth: hci0: command tx timeout [ 298.405778] Bluetooth: hci1: command tx timeout [ 298.469768] Bluetooth: hci2: command tx timeout [ 298.533787] Bluetooth: hci3: command tx timeout [ 298.664789] Bluetooth: hci6: command tx timeout [ 298.665270] Bluetooth: hci4: command tx timeout [ 298.726022] Bluetooth: hci5: command tx timeout [ 298.791559] Bluetooth: hci7: command tx timeout [ 300.197837] Bluetooth: hci0: command tx timeout [ 300.453821] Bluetooth: hci1: command tx timeout [ 300.519715] Bluetooth: hci2: command tx timeout [ 300.582392] Bluetooth: hci3: command tx timeout [ 300.709871] Bluetooth: hci4: command tx timeout [ 300.709992] Bluetooth: hci6: command tx timeout [ 300.774093] Bluetooth: hci5: command tx timeout [ 300.837811] Bluetooth: hci7: command tx timeout [ 302.245786] Bluetooth: hci0: command tx timeout [ 302.501914] Bluetooth: hci1: command tx timeout [ 302.565879] Bluetooth: hci2: command tx timeout [ 302.629887] Bluetooth: hci3: command tx timeout [ 302.759768] Bluetooth: hci6: command tx timeout [ 302.759887] Bluetooth: hci4: command tx timeout [ 302.823022] Bluetooth: hci5: command tx timeout [ 302.885896] Bluetooth: hci7: command tx timeout [ 304.293771] Bluetooth: hci0: command tx timeout [ 304.549835] Bluetooth: hci1: command tx timeout [ 304.613750] Bluetooth: hci2: command tx timeout [ 304.677770] Bluetooth: hci3: command tx timeout [ 304.805908] Bluetooth: hci4: command tx timeout [ 304.806104] Bluetooth: hci6: command tx timeout [ 304.869764] Bluetooth: hci5: command tx timeout [ 304.933770] Bluetooth: hci7: command tx timeout [ 358.462326] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 358.464532] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 358.469985] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 358.474434] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 358.476146] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 358.481540] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 358.509095] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 358.512971] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 358.521820] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 358.525013] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 358.526800] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 358.528164] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 358.644713] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 358.651613] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 358.654214] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 358.654628] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 358.656588] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 358.658520] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 358.659621] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 358.663438] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 358.664813] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 358.665062] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 358.667628] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 358.673288] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 358.713830] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 358.715798] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 358.716948] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 358.729938] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 358.745080] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 358.755468] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 358.774463] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 358.785437] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 358.791477] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 358.794904] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 358.796464] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 358.803892] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 358.804269] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 358.827314] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 358.861555] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 358.872637] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 358.875016] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 358.877059] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 358.881074] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 358.882426] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 358.882624] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 358.886194] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 358.909383] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 358.921898] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 360.549926] Bluetooth: hci0: command tx timeout [ 360.550450] Bluetooth: hci1: command tx timeout [ 360.677820] Bluetooth: hci2: command tx timeout [ 360.744745] Bluetooth: hci3: command tx timeout [ 360.870838] Bluetooth: hci4: command tx timeout [ 360.998145] Bluetooth: hci6: command tx timeout [ 360.999803] Bluetooth: hci5: command tx timeout [ 361.000352] Bluetooth: hci7: command tx timeout [ 362.597804] Bluetooth: hci0: command tx timeout [ 362.597923] Bluetooth: hci1: command tx timeout [ 362.726901] Bluetooth: hci2: command tx timeout [ 362.793777] Bluetooth: hci3: command tx timeout [ 362.922377] Bluetooth: hci4: command tx timeout [ 363.059709] Bluetooth: hci6: command tx timeout [ 363.059816] Bluetooth: hci5: command tx timeout [ 363.059904] Bluetooth: hci7: command tx timeout [ 364.646769] Bluetooth: hci1: command tx timeout [ 364.646880] Bluetooth: hci0: command tx timeout [ 364.773745] Bluetooth: hci2: command tx timeout [ 364.837896] Bluetooth: hci3: command tx timeout [ 364.966714] Bluetooth: hci4: command tx timeout [ 365.093888] Bluetooth: hci7: command tx timeout [ 365.094140] Bluetooth: hci5: command tx timeout [ 365.094230] Bluetooth: hci6: command tx timeout [ 366.696835] Bluetooth: hci0: command tx timeout [ 366.696960] Bluetooth: hci1: command tx timeout [ 366.822282] Bluetooth: hci2: command tx timeout [ 366.885791] Bluetooth: hci3: command tx timeout [ 367.023225] Bluetooth: hci4: command tx timeout [ 367.141753] Bluetooth: hci7: command tx timeout [ 367.142374] Bluetooth: hci6: command tx timeout [ 367.142404] Bluetooth: hci5: command tx timeout VM DIAGNOSIS: 12:36:04 Registers: info registers vcpu 0 RAX=1ffffffff0c999e0 RBX=ffffffff864ccf04 RCX=ffffffff81ab647e RDX=0000000000000011 RSI=ffffffff86845fd4 RDI=ffffffff864ccee4 RBP=ffffffff864ccee4 RSP=ffff888031ab75b0 R8 =ffffffff86845fd4 R9 =ffff888031ab76a8 R10=000000000003aa0c R11=000000000002418e R12=ffffffff864ccf28 R13=ffffffff864ccee4 R14=ffffffff864ccee4 R15=dffffc0000000000 RIP=ffffffff8134868a RFL=00000213 [----A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f865117ebd8 CR3=000000002e1c6000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00362e6f732e6362696c2f756e672d78 XMM02=ffff0000000000ffffffffffffffffff XMM03=ffffffffffffffffffffffffffffffff XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=dffffc0000000000 RBX=ffffed1006072edb RCX=1ffff11006072ec0 RDX=1ffff11001828bb1 RSI=0000000000000001 RDI=0000000042d712db RBP=0000000000000000 RSP=ffff8880303976c0 R8 =0000000000000000 R9 =fffffbfff0fdffdc R10=ffffffff87effee7 R11=0000000000000000 R12=0000000000000002 R13=0000000000000000 R14=ffffffff85c18c80 R15=0000000000000000 RIP=ffffffff81503101 RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe1900000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ff0ed474000 CR3=000000003617e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffff00ffffffffffffffffffffff00ff XMM02=4c4700362e322e325f4342494c470035 XMM03=00000000000000000000000000470035 XMM04=4342494c4700362e322e325f4342494c XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000