syzkaller login: [ 59.170945] sshd (230) used greatest stack depth: 24216 bytes left Warning: Permanently added '[localhost]:23457' (ECDSA) to the list of known hosts. 2025/01/15 07:50:14 fuzzer started 2025/01/15 07:50:14 dialing manager at localhost:33219 [ 61.867514] cgroup: Unknown subsys name 'net' [ 61.933601] cgroup: Unknown subsys name 'cpuset' [ 61.950921] cgroup: Unknown subsys name 'rlimit' [ 67.434310] kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 2025/01/15 07:50:34 syscalls: 2217 2025/01/15 07:50:34 code coverage: enabled 2025/01/15 07:50:34 comparison tracing: enabled 2025/01/15 07:50:34 extra coverage: enabled 2025/01/15 07:50:34 setuid sandbox: enabled 2025/01/15 07:50:34 namespace sandbox: enabled 2025/01/15 07:50:34 Android sandbox: enabled 2025/01/15 07:50:34 fault injection: enabled 2025/01/15 07:50:34 leak checking: enabled 2025/01/15 07:50:34 net packet injection: enabled 2025/01/15 07:50:34 net device setup: enabled 2025/01/15 07:50:34 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/01/15 07:50:34 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/01/15 07:50:34 USB emulation: enabled 2025/01/15 07:50:34 hci packet injection: enabled 2025/01/15 07:50:34 wifi device emulation: enabled 2025/01/15 07:50:34 802.15.4 emulation: enabled 2025/01/15 07:50:34 fetching corpus: 50, signal 15525/17385 (executing program) 2025/01/15 07:50:34 fetching corpus: 100, signal 27666/31180 (executing program) 2025/01/15 07:50:34 fetching corpus: 150, signal 37226/42242 (executing program) 2025/01/15 07:50:34 fetching corpus: 200, signal 45896/52279 (executing program) 2025/01/15 07:50:34 fetching corpus: 250, signal 52805/60438 (executing program) 2025/01/15 07:50:34 fetching corpus: 300, signal 57287/66166 (executing program) 2025/01/15 07:50:35 fetching corpus: 350, signal 60329/70404 (executing program) 2025/01/15 07:50:35 fetching corpus: 400, signal 64284/75517 (executing program) 2025/01/15 07:50:35 fetching corpus: 450, signal 70412/82543 (executing program) 2025/01/15 07:50:35 fetching corpus: 500, signal 73614/86750 (executing program) 2025/01/15 07:50:35 fetching corpus: 550, signal 78123/92053 (executing program) 2025/01/15 07:50:35 fetching corpus: 600, signal 83015/97661 (executing program) 2025/01/15 07:50:35 fetching corpus: 650, signal 84784/100430 (executing program) 2025/01/15 07:50:35 fetching corpus: 700, signal 86708/103317 (executing program) 2025/01/15 07:50:36 fetching corpus: 750, signal 88992/106481 (executing program) 2025/01/15 07:50:36 fetching corpus: 800, signal 90545/108980 (executing program) 2025/01/15 07:50:36 fetching corpus: 850, signal 92614/111864 (executing program) 2025/01/15 07:50:36 fetching corpus: 900, signal 94609/114682 (executing program) 2025/01/15 07:50:36 fetching corpus: 950, signal 96782/117557 (executing program) 2025/01/15 07:50:36 fetching corpus: 1000, signal 98208/119796 (executing program) 2025/01/15 07:50:36 fetching corpus: 1050, signal 99365/121817 (executing program) 2025/01/15 07:50:36 fetching corpus: 1100, signal 100698/123938 (executing program) 2025/01/15 07:50:36 fetching corpus: 1150, signal 102515/126438 (executing program) 2025/01/15 07:50:37 fetching corpus: 1200, signal 104006/128641 (executing program) 2025/01/15 07:50:37 fetching corpus: 1250, signal 104765/130277 (executing program) 2025/01/15 07:50:37 fetching corpus: 1300, signal 105747/132063 (executing program) 2025/01/15 07:50:37 fetching corpus: 1350, signal 109338/135800 (executing program) 2025/01/15 07:50:37 fetching corpus: 1400, signal 110353/137540 (executing program) 2025/01/15 07:50:37 fetching corpus: 1450, signal 111661/139485 (executing program) 2025/01/15 07:50:37 fetching corpus: 1500, signal 112656/141139 (executing program) 2025/01/15 07:50:37 fetching corpus: 1550, signal 114423/143322 (executing program) 2025/01/15 07:50:37 fetching corpus: 1600, signal 115282/144873 (executing program) 2025/01/15 07:50:37 fetching corpus: 1650, signal 116366/146566 (executing program) 2025/01/15 07:50:38 fetching corpus: 1700, signal 117527/148322 (executing program) 2025/01/15 07:50:38 fetching corpus: 1750, signal 118454/149877 (executing program) 2025/01/15 07:50:38 fetching corpus: 1800, signal 119309/151297 (executing program) 2025/01/15 07:50:38 fetching corpus: 1850, signal 120094/152702 (executing program) 2025/01/15 07:50:38 fetching corpus: 1900, signal 121679/154606 (executing program) 2025/01/15 07:50:38 fetching corpus: 1950, signal 122798/156126 (executing program) 2025/01/15 07:50:38 fetching corpus: 2000, signal 124650/158156 (executing program) 2025/01/15 07:50:38 fetching corpus: 2050, signal 125325/159403 (executing program) 2025/01/15 07:50:38 fetching corpus: 2100, signal 125903/160630 (executing program) 2025/01/15 07:50:38 fetching corpus: 2150, signal 126780/162010 (executing program) 2025/01/15 07:50:39 fetching corpus: 2200, signal 127603/163279 (executing program) 2025/01/15 07:50:39 fetching corpus: 2250, signal 129358/165146 (executing program) 2025/01/15 07:50:39 fetching corpus: 2300, signal 130237/166417 (executing program) 2025/01/15 07:50:39 fetching corpus: 2350, signal 131092/167673 (executing program) 2025/01/15 07:50:39 fetching corpus: 2400, signal 132250/169139 (executing program) 2025/01/15 07:50:39 fetching corpus: 2450, signal 133048/170332 (executing program) 2025/01/15 07:50:39 fetching corpus: 2500, signal 133709/171490 (executing program) 2025/01/15 07:50:39 fetching corpus: 2550, signal 134631/172734 (executing program) 2025/01/15 07:50:39 fetching corpus: 2600, signal 135298/173834 (executing program) 2025/01/15 07:50:39 fetching corpus: 2650, signal 135832/174908 (executing program) 2025/01/15 07:50:39 fetching corpus: 2700, signal 136776/176136 (executing program) 2025/01/15 07:50:40 fetching corpus: 2750, signal 137445/177185 (executing program) 2025/01/15 07:50:40 fetching corpus: 2800, signal 137967/178148 (executing program) 2025/01/15 07:50:40 fetching corpus: 2850, signal 139054/179363 (executing program) 2025/01/15 07:50:40 fetching corpus: 2900, signal 139622/180364 (executing program) 2025/01/15 07:50:40 fetching corpus: 2950, signal 140064/181273 (executing program) 2025/01/15 07:50:40 fetching corpus: 3000, signal 140714/182237 (executing program) 2025/01/15 07:50:40 fetching corpus: 3050, signal 141343/183215 (executing program) 2025/01/15 07:50:40 fetching corpus: 3100, signal 141876/184136 (executing program) 2025/01/15 07:50:40 fetching corpus: 3150, signal 142553/185098 (executing program) 2025/01/15 07:50:40 fetching corpus: 3200, signal 143222/186080 (executing program) 2025/01/15 07:50:41 fetching corpus: 3250, signal 143686/186917 (executing program) 2025/01/15 07:50:41 fetching corpus: 3300, signal 144340/187853 (executing program) 2025/01/15 07:50:41 fetching corpus: 3350, signal 145148/188834 (executing program) 2025/01/15 07:50:41 fetching corpus: 3400, signal 145912/189778 (executing program) 2025/01/15 07:50:41 fetching corpus: 3450, signal 146404/190644 (executing program) 2025/01/15 07:50:41 fetching corpus: 3500, signal 146929/191508 (executing program) 2025/01/15 07:50:41 fetching corpus: 3550, signal 147541/192390 (executing program) 2025/01/15 07:50:41 fetching corpus: 3600, signal 148013/193212 (executing program) 2025/01/15 07:50:41 fetching corpus: 3650, signal 148555/193982 (executing program) 2025/01/15 07:50:41 fetching corpus: 3700, signal 148936/194689 (executing program) 2025/01/15 07:50:42 fetching corpus: 3750, signal 149373/195440 (executing program) 2025/01/15 07:50:42 fetching corpus: 3800, signal 150028/196244 (executing program) 2025/01/15 07:50:42 fetching corpus: 3850, signal 150615/197048 (executing program) 2025/01/15 07:50:42 fetching corpus: 3900, signal 151060/197757 (executing program) 2025/01/15 07:50:42 fetching corpus: 3950, signal 151905/198600 (executing program) 2025/01/15 07:50:42 fetching corpus: 4000, signal 153486/199568 (executing program) 2025/01/15 07:50:42 fetching corpus: 4050, signal 154073/200305 (executing program) 2025/01/15 07:50:42 fetching corpus: 4100, signal 155156/201211 (executing program) 2025/01/15 07:50:42 fetching corpus: 4150, signal 155778/201881 (executing program) 2025/01/15 07:50:43 fetching corpus: 4200, signal 156277/202588 (executing program) 2025/01/15 07:50:43 fetching corpus: 4250, signal 156574/203258 (executing program) 2025/01/15 07:50:43 fetching corpus: 4300, signal 157126/203896 (executing program) 2025/01/15 07:50:43 fetching corpus: 4350, signal 157591/204495 (executing program) 2025/01/15 07:50:43 fetching corpus: 4400, signal 157920/205098 (executing program) 2025/01/15 07:50:43 fetching corpus: 4450, signal 158332/205728 (executing program) 2025/01/15 07:50:43 fetching corpus: 4500, signal 158844/206315 (executing program) 2025/01/15 07:50:43 fetching corpus: 4550, signal 159261/206911 (executing program) 2025/01/15 07:50:43 fetching corpus: 4600, signal 159576/207500 (executing program) 2025/01/15 07:50:44 fetching corpus: 4650, signal 160035/208124 (executing program) 2025/01/15 07:50:44 fetching corpus: 4700, signal 160478/208712 (executing program) 2025/01/15 07:50:44 fetching corpus: 4750, signal 161007/209347 (executing program) 2025/01/15 07:50:44 fetching corpus: 4800, signal 161694/209911 (executing program) 2025/01/15 07:50:44 fetching corpus: 4850, signal 162180/210448 (executing program) 2025/01/15 07:50:44 fetching corpus: 4900, signal 162569/210992 (executing program) 2025/01/15 07:50:44 fetching corpus: 4950, signal 163142/211575 (executing program) 2025/01/15 07:50:44 fetching corpus: 5000, signal 163508/212109 (executing program) 2025/01/15 07:50:44 fetching corpus: 5050, signal 164067/212610 (executing program) 2025/01/15 07:50:45 fetching corpus: 5100, signal 164550/213088 (executing program) 2025/01/15 07:50:45 fetching corpus: 5150, signal 164985/213544 (executing program) 2025/01/15 07:50:45 fetching corpus: 5200, signal 165471/214015 (executing program) 2025/01/15 07:50:45 fetching corpus: 5250, signal 165900/214505 (executing program) 2025/01/15 07:50:45 fetching corpus: 5300, signal 166439/215007 (executing program) 2025/01/15 07:50:45 fetching corpus: 5350, signal 166805/215476 (executing program) 2025/01/15 07:50:45 fetching corpus: 5400, signal 167416/215917 (executing program) 2025/01/15 07:50:45 fetching corpus: 5450, signal 167980/215917 (executing program) 2025/01/15 07:50:46 fetching corpus: 5500, signal 168351/215917 (executing program) 2025/01/15 07:50:46 fetching corpus: 5550, signal 168679/215917 (executing program) 2025/01/15 07:50:46 fetching corpus: 5600, signal 169251/215917 (executing program) 2025/01/15 07:50:46 fetching corpus: 5650, signal 169611/215917 (executing program) 2025/01/15 07:50:46 fetching corpus: 5700, signal 170048/215917 (executing program) 2025/01/15 07:50:46 fetching corpus: 5750, signal 170429/215917 (executing program) 2025/01/15 07:50:46 fetching corpus: 5800, signal 170719/215917 (executing program) 2025/01/15 07:50:46 fetching corpus: 5850, signal 171054/215917 (executing program) 2025/01/15 07:50:46 fetching corpus: 5900, signal 171337/215917 (executing program) 2025/01/15 07:50:46 fetching corpus: 5950, signal 171681/215917 (executing program) 2025/01/15 07:50:47 fetching corpus: 6000, signal 171993/215917 (executing program) 2025/01/15 07:50:47 fetching corpus: 6050, signal 172315/215917 (executing program) 2025/01/15 07:50:47 fetching corpus: 6100, signal 172699/215917 (executing program) 2025/01/15 07:50:47 fetching corpus: 6150, signal 173039/215917 (executing program) 2025/01/15 07:50:47 fetching corpus: 6200, signal 173368/215917 (executing program) 2025/01/15 07:50:47 fetching corpus: 6250, signal 173711/215917 (executing program) 2025/01/15 07:50:47 fetching corpus: 6300, signal 174099/215917 (executing program) 2025/01/15 07:50:47 fetching corpus: 6350, signal 174501/215917 (executing program) 2025/01/15 07:50:47 fetching corpus: 6400, signal 174791/215917 (executing program) 2025/01/15 07:50:48 fetching corpus: 6450, signal 175098/215917 (executing program) 2025/01/15 07:50:48 fetching corpus: 6500, signal 175433/215917 (executing program) 2025/01/15 07:50:48 fetching corpus: 6550, signal 175763/215917 (executing program) 2025/01/15 07:50:48 fetching corpus: 6600, signal 176036/215917 (executing program) 2025/01/15 07:50:48 fetching corpus: 6650, signal 176296/215917 (executing program) 2025/01/15 07:50:48 fetching corpus: 6700, signal 176526/215917 (executing program) 2025/01/15 07:50:48 fetching corpus: 6750, signal 176790/215917 (executing program) 2025/01/15 07:50:48 fetching corpus: 6800, signal 177334/215917 (executing program) 2025/01/15 07:50:48 fetching corpus: 6850, signal 177950/215917 (executing program) 2025/01/15 07:50:48 fetching corpus: 6900, signal 178201/215917 (executing program) 2025/01/15 07:50:49 fetching corpus: 6950, signal 178610/215917 (executing program) 2025/01/15 07:50:49 fetching corpus: 7000, signal 178829/215917 (executing program) 2025/01/15 07:50:49 fetching corpus: 7050, signal 179273/215917 (executing program) 2025/01/15 07:50:49 fetching corpus: 7100, signal 179568/215917 (executing program) 2025/01/15 07:50:49 fetching corpus: 7150, signal 179944/215917 (executing program) 2025/01/15 07:50:49 fetching corpus: 7200, signal 180473/215917 (executing program) 2025/01/15 07:50:49 fetching corpus: 7250, signal 180796/215917 (executing program) 2025/01/15 07:50:49 fetching corpus: 7300, signal 181116/215917 (executing program) 2025/01/15 07:50:49 fetching corpus: 7350, signal 181448/215917 (executing program) 2025/01/15 07:50:49 fetching corpus: 7400, signal 181699/215917 (executing program) 2025/01/15 07:50:50 fetching corpus: 7450, signal 181972/215917 (executing program) 2025/01/15 07:50:50 fetching corpus: 7500, signal 182252/215917 (executing program) 2025/01/15 07:50:50 fetching corpus: 7550, signal 182627/215917 (executing program) 2025/01/15 07:50:50 fetching corpus: 7600, signal 182848/215917 (executing program) 2025/01/15 07:50:50 fetching corpus: 7650, signal 183176/215917 (executing program) 2025/01/15 07:50:50 fetching corpus: 7700, signal 183537/215917 (executing program) 2025/01/15 07:50:50 fetching corpus: 7750, signal 183923/215917 (executing program) 2025/01/15 07:50:50 fetching corpus: 7800, signal 184173/215917 (executing program) 2025/01/15 07:50:50 fetching corpus: 7850, signal 184415/215917 (executing program) 2025/01/15 07:50:50 fetching corpus: 7900, signal 184688/215917 (executing program) 2025/01/15 07:50:51 fetching corpus: 7950, signal 185054/215917 (executing program) 2025/01/15 07:50:51 fetching corpus: 8000, signal 185195/215917 (executing program) 2025/01/15 07:50:51 fetching corpus: 8050, signal 185535/215917 (executing program) 2025/01/15 07:50:51 fetching corpus: 8100, signal 186212/215917 (executing program) 2025/01/15 07:50:51 fetching corpus: 8150, signal 186446/215917 (executing program) 2025/01/15 07:50:51 fetching corpus: 8200, signal 186667/215917 (executing program) 2025/01/15 07:50:51 fetching corpus: 8250, signal 186907/215917 (executing program) 2025/01/15 07:50:52 fetching corpus: 8300, signal 187216/215917 (executing program) 2025/01/15 07:50:52 fetching corpus: 8350, signal 187572/215917 (executing program) 2025/01/15 07:50:52 fetching corpus: 8400, signal 187907/215917 (executing program) 2025/01/15 07:50:52 fetching corpus: 8450, signal 188247/215917 (executing program) 2025/01/15 07:50:52 fetching corpus: 8500, signal 188485/215917 (executing program) 2025/01/15 07:50:52 fetching corpus: 8550, signal 188809/215917 (executing program) 2025/01/15 07:50:52 fetching corpus: 8600, signal 189026/215917 (executing program) 2025/01/15 07:50:52 fetching corpus: 8650, signal 189289/215917 (executing program) 2025/01/15 07:50:52 fetching corpus: 8700, signal 189579/215917 (executing program) 2025/01/15 07:50:52 fetching corpus: 8750, signal 189900/215917 (executing program) 2025/01/15 07:50:53 fetching corpus: 8800, signal 190226/215917 (executing program) 2025/01/15 07:50:53 fetching corpus: 8850, signal 190512/215917 (executing program) 2025/01/15 07:50:53 fetching corpus: 8900, signal 190974/215917 (executing program) 2025/01/15 07:50:53 fetching corpus: 8950, signal 191168/215917 (executing program) 2025/01/15 07:50:53 fetching corpus: 9000, signal 191468/215917 (executing program) 2025/01/15 07:50:53 fetching corpus: 9050, signal 191718/215917 (executing program) 2025/01/15 07:50:53 fetching corpus: 9100, signal 191955/215917 (executing program) 2025/01/15 07:50:53 fetching corpus: 9150, signal 192167/215921 (executing program) 2025/01/15 07:50:53 fetching corpus: 9200, signal 192392/215921 (executing program) 2025/01/15 07:50:54 fetching corpus: 9250, signal 192761/215921 (executing program) 2025/01/15 07:50:54 fetching corpus: 9300, signal 193097/215921 (executing program) 2025/01/15 07:50:54 fetching corpus: 9350, signal 193318/215921 (executing program) 2025/01/15 07:50:54 fetching corpus: 9400, signal 193748/215921 (executing program) 2025/01/15 07:50:54 fetching corpus: 9450, signal 194023/215921 (executing program) 2025/01/15 07:50:54 fetching corpus: 9500, signal 194222/215921 (executing program) 2025/01/15 07:50:54 fetching corpus: 9550, signal 194436/215921 (executing program) 2025/01/15 07:50:54 fetching corpus: 9600, signal 194708/215921 (executing program) 2025/01/15 07:50:54 fetching corpus: 9650, signal 195019/215921 (executing program) 2025/01/15 07:50:55 fetching corpus: 9700, signal 195218/215921 (executing program) 2025/01/15 07:50:55 fetching corpus: 9750, signal 195368/215921 (executing program) 2025/01/15 07:50:55 fetching corpus: 9800, signal 195661/215921 (executing program) 2025/01/15 07:50:55 fetching corpus: 9850, signal 195867/215921 (executing program) 2025/01/15 07:50:55 fetching corpus: 9900, signal 195993/215921 (executing program) 2025/01/15 07:50:55 fetching corpus: 9950, signal 196263/215921 (executing program) 2025/01/15 07:50:55 fetching corpus: 10000, signal 196556/215921 (executing program) 2025/01/15 07:50:55 fetching corpus: 10050, signal 196715/215921 (executing program) 2025/01/15 07:50:55 fetching corpus: 10100, signal 196972/215921 (executing program) 2025/01/15 07:50:55 fetching corpus: 10150, signal 197265/215921 (executing program) 2025/01/15 07:50:55 fetching corpus: 10200, signal 197583/215921 (executing program) 2025/01/15 07:50:56 fetching corpus: 10250, signal 197812/215921 (executing program) 2025/01/15 07:50:56 fetching corpus: 10300, signal 198094/215921 (executing program) 2025/01/15 07:50:56 fetching corpus: 10350, signal 198281/215921 (executing program) 2025/01/15 07:50:56 fetching corpus: 10400, signal 198534/215921 (executing program) 2025/01/15 07:50:56 fetching corpus: 10450, signal 198715/215921 (executing program) 2025/01/15 07:50:56 fetching corpus: 10500, signal 198901/215921 (executing program) 2025/01/15 07:50:56 fetching corpus: 10550, signal 199015/215921 (executing program) 2025/01/15 07:50:56 fetching corpus: 10600, signal 199324/215921 (executing program) 2025/01/15 07:50:56 fetching corpus: 10650, signal 199527/215921 (executing program) 2025/01/15 07:50:56 fetching corpus: 10700, signal 199719/215921 (executing program) 2025/01/15 07:50:56 fetching corpus: 10750, signal 199867/215921 (executing program) 2025/01/15 07:50:56 fetching corpus: 10800, signal 200080/215921 (executing program) 2025/01/15 07:50:56 fetching corpus: 10850, signal 200268/215921 (executing program) 2025/01/15 07:50:56 fetching corpus: 10900, signal 200465/215921 (executing program) 2025/01/15 07:50:56 fetching corpus: 10950, signal 200719/215921 (executing program) 2025/01/15 07:50:57 fetching corpus: 11000, signal 200901/215921 (executing program) 2025/01/15 07:50:57 fetching corpus: 11050, signal 201051/215921 (executing program) 2025/01/15 07:50:57 fetching corpus: 11100, signal 201235/215921 (executing program) 2025/01/15 07:50:57 fetching corpus: 11150, signal 201388/215921 (executing program) 2025/01/15 07:50:57 fetching corpus: 11200, signal 201678/215921 (executing program) 2025/01/15 07:50:57 fetching corpus: 11250, signal 201870/215921 (executing program) 2025/01/15 07:50:57 fetching corpus: 11300, signal 202108/215921 (executing program) 2025/01/15 07:50:57 fetching corpus: 11350, signal 202281/215921 (executing program) 2025/01/15 07:50:57 fetching corpus: 11400, signal 202478/215921 (executing program) 2025/01/15 07:50:57 fetching corpus: 11450, signal 202751/215921 (executing program) 2025/01/15 07:50:57 fetching corpus: 11500, signal 203031/215921 (executing program) 2025/01/15 07:50:58 fetching corpus: 11550, signal 203228/215921 (executing program) 2025/01/15 07:50:58 fetching corpus: 11595, signal 203439/215921 (executing program) 2025/01/15 07:50:58 fetching corpus: 11595, signal 203439/215921 (executing program) 2025/01/15 07:51:01 starting 8 fuzzer processes 07:51:01 executing program 0: r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) getsockopt$packet_int(r0, 0x107, 0x3, &(0x7f0000000040), &(0x7f0000000080)=0x4) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r0, 0xc0189378, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {r0}}, './file0\x00'}) ioctl$SG_GET_ACCESS_COUNT(r2, 0x2289, &(0x7f0000000100)) ioctl$sock_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000140)) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000180)={'batadv_slave_1\x00'}) r3 = dup3(r1, r0, 0x80000) setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f00000001c0)={0x0, 0x1, 0x6, @random="74329b869b77"}, 0x10) dup3(r0, r3, 0x80000) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f0000000200)) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r3, 0x6, 0x21, &(0x7f0000000240)="9e7ecbdba05d1f11bc2433a5f1291ff6", 0x10) r4 = openat2(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={0x400142, 0xa, 0x14}, 0x18) getsockopt$WPAN_WANTACK(r2, 0x0, 0x0, &(0x7f0000000300), &(0x7f0000000340)=0x4) r5 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000380), 0x103800, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r5, 0x8982, &(0x7f00000003c0)) ioctl$TUNGETSNDBUF(r5, 0x800454d3, &(0x7f0000000400)) setsockopt$EBT_SO_SET_ENTRIES(r4, 0x0, 0x80, &(0x7f0000000b40)=@broute={'broute\x00', 0x20, 0x4, 0x6b8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000480], 0x0, &(0x7f0000000440), &(0x7f0000000480)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{0x3, 0x20, 0x9200, 'veth0_to_hsr\x00', 'netdevsim0\x00', 'nr0\x00', 'veth1_macvtap\x00', @broadcast, [0xff, 0xff, 0xff, 0x0, 0xff, 0xff], @multicast, [0xff, 0xff, 0x0, 0xff, 0xff, 0xff], 0x6e, 0xe6, 0x216, [], [@common=@STANDARD={'\x00', 0x8}, @common=@RATEEST={'RATEEST\x00', 0x20, {{'syz1\x00', 0x5, 0x8, {0x1}}}}], @common=@SECMARK={'SECMARK\x00', 0x108, {{0x1, 0x9793, 'system_u:object_r:etc_mail_t:s0\x00'}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe, 0x1, [{0x5, 0x8, 0x1a, 'geneve1\x00', 'batadv_slave_1\x00', 'batadv_slave_1\x00', 'bridge0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, [0xff, 0xff, 0x0, 0x0, 0xff, 0xff], @empty, [0xff, 0x0, 0xff], 0xee, 0xee, 0x13e, [@nfacct={{'nfacct\x00', 0x0, 0x28}, {{'syz1\x00', 0x7}}}, @cgroup0={{'cgroup\x00', 0x0, 0x8}, {{0x4}}}], [], @common=@IDLETIMER={'IDLETIMER\x00', 0x28, {{0x5e5, 'syz1\x00', {0x9}}}}}]}, {0x0, '\x00', 0x2, 0xfffffffffffffffc}, {0x0, '\x00', 0x2, 0xfffffffffffffffc, 0x2, [{0x11, 0x1, 0x8906, 'syzkaller0\x00', 'vlan0\x00', 'macsec0\x00', 'ipvlan0\x00', @remote, [0xff, 0xff, 0x0, 0xff, 0x0, 0xff], @dev={'\xaa\xaa\xaa\xaa\xaa', 0x27}, [0xff, 0xff, 0xff], 0x6e, 0xa6, 0xd6, [], [@common=@dnat={'dnat\x00', 0x10, {{@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, 0xffffffffffffffff}}}], @common=@NFQUEUE0={'NFQUEUE\x00', 0x8, {{0x5}}}}, {0x5, 0x2, 0x60e1, 'veth1_to_hsr\x00', 'netdevsim0\x00', 'erspan0\x00', 'veth0_to_bridge\x00', @broadcast, [0xff, 0xff, 0xff, 0x0, 0x0, 0xff], @random="79e6bf1d5d6b", [0xff], 0xfe, 0x17e, 0x1ce, [@time={{'time\x00', 0x0, 0x18}, {{0x9, 0x6, 0xd17f, 0x9c2a, 0x76a786e6, 0x5}}}, @ipvs={{'ipvs\x00', 0x0, 0x28}, {{@ipv6=@private0={0xfc, 0x0, '\x00', 0x1}, [0xffffffff, 0xff000000, 0xff000000, 0xffffffff], 0x4e24, 0x29, 0x0, 0x4e22, 0x8, 0x8}}}], [@common=@dnat={'dnat\x00', 0x10, {{@random="ed49b44ab6d1", 0x10}}}, @common=@ERROR={'ERROR\x00', 0x20, {"a07e5a5fe1ad03cd6998087d02dd4b5385b3909b12d944e0d0182db38d55"}}], @common=@LED={'LED\x00', 0x28, {{'syz1\x00', 0x0, 0x7, {0x100000001}}}}}]}]}, 0x730) r6 = openat(r3, &(0x7f0000000bc0)='./file0\x00', 0x10000, 0x2) sendto(r1, &(0x7f0000000c00)="522b7a2ac5000318274df7e7fcaa1d4d3a397f8b0d439293c25450e0fa12ca26b53edb022b5666acffaca5efc769cb5e", 0x30, 0x4000, 0x0, 0x0) ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r6, 0x3) 07:51:01 executing program 1: ioctl$F2FS_IOC_FLUSH_DEVICE(0xffffffffffffffff, 0x4008f50a, &(0x7f0000000000)={0x7f, 0x3}) r0 = socket(0x27, 0x3, 0x5) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee01, 0xee01}}, './file0\x00'}) fchown(r0, 0xee01, r2) sendmsg$NFQNL_MSG_VERDICT_BATCH(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x60, 0x3, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x3}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0xffffffffffffffff}}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x1}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x71d}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x1}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x200}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x6}, @NFQA_VERDICT_HDR={0xc, 0x2, {0x0, 0x8}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffc, 0x6}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40448c0}, 0x40) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) recvmsg$unix(r0, &(0x7f0000000540)={&(0x7f00000001c0)=@abs, 0x6e, &(0x7f0000000380)=[{&(0x7f0000000240)=""/243, 0xf3}, {&(0x7f0000000340)=""/36, 0x24}], 0x2, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x150}, 0x2103) sendmsg$NL80211_CMD_FLUSH_PMKSA(r5, &(0x7f0000000640)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x1c, 0x0, 0x400, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x8012}, 0x0) r8 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000c80)='./file0\x00', &(0x7f0000000cc0)={0x0, 0x190}, 0x18) r9 = accept$inet(r6, 0x0, &(0x7f0000000d00)) ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000000d40)={0x0, 0x6, 0xf3d, 0x1}) ioctl$BTRFS_IOC_RESIZE(r8, 0x50009403, &(0x7f0000001140)={{r9}, {@val={r10}, @actul_num={@val=0x2b, 0x7ff, 0x50}}}) ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r6, 0x80089419, &(0x7f0000001180)) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r4, 0xc018937c, &(0x7f00000011c0)={{0x1, 0x1, 0x18, r5}, './file0\x00'}) sendmsg$NL80211_CMD_GET_INTERFACE(r11, &(0x7f00000012c0)={&(0x7f0000001200)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000001280)={&(0x7f0000001240)={0x14, 0x0, 0xb04, 0x70bd27, 0x25dfdbff, {{}, {@void, @void}}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000001}, 0x48008) recvmmsg$unix(r7, &(0x7f00000028c0)=[{{&(0x7f0000001300), 0x6e, &(0x7f00000027c0)=[{&(0x7f0000001380)=""/136, 0x88}, {&(0x7f0000001440)=""/4096, 0x1000}, {&(0x7f0000002440)=""/139, 0x8b}, {&(0x7f0000002500)=""/179, 0xb3}, {&(0x7f00000025c0)=""/237, 0xed}, {&(0x7f00000026c0)=""/18, 0x12}, {&(0x7f0000002700)=""/155, 0x9b}], 0x7, &(0x7f0000002840)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x60}}], 0x1, 0x20000, 0x0) pipe(&(0x7f0000002900)={0xffffffffffffffff}) sendmsg$NL80211_CMD_SET_COALESCE(r12, &(0x7f0000002c40)={&(0x7f0000002940)={0x10, 0x0, 0x0, 0x810}, 0xc, &(0x7f0000002c00)={&(0x7f0000002980)={0x250, 0x0, 0x2, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x7, 0x53}}}}, [@NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x74, 0x3, 0x0, 0x1, [{0x70, 0x0, 0x0, 0x1, @NL80211_PKTPAT_PATTERN={0x6b, 0x2, "7ca03ae61673dbc636fb1b9755fed07b0d9e2426be4c324d957ddf00e57c97b03210845489a1827eb23fc8015996cb0000d9f0aedfb847ecae59a4a2c2a47041b0d9a0008617a5959bd5e0288096d45eb7f374f7020eb107160e4105550f7758ba097b5136c780"}}]}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x6}, @NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x1a0, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, @NL80211_PKTPAT_OFFSET={0x8, 0x3, 0x6}}, {0xc8, 0x0, 0x0, 0x1, @NL80211_PKTPAT_PATTERN={0xc4, 0x2, "ee6b3e331e2cefa5ffa95762b648ad689d26a0973edf943339a1df4096d7875e88e8b9a3d17bc6dd9d76570e77fba1a81906f05351c940c28e53da1b027e15a1b08d75185179d91dea58b1212ba87cad1d4738d27ed2afa07bdd0f4b78dff58cacff56e61915269ccf47049905f6af0bd625ffcf2a07a6618ad0f25ae9bc7494b812ea14caf86a7ba8296a1755679d3c5de8d2fb17a0f77206bd1a96e997c8b39718e84fef2f004ad082b25ea8b66d91673cb55579e6a472fc0dc67918b41cc5"}}, {0xc8, 0x0, 0x0, 0x1, @NL80211_PKTPAT_PATTERN={0xc2, 0x2, "3bf5a510ceeda6c2472511c5a6e1870094958160d77f31a48ca7059d129b0db9eb46056583e1c5adb20efa82e137a8b637d42b0200c95dfa90902f68a7d1e15c83693f28400fef467959fe99bf3480854d10c9c1cdcf1fdf9923a01e491fbc849174f1d9196371931ad061943a8b18336e498bb161d2366865d02973a4fd94ccd157ea6507758d9ed44900b6bc6016414ee16bad1205a5381c3cec4119bfa17c8de7dbe7f60d9b8c14c4819d120dacb4d0ddb27238cbb249c7cf80dce610"}}]}, @NL80211_ATTR_COALESCE_RULE_CONDITION={0x8}, @NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x4}]}, 0x250}}, 0x2000c841) ioctl$FS_IOC_GETVERSION(r3, 0x80087601, &(0x7f0000002c80)) move_mount(0xffffffffffffffff, &(0x7f0000002d00)='./file0\x00', 0xffffffffffffffff, &(0x7f0000002d40)='./file0\x00', 0x1) 07:51:01 executing program 4: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0xa02, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x4, 0x3}, 0x4) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f00000000c0)={0x8, &(0x7f0000000080)=[{0x4, 0x80, 0x4, 0xfffffffb}, {0x8001, 0x6, 0x87, 0x9}, {0x7, 0x3, 0x0, 0x2}, {0xb73, 0x7f, 0x71, 0x8}, {0x8000, 0x5, 0xa4, 0x4d}, {0x4, 0x3, 0x2, 0x7}, {0x1, 0x1f, 0x0, 0x7}, {0x8, 0xfe, 0x2e, 0x1}]}, 0x10) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000140)={0x4, &(0x7f0000000100)=[{0x8, 0x0, 0x80, 0x3}, {0x59d9, 0x20, 0x67, 0x6a}, {0x1000, 0xe6, 0xac, 0x7fffffff}, {0x0, 0x3, 0x1, 0x10000}]}, 0x10) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000180)={0x3, 0x7}, 0x4) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f00000001c0)={0x8, 0x1000}, 0x4) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000200)=@req={0x0, 0x4, 0x4, 0x4f}, 0x10) eventfd(0x3) r3 = open_tree(r0, &(0x7f0000000240)='./file0\x00', 0x80501) setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f00000002c0)={0x6, &(0x7f0000000280)=[{0xffff, 0x2, 0x20, 0x7}, {0x81, 0x8, 0x2, 0x6}, {0x0, 0x5, 0xd7, 0x2}, {0x7ff, 0x0, 0x1, 0x5}, {0x6, 0x40, 0x6, 0x6d08}, {0x7, 0x7f, 0xff, 0x8}]}, 0x10) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000300)={0x0, 0x2000}, 0x4) execveat(r0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000400)=[&(0x7f0000000380)='/dev/zero\x00', &(0x7f00000003c0)='/dev/zero\x00'], &(0x7f00000004c0)=[&(0x7f0000000440)='((\x00', &(0x7f0000000480)='/dev/zero\x00'], 0x1000) close(r3) sendfile(r1, r1, &(0x7f0000000500)=0x9, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000540)={0x2, 0x5}, 0x4) r4 = syz_mount_image$vfat(&(0x7f0000000580), &(0x7f00000005c0)='./file0\x00', 0x2, 0x1, &(0x7f00000006c0)=[{&(0x7f0000000600)="81267ae1ac53d0d252ec7fbd5155a3250ea19a044c6f8938750eb258e3fdde8001507f42d66e0d125f691634f34120eca79c75a8e870973804636faf1fad0899dd973d588369ad3691639b0997941a85ebc4a82f3b5dbdfeab48d72548ee7f2a6ed541d94254fc63902fcf1b65fd08d53b1dd7e8fd871cdda1ef0dc377201ef839a3a9550b124104effaad129dc1ac96ae542b68fe59d135d58ca65703eee2fa3285311b2ba0c8155745dca361c905ead3d88c3e", 0xb4, 0x7}], 0x1c01, &(0x7f0000000700)={[{@utf8}, {@utf8}, {@uni_xlateno}, {@shortname_win95}, {@utf8}, {@uni_xlateno}, {@shortname_winnt}], [{@permit_directio}]}) execveat(r4, &(0x7f0000000780)='./file0\x00', &(0x7f0000000940)=[&(0x7f00000007c0)='\x00', &(0x7f0000000800)='((\x00', &(0x7f0000000840)='/dev/zero\x00', &(0x7f0000000880)='((\x00', &(0x7f00000008c0)='/dev/zero\x00', &(0x7f0000000900)='((\x00'], &(0x7f00000009c0)=[&(0x7f0000000980)='!\x00'], 0x400) ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000a40)={0x8, 0x20, '\x00', 0x1, &(0x7f0000000a00)=[0x0, 0x0, 0x0, 0x0]}) 07:51:01 executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) fcntl$setstatus(r0, 0x4, 0xc00) tee(r0, r0, 0x7, 0x1) ioctl$TIOCL_GETSHIFTSTATE(r0, 0x541c, &(0x7f0000000000)={0x6, 0x20}) ioctl$PIO_UNISCRNMAP(r0, 0x4b6a, &(0x7f0000000040)="560eec14ba688127ed6d95ac5309536d169c08a516fcec72701c56252d252b13d03522af03557639ab393bd20b5395105efe00e30a38c31afb67aed89bb2009d20b6436436a6db6446eb22bd0c65845bf094654dd6be0d049c5b4f7de75d83d6b536d9186349cb5c7610af259ff675f81ecd680f37a1cd565cf2f79b904847f4c0c9945e861a53c346cc34e1a16d95077526583dcce416bd6567181e0b3ba047fd8f30c1728ef714a78eb7446e753e42365802a9a7141817262261579af86aa4") r1 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f00000001c0)='cgroup.procs\x00', 0x2, 0x0) tee(r0, r1, 0x1ff, 0x3) ioctl$PIO_UNIMAPCLR(0xffffffffffffffff, 0x4b68, &(0x7f0000000200)={0xcb60, 0x9, 0x9}) ioctl$TIOCSISO7816(r0, 0xc0285443, &(0x7f0000000240)={0x1, 0x3, 0x5, 0x3f, 0x1}) ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f0000000680)={0x1, 0x0, 0x1c, 0x15, 0xab, &(0x7f0000000280)}) r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000006c0), 0x400, 0x0) ioctl$KDMKTONE(r2, 0x4b30, 0x9) ioctl$VT_DISALLOCATE(r0, 0x5608) ioctl$VT_RESIZE(r2, 0x5609, &(0x7f0000000700)={0x7, 0x3, 0x1000}) fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000740)=0x5) r3 = syz_open_dev$mouse(&(0x7f0000000780), 0x4, 0x703b80) ioctl$F2FS_IOC_SET_PIN_FILE(r3, 0x4004f50d, &(0x7f00000007c0)) ioctl$AUTOFS_IOC_SETTIMEOUT(r0, 0x80049367, &(0x7f0000000800)=0x800) fchown(r0, 0x0, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x2) 07:51:01 executing program 2: sendmsg$TIPC_CMD_GET_MEDIA_NAMES(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0x400, 0x70bd2a, 0x25dfdbff, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20}, 0x20000141) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000100)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee00, 0xee00}}, './file0\x00'}) sendmsg$SMC_PNETID_DEL(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x5c, 0x0, 0x430, 0x70bd2a, 0x25dfdbfc, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'macvtap0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'ipvlan1\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000c090}, 0x4000) sendmsg$FOU_CMD_DEL(r0, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x28, 0x0, 0x200, 0x70bd25, 0x25dfdbff, {}, [@FOU_ATTR_PEER_V6={0x14, 0x9, @private1={0xfc, 0x1, '\x00', 0x1}}]}, 0x28}, 0x1, 0x0, 0x0, 0x24080004}, 0x40000) r1 = syz_open_dev$vcsu(&(0x7f0000000380), 0x42, 0x800) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$NL80211_CMD_DEL_TX_TS(r1, &(0x7f0000000500)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x44, r2, 0x8, 0x70bd2d, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0xfff, 0x75}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x885c) sendmsg$NL80211_CMD_GET_MESH_CONFIG(r1, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x14, r2, 0x20, 0x70bd2a, 0x25dfdbfd, {{}, {@void, @void}}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x4004000) ioctl$AUTOFS_DEV_IOCTL_VERSION(r1, 0xc0189371, &(0x7f0000000640)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) sendmsg$DEVLINK_CMD_PORT_GET(r3, &(0x7f0000000800)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000007c0)={&(0x7f00000006c0)={0xd0, 0x0, 0x2, 0x70bd2b, 0x25dfdbfb, {}, [{{@pci={{0x8}, {0x11}}, {0x8}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4}, 0x4005) r4 = dup3(r3, r3, 0x80000) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000880), 0xffffffffffffffff) sendmsg$NL80211_CMD_RADAR_DETECT(r3, &(0x7f0000000980)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000940)={&(0x7f00000008c0)={0x44, r5, 0x200, 0x70bd25, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x33}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040080}, 0x8000) io_uring_register$IORING_UNREGISTER_FILES(r1, 0x3, 0x0, 0x0) sendmsg$NL80211_CMD_DEL_PMK(r0, &(0x7f0000000a80)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000a40)={&(0x7f0000000a00)={0x2c, r5, 0x10, 0x70bd26, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x4001) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000b00)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000bc0)={&(0x7f0000000ac0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000b80)={&(0x7f0000000b40)={0x1c, 0x0, 0x200, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r6}, @void}}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x24044cc0}, 0x55) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r0, 0xc0189374, &(0x7f0000000c00)={{0x1, 0x1, 0x18, r0, {0x2}}, './file0\x00'}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r7, &(0x7f0000000d40)={&(0x7f0000000c40), 0xc, &(0x7f0000000d00)={&(0x7f0000000c80)={0x70, r2, 0x20, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_SCHED_SCAN_DELAY={0x8}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_SCAN_SUPP_RATES={0x28, 0x7d, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x24, 0x1, "82a30a572a2023143192ac236846d8ab20ef4ffe6e987b3f146ecc4a869f5f6a"}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5, 0xf6, 0x48}]}, 0x70}, 0x1, 0x0, 0x0, 0x40000}, 0x4040001) sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000ec0)={&(0x7f0000000dc0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000e80)={&(0x7f0000000e40)={0x1c, 0x0, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x1141}]}, 0x1c}, 0x1, 0x0, 0x0, 0x48090}, 0x10) 07:51:01 executing program 5: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/tcp6\x00') ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000040)={'\x00', 0x200, 0x5, 0x5, 0x1, 0x6, 0xffffffffffffffff}) close_range(r0, r0, 0x2) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f00000000c0)) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000100)) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCDELRT(r1, 0x890c, &(0x7f0000000140)={0x0, @sco, @nfc={0x27, 0x0, 0x1, 0x6}, @sco, 0x2, 0x0, 0x0, 0x0, 0x81, 0x0, 0x6, 0x1, 0x7}) r2 = socket(0x18, 0x5, 0x800) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000001c0), 0x200800, 0x0) setsockopt(r3, 0xb67, 0x1, &(0x7f0000000200)="9237f769f3e20726f1d0cae8838265373f7f95b80a36004f5ecdb8f74e8261fc48f45349168b9a3327dc889ddb7f923ccefa314d90ff579db9a9e0d9caf4754b6f8f6a22bd86353eab2cb4b705174b2e2b36b17d3009249c21f994f8e1c905eb9de84619f0f9834ec2caceea5b8e592049e61175e91db5c287481b41100d041ec0e554bd1d7d60aad9c940f4b789b3a7b12877501189e442f3c102fafaef74d3d39ed7a5758d7bee9171b9300a2dfe7e8fc25f247c640561c4d63ce63b122ce77743df85e7f7d255933b8b404c33b4cab6bfd3ea919f03b64fa3f5e73a19722ce7bfb9f11b147bde4a5b77f39580bdbec60cd4db363632dd8f4ecbb4", 0xfc) ioctl$CDROMREADTOCENTRY(r0, 0x5306, &(0x7f0000000300)={0x2, 0xa, 0x6, 0x0, @lba=0x400000, 0x9}) r4 = accept4$packet(r0, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000380)=0x14, 0x0) ioctl$FIGETBSZ(r4, 0x2, &(0x7f00000003c0)) r5 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_mreq(r5, 0x0, 0x24, &(0x7f0000000400)={@empty, @dev}, &(0x7f0000000440)=0x8) bind$inet6(r2, &(0x7f0000000480)={0xa, 0x4e22, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}, 0xe6a}, 0x1c) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r5, 0x6612) ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f00000004c0)={0x400, 0x3f, 0x55, 0x5, 0x20, "24da8ac3d7a69c495362466b8eed49aa6ea2dc", 0x400, 0x7}) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x50, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bond\x00'}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x4000010) [ 107.976792] audit: type=1400 audit(1736927461.334:7): avc: denied { execmem } for pid=275 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 07:51:01 executing program 7: r0 = syz_io_uring_complete(0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000000)) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'vxcan1\x00', &(0x7f0000000040)=@ethtool_wolinfo={0x3, 0x41, 0x6, "d25c8b559dfd"}}) getsockopt$IP_SET_OP_GET_FNAME(0xffffffffffffffff, 0x1, 0x53, &(0x7f00000000c0)={0x8, 0x7, 0x0, 'syz1\x00'}, &(0x7f0000000100)=0x2c) r1 = syz_io_uring_setup(0x3d31, &(0x7f0000000140)={0x0, 0x1cbe, 0x2, 0x2, 0x331, 0x0, r0}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r2, 0x0, &(0x7f0000000240)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x5, 0x0, @fd_index=0x1, 0x55e4, 0x0, 0xfffffff7, 0x3}, 0x959f) setsockopt$IP_VS_SO_SET_EDITDEST(r0, 0x0, 0x489, &(0x7f0000000280)={{0x3a, @multicast2, 0x4e21, 0x2, 'wrr\x00', 0xc, 0x1f1, 0x22}, {@multicast1, 0x4e21, 0x4, 0x8, 0x9, 0x7}}, 0x44) pwritev(r1, &(0x7f0000000640)=[{&(0x7f0000000300)="9e81d3d7b024c6ed5322f3cacd996e75afa81263f92e1ecfdf8c9296ff376f99f34bf5b11d3c82616c2ce9cd6ae0f730ff6714b13f964d2dac557a2e1c3bd46eeb247d9696879292ef83508fa11a8eb5a7c6fcad9a726f9a81e8b259371cfbdd7c43004c9cfda4fc", 0x68}, {&(0x7f0000000380)="8c743a54ca1bcc753be11ecb00e4307bcee75f8ce0bf9a0f58a6dcfc", 0x1c}, {&(0x7f00000003c0)="9bd626937b854b8de2bfa643fb67abfaef53d4cb15cce6a4e16062ee7853a1a7570a74fb90b7c903b3cfb6b0dd323234", 0x30}, {&(0x7f0000000400)="2f9649fac17b4e69e76653483002d62483df100cacaf62b00e9832c96e45d93cd884c5e278fb46bb0ed3f7990308f9b7b2df1eb7e17fe166f1db02380c4be3b44c7130cbd1c287dc07663d040ac38209a47c7505c746290943db67569ac2b739db3f2650c0b9e1191308a5ff23ab4b1c6d09bff336a83e0fa2444194f6bdc903961fbd1f9465985873b83c92f2f96788c02a4f28954513c3e0d150ac5d5fad865b99ec7e05f6420f499369bd19bdca78af", 0xb1}, {&(0x7f00000004c0)="b54891601d339987d183448e8c0cb0567169734f5a24cfae89bf39d4eb998aa6364f6128649866af4e9e9f76b2305f04b6bfec3d383e6c5bfd1795503ee57e5b71e569a34ff4e777c50ba855649f4253e8617b3ac0cafc43be2cca39f784e112afdee97d8cf5dcd2e85bf30c167007642d0f644fe832222690fc5ab22a682dcf26a01f8ac0466c742697bc3ba379", 0x8e}, {&(0x7f0000000580)="78f10f35dcdec59ef984416c0954046cc97f72a3f1b2ba353237041d0617394db515f3e4cda52d7c9d3d720fd974c0fe8e8ddfb850e67f3059e5289e5f21f0cc3fa66688f30f6328f7ebc7e902b9e38f597ee949eb2674d57904b15e28c8d0fc6cf6378acd2473a0282d47f5d048949169ef712d1973f550b0bd02e849a588846766cde27ea0c6709eed2586bd0c176a23a90a9d88d12528b8dc74a95a84ae23cce5e8baf687ea00dd3fb90568d7260064595facd2bf540d574eb24c1c", 0xbd}], 0x6, 0x3, 0x3) r3 = mmap$IORING_OFF_SQES(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x1000000, 0x10, 0xffffffffffffffff, 0x10000000) syz_io_uring_submit(r2, r3, &(0x7f00000006c0)=@IORING_OP_FSYNC={0x3, 0x1, 0x0, @fd=r0, 0x0, 0x0, 0x0, 0x1}, 0xfff) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) lsetxattr$trusted_overlay_origin(&(0x7f0000000700)='./file0\x00', &(0x7f0000000740), &(0x7f0000000780), 0x2, 0x2) io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_ifreq(r4, 0x8925, &(0x7f00000007c0)={'syzkaller0\x00', @ifru_names}) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r0, 0xc018937c, &(0x7f0000000800)={{0x1, 0x1, 0x18, r1, {0x1}}, './file0\x00'}) getsockname$packet(r5, &(0x7f0000000840)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000880)=0x14) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4, 0x10, r5, 0x0) r6 = socket$inet_icmp(0x2, 0x2, 0x1) ioctl$EXT4_IOC_CLEAR_ES_CACHE(r6, 0x6628) 07:51:01 executing program 6: r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'veth1_vlan\x00', 0x0}) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000000c0)={{{@in=@broadcast, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@empty}}, &(0x7f00000001c0)=0xe8) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'wg0\x00', 0x0}) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000240)={0x158, r0, 0x8, 0x70bd2b, 0x25dfdbff, {}, [@HEADER={0x78, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bond\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'xfrm0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vcan0\x00'}]}, @HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x158}, 0x1, 0x0, 0x0, 0x40010}, 0x80) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000440)={'veth0_to_bridge\x00', 0x0}) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000480)={r1, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}}, 0x10) r5 = signalfd4(0xffffffffffffffff, &(0x7f00000004c0)={[0x5]}, 0x8, 0x180000) setsockopt$packet_add_memb(r5, 0x107, 0x1, &(0x7f0000000500)={r4, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x10) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r5, 0x89f0, &(0x7f0000000600)={'erspan0\x00', &(0x7f0000000580)={'tunl0\x00', r3, 0x80, 0x700, 0x7fffffff, 0x9, {{0xb, 0x4, 0x1, 0x2, 0x2c, 0x64, 0x0, 0x0, 0x0, 0x0, @remote, @loopback, {[@rr={0x7, 0x17, 0x6c, [@loopback, @multicast1, @broadcast, @remote, @local]}, @end]}}}}}) sendmsg$TEAM_CMD_OPTIONS_SET(r5, &(0x7f0000000840)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000800)={&(0x7f0000000640)={0x194, 0x0, 0x400, 0x70bd26, 0x25dfdbff, {}, [{{0x8, 0x1, r4}, {0x178, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x23}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8, 0x6, r3}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r6}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x9}}, {0x8, 0x6, r3}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}]}}]}, 0x194}, 0x1, 0x0, 0x0, 0x80}, 0x4000804) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f00000008c0), r5) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r5, 0x89f3, &(0x7f0000000a40)={'syztnl1\x00', &(0x7f0000000980)={'syztnl2\x00', r4, 0x8001, 0x8, 0x3, 0x5, {{0x24, 0x4, 0x1, 0x8, 0x90, 0x64, 0x0, 0x20, 0x29, 0x0, @empty, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@ra={0x94, 0x4}, @noop, @lsrr={0x83, 0x3, 0x5b}, @timestamp_prespec={0x44, 0x4c, 0x3a, 0x3, 0x6, [{@remote, 0xca}, {@multicast1, 0x2}, {@remote, 0x1}, {@local}, {@broadcast, 0x4}, {@remote, 0x8f}, {@loopback, 0xb838}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x6}, {@local, 0x7}]}, @generic={0x0, 0xd, "74fd68f738fbfbbc58c902"}, @noop, @ra={0x94, 0x4, 0x1}, @timestamp_addr={0x44, 0x14, 0x7e, 0x1, 0x8, [{@multicast2, 0x9}, {@rand_addr=0x64010100, 0x7fffffff}]}]}}}}}) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r5, 0x89f3, &(0x7f0000000b00)={'gre0\x00', &(0x7f0000000a80)={'gre0\x00', r4, 0x10, 0x10, 0x8000, 0xffffff7f, {{0x18, 0x4, 0x2, 0x6, 0x60, 0x66, 0x0, 0x52, 0x4, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1, {[@cipso={0x86, 0x16, 0x0, [{0x6, 0x10, "d01503be4c426b93f882a352ab0f"}]}, @timestamp_prespec={0x44, 0x14, 0xc6, 0x3, 0x4, [{@dev={0xac, 0x14, 0x14, 0xc}, 0x3f}, {@dev={0xac, 0x14, 0x14, 0x1e}, 0x20}]}, @lsrr={0x83, 0x3, 0x20}, @ra={0x94, 0x4}, @generic={0x83, 0xc, "8356a73584c7447fc377"}, @rr={0x7, 0x7, 0x4f, [@initdev={0xac, 0x1e, 0x0, 0x0}]}, @ssrr={0x89, 0x7, 0xd, [@empty]}]}}}}}) getsockname$packet(0xffffffffffffffff, &(0x7f0000000c00)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000c40)=0x14) ioctl$sock_ipv6_tunnel_SIOCDEL6RD(r5, 0x89fa, &(0x7f0000000d00)={'ip6gre0\x00', &(0x7f0000000c80)={'syztnl2\x00', r4, 0x4, 0x2, 0x9, 0x5, 0x20, @empty, @mcast2, 0x20, 0x8000, 0x96ca, 0x9}}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000e00)={'batadv0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCDEL6RD(r5, 0x89fa, &(0x7f0000001240)={'ip6gre0\x00', &(0x7f00000011c0)={'ip6gre0\x00', r1, 0x29, 0x4, 0x8, 0x7, 0x42, @empty, @mcast2, 0x10, 0x7800, 0x2, 0x4}}) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r7, &(0x7f00000014c0)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x10801000}, 0xc, &(0x7f0000001480)={&(0x7f0000001280)={0x1f8, r8, 0x2, 0x70bd25, 0x25dfdbfc, {}, [@HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'caif0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}, @HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}]}, @HEADER={0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nr0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x84, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vcan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r14}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0x1f8}, 0x1, 0x0, 0x0, 0x4000}, 0x20044091) [ 109.475393] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 109.479710] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 109.483478] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 109.489508] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 109.494496] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 109.497163] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 109.550826] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 109.553484] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 109.555019] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 109.560637] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 109.567826] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 109.573528] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 109.574677] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 109.591925] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 109.594238] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 109.605913] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 109.606716] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 109.618661] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 109.621029] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 109.630461] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 109.633295] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 109.647433] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 109.651323] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 109.652822] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 109.655269] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 109.679404] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 109.679551] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 109.686568] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 109.694480] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 109.694962] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 109.697033] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 109.704951] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 109.706966] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 109.709448] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 109.710782] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 109.725341] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 109.725940] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 109.730432] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 109.732889] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 109.750431] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 109.753645] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 109.778302] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 109.783493] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 109.795780] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 109.806284] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 109.806576] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 109.814015] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 109.814685] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 111.559658] Bluetooth: hci0: command tx timeout [ 111.688142] Bluetooth: hci2: command tx timeout [ 111.751191] Bluetooth: hci1: command tx timeout [ 111.815197] Bluetooth: hci4: command tx timeout [ 111.815878] Bluetooth: hci3: command tx timeout [ 111.882123] Bluetooth: hci6: command tx timeout [ 111.882400] Bluetooth: hci5: command tx timeout [ 111.944230] Bluetooth: hci7: command tx timeout [ 113.607227] Bluetooth: hci0: command tx timeout [ 113.735255] Bluetooth: hci2: command tx timeout [ 113.799236] Bluetooth: hci1: command tx timeout [ 113.863411] Bluetooth: hci4: command tx timeout [ 113.863543] Bluetooth: hci3: command tx timeout [ 113.927299] Bluetooth: hci5: command tx timeout [ 113.928245] Bluetooth: hci6: command tx timeout [ 113.992133] Bluetooth: hci7: command tx timeout [ 115.656135] Bluetooth: hci0: command tx timeout [ 115.783221] Bluetooth: hci2: command tx timeout [ 115.848244] Bluetooth: hci1: command tx timeout [ 115.913261] Bluetooth: hci4: command tx timeout [ 115.914265] Bluetooth: hci3: command tx timeout [ 115.976360] Bluetooth: hci5: command tx timeout [ 115.977040] Bluetooth: hci6: command tx timeout [ 116.040457] Bluetooth: hci7: command tx timeout [ 117.704290] Bluetooth: hci0: command tx timeout [ 117.833162] Bluetooth: hci2: command tx timeout [ 117.895276] Bluetooth: hci1: command tx timeout [ 117.960200] Bluetooth: hci3: command tx timeout [ 117.960276] Bluetooth: hci4: command tx timeout [ 118.023355] Bluetooth: hci6: command tx timeout [ 118.023435] Bluetooth: hci5: command tx timeout [ 118.088288] Bluetooth: hci7: command tx timeout [ 169.624554] syz-executor.5 (289) used greatest stack depth: 24016 bytes left [ 172.193305] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 172.197693] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 172.202599] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 172.212807] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 172.217247] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 172.219719] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 172.315232] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 172.323440] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 172.329660] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 172.336891] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 172.340747] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 172.344488] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 172.396291] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 172.401911] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 172.404639] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 172.405455] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 172.411953] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 172.414265] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 172.418874] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 172.422855] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 172.432656] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 172.446199] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 172.462023] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 172.463560] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 172.492853] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 172.496744] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 172.499924] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 172.511048] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 172.524821] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 172.529039] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 172.539763] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 172.540881] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 172.543884] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 172.546814] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 172.559212] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 172.560960] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 172.563661] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 172.585580] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 172.590513] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 172.602977] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 172.621007] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 172.623140] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 172.735003] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 172.755807] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 172.757880] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 172.767595] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 172.775814] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 172.823692] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 174.280287] Bluetooth: hci0: command tx timeout [ 174.407316] Bluetooth: hci1: command tx timeout [ 174.471291] Bluetooth: hci3: command tx timeout [ 174.535689] Bluetooth: hci2: command tx timeout [ 174.663247] Bluetooth: hci4: command tx timeout [ 174.728509] Bluetooth: hci5: command tx timeout [ 175.047665] Bluetooth: hci7: command tx timeout [ 175.303467] Bluetooth: hci6: command tx timeout [ 176.327605] Bluetooth: hci0: command tx timeout [ 176.455271] Bluetooth: hci1: command tx timeout [ 176.519607] Bluetooth: hci3: command tx timeout [ 176.583755] Bluetooth: hci2: command tx timeout [ 176.711490] Bluetooth: hci4: command tx timeout [ 176.775483] Bluetooth: hci5: command tx timeout [ 177.095175] Bluetooth: hci7: command tx timeout [ 177.351220] Bluetooth: hci6: command tx timeout [ 178.375127] Bluetooth: hci0: command tx timeout [ 178.504098] Bluetooth: hci1: command tx timeout [ 178.568239] Bluetooth: hci3: command tx timeout [ 178.632260] Bluetooth: hci2: command tx timeout [ 178.760203] Bluetooth: hci4: command tx timeout [ 178.824283] Bluetooth: hci5: command tx timeout [ 179.143208] Bluetooth: hci7: command tx timeout [ 179.399164] Bluetooth: hci6: command tx timeout [ 180.425413] Bluetooth: hci0: command tx timeout [ 180.551229] Bluetooth: hci1: command tx timeout [ 180.617109] Bluetooth: hci3: command tx timeout [ 180.680224] Bluetooth: hci2: command tx timeout [ 180.808045] Bluetooth: hci4: command tx timeout [ 180.872365] Bluetooth: hci5: command tx timeout [ 181.192153] Bluetooth: hci7: command tx timeout [ 181.447364] Bluetooth: hci6: command tx timeout [ 235.101687] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 235.108678] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 235.111177] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 235.116654] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 235.118999] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 235.120480] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 235.604505] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 235.607808] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 235.612530] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 235.618504] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 235.623365] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 235.625222] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 235.673535] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 235.676589] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 235.679563] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 235.689499] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 235.694432] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 235.696556] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 235.738614] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 235.742548] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 235.744735] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 235.753487] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 235.756624] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 235.759799] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 235.837395] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 235.853559] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 235.857403] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 235.859462] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 235.868410] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 235.874485] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 235.876478] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 235.900798] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 235.904515] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 235.919347] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 235.925490] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 235.931724] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 235.952006] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 235.964307] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 235.964716] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 235.976986] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 235.992985] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 236.047438] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 236.049832] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 236.062624] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 236.065480] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 236.093802] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 236.111260] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 236.116908] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 237.191198] Bluetooth: hci0: command tx timeout [ 237.703201] Bluetooth: hci1: command tx timeout [ 237.767143] Bluetooth: hci2: command tx timeout [ 237.831156] Bluetooth: hci3: command tx timeout [ 237.960460] Bluetooth: hci5: command tx timeout [ 238.088162] Bluetooth: hci4: command tx timeout [ 238.215349] Bluetooth: hci7: command tx timeout [ 238.215863] Bluetooth: hci6: command tx timeout [ 239.239147] Bluetooth: hci0: command tx timeout [ 239.751129] Bluetooth: hci1: command tx timeout [ 239.815900] Bluetooth: hci2: command tx timeout [ 239.880151] Bluetooth: hci3: command tx timeout [ 240.007244] Bluetooth: hci5: command tx timeout [ 240.137290] Bluetooth: hci4: command tx timeout [ 240.265135] Bluetooth: hci7: command tx timeout [ 240.265243] Bluetooth: hci6: command tx timeout [ 241.289141] Bluetooth: hci0: command tx timeout [ 241.802262] Bluetooth: hci1: command tx timeout [ 241.863200] Bluetooth: hci2: command tx timeout [ 241.930113] Bluetooth: hci3: command tx timeout [ 242.057091] Bluetooth: hci5: command tx timeout [ 242.184124] Bluetooth: hci4: command tx timeout [ 242.311220] Bluetooth: hci6: command tx timeout [ 242.311399] Bluetooth: hci7: command tx timeout [ 243.335150] Bluetooth: hci0: command tx timeout [ 243.847235] Bluetooth: hci1: command tx timeout [ 243.911155] Bluetooth: hci2: command tx timeout [ 243.976113] Bluetooth: hci3: command tx timeout [ 244.103183] Bluetooth: hci5: command tx timeout [ 244.231205] Bluetooth: hci4: command tx timeout [ 244.360177] Bluetooth: hci6: command tx timeout [ 244.360198] Bluetooth: hci7: command tx timeout [ 297.490664] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 297.494504] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 297.496935] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 297.502340] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 297.507829] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 297.510806] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 297.876247] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 297.879332] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 297.882476] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 297.890478] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 297.893837] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 297.896512] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 298.016456] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 298.019376] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 298.021501] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 298.031432] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 298.050938] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 298.052939] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 298.055643] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 298.058632] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 298.061628] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 298.065603] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 298.067743] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 298.081117] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 298.084256] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 298.087366] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 298.089833] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 298.110003] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 298.139869] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 298.142973] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 298.146550] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 298.150246] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 298.166186] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 298.175614] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 298.179609] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 298.184515] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 298.192259] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 298.195401] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 298.195694] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 298.197641] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 298.203438] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 298.206743] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 298.333739] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 298.356514] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 298.382346] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 298.420882] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 298.432461] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 298.434847] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 299.592119] Bluetooth: hci0: command tx timeout [ 299.975238] Bluetooth: hci1: command tx timeout [ 300.167187] Bluetooth: hci3: command tx timeout [ 300.167235] Bluetooth: hci2: command tx timeout [ 300.168020] Bluetooth: hci4: command tx timeout [ 300.296240] Bluetooth: hci5: command tx timeout [ 300.360112] Bluetooth: hci6: command tx timeout [ 300.489247] Bluetooth: hci7: command tx timeout [ 301.639644] Bluetooth: hci0: command tx timeout [ 302.023121] Bluetooth: hci1: command tx timeout [ 302.215178] Bluetooth: hci3: command tx timeout [ 302.215291] Bluetooth: hci2: command tx timeout [ 302.216325] Bluetooth: hci4: command tx timeout [ 302.343194] Bluetooth: hci5: command tx timeout [ 302.409067] Bluetooth: hci6: command tx timeout [ 302.537169] Bluetooth: hci7: command tx timeout [ 303.687328] Bluetooth: hci0: command tx timeout [ 304.071150] Bluetooth: hci1: command tx timeout [ 304.264076] Bluetooth: hci2: command tx timeout [ 304.264174] Bluetooth: hci4: command tx timeout [ 304.264261] Bluetooth: hci3: command tx timeout [ 304.392363] Bluetooth: hci5: command tx timeout [ 304.456281] Bluetooth: hci6: command tx timeout [ 304.583238] Bluetooth: hci7: command tx timeout [ 305.736112] Bluetooth: hci0: command tx timeout [ 306.119406] Bluetooth: hci1: command tx timeout [ 306.312243] Bluetooth: hci3: command tx timeout [ 306.312349] Bluetooth: hci4: command tx timeout [ 306.312436] Bluetooth: hci2: command tx timeout [ 306.439127] Bluetooth: hci5: command tx timeout [ 306.505123] Bluetooth: hci6: command tx timeout [ 306.632630] Bluetooth: hci7: command tx timeout [ 357.067968] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 357.068248] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 357.572274] syz-executor.0 (10193) used greatest stack depth: 23896 bytes left [ 360.090599] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 360.093721] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 360.098206] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 360.108597] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 360.121341] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 360.124641] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 360.404917] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 360.407514] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 360.409743] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 360.423514] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 360.428882] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 360.431337] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 360.475743] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 360.481305] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 360.493588] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 360.515518] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 360.529541] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 360.533541] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 360.536491] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 360.544601] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 360.555721] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 360.580507] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 360.585552] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 360.587901] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 360.802416] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 360.810976] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 360.818960] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 360.822477] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 360.829753] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 360.858702] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 360.864567] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 360.866234] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 360.884849] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 360.887156] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 360.892298] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 360.895241] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 360.896271] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 360.897893] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 360.899738] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 360.902796] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 360.913377] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 360.915618] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 360.920723] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 360.921576] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 360.937929] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 360.938384] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 360.941885] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 360.977627] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 362.184214] Bluetooth: hci0: command tx timeout [ 362.503143] Bluetooth: hci1: command tx timeout [ 362.632254] Bluetooth: hci2: command tx timeout [ 362.632616] Bluetooth: hci3: command tx timeout [ 363.016325] Bluetooth: hci5: command tx timeout [ 363.017041] Bluetooth: hci6: command tx timeout [ 363.079143] Bluetooth: hci7: command tx timeout [ 363.593292] Bluetooth: hci4: command tx timeout [ 364.231237] Bluetooth: hci0: command tx timeout [ 364.553094] Bluetooth: hci1: command tx timeout [ 364.680197] Bluetooth: hci3: command tx timeout [ 364.680257] Bluetooth: hci2: command tx timeout [ 365.063523] Bluetooth: hci5: command tx timeout [ 365.063545] Bluetooth: hci6: command tx timeout [ 365.127274] Bluetooth: hci7: command tx timeout [ 365.639173] Bluetooth: hci4: command tx timeout [ 366.279427] Bluetooth: hci0: command tx timeout [ 366.600206] Bluetooth: hci1: command tx timeout [ 366.727828] Bluetooth: hci3: command tx timeout [ 366.728133] Bluetooth: hci2: command tx timeout [ 367.111108] Bluetooth: hci6: command tx timeout [ 367.114066] Bluetooth: hci5: command tx timeout [ 367.175175] Bluetooth: hci7: command tx timeout [ 367.687087] Bluetooth: hci4: command tx timeout [ 368.327117] Bluetooth: hci0: command tx timeout [ 368.648053] Bluetooth: hci1: command tx timeout [ 368.775134] Bluetooth: hci2: command tx timeout [ 368.775158] Bluetooth: hci3: command tx timeout [ 369.159477] Bluetooth: hci5: command tx timeout [ 369.159579] Bluetooth: hci6: command tx timeout [ 369.223241] Bluetooth: hci7: command tx timeout [ 369.735133] Bluetooth: hci4: command tx timeout VM DIAGNOSIS: 07:56:03 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=ffffffff85c6ffc8 RCX=ffffffff81722c85 RDX=ffff88803caa0000 RSI=ffffffff81722c2b RDI=0000000000000001 RBP=0000000000000001 RSP=ffff88806ce09a00 R8 =0000000000000000 R9 =fffffbfff0fe11dc R10=0000000000000001 R11=0000000000000000 R12=0000000000000000 R13=0000000000000000 R14=ffffffff85c6ffc8 R15=ffff88800c291a68 RIP=ffffffff84a89090 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fe7ce7056f4 CR3=000000003cb4e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007fe7ce71447000007fe7ce713f20 XMM02=00000000000000000000000000000000 XMM03=756e20796d6d756420736e6f6974706f XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=73253d656d616e6c6165722073253d73 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=ffffffff867a248b RBX=0000000000000001 RCX=ffffffff867a2486 RDX=0000000000000000 RSI=0000000000000000 RDI=0000000000000001 RBP=ffff88806cf09ad0 RSP=ffff88806cf09a08 R8 =ffffffff867a248a R9 =ffff88806cf09ab8 R10=000000000003ab2c R11=00000000000081ec R12=ffff88806cf09ad8 R13=ffff88806cf09ac0 R14=ffff88806cf09ab9 R15=ffff88806cf09a78 RIP=ffffffff813493b5 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe4f00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f07a7cfa6f4 CR3=000000000d44c000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f07a7d0947000007f07a7d08f20 XMM02=00000000000000000000000000000000 XMM03=756e20796d6d756420736e6f6974706f XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=73253d656d616e6c6165722073253d73 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000