Warning: Permanently added '[localhost]:23949' (ECDSA) to the list of known hosts. 2025/04/23 06:46:37 fuzzer started 2025/04/23 06:46:37 dialing manager at localhost:42253 syzkaller login: [ 98.536389] cgroup: Unknown subsys name 'net' [ 98.682318] cgroup: Unknown subsys name 'cpuset' [ 98.731535] cgroup: Unknown subsys name 'rlimit' 2025/04/23 06:46:59 syscalls: 202 2025/04/23 06:46:59 code coverage: enabled 2025/04/23 06:46:59 comparison tracing: enabled 2025/04/23 06:46:59 extra coverage: enabled 2025/04/23 06:46:59 setuid sandbox: enabled 2025/04/23 06:46:59 namespace sandbox: enabled 2025/04/23 06:46:59 Android sandbox: enabled 2025/04/23 06:46:59 fault injection: enabled 2025/04/23 06:46:59 leak checking: enabled 2025/04/23 06:46:59 net packet injection: enabled 2025/04/23 06:46:59 net device setup: enabled 2025/04/23 06:46:59 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/04/23 06:46:59 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/04/23 06:46:59 USB emulation: enabled 2025/04/23 06:46:59 hci packet injection: enabled 2025/04/23 06:46:59 wifi device emulation: enabled 2025/04/23 06:46:59 802.15.4 emulation: enabled 2025/04/23 06:46:59 fetching corpus: 0, signal 0/0 (executing program) 2025/04/23 06:47:01 starting 8 fuzzer processes 06:47:01 executing program 0: lstat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setgid(r0) r1 = socket$inet6(0xa, 0x80000, 0xde5) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000000c0)={{{@in=@initdev, @in=@initdev}}, {{@in=@dev}, 0x0, @in6=@mcast1}}, &(0x7f00000001c0)=0xe8) r2 = socket(0x1a, 0x1, 0x1f) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$BATADV_CMD_TP_METER_CANCEL(r2, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x34, r3, 0x10, 0x70bd25, 0x25dfdbfe, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x1}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x6}]}, 0x34}}, 0x4000015) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000340)={{{@in=@multicast2, @in6}}, {{@in6=@ipv4}, 0x0, @in6=@local}}, &(0x7f0000000440)=0xe8) sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r3, 0x201, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x100}]}, 0x2c}, 0x1, 0x0, 0x0, 0x882}, 0x0) ioctl$SG_GET_RESERVED_SIZE(0xffffffffffffffff, 0x2272, &(0x7f0000000580)) r4 = socket$inet6(0xa, 0x5, 0x9) sendmsg$BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x2c, r3, 0x400, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x44000) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f00000006c0)) mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x1010, 0xffffffffffffffff, 0x10000000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000700)={'batadv_slave_0\x00'}) sched_setattr(0xffffffffffffffff, &(0x7f0000000740)={0x38, 0x0, 0xa, 0xfffff001, 0xff, 0xffffffff, 0x9b, 0xffff, 0x4, 0x38c8}, 0x0) recvmmsg(r4, &(0x7f0000001d00)=[{{&(0x7f0000000780)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f0000000b40)=[{&(0x7f0000000800)=""/65, 0x41}, {&(0x7f0000000880)=""/97, 0x61}, {&(0x7f0000000900)=""/24, 0x18}, {&(0x7f0000000940)=""/64, 0x40}, {&(0x7f0000000980)=""/9, 0x9}, {&(0x7f00000009c0)=""/62, 0x3e}, {&(0x7f0000000a00)=""/169, 0xa9}, {&(0x7f0000000ac0)=""/94, 0x5e}], 0x8}, 0x3}, {{&(0x7f0000000bc0)=@phonet, 0x80, &(0x7f0000000f40)=[{&(0x7f0000000c40)=""/191, 0xbf}, {&(0x7f0000000d00)=""/74, 0x4a}, {&(0x7f0000000d80)=""/42, 0x2a}, {&(0x7f0000000dc0)=""/113, 0x71}, {&(0x7f0000000e40)=""/224, 0xe0}], 0x5, &(0x7f0000000fc0)=""/34, 0x22}, 0x9b2e}, {{&(0x7f0000001000)=@ax25={{0x3, @rose}, [@null, @default, @null, @remote, @netrom, @bcast, @netrom]}, 0x80, &(0x7f0000001140)=[{&(0x7f0000001080)=""/184, 0xb8}], 0x1, &(0x7f0000001180)=""/18, 0x12}, 0xafc}, {{&(0x7f00000011c0)=@phonet, 0x80, &(0x7f0000001800)=[{&(0x7f0000001240)=""/37, 0x25}, {&(0x7f0000001280)=""/2, 0x2}, {&(0x7f00000012c0)=""/170, 0xaa}, {&(0x7f0000001380)=""/140, 0x8c}, {&(0x7f0000001440)=""/212, 0xd4}, {&(0x7f0000001540)=""/183, 0xb7}, {&(0x7f0000001600)=""/138, 0x8a}, {&(0x7f00000016c0)=""/37, 0x25}, {&(0x7f0000001700)=""/250, 0xfa}], 0x9, &(0x7f00000018c0)=""/237, 0xed}, 0x7fffffff}, {{&(0x7f00000019c0)=@in6={0xa, 0x0, 0x0, @private1}, 0x80, &(0x7f0000001c80)=[{&(0x7f0000001a40)=""/210, 0xd2}, {&(0x7f0000001b40)=""/161, 0xa1}, {&(0x7f0000001c00)=""/101, 0x65}], 0x3, &(0x7f0000001cc0)=""/57, 0x39}, 0x1}], 0x5, 0x10000, &(0x7f0000001e40)) r5 = socket(0x23, 0x0, 0xb4) r6 = syz_genetlink_get_family_id$batadv(&(0x7f000000bd80), r2) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r5, &(0x7f000000be80)={&(0x7f000000bd40)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f000000be40)={&(0x7f000000bdc0)={0x48, r6, 0x300, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xffffffff}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x4}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_VLANID={0x6}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x8}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x7}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x1) 06:47:01 executing program 1: sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x0, 0x4, 0x70bd26, 0x25dfdbff, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x8050}, 0x24024004) r0 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x70, r0, 0x300, 0x70bd26, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'netdevsim0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x2a, 0x7, 'u:object_r:app_data_file:s0:c512,c768\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @empty}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x2e}}]}, 0x70}, 0x1, 0x0, 0x0, 0x8810}, 0x8080) r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x44, r1, 0x2, 0x70bd28, 0x25dfdbfb, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x1f}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x1ff}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x2}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x1}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x9}]}, 0x44}, 0x1, 0x0, 0x0, 0x24000000}, 0x4080) sendmsg$NLBL_UNLABEL_C_STATICLIST(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x5c, r0, 0x2, 0x70bd26, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @broadcast}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @loopback}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'bond_slave_0\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @mcast1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40}, 0x40000) sendmsg$NLBL_UNLABEL_C_STATICLIST(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000640)={&(0x7f0000000580)={0x98, r0, 0x4, 0x70bd29, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @empty}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @rand_addr=0x64010100}, @NLBL_UNLABEL_A_SECCTX={0x25, 0x7, 'system_u:object_r:dbusd_etc_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x2e, 0x7, 'system_u:object_r:dlm_control_device_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @remote}]}, 0x98}, 0x1, 0x0, 0x0, 0x8800}, 0x4004000) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000700), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f00000007c0)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x2c, r3, 0x400, 0x70bd2b, 0x25dfdbfe, {}, [@NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x2393}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x80) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000840), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_VLAN(0xffffffffffffffff, &(0x7f0000000900)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x34, r4, 0x800, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_HOP_PENALTY={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x2}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x14}, 0x10) sendmsg$NLBL_UNLABEL_C_STATICLIST(r2, &(0x7f0000000a00)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000009c0)={&(0x7f0000000980)={0x28, r0, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @private2}]}, 0x28}, 0x1, 0x0, 0x0, 0x20004001}, 0x24050094) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000a40)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x2}}, './file0\x00'}) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000ac0), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r5, &(0x7f0000000bc0)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000b80)={&(0x7f0000000b00)={0x4c, r6, 0x308, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x7}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x8}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x2}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x44010}, 0x48080) sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000cc0)={&(0x7f0000000c00), 0xc, &(0x7f0000000c80)={&(0x7f0000000c40)={0x2c, r6, 0x200, 0x70bd2d, 0x25dfdbff, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000080}, 0x8000) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000d40), r2) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r7, &(0x7f0000000e00)={&(0x7f0000000d00)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000d80)={0x30, r8, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @local}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000) 06:47:01 executing program 2: r0 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x0, 0x4, 0x70bd2b, 0x25dfdbfb, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x20040081) ioctl$sock_ifreq(0xffffffffffffffff, 0x891c, &(0x7f0000000140)={'virt_wifi0\x00', @ifru_mtu}) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000002800)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x2}}, './file0\x00'}) recvmmsg(r1, &(0x7f0000002b40)=[{{0x0, 0x0, &(0x7f0000002840), 0x0, &(0x7f0000002880)=""/251, 0xfb}}, {{&(0x7f0000002980)=@isdn, 0x80, &(0x7f0000002a00), 0x0, &(0x7f0000002a40)=""/233, 0xe9}, 0xdfcd}], 0x2, 0x140, &(0x7f0000002bc0)={0x77359400}) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000002c40), 0xffffffffffffffff) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, &(0x7f0000002d00)={&(0x7f0000002c00)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000002cc0)={&(0x7f0000002c80)={0x20, r2, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x879d}]}, 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000002e00)={'erspan0\x00', &(0x7f0000002d40)={'syztnl2\x00', 0x0, 0x10, 0x80, 0x7fff, 0x0, {{0x1b, 0x4, 0x0, 0x3a, 0x6c, 0x68, 0x0, 0x9, 0x2f, 0x0, @local, @loopback, {[@timestamp_prespec={0x44, 0x1c, 0x1e, 0x3, 0x7, [{@dev={0xac, 0x14, 0x14, 0xf}, 0xe75}, {@loopback, 0x8}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0xde0a}]}, @ssrr={0x89, 0xf, 0x66, [@loopback, @loopback, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @timestamp_prespec={0x44, 0x2c, 0x39, 0x3, 0x1, [{@local}, {@empty, 0xc2}, {@remote, 0x5}, {@broadcast}, {@broadcast, 0x6}]}]}}}}}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f0000002e80)={0x0, @isdn={0x22, 0x1, 0x4, 0xff, 0x2}, @rc={0x1f, @none, 0xfb}, @rc={0x1f, @none, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000002e40)='wlan0\x00', 0x24bd, 0x8, 0x9}) r4 = socket$inet6(0xa, 0x80000, 0x7) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000002f00)={'batadv0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCGETPRL(r4, 0x89f4, &(0x7f0000002fc0)={'ip6gre0\x00', &(0x7f0000002f40)={'syztnl1\x00', r5, 0x29, 0x6, 0xfb, 0x9, 0x8, @local, @remote, 0x8010, 0x8000, 0x3ee, 0x3}}) write$cgroup_devices(0xffffffffffffffff, &(0x7f0000003000)={'b', ' *:* ', 'm\x00'}, 0x8) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r6, &(0x7f0000003140)={&(0x7f0000003040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000003100)={&(0x7f0000003080)={0x60, 0x0, 0x100, 0x70bd28, 0x25dfdbfc, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @multicast}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xcb}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x7fffffff}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x607}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0xfffff001}]}, 0x60}, 0x1, 0x0, 0x0, 0x20000040}, 0x0) setsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000003180)=0x1, 0x4) sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000003280)={&(0x7f00000031c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000003240)={&(0x7f0000003200)={0x1c, r0, 0x400, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1f}]}, 0x1c}, 0x1, 0x0, 0x0, 0x811}, 0x4000) sendmsg$BATADV_CMD_GET_HARDIF(r1, &(0x7f0000003380)={&(0x7f00000032c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000003340)={&(0x7f0000003300)={0x14, r0, 0x200, 0x70bd2c, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x40480d5) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(0xffffffffffffffff, &(0x7f0000008040)={&(0x7f0000007f40)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000008000)={&(0x7f0000007f80)={0x54, r0, 0x200, 0x70bd2c, 0x25dfdbfc, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x8}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x8}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x4}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_VLANID={0x6}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}]}, 0x54}, 0x1, 0x0, 0x0, 0x8}, 0x800) 06:47:01 executing program 3: socketpair(0x5, 0x0, 0x101, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_bt_hci(r0, 0x400448c9, &(0x7f0000000040)="e5b00c8ad05c0df9ce5df4d9b11fa4aa53709e9cae2e266913ff8accc8ae573ee4227fe1cfb57480ead51ab79230604c6f4304057155bf6a61be806df8400138527ae1cb073f25e267b2a9c143a1c1") ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00'}) ioctl$SG_GET_VERSION_NUM(0xffffffffffffffff, 0x2282, &(0x7f0000000100)) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000140)={{{@in6=@private0, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in6=@local}}, &(0x7f0000000240)=0xe8) ioctl$SG_GET_PACK_ID(0xffffffffffffffff, 0x227c, &(0x7f0000000280)) r3 = socket(0x27, 0xa, 0x2) setsockopt$bt_hci_HCI_FILTER(r3, 0x0, 0x2, &(0x7f00000002c0)={0x80, [0x9, 0x1f]}, 0x10) ioctl$SG_GET_COMMAND_Q(0xffffffffffffffff, 0x2270, &(0x7f0000000300)) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000340)={'batadv_slave_1\x00'}) sendmsg$BATADV_CMD_SET_VLAN(r1, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x30, 0x0, 0x800, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x8}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @multicast}]}, 0x30}, 0x1, 0x0, 0x0, 0x48051}, 0x8090) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000480)={{{@in=@broadcast, @in=@initdev}}, {{@in6=@remote}, 0x0, @in6=@private1}}, &(0x7f0000000580)=0xe8) socket$inet(0x2, 0x6, 0x0) socketpair(0x2b, 0x5, 0x41f, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r4, &(0x7f0000006300)=[{{&(0x7f0000000600)=@isdn, 0x80, &(0x7f0000001840)=[{&(0x7f0000000680)=""/4096, 0x1000}, {&(0x7f0000001680)=""/152, 0x98}, {&(0x7f0000001740)=""/220, 0xdc}], 0x3, &(0x7f0000001880)=""/216, 0xd8}, 0x8}, {{&(0x7f0000001980)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001a00)=""/142, 0x8e}, {&(0x7f0000001ac0)=""/183, 0xb7}, {&(0x7f0000001b80)=""/84, 0x54}, {&(0x7f0000001c00)=""/44, 0x2c}, {&(0x7f0000001c40)=""/251, 0xfb}, {&(0x7f0000001d40)=""/213, 0xd5}, {&(0x7f0000001e40)=""/33, 0x21}, {&(0x7f0000001e80)=""/248, 0xf8}], 0x8, &(0x7f0000002000)=""/199, 0xc7}, 0x72c}, {{&(0x7f0000002100)=@in6, 0x80, &(0x7f0000002240)=[{&(0x7f0000002180)=""/145, 0x91}], 0x1, &(0x7f0000002280)=""/178, 0xb2}, 0x92f0}, {{&(0x7f0000002340)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x80, &(0x7f0000002440)=[{&(0x7f00000023c0)=""/83, 0x53}], 0x1, &(0x7f0000002480)=""/129, 0x81}, 0x120}, {{&(0x7f0000002540)=@hci, 0x80, &(0x7f0000003800)=[{&(0x7f00000025c0)=""/98, 0x62}, {&(0x7f0000002640)=""/4096, 0x1000}, {&(0x7f0000003640)=""/22, 0x16}, {&(0x7f0000003680)=""/210, 0xd2}, {&(0x7f0000003780)=""/108, 0x6c}], 0x5, &(0x7f0000003880)=""/247, 0xf7}, 0xb05}, {{&(0x7f0000003980)=@l2tp6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000003ac0)=[{&(0x7f0000003a00)=""/77, 0x4d}, {&(0x7f0000003a80)=""/60, 0x3c}], 0x2, &(0x7f0000003b00)=""/139, 0x8b}, 0x6}, {{&(0x7f0000003bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000003d00)=[{&(0x7f0000003c40)=""/28, 0x1c}, {&(0x7f0000003c80)=""/27, 0x1b}, {&(0x7f0000003cc0)=""/5, 0x5}], 0x3, &(0x7f0000003d40)=""/246, 0xf6}, 0x3}, {{&(0x7f0000003e40)=@x25={0x9, @remote}, 0x80, &(0x7f00000061c0)=[{&(0x7f0000003ec0)=""/152, 0x98}, {&(0x7f0000003f80)=""/4096, 0x1000}, {&(0x7f0000004f80)=""/170, 0xaa}, {&(0x7f0000005040)=""/249, 0xf9}, {&(0x7f0000005140)=""/108, 0x6c}, {&(0x7f00000051c0)=""/4096, 0x1000}], 0x6, &(0x7f0000006240)=""/184, 0xb8}, 0x1}], 0x8, 0x23, &(0x7f0000006500)={0x77359400}) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000006840)={0x53, 0xfffffffffffffffb, 0xe7, 0x0, @buffer={0x0, 0xa6, &(0x7f0000006540)=""/166}, &(0x7f0000006600)="f743450de73b567913ce6fff38b5276370b3016c051840d579a2da41390f21c341e486ea469ba302aa791413ba4ff3e5dd4f2d116e0ea8548238edee85ebb84ea535891043c6510019185ccec0715d9eed7af8fcdb67508ab7af49e4fadab7ac54153761fce76813b88c4c7bb6d4532820599deb263a37fd3cd2762339ec09fa4dca78b8ea29dd634fa8a9bf3a9cd6bb22f2081c789cd0f127872286b8011f35d9ea3743f1415f164958565dd91476332b50fba0655b004a86a6f35d60180a801784d96d838b664b3d0053b9b66f61744f7fe936bacdb711934c3d4d4d1723e9276176f50a4d8b", &(0x7f0000006700)=""/217, 0x80000000, 0x4, 0x0, &(0x7f0000006800)}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000069c0)={'syztnl1\x00', &(0x7f00000068c0)={'syztnl2\x00', r2, 0x10, 0x10, 0x58f1, 0x4, {{0x2a, 0x4, 0x0, 0x18, 0xa8, 0x66, 0x0, 0x0, 0x29, 0x0, @rand_addr=0x64010101, @multicast1, {[@timestamp={0x44, 0x18, 0x9f, 0x0, 0x8, [0x1, 0x5, 0xffffffe1, 0x4, 0xf17e]}, @end, @cipso={0x86, 0x5d, 0x3, [{0x0, 0x7, "0a2bd3e822"}, {0x7, 0x10, "0b15b663e42bea0d99aec3a3ab48"}, {0x5, 0xd, "2d546f2bcec3640838e2a4"}, {0x7, 0x11, "942ea95aebe683097fa125057712d3"}, {0x2, 0x11, "af0dfcf36bbc2346812eb6aeb38b52"}, {0x5, 0x6, "de0887e2"}, {0x1, 0xb, "073c194fe69fd836f0"}]}, @cipso={0x86, 0x1b, 0x0, [{0x0, 0xb, "60ea658343430d34d1"}, {0x0, 0xa, "1417085086266d01"}]}, @noop]}}}}}) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x8, 0x1010, 0xffffffffffffffff, 0x8000000) r6 = mmap$IORING_OFF_SQES(&(0x7f0000ff7000/0x9000)=nil, 0x9000, 0x3000002, 0x4000010, 0xffffffffffffffff, 0x10000000) syz_io_uring_submit(r5, r6, &(0x7f0000006a00)=@IORING_OP_TEE={0x21, 0x5, 0x0, @fd_index, 0x0, 0x0, 0x4, 0x2, 0x1, {0x0, 0x0, r0}}, 0x4) [ 122.239243] audit: type=1400 audit(1745390821.646:7): avc: denied { execmem } for pid=280 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 06:47:01 executing program 4: geteuid() syz_io_uring_submit(0x0, 0x0, &(0x7f0000000080)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x4, 0x0, 0xfff, 0x2, &(0x7f0000000000)="c24540abaecbd06e2b801e1f2a95bc61b641ead4e52616b0d64e9a2a98dcb397e87027909257f2e58008581b154ef837bea77f18185226a90723ccb7c5ac76448f0afddd56111e26e5707cf53a7555595c35c18c330e425d59d14b0020728417a5356155377bb3f62238243088f33b51e6fce3", 0x9, 0x0, 0x0, {0x3}}, 0x9) r0 = geteuid() semctl$IPC_RMID(0x0, 0x0, 0x0) r1 = semget$private(0x0, 0x2, 0x0) semtimedop(r1, &(0x7f00000000c0)=[{0x4, 0xfffa, 0x800}, {0x2, 0x41, 0x800}], 0x2, &(0x7f0000000100)={0x0, 0x989680}) geteuid() geteuid() clock_gettime(0x6, &(0x7f0000000140)) r2 = semget$private(0x0, 0x1, 0x0) semctl$IPC_INFO(r2, 0x0, 0x3, &(0x7f0000000180)=""/190) r3 = geteuid() mount$cgroup2(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x20811, &(0x7f00000002c0)={[{@subsystem='perf_event'}, {@subsystem='pids'}, {@memory_localevents}, {@subsystem='net'}, {}, {@subsystem='net'}, {}, {@memory_recursiveprot}, {}, {@subsystem='cpuset'}], [{@euid_lt={'euid<', r0}}, {@audit}, {@fsmagic={'fsmagic', 0x3d, 0xfff}}, {@appraise}, {@fowner_gt={'fowner>', r3}}, {@subj_role={'subj_role', 0x3d, '{$\xdd+'}}, {@rootcontext={'rootcontext', 0x3d, 'root'}}, {@seclabel}, {@mask={'mask', 0x3d, '^MAY_READ'}}, {@subj_role={'subj_role', 0x3d, '\x00'}}]}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000400)) semctl$GETNCNT(r2, 0x2, 0xe, &(0x7f0000000440)=""/116) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xb, 0x100010, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r4, 0x0, &(0x7f0000000700)=@IORING_OP_RECVMSG={0xa, 0x5, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)={&(0x7f00000004c0)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, &(0x7f0000000600)=[{&(0x7f0000000540)=""/144, 0x90}], 0x1, &(0x7f0000000640)=""/116, 0x74}, 0x0, 0x0, 0x1, {0x3}}, 0x1ff) semctl$SEM_INFO(r2, 0x1, 0x13, &(0x7f0000000740)=""/50) clock_getres(0x6, &(0x7f0000000780)) semctl$SEM_INFO(0x0, 0x0, 0x13, &(0x7f00000007c0)=""/51) 06:47:01 executing program 5: r0 = inotify_add_watch(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x2000010) inotify_rm_watch(0xffffffffffffffff, r0) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) syz_io_uring_submit(0x0, 0x0, &(0x7f00000000c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={r1, r2+10000000}}, 0x5) clock_gettime(0x8fd8edea4ffe6953, &(0x7f0000000100)) r3 = getpid() sched_setattr(r3, &(0x7f0000000140)={0x38, 0x0, 0x10000004, 0x2940, 0x3, 0x3, 0x0, 0x9a4f, 0x2, 0x4}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x3, 0x28, 0x5, 0xfe, 0x8, 0x81, 0x2, 0x8}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r4, &(0x7f0000003b00)=[{{&(0x7f0000000200)=@l2={0x1f, 0x0, @fixed}, 0x80, &(0x7f0000000480)=[{&(0x7f0000000280)=""/144, 0x90}, {&(0x7f0000000340)=""/202, 0xca}, {&(0x7f0000000440)=""/29, 0x1d}], 0x3, &(0x7f00000004c0)=""/209, 0xd1}}, {{0x0, 0x0, &(0x7f0000001700)=[{&(0x7f00000005c0)}, {&(0x7f0000000600)=""/214, 0xd6}, {&(0x7f0000000700)=""/4096, 0x1000}], 0x3, &(0x7f0000001740)=""/235, 0xeb}, 0x3}, {{0x0, 0x0, &(0x7f0000002a80)=[{&(0x7f0000001840)=""/4096, 0x1000}, {&(0x7f0000002840)=""/82, 0x52}, {&(0x7f00000028c0)=""/5, 0x5}, {&(0x7f0000002900)=""/155, 0x9b}, {&(0x7f00000029c0)=""/165, 0xa5}], 0x5, &(0x7f0000002b00)=""/4096, 0x1000}, 0xfffffff9}], 0x3, 0x40, &(0x7f0000003bc0)={0x0, 0x989680}) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x8, 0x80010, 0xffffffffffffffff, 0x8000000) clock_gettime(0x0, &(0x7f0000003c00)={0x0, 0x0}) syz_io_uring_submit(r6, 0x0, &(0x7f0000003c80)=@IORING_OP_LINK_TIMEOUT={0xf, 0x2, 0x0, 0x0, 0x0, &(0x7f0000003c40)={r7, r8+60000000}, 0x1, 0x1}, 0x9) r9 = socket$inet6_udp(0xa, 0x2, 0x0) recvmmsg(r9, &(0x7f000000a840)=[{{&(0x7f0000003cc0)=@nfc, 0x80, &(0x7f0000004d80)=[{&(0x7f0000003d40)=""/64, 0x40}, {&(0x7f0000003d80)=""/4096, 0x1000}], 0x2, &(0x7f0000004dc0)=""/13, 0xd}, 0x52}, {{&(0x7f0000004e00)=@vsock={0x28, 0x0, 0x0, @host}, 0x80, &(0x7f0000005000)=[{&(0x7f0000004e80)=""/6, 0x6}, {&(0x7f0000004ec0)=""/44, 0x2c}, {&(0x7f0000004f00)}, {&(0x7f0000004f40)=""/41, 0x29}, {&(0x7f0000004f80)=""/108, 0x6c}], 0x5}, 0xffffffff}, {{0x0, 0x0, &(0x7f0000006240)=[{&(0x7f0000005080)=""/142, 0x8e}, {&(0x7f0000005140)=""/4096, 0x1000}, {&(0x7f0000006140)=""/185, 0xb9}, {&(0x7f0000006200)=""/12, 0xc}], 0x4, &(0x7f0000006280)=""/140, 0x8c}, 0x5}, {{&(0x7f0000006340)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @remote}}, 0x80, &(0x7f0000006440)=[{&(0x7f00000063c0)=""/42, 0x2a}, {&(0x7f0000006400)=""/44, 0x2c}], 0x2, &(0x7f0000006480)=""/13, 0xd}, 0x685}, {{&(0x7f00000064c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4={""/10, ""/2, @initdev}}}}, 0x80, &(0x7f0000006980)=[{&(0x7f0000006540)=""/58, 0x3a}, {&(0x7f0000006580)=""/68, 0x44}, {&(0x7f0000006600)=""/56, 0x38}, {&(0x7f0000006640)=""/89, 0x59}, {&(0x7f00000066c0)=""/211, 0xd3}, {&(0x7f00000067c0)=""/28, 0x1c}, {&(0x7f0000006800)=""/70, 0x46}, {&(0x7f0000006880)=""/57, 0x39}, {&(0x7f00000068c0)=""/38, 0x26}, {&(0x7f0000006900)=""/98, 0x62}], 0xa, &(0x7f0000006a40)=""/203, 0xcb}, 0xfffffffa}, {{&(0x7f0000006b40)=@x25={0x9, @remote}, 0x80, &(0x7f00000081c0)=[{&(0x7f0000006bc0)=""/155, 0x9b}, {&(0x7f0000006c80)=""/227, 0xe3}, {&(0x7f0000006d80)=""/4096, 0x1000}, {&(0x7f0000007d80)=""/102, 0x66}, {&(0x7f0000007e00)=""/224, 0xe0}, {&(0x7f0000007f00)=""/133, 0x85}, {&(0x7f0000007fc0)=""/253, 0xfd}, {&(0x7f00000080c0)=""/180, 0xb4}, {&(0x7f0000008180)=""/44, 0x2c}], 0x9}, 0x7}, {{0x0, 0x0, &(0x7f0000008440)=[{&(0x7f0000008280)=""/84, 0x54}, {&(0x7f0000008300)=""/72, 0x48}, {&(0x7f0000008380)=""/184, 0xb8}], 0x3, &(0x7f0000008480)=""/17, 0x11}}, {{&(0x7f00000084c0)=@hci, 0x80, &(0x7f000000a580)=[{&(0x7f0000008540)=""/4096, 0x1000}, {&(0x7f0000009540)=""/4096, 0x1000}, {&(0x7f000000a540)=""/32, 0x20}], 0x3}, 0x44}, {{0x0, 0x0, &(0x7f000000a780)=[{&(0x7f000000a5c0)=""/173, 0xad}, {&(0x7f000000a680)=""/234, 0xea}], 0x2, &(0x7f000000a7c0)=""/121, 0x79}, 0x5}], 0x9, 0x40000000, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r10, 0x0, 0x10, &(0x7f000000aa80)={{{@in6=@dev, @in6=@dev}}, {{@in6=@ipv4={""/10, ""/2, @dev}}, 0x0, @in=@loopback}}, &(0x7f000000ab80)=0xe8) mkdirat$binderfs(0xffffffffffffff9c, &(0x7f000000abc0)='./binderfs2\x00', 0x1ff) sched_rr_get_interval(r3, &(0x7f000000ac00)) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f000000ac40)={'batadv_slave_0\x00'}) 06:47:01 executing program 7: sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x64, 0x0, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x6}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x95}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x3ff}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0xd8}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x3}]}, 0x64}, 0x1, 0x0, 0x0, 0x4004000}, 0x60000040) sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x50, 0x0, 0x4, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xb}}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ISOLATION_MARK={0x8}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_BONDING_ENABLED={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x2000c004}, 0x840) r0 = syz_genetlink_get_family_id$batadv(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x24, r0, 0x200, 0x70bd29, 0x25dfdbff, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x7}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x81}, 0x4000000) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x24, r1, 0x800, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x400c0c4}, 0x4080) sendmsg$BATADV_CMD_TP_METER_CANCEL(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x24, 0x0, 0x4, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x48000}, 0x20000000) socketpair(0x12, 0x800, 0x8, &(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_NEIGHBORS(r2, &(0x7f0000000740)={&(0x7f0000000640), 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x24, r4, 0x300, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000001) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)={0xffffffffffffffff}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f00000007c0)={'batadv_slave_0\x00', 0x0}) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r3, &(0x7f00000008c0)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000880)={&(0x7f0000000840)={0x2c, r4, 0x10, 0x70bd29, 0x25dfdbff, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4004000}, 0x400c0c4) socketpair(0x1f, 0xa, 0x10000, &(0x7f0000000900)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r8, &(0x7f0000000a00)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000009c0)={&(0x7f0000000980)={0x40, r4, 0x800, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r6}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x39}}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x3}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x40}, 0x1, 0x0, 0x0, 0x4004000}, 0x0) sendmsg$BATADV_CMD_SET_MESH(r7, &(0x7f0000000b40)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000b00)={&(0x7f0000000a80)={0x48, r0, 0x400, 0x70bd29, 0x25dfdbfc, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x75}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x3}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x7ff}]}, 0x48}, 0x1, 0x0, 0x0, 0x24004000}, 0x1) r9 = io_uring_setup(0x2416, &(0x7f0000000b80)={0x0, 0x2a79, 0x4, 0x1, 0x2c5}) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000c00)=@IORING_OP_WRITE_FIXED={0x5, 0x3, 0x2000, @fd=r9, 0x2, 0x7b602a2b, 0x983, 0x8, 0x1, {0x3}}, 0x4) sched_yield() sched_yield() 06:47:01 executing program 6: r0 = semget$private(0x0, 0x1, 0x5a0) semctl$SEM_INFO(r0, 0x4, 0x13, &(0x7f0000000000)=""/146) semctl$IPC_RMID(r0, 0x0, 0x0) semctl$IPC_SET(r0, 0x0, 0x1, &(0x7f00000000c0)={{0x1, 0xee00, 0x0, 0xee00, 0xee01, 0x48, 0x9}, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffa}) semctl$GETALL(r0, 0x0, 0xd, &(0x7f0000000140)=""/235) semctl$IPC_INFO(r0, 0x0, 0x3, &(0x7f0000000240)=""/134) semctl$GETNCNT(r0, 0x1, 0xe, &(0x7f0000000300)=""/199) semctl$SEM_INFO(r0, 0x2, 0x13, &(0x7f0000000400)=""/225) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000500)=[0x101, 0x8001]) semctl$GETNCNT(r0, 0x2, 0xe, &(0x7f0000000540)=""/20) semctl$GETVAL(r0, 0x2, 0xc, &(0x7f0000000580)=""/4096) semctl$GETVAL(r0, 0x2, 0xc, &(0x7f0000001580)=""/130) semctl$IPC_STAT(r0, 0x0, 0x2, &(0x7f0000001640)=""/111) semctl$SEM_INFO(r0, 0x2, 0x13, &(0x7f00000016c0)=""/188) semop(r0, &(0x7f0000001780)=[{0x2, 0xf8, 0x1800}, {0x2, 0xed6, 0x1000}, {0x0, 0x8}, {0x3, 0x9, 0x1800}, {0x4, 0x0, 0x1000}, {0x3, 0x1ff, 0x800}, {0x0, 0x1, 0x400}], 0x7) r1 = semget$private(0x0, 0x2, 0x524) semctl$IPC_SET(r1, 0x0, 0x1, &(0x7f00000017c0)={{0x3, 0xee01, 0xffffffffffffffff, 0xee00, 0x0, 0x4, 0x9}, 0x1, 0x6, 0x0, 0x0, 0x0, 0x0, 0x6}) r2 = semget$private(0x0, 0x2, 0x40) semctl$SEM_INFO(r2, 0x3, 0x13, &(0x7f0000001840)=""/4096) semop(r0, &(0x7f0000002840)=[{0x3, 0x3}, {0x4, 0xcca, 0x800}, {0x0, 0x5, 0x800}, {0x2, 0x1}, {0x2, 0x20, 0x1000}, {0x7, 0x8, 0x800}, {0x0, 0x1, 0x1000}, {0x3, 0x2, 0xc00}], 0x8) [ 123.711594] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 123.717687] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 123.721895] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 123.728283] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 123.735839] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 123.770820] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 123.775386] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 123.788221] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 123.801150] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 123.804828] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 123.836377] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 123.855504] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 123.878206] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 123.890885] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 123.906319] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 123.910991] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 123.912716] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 123.923246] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 123.931965] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 123.943121] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 123.949257] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 123.949531] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 123.955354] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 123.957379] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 123.961409] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 123.969386] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 123.977229] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 123.982107] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 123.988593] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 123.990507] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 123.998262] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 124.032993] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 124.034515] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 124.047174] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 124.065394] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 124.069795] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 124.088694] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 124.093951] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 124.100095] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 124.108469] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 125.789317] Bluetooth: hci0: command tx timeout [ 125.852519] Bluetooth: hci1: command tx timeout [ 126.045375] Bluetooth: hci3: command tx timeout [ 126.108605] Bluetooth: hci2: command tx timeout [ 126.173498] Bluetooth: hci4: command tx timeout [ 126.237488] Bluetooth: hci5: command tx timeout [ 126.238256] Bluetooth: hci7: command tx timeout [ 126.300515] Bluetooth: hci6: command tx timeout [ 127.836535] Bluetooth: hci0: command tx timeout [ 127.901776] Bluetooth: hci1: command tx timeout [ 128.092665] Bluetooth: hci3: command tx timeout [ 128.156866] Bluetooth: hci2: command tx timeout [ 128.222461] Bluetooth: hci4: command tx timeout [ 128.285829] Bluetooth: hci7: command tx timeout [ 128.286300] Bluetooth: hci5: command tx timeout [ 128.348685] Bluetooth: hci6: command tx timeout [ 129.884849] Bluetooth: hci0: command tx timeout [ 129.949765] Bluetooth: hci1: command tx timeout [ 130.143219] Bluetooth: hci3: command tx timeout [ 130.205824] Bluetooth: hci2: command tx timeout [ 130.269602] Bluetooth: hci4: command tx timeout [ 130.333526] Bluetooth: hci5: command tx timeout [ 130.334001] Bluetooth: hci7: command tx timeout [ 130.396612] Bluetooth: hci6: command tx timeout [ 131.933815] Bluetooth: hci0: command tx timeout [ 131.997486] Bluetooth: hci1: command tx timeout [ 132.189505] Bluetooth: hci3: command tx timeout [ 132.253564] Bluetooth: hci2: command tx timeout [ 132.317762] Bluetooth: hci4: command tx timeout [ 132.380526] Bluetooth: hci7: command tx timeout [ 132.381006] Bluetooth: hci5: command tx timeout [ 132.445509] Bluetooth: hci6: command tx timeout [ 183.616264] syz-executor.4 (292) used greatest stack depth: 23928 bytes left [ 186.290035] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 186.295836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 186.300806] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 186.314699] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 186.321393] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 186.375869] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 186.379877] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 186.388264] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 186.391252] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 186.403676] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 186.409078] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 186.412187] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 186.416533] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 186.427774] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 186.431976] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 186.435146] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 186.441178] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 186.444584] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 186.452899] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 186.460727] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 186.658507] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 186.665740] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 186.680503] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 186.692889] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 186.712722] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 186.734683] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 186.737663] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 186.740952] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 186.769112] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 186.786076] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 186.789759] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 186.809029] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 186.821079] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 186.825765] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 186.830708] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 186.855174] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 186.871785] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 186.897834] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 186.904025] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 186.916228] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 188.380766] Bluetooth: hci0: command tx timeout [ 188.508523] Bluetooth: hci2: command tx timeout [ 188.509493] Bluetooth: hci3: command tx timeout [ 188.572679] Bluetooth: hci1: command tx timeout [ 188.892538] Bluetooth: hci4: command tx timeout [ 189.084566] Bluetooth: hci7: command tx timeout [ 189.085900] Bluetooth: hci6: command tx timeout [ 189.086486] Bluetooth: hci5: command tx timeout [ 190.429538] Bluetooth: hci0: command tx timeout [ 190.556832] Bluetooth: hci3: command tx timeout [ 190.557255] Bluetooth: hci2: command tx timeout [ 190.620894] Bluetooth: hci1: command tx timeout [ 190.940783] Bluetooth: hci4: command tx timeout [ 191.132580] Bluetooth: hci6: command tx timeout [ 191.133016] Bluetooth: hci7: command tx timeout [ 191.134378] Bluetooth: hci5: command tx timeout [ 192.477491] Bluetooth: hci0: command tx timeout [ 192.605463] Bluetooth: hci2: command tx timeout [ 192.605913] Bluetooth: hci3: command tx timeout [ 192.668521] Bluetooth: hci1: command tx timeout [ 192.989526] Bluetooth: hci4: command tx timeout [ 193.180531] Bluetooth: hci7: command tx timeout [ 193.183491] Bluetooth: hci5: command tx timeout [ 193.183516] Bluetooth: hci6: command tx timeout [ 194.525488] Bluetooth: hci0: command tx timeout [ 194.654559] Bluetooth: hci3: command tx timeout [ 194.654687] Bluetooth: hci2: command tx timeout [ 194.716525] Bluetooth: hci1: command tx timeout [ 195.036668] Bluetooth: hci4: command tx timeout [ 195.228542] Bluetooth: hci5: command tx timeout [ 195.228697] Bluetooth: hci7: command tx timeout [ 195.229531] Bluetooth: hci6: command tx timeout [ 248.969118] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 248.975390] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 248.981615] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 248.985081] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 248.988701] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 249.004141] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 249.010044] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 249.016031] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 249.024245] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 249.027933] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 249.062269] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 249.068822] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 249.071093] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 249.079115] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 249.085360] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 249.164996] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 249.169871] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 249.173957] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 249.177996] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 249.186632] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 249.189222] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 249.212997] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 249.214851] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 249.218368] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 249.221683] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 249.225401] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 249.231601] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 249.237157] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 249.246270] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 249.256929] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 249.312906] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 249.315572] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 249.326227] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 249.337347] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 249.343865] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 249.346853] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 249.355776] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 249.364054] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 249.366956] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 249.378914] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 251.101499] Bluetooth: hci1: command tx timeout [ 251.101561] Bluetooth: hci2: command tx timeout [ 251.103023] Bluetooth: hci0: command tx timeout [ 251.292647] Bluetooth: hci3: command tx timeout [ 251.292663] Bluetooth: hci4: command tx timeout [ 251.356620] Bluetooth: hci5: command tx timeout [ 251.484993] Bluetooth: hci7: command tx timeout [ 251.485196] Bluetooth: hci6: command tx timeout [ 253.148689] Bluetooth: hci0: command tx timeout [ 253.151630] Bluetooth: hci2: command tx timeout [ 253.151716] Bluetooth: hci1: command tx timeout [ 253.340837] Bluetooth: hci3: command tx timeout [ 253.341337] Bluetooth: hci4: command tx timeout [ 253.405562] Bluetooth: hci5: command tx timeout [ 253.532497] Bluetooth: hci6: command tx timeout [ 253.533533] Bluetooth: hci7: command tx timeout [ 255.196509] Bluetooth: hci2: command tx timeout [ 255.196877] Bluetooth: hci0: command tx timeout [ 255.197726] Bluetooth: hci1: command tx timeout [ 255.388553] Bluetooth: hci4: command tx timeout [ 255.388657] Bluetooth: hci3: command tx timeout [ 255.452621] Bluetooth: hci5: command tx timeout [ 255.582265] Bluetooth: hci7: command tx timeout [ 255.582511] Bluetooth: hci6: command tx timeout [ 257.244626] Bluetooth: hci1: command tx timeout [ 257.244703] Bluetooth: hci0: command tx timeout [ 257.245841] Bluetooth: hci2: command tx timeout [ 257.436501] Bluetooth: hci3: command tx timeout [ 257.438961] Bluetooth: hci4: command tx timeout [ 257.500849] Bluetooth: hci5: command tx timeout [ 257.628703] Bluetooth: hci7: command tx timeout [ 257.629548] Bluetooth: hci6: command tx timeout [ 311.475286] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 311.481064] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 311.483987] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 311.490312] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 311.496397] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 311.606111] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 311.612083] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 311.617043] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 311.625033] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 311.629884] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 311.673976] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 311.695061] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 311.714455] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 311.724396] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 311.731899] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 311.739333] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 311.749243] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 311.758321] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 311.758884] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 311.769954] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 311.781747] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 311.811373] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 311.821739] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 311.828221] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 311.838718] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 311.846305] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 311.849329] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 311.856063] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 311.863058] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 311.878149] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 311.879746] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 311.887061] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 311.902186] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 311.904264] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 311.910334] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 311.924606] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 311.926060] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 311.983201] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 311.984860] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 311.994299] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 313.564662] Bluetooth: hci0: command tx timeout [ 313.692528] Bluetooth: hci1: command tx timeout [ 313.822239] Bluetooth: hci2: command tx timeout [ 313.884521] Bluetooth: hci3: command tx timeout [ 313.948803] Bluetooth: hci4: command tx timeout [ 314.013613] Bluetooth: hci6: command tx timeout [ 314.076568] Bluetooth: hci7: command tx timeout [ 314.076642] Bluetooth: hci5: command tx timeout [ 315.612550] Bluetooth: hci0: command tx timeout [ 315.740732] Bluetooth: hci1: command tx timeout [ 315.868545] Bluetooth: hci2: command tx timeout [ 315.932531] Bluetooth: hci3: command tx timeout [ 315.996535] Bluetooth: hci4: command tx timeout [ 316.062633] Bluetooth: hci6: command tx timeout [ 316.124489] Bluetooth: hci7: command tx timeout [ 316.125779] Bluetooth: hci5: command tx timeout [ 317.662627] Bluetooth: hci0: command tx timeout [ 317.789471] Bluetooth: hci1: command tx timeout [ 317.917514] Bluetooth: hci2: command tx timeout [ 317.981665] Bluetooth: hci3: command tx timeout [ 318.045495] Bluetooth: hci4: command tx timeout [ 318.109507] Bluetooth: hci6: command tx timeout [ 318.173584] Bluetooth: hci5: command tx timeout [ 318.173818] Bluetooth: hci7: command tx timeout [ 319.709849] Bluetooth: hci0: command tx timeout [ 319.837508] Bluetooth: hci1: command tx timeout [ 319.964516] Bluetooth: hci2: command tx timeout [ 320.029824] Bluetooth: hci3: command tx timeout [ 320.093832] Bluetooth: hci4: command tx timeout [ 320.158462] Bluetooth: hci6: command tx timeout [ 320.220846] Bluetooth: hci7: command tx timeout [ 320.221519] Bluetooth: hci5: command tx timeout [ 373.681620] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 373.689079] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 373.694656] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 373.699849] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 373.703073] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 373.705790] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 373.718355] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 373.729256] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 373.732979] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 373.746886] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 373.885704] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 373.893357] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 373.896120] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 373.909705] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 373.928677] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 373.934274] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 373.942164] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 373.983553] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 373.994041] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 374.000605] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 374.005273] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 374.018087] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 374.024284] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 374.026623] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 374.038254] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 374.039963] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 374.042651] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 374.044240] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 374.050940] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 374.055651] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 374.060860] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 374.075800] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 374.080317] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 374.098882] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 374.108623] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 374.114087] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 374.134481] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 374.168855] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 374.187159] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 374.191128] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 375.772630] Bluetooth: hci0: command tx timeout [ 375.837648] Bluetooth: hci1: command tx timeout [ 376.029472] Bluetooth: hci2: command tx timeout [ 376.093775] Bluetooth: hci6: command tx timeout [ 376.220751] Bluetooth: hci3: command tx timeout [ 376.221586] Bluetooth: hci7: command tx timeout [ 376.287694] Bluetooth: hci5: command tx timeout [ 376.288307] Bluetooth: hci4: command tx timeout [ 377.822143] Bluetooth: hci0: command tx timeout [ 377.884692] Bluetooth: hci1: command tx timeout [ 378.077550] Bluetooth: hci2: command tx timeout [ 378.140763] Bluetooth: hci6: command tx timeout [ 378.269827] Bluetooth: hci3: command tx timeout [ 378.270271] Bluetooth: hci7: command tx timeout [ 378.332884] Bluetooth: hci4: command tx timeout [ 378.333319] Bluetooth: hci5: command tx timeout [ 379.868776] Bluetooth: hci0: command tx timeout [ 379.934009] Bluetooth: hci1: command tx timeout [ 380.124495] Bluetooth: hci2: command tx timeout [ 380.189855] Bluetooth: hci6: command tx timeout [ 380.317697] Bluetooth: hci3: command tx timeout [ 380.318188] Bluetooth: hci7: command tx timeout [ 380.381674] Bluetooth: hci5: command tx timeout [ 380.382135] Bluetooth: hci4: command tx timeout [ 381.918728] Bluetooth: hci0: command tx timeout [ 381.981470] Bluetooth: hci1: command tx timeout [ 382.174444] Bluetooth: hci2: command tx timeout [ 382.237748] Bluetooth: hci6: command tx timeout [ 382.365509] Bluetooth: hci7: command tx timeout [ 382.366002] Bluetooth: hci3: command tx timeout [ 382.429515] Bluetooth: hci5: command tx timeout [ 382.429999] Bluetooth: hci4: command tx timeout VM DIAGNOSIS: 06:52:06 Registers: info registers vcpu 0 RAX=0000000000000001 RBX=00007f54a8d5b699 RCX=1f5d0b6ddf42c333 RDX=0000000000000000 RSI=00000000402c56ce RDI=ffff88806ce31850 RBP=00007f54a8d5b699 RSP=ffff88806ce089a8 R8 =0000000000000002 R9 =0000000000000001 R10=0000000000000000 R11=0000000000000003 R12=ffff88806ce08a00 R13=0000000000000000 R14=ffff888007088000 R15=ffff88801972f700 RIP=ffffffff815f5774 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e564d000 00000000 00000000 LDT=0000 fffffe5000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fb60fa886f4 CR3=0000000028b34000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007fb60fa9747000007fb60fa96f20 XMM02=00000000000000000000000000000000 XMM03=756e20796d6d756420736e6f6974706f XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=73253d656d616e6c6165722073253d73 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=0000000000000000 RCX=0000000000000001 RDX=0000000000000000 RSI=ffffffff815f5752 RDI=fffffbfff0b83750 RBP=ffffffff85c1ba80 RSP=ffff88806cf089a8 R8 =0000000000000000 R9 =0000000000000000 R10=00007fadfd33c000 R11=0000000000000003 R12=0000000000000002 R13=0000000000000000 R14=0000000000000000 R15=ffff888034d6eb90 RIP=ffffffff81518721 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fadfd220540 00000000 00000000 GS =0000 ffff8880e574d000 00000000 00000000 LDT=0000 fffffe7400000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ff9da1cb310 CR3=0000000028b04000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00642e65626f7270646f6d2f6374652f XMM01=00642e65626f7270646f6d2f6374652f XMM02=00000000000000000000ffffffffffff XMM03=00000000000000000000ff00000000ff XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=676f6c206d6f74737563000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000