Warning: Permanently added '[localhost]:58970' (ECDSA) to the list of known hosts. 2025/04/25 14:50:13 fuzzer started 2025/04/25 14:50:13 dialing manager at localhost:46629 syzkaller login: [ 94.607251] cgroup: Unknown subsys name 'net' [ 94.730882] cgroup: Unknown subsys name 'cpuset' [ 94.770324] cgroup: Unknown subsys name 'rlimit' 2025/04/25 14:50:29 syscalls: 200 2025/04/25 14:50:29 code coverage: enabled 2025/04/25 14:50:29 comparison tracing: enabled 2025/04/25 14:50:29 extra coverage: enabled 2025/04/25 14:50:29 setuid sandbox: enabled 2025/04/25 14:50:29 namespace sandbox: enabled 2025/04/25 14:50:29 Android sandbox: enabled 2025/04/25 14:50:29 fault injection: enabled 2025/04/25 14:50:29 leak checking: enabled 2025/04/25 14:50:29 net packet injection: enabled 2025/04/25 14:50:29 net device setup: enabled 2025/04/25 14:50:29 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/04/25 14:50:29 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/04/25 14:50:29 USB emulation: enabled 2025/04/25 14:50:29 hci packet injection: enabled 2025/04/25 14:50:29 wifi device emulation: enabled 2025/04/25 14:50:29 802.15.4 emulation: enabled 2025/04/25 14:50:29 fetching corpus: 0, signal 0/0 (executing program) 2025/04/25 14:50:30 starting 8 fuzzer processes 14:50:30 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001800)={0xb8, 0x0, &(0x7f0000001680)=[@transaction_sg={0x40486311, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x48, 0x18, &(0x7f0000001480)={@flat=@weak_handle={0x77682a85, 0x110b}, @flat=@handle={0x73682a85, 0x110b, 0x1}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000001500)={0x0, 0x18, 0x30}}, 0x40}, @request_death={0x400c630e, 0x2}, @clear_death, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x68, 0x18, &(0x7f00000015c0)={@fda={0x66646185, 0x4, 0x0, 0x36}, @ptr={0x70742a85, 0x0, &(0x7f0000001540)=""/94, 0x5e, 0x1, 0x38}, @fda={0x66646185, 0x0, 0x2, 0xe}}, &(0x7f0000001640)={0x0, 0x20, 0x48}}}], 0x8a, 0x0, &(0x7f0000001740)="f29fd5608379dfd18454a3bb6e04c01b1149dd7f2d18627de5b9c35d0eda69c9c9e499c10943321616b1edc00912327c586fb1875a36fb193f5039ffa63952c8e99b81e4d0c95cd2a47c5d26f99c9dd0f8cf5f08bed4b0b4b89e4f199171c4fa24cf5ffb7d6bbf36f7d74ecd11c2110e7379e64ab3808c5112afec5c904eab090aace7a439060543000e"}) ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0) r1 = syz_open_dev$sg(&(0x7f0000001840), 0xffffffff, 0x800) ioctl$SCSI_IOCTL_SYNC(r1, 0x4) ioctl$SG_GET_NUM_WAITING(r1, 0x227d, &(0x7f0000001880)) r2 = accept4(r0, 0x0, &(0x7f00000018c0), 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f00000019c0)={&(0x7f0000001900)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000001980)={&(0x7f0000001940)={0x24, 0x0, 0x1, 0xd78aac829612c827, 0x0, 0x0, {0x2, 0x0, 0x4}, [@CTA_LABELS_MASK={0x10, 0x17, [0x4, 0x80cf, 0x80000001]}]}, 0x24}, 0x1, 0x0, 0x0, 0x140c4841}, 0x20048844) openat$binderfs(0xffffffffffffff9c, &(0x7f0000001a00)='./binderfs/custom0\x00', 0x4, 0x0) ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000001a40)=0x9262) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000001b80)={&(0x7f0000001a80)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000001b40)={&(0x7f0000001ac0)={0x4c, 0x7, 0x6, 0x3, 0x0, 0x0, {0x1, 0x0, 0x9}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20004000}, 0x40040) ioctl$SG_IO(r1, 0x2285, &(0x7f0000002d00)={0x0, 0xfffffffffffffffb, 0x6c, 0x57, @buffer={0x0, 0x1000, &(0x7f0000001bc0)=""/4096}, &(0x7f0000002bc0)="4522c59c4d8372c8a2dba19824a9bd4995855613ee8dbef68e7ffbd1a4123a195604d7ec70e5cbb8f93272f42a81afde6384339560d095cc97592b2fb7cec5c4782bae3ee293edb43fb344dac2a518150b6680abbb2d901ffe6cdd5cfb4e3295377b8ca27b54fe4905742836", &(0x7f0000002c40)=""/105, 0x3, 0x36, 0x2, &(0x7f0000002cc0)}) sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000002e40)={&(0x7f0000002d80)={0x10, 0x0, 0x0, 0x41000}, 0xc, &(0x7f0000002e00)={&(0x7f0000002dc0)={0x38, 0x0, 0x4, 0x70bd2d, 0x25dfdbfd, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @random="bd99c3dce561"}, @BATADV_ATTR_ORIG_INTERVAL={0x8}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x8001}]}, 0x38}, 0x1, 0x0, 0x0, 0x40}, 0x51) sendmsg$BATADV_CMD_TP_METER(r2, &(0x7f0000002f40)={&(0x7f0000002e80)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000002f00)={&(0x7f0000002ec0)={0x2c, 0x0, 0x0, 0x70bd26, 0x25dfdbfc, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x10001}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x56a}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x8000) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r2, &(0x7f0000003040)={&(0x7f0000002f80), 0xc, &(0x7f0000003000)={&(0x7f0000002fc0)={0x3c, 0x0, 0x300, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x34}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x4f6c}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40010}, 0x40000) ioctl$SG_SET_COMMAND_Q(0xffffffffffffffff, 0x2271, &(0x7f0000003080)) ioctl$SCSI_IOCTL_STOP_UNIT(r1, 0x6) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000003100), r2) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r2, &(0x7f00000031c0)={&(0x7f00000030c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000003180)={&(0x7f0000003140)={0x24, r3, 0x2, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000080}, 0x40000) ioctl$SG_IO(r1, 0x2285, &(0x7f0000003300)={0x53, 0xfffffffffffffffc, 0x40, 0x1, @buffer={0x0, 0x0, &(0x7f0000003200)}, &(0x7f0000003240)="f097e582f0e876e9df088cf1733a9233efe93c1697f604a0e09c08b3c931a72061590e8320de153c3cbd59844f6cd28b4690f797f8badc49e564e140c7d90334", &(0x7f0000003280)=""/52, 0x400, 0x10, 0x3, &(0x7f00000032c0)}) 14:50:30 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000000), 0x4, 0x50101) ioctl$SG_GET_RESERVED_SIZE(r0, 0x2272, &(0x7f0000000040)) ioctl$SG_SET_FORCE_PACK_ID(r0, 0x227b, &(0x7f0000000080)) ioctl$SG_SET_KEEP_ORPHAN(r0, 0x2287, &(0x7f00000000c0)=0x100) ioctl$SCSI_IOCTL_PROBE_HOST(r0, 0x5385, &(0x7f0000000100)) r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000140), 0x80, 0x0) ioctl$SCSI_IOCTL_DOORUNLOCK(r1, 0x5381) ioctl$SCSI_IOCTL_DOORLOCK(r0, 0x5380) ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, &(0x7f0000000180)) r2 = syz_open_dev$sg(&(0x7f00000001c0), 0x7fffffff, 0x143102) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000200)=0xf2) ioctl$SCSI_IOCTL_PROBE_HOST(r2, 0x5385, &(0x7f0000000240)={0xa3, ""/163}) ioctl$SG_SET_TIMEOUT(0xffffffffffffffff, 0x2201, &(0x7f0000000300)=0x1c8) ioctl$SG_GET_PACK_ID(r2, 0x227c, &(0x7f0000000340)) ioctl$SCSI_IOCTL_START_UNIT(r1, 0x5) ioctl$SCSI_IOCTL_SYNC(r1, 0x4) ioctl$SCSI_IOCTL_DOORUNLOCK(r1, 0x5381) r3 = syz_open_dev$sg(&(0x7f0000000380), 0xfffffffffffffff7, 0x10000) ioctl$SG_NEXT_CMD_LEN(r3, 0x2283, &(0x7f00000003c0)=0xda) ioctl$SG_SET_TIMEOUT(r0, 0x2201, &(0x7f0000000400)) 14:50:30 executing program 2: ioctl$SCSI_IOCTL_DOORUNLOCK(0xffffffffffffffff, 0x5381) r0 = perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x0, 0x5, 0x3, 0x5, 0x0, 0x7, 0x1b4e9, 0xf, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000000), 0xd}, 0x40000, 0x6, 0x1, 0x8, 0x5, 0xfff, 0x7fff, 0x0, 0x1, 0x0, 0x2}, 0x0, 0x3, 0xffffffffffffffff, 0x0) ioctl$SG_GET_KEEP_ORPHAN(0xffffffffffffffff, 0x2288, &(0x7f00000000c0)) ioctl$SG_GET_VERSION_NUM(0xffffffffffffffff, 0x2282, &(0x7f0000000100)) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000380)={0x53, 0xfffffffffffffffd, 0x56, 0xd6, @buffer={0x0, 0x93, &(0x7f0000000140)=""/147}, &(0x7f0000000200)="9f1a3c93160773888aabfcde47c9316b53da82883fd4dd5ff96c18a5ffd27d28423f3f2e9dfbfce04fe5877e10f2987e12e436345cbf6a9a37680e38794fa167db749f0385b41779b9045600729f57130191ade07a25", &(0x7f0000000280)=""/132, 0xb89, 0x5, 0x0, &(0x7f0000000340)}) r1 = syz_open_dev$sg(&(0x7f0000000400), 0x4, 0x111000) ioctl$SCSI_IOCTL_SYNC(r1, 0x4) ioctl$SG_GET_REQUEST_TABLE(r1, 0x2286, &(0x7f0000000440)) ioctl$SCSI_IOCTL_SYNC(r1, 0x4) r2 = syz_open_dev$sg(&(0x7f00000005c0), 0x6, 0xa2840) ioctl$SG_SET_COMMAND_Q(r2, 0x2271, &(0x7f0000000600)) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40042409, 0x1) socketpair(0x26, 0x4, 0x1ff, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000740)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCADD6RD(r3, 0x89f9, &(0x7f0000000800)={'ip6gre0\x00', &(0x7f0000000780)={'ip6gre0\x00', r5, 0x2f, 0x40, 0x63, 0x4, 0x30, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @local, 0x8, 0x7800, 0x7f, 0x200000}}) r6 = syz_open_dev$sg(&(0x7f0000000840), 0x4, 0x444201) ioctl$SG_SET_COMMAND_Q(r6, 0x2271, &(0x7f0000000880)=0x1) r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000900), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000a00)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x20001}, 0xc, &(0x7f00000009c0)={&(0x7f0000000940)={0x44, r7, 0x4, 0x70bd2a, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x2}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0xc8}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x8044091}, 0x80) syz_genetlink_get_family_id$fou(&(0x7f0000000a40), r4) 14:50:30 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x7c, 0x0, 0x20, 0x70bd26, 0x25dfdbfe, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x4}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x8}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xb30}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x7}]}, 0x7c}, 0x1, 0x0, 0x0, 0x2}, 0x40c4) sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x24, 0x0, 0x10, 0x70bd26, 0x25dfdbfb, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x7fffffff}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x5b2d6d2f565c6399}, 0x4) r1 = socket(0x23, 0x5, 0x101) sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r1, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x14, 0x4, 0x1, 0x201, 0x0, 0x0, {0xa}, ["", "", "", "", "", "", ""]}, 0x14}}, 0x4014) socketpair(0xf, 0x3, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r1, 0x89f8, &(0x7f0000000500)={'syztnl2\x00', &(0x7f0000000480)={'ip6_vti0\x00', 0x0, 0x4, 0x1f, 0x1, 0x3f, 0x14, @private0={0xfc, 0x0, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x20, 0x8000, 0x3, 0x97}}) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r2, &(0x7f0000000600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000005}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x60, 0x0, 0x10, 0x70bd27, 0x25dfdbff, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r3}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x101}]}, 0x60}, 0x1, 0x0, 0x0, 0x90}, 0x0) sendmsg$IPSET_CMD_RENAME(r2, &(0x7f0000000700)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x38, 0x5, 0x6, 0x101, 0x0, 0x0, {0x0, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x38}, 0x1, 0x0, 0x0, 0x8800}, 0x4008000) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000740)) ioctl$HIDIOCGUCODE(r0, 0xc018480d, &(0x7f0000000780)={0x2, 0x100, 0xc2, 0xf1d6, 0x8, 0x8}) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(r5, &(0x7f0000000880)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)={0x14, 0x3, 0x2, 0x101, 0x0, 0x0, {0x1, 0x0, 0x8}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20004845}, 0x880) sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f00000009c0)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000980)={&(0x7f0000000900)={0x50, 0x7, 0x6, 0x201, 0x0, 0x0, {0xc, 0x0, 0x7}, [@IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x3f5}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0xfffffff9}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x48000}, 0x50) sendmsg$IPCTNL_MSG_CT_GET_STATS(r5, &(0x7f0000000ac0)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a40)={0x14, 0x5, 0x1, 0x201, 0x0, 0x0, {0x7, 0x0, 0x1}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x10) r6 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000b00), 0x0, 0x0) ioctl$HIDIOCGREPORT(r6, 0x400c4807, &(0x7f0000000b40)={0x2, 0x2, 0x7fff}) socketpair(0x26, 0x5, 0x8, &(0x7f0000000b80)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$IPCTNL_MSG_EXP_GET(r7, &(0x7f0000000f40)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000f00)={&(0x7f0000000c00)={0x2c8, 0x1, 0x2, 0x3, 0x0, 0x0, {0x5, 0x0, 0x3}, [@CTA_EXPECT_NAT={0x158, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_TUPLE={0x50, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2={0xfc, 0x2, '\x00', 0x1}}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}]}, @CTA_EXPECT_NAT_TUPLE={0x74, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010100}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x28}}, {0x14, 0x4, @private2}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @private=0xa010100}}}]}, @CTA_EXPECT_NAT_TUPLE={0x64, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x3e}}, {0x8, 0x2, @empty}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}]}, @CTA_EXPECT_NAT_TUPLE={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}]}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x3}, @CTA_EXPECT_FN={0x13, 0xb, 'callforwarding\x00'}, @CTA_EXPECT_TUPLE={0x98, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x43}}, {0x14, 0x4, @private0}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x10}}, {0x8, 0x2, @private=0xa010100}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @private=0xa010101}}}]}, @CTA_EXPECT_MASK={0xa8, 0x3, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x37}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x4252770917d8c3e1}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010101}, {0x8, 0x2, @rand_addr=0x64010101}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @local}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @rand_addr=0x64010100}}}]}]}, 0x2c8}, 0x1, 0x0, 0x0, 0x24044010}, 0x40010) [ 111.502629] audit: type=1400 audit(1745592631.024:7): avc: denied { execmem } for pid=276 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 14:50:31 executing program 4: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = accept4(r0, &(0x7f0000000040)=@ax25={{0x3, @rose}, [@remote, @rose, @null, @default, @default, @bcast, @netrom, @rose]}, &(0x7f00000000c0)=0x80, 0x80000) r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000100), 0x600000, 0x0) ioctl$RFKILL_IOCTL_NOINPUT(r3, 0x5201) r4 = accept4(r1, &(0x7f0000000140)=@tipc=@id, &(0x7f00000001c0)=0x80, 0x80800) ioctl$sock_ipv6_tunnel_SIOCADD6RD(r2, 0x89f9, &(0x7f00000002c0)={'syztnl0\x00', &(0x7f0000000240)={'syztnl2\x00', 0x0, 0x3b, 0x1f, 0x20, 0xfff, 0x6, @remote, @local, 0x1, 0x7800, 0x4f1b, 0x3f}}) sendmsg$BATADV_CMD_SET_HARDIF(r4, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, 0x0, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x400004c) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), r2) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r4, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x1c, r6, 0x800, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x90}, 0x10044040) read$rfkill(r3, &(0x7f0000000500), 0x8) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x14, 0x0, 0x200, 0x70bd27, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20040000}, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_GET(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000700)={&(0x7f0000000680)={0x68, 0x1, 0x8, 0x301, 0x0, 0x0, {0x5, 0x0, 0x4}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0xf9}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_DATA={0x34, 0x4, 0x0, 0x1, @sctp=[@CTA_TIMEOUT_SCTP_HEARTBEAT_SENT={0x8, 0x8, 0x1, 0x0, 0x5}, @CTA_TIMEOUT_SCTP_COOKIE_WAIT={0x8, 0x2, 0x1, 0x0, 0x7f}, @CTA_TIMEOUT_SCTP_CLOSED={0x8, 0x1, 0x1, 0x0, 0x10000}, @CTA_TIMEOUT_SCTP_COOKIE_WAIT={0x8, 0x2, 0x1, 0x0, 0x7}, @CTA_TIMEOUT_SCTP_CLOSED={0x8, 0x1, 0x1, 0x0, 0xffff}, @CTA_TIMEOUT_SCTP_SHUTDOWN_RECD={0x8, 0x6, 0x1, 0x0, 0x3}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x40}, 0x8800) ioctl$HIDIOCGDEVINFO(r3, 0x801c4803, &(0x7f0000000780)=""/201) sendmsg$BATADV_CMD_GET_DAT_CACHE(r3, &(0x7f0000000940)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000900)={&(0x7f00000008c0)={0x2c, r6, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x9}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x804}, 0x8000810) sendmsg$BATADV_CMD_GET_VLAN(r3, &(0x7f0000000a40)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000a00)={&(0x7f00000009c0)={0x2c, r6, 0x200, 0x70bd25, 0x25dfdbff, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0xffffffff}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4040800}, 0x24008042) write$rfkill(r3, &(0x7f0000000a80)={0x5, 0x6, 0x1, 0x47, 0x1}, 0x8) sendmsg$IPCTNL_MSG_CT_DELETE(r2, &(0x7f0000000c40)={&(0x7f0000000ac0)={0x10, 0x0, 0x0, 0x600d0000}, 0xc, &(0x7f0000000c00)={&(0x7f0000000b00)={0xdc, 0x2, 0x1, 0x801, 0x0, 0x0, {0x1, 0x0, 0x5}, [@CTA_SEQ_ADJ_REPLY={0x24, 0x10, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x9}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x10000}]}, @CTA_TUPLE_ORIG={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_SEQ_ADJ_REPLY={0x2c, 0x10, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xabaa}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x5}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xfffffff7}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x9}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x4}]}, @CTA_HELP={0x10, 0x5, 0x0, 0x1, {0x9, 0x1, 'snmp\x00'}}, @CTA_LABELS={0x1c, 0x16, 0x1, 0x0, [0xfffffa54, 0x0, 0x7a, 0x2, 0x1, 0x400]}, @CTA_LABELS_MASK={0x14, 0x17, [0x1, 0x25866d18, 0x2, 0x8]}, @CTA_HELP={0xc, 0x5, 0x0, 0x1, {0x5, 0x1, '\x00'}}, @CTA_HELP={0x14, 0x5, 0x0, 0x1, {0xe, 0x1, 'snmp_trap\x00'}}]}, 0xdc}, 0x1, 0x0, 0x0, 0x4ce8bfd31c256042}, 0x800) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000cc0), r2) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r7, &(0x7f0000000d80)={&(0x7f0000000c80)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000d40)={&(0x7f0000000d00)={0x2c, r8, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0xaed1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x3f}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000000}, 0x24000001) 14:50:31 executing program 5: ioctl$SG_GET_NUM_WAITING(0xffffffffffffffff, 0x227d, &(0x7f0000000000)) r0 = syz_open_dev$sg(&(0x7f0000000040), 0x8, 0x30100) ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, &(0x7f0000000080)) ioctl$SCSI_IOCTL_GET_PCI(r0, 0x5387, &(0x7f00000000c0)) r1 = syz_open_dev$sg(&(0x7f0000000100), 0x7, 0x8001) ioctl$SG_GET_VERSION_NUM(r1, 0x2282, &(0x7f0000000140)) sendmsg$IPSET_CMD_HEADER(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x40, 0xc, 0x6, 0x5, 0x0, 0x0, {0x0, 0x0, 0xa}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0xc080}, 0x4410) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0x8, 0x5, 0x0, 0x0, {0xc, 0x0, 0x4}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x9100}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x21}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0xf8}, @CTA_TIMEOUT_L3PROTO={0x6}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x88}]}, 0x58}, 0x1, 0x0, 0x0, 0x40040}, 0x0) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000003c0)=0x6) r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000400), 0x66a400, 0x0) sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14, 0x4, 0x1, 0x603, 0x0, 0x0, {0x2, 0x0, 0x9}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x24044801) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000b00)={0x0, 0xffffffffffffffff, 0xd8, 0x0, @scatter={0x6, 0x0, &(0x7f0000000900)=[{&(0x7f0000000540)=""/95, 0x5f}, {&(0x7f00000005c0)=""/151, 0x97}, {&(0x7f0000000680)=""/68, 0x44}, {&(0x7f0000000700)=""/187, 0xbb}, {&(0x7f00000007c0)=""/210, 0xd2}, {&(0x7f00000008c0)=""/50, 0x32}]}, &(0x7f0000000980)="d0e65d5a760d5cdaabbe04dc8fedec8e206d78c34d88a54b2880d29c2be23a4fd2f67e099a2368c1dddb6cdc14b141280f85022ebdded43b37dbf432f40fc84871e00141650df6d5040f7cf7c3545393bb2ae62a96fbb5d3ee97e0c0c5e47fe916ecb308af7fab62b5d7b18fd7d8e6f1ed10d5a7d34b9bb9539352417330fec5200da3edfded0e2f3334e5b8765e4e5ba890e1f3776c5cb801b5a8d9b1c57db27e7ee5bb771c460860da23b5cc08f82d7879289c56b71c41488dfb12b153711188295691b2c349cd5d6d438882e6efa98b3dc395e159f7c4", &(0x7f0000000a80)=""/18, 0x87, 0x3, 0x2, &(0x7f0000000ac0)}) sendmsg$BATADV_CMD_GET_NEIGHBORS(r2, &(0x7f0000000c40)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000c00)={&(0x7f0000000bc0)={0x1c, 0x0, 0x4, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x1ff}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4880}, 0x4004044) sendmsg$IPSET_CMD_SAVE(r2, &(0x7f0000000d40)={&(0x7f0000000c80)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000d00)={&(0x7f0000000cc0)={0x28, 0x8, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x4094}, 0x4000000) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000dc0)={0x0, @remote, @dev}, &(0x7f0000000e00)=0xc) sendmsg$BATADV_CMD_TP_METER_CANCEL(0xffffffffffffffff, &(0x7f0000000f00)={&(0x7f0000000d80)={0x10, 0x0, 0x0, 0x723c79328e9cd3dd}, 0xc, &(0x7f0000000ec0)={&(0x7f0000000e40)={0x4c, 0x0, 0x400, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x337}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1f}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20040015}, 0x0) connect$bt_sco(r2, &(0x7f0000000f40)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x8) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f0000000f80)={0xaf, 0x5, 0x2, "fec1c6f88ac69d2a4496291124ef89f27bdc545ea0a585aabec8e4434b18dfded130e5865a17f8df135dd28ea719628f641b08ef054f1b7aa5b848f6c8bf492f4070df796cd4a6686b63a73a76bf00a75e69e337758411a4d583ccbd935b05c7b2d7656e7c2a8facc515d18d3a1714030345ffa9c7a64bcb1f448612e2d3ef04088e9c4e86cbbcd40770f94360e53e3c2a42fdd71f819be9d687d83ad33e54e18e6474fe9fd484d5625d0c921a30e9"}) sendmsg$BATADV_CMD_GET_ORIGINATORS(r2, &(0x7f0000001100)={&(0x7f0000001040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000010c0)={&(0x7f0000001080)={0x1c, 0x0, 0x110, 0x70bd2a, 0x25dfdbfb, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000041}, 0x4000000) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f0000001240)={'ip6gre0\x00', &(0x7f00000011c0)={'ip6gre0\x00', 0x0, 0x2f, 0xff, 0x3, 0x0, 0x0, @mcast2, @remote, 0x700, 0x700, 0x3f, 0x7}}) 14:50:31 executing program 6: r0 = socket(0xf, 0x80000, 0x5) sendmsg$NFT_MSG_GETTABLE(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x44, 0x1, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x3}, [@NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x5}, @NFTA_TABLE_FLAGS={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x840}, 0x2a044015) r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000140), 0x60c00, 0x0) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) timerfd_settime(r1, 0x0, &(0x7f00000001c0)={{r2, r3+10000000}}, &(0x7f0000000200)) sendmsg$IPSET_CMD_SAVE(r1, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x40, 0x8, 0x6, 0x201, 0x0, 0x0, {0x7, 0x0, 0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x200080a4}, 0x20000800) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000340)='syz2\x00') ioctl$SG_SET_FORCE_PACK_ID(r1, 0x227b, &(0x7f0000000380)) r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) openat$vcsu(0xffffffffffffff9c, &(0x7f0000000400), 0x101000, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000440)={'vcan0\x00'}) r6 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000480), 0x4a1200, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000740)={0x44, 0x0, &(0x7f0000000680)=[@transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x60, 0x18, &(0x7f00000005c0)={@fd={0x66642a85, 0x0, r6}, @fda={0x66646185, 0x6, 0x2, 0x3b}, @ptr={0x70742a85, 0x1, &(0x7f00000004c0)=""/229, 0xe5, 0x0, 0x20}}, &(0x7f0000000640)={0x0, 0x18, 0x38}}}], 0x27, 0x0, &(0x7f0000000700)="8b1b2b2877c143339686f76744123e616c9ed10092e988d090919fe517ed180ceacc2591d85820"}) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_GET(r7, &(0x7f0000000840)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x40, 0x1, 0x9, 0x5, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0xcff3}}, @NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0x5}, @NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x4}, @NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x1a}, @NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0xffff13f5}]}, 0x40}, 0x1, 0x0, 0x0, 0x4}, 0x0) recvmsg(r5, &(0x7f0000000f40)={&(0x7f0000000880)=@tipc=@id, 0x80, &(0x7f0000000e40)=[{&(0x7f0000000900)=""/100, 0x64}, {&(0x7f0000000980)=""/182, 0xb6}, {&(0x7f0000000a40)=""/195, 0xc3}, {&(0x7f0000000b40)=""/98, 0x62}, {&(0x7f0000000bc0)=""/199, 0xc7}, {&(0x7f0000000cc0)=""/103, 0x67}, {&(0x7f0000000d40)=""/221, 0xdd}], 0x7, &(0x7f0000000ec0)=""/115, 0x73}, 0x40000001) sendmsg$FOU_CMD_ADD(r6, &(0x7f0000001080)={&(0x7f0000000f80)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000001040)={&(0x7f0000000fc0)={0x4c, 0x0, 0x300, 0x70bd2d, 0x25dfdbfd, {}, [@FOU_ATTR_AF={0x5, 0x2, 0x2}, @FOU_ATTR_IPPROTO={0x5, 0x3, 0x2b}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @remote}, @FOU_ATTR_PEER_V6={0x14, 0x9, @remote}]}, 0x4c}, 0x1, 0x0, 0x0, 0x10}, 0x4081) ioctl$BINDER_GET_NODE_DEBUG_INFO(r6, 0xc018620b, &(0x7f00000010c0)={0x2}) sendmsg$NFQNL_MSG_VERDICT_BATCH(r1, &(0x7f0000001200)={&(0x7f0000001100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000011c0)={&(0x7f0000001140)={0x60, 0x3, 0x3, 0x501, 0x0, 0x0, {0xa, 0x0, 0x3}, [@NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x8001}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffc, 0x3}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xffffffffffffffff, 0x10000}}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x9}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffd, 0x34}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffc, 0xdf3}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffd}}]}, 0x60}}, 0x0) 14:50:31 executing program 7: ioctl$SG_GET_VERSION_NUM(0xffffffffffffffff, 0x2282, &(0x7f0000000000)) r0 = syz_open_dev$sg(&(0x7f0000000040), 0x1, 0x400000) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000080)={0x37, 0x6, 0x9, "d39d8ad443d2a937ba91deaf0f639e2378f78fa65f7c90fd6fcc17fa32f7fe736c00e4baea8a0b7a4cedf023eb9e4347249dde62345485"}) ioctl$SG_GET_PACK_ID(r0, 0x227c, &(0x7f0000000100)) r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000140), 0x2a481, 0x0) ioctl$SG_SET_FORCE_PACK_ID(r1, 0x227b, &(0x7f0000000180)=0x1) read$rfkill(r1, &(0x7f00000001c0), 0x8) r2 = syz_open_dev$sg(&(0x7f0000000200), 0x1, 0x119000) ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r2, 0x3) ioctl$SCSI_IOCTL_PROBE_HOST(r0, 0x5385, &(0x7f0000000240)={0x34, ""/52}) ioctl$SG_NEXT_CMD_LEN(r0, 0x2283, &(0x7f0000000280)=0xd) ioctl$SG_GET_SG_TABLESIZE(r1, 0x227f, &(0x7f00000002c0)) socketpair(0x15, 0x80000, 0x3, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40010080}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x2c, 0x2, 0x6, 0x5, 0x0, 0x0, {0xa, 0x0, 0x5}, [@IPSET_ATTR_TYPENAME={0x10, 0x3, 'bitmap:port\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8881}, 0x20008801) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETGEN(r4, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14, 0x10, 0xa, 0x201, 0x0, 0x0, {0xc, 0x0, 0x3}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x20000080) r5 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000540), 0xa0100, 0x0) ioctl$SG_GET_VERSION_NUM(r5, 0x2282, &(0x7f0000000580)) r6 = syz_open_dev$sg(&(0x7f00000005c0), 0x33, 0x410242) ioctl$SCSI_IOCTL_DOORUNLOCK(r6, 0x5381) [ 112.821977] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 112.826677] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 112.829297] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 112.837615] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 112.842084] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 112.906232] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 112.917503] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 112.922690] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 112.929132] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 112.934972] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 112.963332] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 112.973653] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 112.976810] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 112.994136] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 113.001930] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 113.003979] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 113.007073] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 113.026939] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 113.032121] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 113.033245] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 113.055636] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 113.075544] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 113.104865] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 113.112666] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 113.118112] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 113.125590] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 113.134696] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 113.138905] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 113.147951] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 113.149447] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 113.158849] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 113.163684] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 113.166011] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 113.171886] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 113.185859] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 113.193124] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 113.193613] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 113.194556] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 113.202702] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 113.242896] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 114.906496] Bluetooth: hci0: command tx timeout [ 115.033627] Bluetooth: hci1: command tx timeout [ 115.096738] Bluetooth: hci2: command tx timeout [ 115.098283] Bluetooth: hci3: command tx timeout [ 115.288594] Bluetooth: hci4: command tx timeout [ 115.353468] Bluetooth: hci5: command tx timeout [ 115.354176] Bluetooth: hci6: command tx timeout [ 115.480609] Bluetooth: hci7: command tx timeout [ 116.952716] Bluetooth: hci0: command tx timeout [ 117.080481] Bluetooth: hci1: command tx timeout [ 117.146541] Bluetooth: hci3: command tx timeout [ 117.146984] Bluetooth: hci2: command tx timeout [ 117.336593] Bluetooth: hci4: command tx timeout [ 117.402407] Bluetooth: hci5: command tx timeout [ 117.402862] Bluetooth: hci6: command tx timeout [ 117.528747] Bluetooth: hci7: command tx timeout [ 119.000911] Bluetooth: hci0: command tx timeout [ 119.128645] Bluetooth: hci1: command tx timeout [ 119.192486] Bluetooth: hci2: command tx timeout [ 119.192941] Bluetooth: hci3: command tx timeout [ 119.384439] Bluetooth: hci4: command tx timeout [ 119.448768] Bluetooth: hci6: command tx timeout [ 119.449227] Bluetooth: hci5: command tx timeout [ 119.576444] Bluetooth: hci7: command tx timeout [ 121.048565] Bluetooth: hci0: command tx timeout [ 121.176708] Bluetooth: hci1: command tx timeout [ 121.240682] Bluetooth: hci3: command tx timeout [ 121.241143] Bluetooth: hci2: command tx timeout [ 121.432679] Bluetooth: hci4: command tx timeout [ 121.496478] Bluetooth: hci5: command tx timeout [ 121.496939] Bluetooth: hci6: command tx timeout [ 121.625441] Bluetooth: hci7: command tx timeout [ 173.227880] syz-executor.2 (282) used greatest stack depth: 24520 bytes left [ 175.462649] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 175.467618] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 175.468937] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 175.476558] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 175.479662] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 175.530265] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 175.535004] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 175.540649] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 175.545089] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 175.551169] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 175.552670] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 175.559073] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 175.560320] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 175.565774] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 175.566935] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 175.611050] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 175.613054] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 175.614604] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 175.623197] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 175.625653] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 175.732604] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 175.737204] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 175.740610] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 175.742953] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 175.761725] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 175.763460] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 175.800093] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 175.804173] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 175.806668] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 175.812941] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 175.815386] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 175.820385] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 175.823978] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 175.830754] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 175.832597] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 175.847794] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 175.849111] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 175.852328] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 175.854325] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 175.874652] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 177.560725] Bluetooth: hci0: command tx timeout [ 177.624558] Bluetooth: hci2: command tx timeout [ 177.624597] Bluetooth: hci1: command tx timeout [ 177.688837] Bluetooth: hci3: command tx timeout [ 177.944755] Bluetooth: hci7: command tx timeout [ 177.944814] Bluetooth: hci5: command tx timeout [ 178.137040] Bluetooth: hci4: command tx timeout [ 178.392587] Bluetooth: hci6: command tx timeout [ 179.611392] Bluetooth: hci0: command tx timeout [ 179.672576] Bluetooth: hci1: command tx timeout [ 179.673696] Bluetooth: hci2: command tx timeout [ 179.737878] Bluetooth: hci3: command tx timeout [ 179.993715] Bluetooth: hci7: command tx timeout [ 179.994527] Bluetooth: hci5: command tx timeout [ 180.186169] Bluetooth: hci4: command tx timeout [ 180.440636] Bluetooth: hci6: command tx timeout [ 181.656584] Bluetooth: hci0: command tx timeout [ 181.720451] Bluetooth: hci2: command tx timeout [ 181.721001] Bluetooth: hci1: command tx timeout [ 181.785826] Bluetooth: hci3: command tx timeout [ 182.041597] Bluetooth: hci5: command tx timeout [ 182.042166] Bluetooth: hci7: command tx timeout [ 182.232754] Bluetooth: hci4: command tx timeout [ 182.488960] Bluetooth: hci6: command tx timeout [ 183.704462] Bluetooth: hci0: command tx timeout [ 183.768501] Bluetooth: hci1: command tx timeout [ 183.769049] Bluetooth: hci2: command tx timeout [ 183.833650] Bluetooth: hci3: command tx timeout [ 184.089851] Bluetooth: hci7: command tx timeout [ 184.090322] Bluetooth: hci5: command tx timeout [ 184.280745] Bluetooth: hci4: command tx timeout [ 184.536523] Bluetooth: hci6: command tx timeout [ 237.931735] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 237.936620] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 237.941025] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 237.962326] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 237.967153] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 238.065205] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 238.068857] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 238.073488] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 238.082184] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 238.085617] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 238.116752] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 238.121634] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 238.126624] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 238.134763] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 238.142706] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 238.286025] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 238.289954] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 238.292901] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 238.302859] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 238.306349] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 238.399322] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 238.414995] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 238.430664] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 238.445114] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 238.449041] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 238.455884] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 238.459770] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 238.461861] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 238.463994] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 238.466101] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 238.483518] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 238.486750] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 238.500911] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 238.543812] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 238.576664] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 238.614599] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 238.659546] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 238.661620] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 238.666171] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 238.669820] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 240.025748] Bluetooth: hci0: command tx timeout [ 240.153693] Bluetooth: hci1: command tx timeout [ 240.216917] Bluetooth: hci2: command tx timeout [ 240.410426] Bluetooth: hci3: command tx timeout [ 240.600464] Bluetooth: hci4: command tx timeout [ 240.601517] Bluetooth: hci5: command tx timeout [ 240.729479] Bluetooth: hci6: command tx timeout [ 240.793909] Bluetooth: hci7: command tx timeout [ 242.072435] Bluetooth: hci0: command tx timeout [ 242.201423] Bluetooth: hci1: command tx timeout [ 242.265477] Bluetooth: hci2: command tx timeout [ 242.458510] Bluetooth: hci3: command tx timeout [ 242.648665] Bluetooth: hci5: command tx timeout [ 242.649138] Bluetooth: hci4: command tx timeout [ 242.778417] Bluetooth: hci6: command tx timeout [ 242.841695] Bluetooth: hci7: command tx timeout [ 244.120454] Bluetooth: hci0: command tx timeout [ 244.248634] Bluetooth: hci1: command tx timeout [ 244.313597] Bluetooth: hci2: command tx timeout [ 244.504453] Bluetooth: hci3: command tx timeout [ 244.697628] Bluetooth: hci4: command tx timeout [ 244.698110] Bluetooth: hci5: command tx timeout [ 244.825426] Bluetooth: hci6: command tx timeout [ 244.889523] Bluetooth: hci7: command tx timeout [ 246.169792] Bluetooth: hci0: command tx timeout [ 246.299726] Bluetooth: hci1: command tx timeout [ 246.362785] Bluetooth: hci2: command tx timeout [ 246.553583] Bluetooth: hci3: command tx timeout [ 246.745772] Bluetooth: hci4: command tx timeout [ 246.746225] Bluetooth: hci5: command tx timeout [ 246.873443] Bluetooth: hci6: command tx timeout [ 246.937463] Bluetooth: hci7: command tx timeout [ 300.718852] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 300.723751] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 300.729023] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 300.742072] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 300.749970] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 300.797973] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 300.802005] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 300.819153] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 300.832868] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 300.837842] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 300.846412] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 300.856212] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 300.883568] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 300.893395] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 300.903170] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 300.972862] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 300.990903] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 301.006538] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 301.024472] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 301.029945] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 301.059012] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 301.066872] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 301.071211] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 301.093293] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 301.098229] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 301.185603] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 301.211755] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 301.234115] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 301.238980] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 301.250645] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 301.256171] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 301.262655] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 301.265205] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 301.268182] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 301.287865] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 301.305468] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 301.308118] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 301.313840] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 301.316953] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 301.327043] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 302.809465] Bluetooth: hci0: command tx timeout [ 302.936712] Bluetooth: hci2: command tx timeout [ 302.938155] Bluetooth: hci1: command tx timeout [ 303.129134] Bluetooth: hci3: command tx timeout [ 303.193456] Bluetooth: hci4: command tx timeout [ 303.320623] Bluetooth: hci5: command tx timeout [ 303.384916] Bluetooth: hci6: command tx timeout [ 303.448554] Bluetooth: hci7: command tx timeout [ 304.857028] Bluetooth: hci0: command tx timeout [ 304.985154] Bluetooth: hci1: command tx timeout [ 304.986101] Bluetooth: hci2: command tx timeout [ 305.176499] Bluetooth: hci3: command tx timeout [ 305.240485] Bluetooth: hci4: command tx timeout [ 305.368752] Bluetooth: hci5: command tx timeout [ 305.433870] Bluetooth: hci6: command tx timeout [ 305.496761] Bluetooth: hci7: command tx timeout [ 306.905774] Bluetooth: hci0: command tx timeout [ 307.032590] Bluetooth: hci1: command tx timeout [ 307.033029] Bluetooth: hci2: command tx timeout [ 307.224594] Bluetooth: hci3: command tx timeout [ 307.288447] Bluetooth: hci4: command tx timeout [ 307.416600] Bluetooth: hci5: command tx timeout [ 307.480441] Bluetooth: hci6: command tx timeout [ 307.544436] Bluetooth: hci7: command tx timeout [ 308.952682] Bluetooth: hci0: command tx timeout [ 309.080604] Bluetooth: hci2: command tx timeout [ 309.081069] Bluetooth: hci1: command tx timeout [ 309.272732] Bluetooth: hci3: command tx timeout [ 309.336489] Bluetooth: hci4: command tx timeout [ 309.464902] Bluetooth: hci5: command tx timeout [ 309.528443] Bluetooth: hci6: command tx timeout [ 309.592454] Bluetooth: hci7: command tx timeout [ 363.052878] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 363.056022] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 363.062009] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 363.073996] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 363.083747] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 363.377452] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 363.385088] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 363.391087] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 363.400951] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 363.412113] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 363.587544] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 363.592803] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 363.600246] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 363.606716] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 363.608767] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 363.617941] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 363.632621] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 363.638061] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 363.642710] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 363.645054] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 363.646843] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 363.649212] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 363.653043] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 363.657784] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 363.662099] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 363.662730] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 363.678002] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 363.690729] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 363.707599] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 363.711554] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 363.739103] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 363.774791] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 363.777934] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 363.824787] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 363.841842] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 363.873149] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 363.882950] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 363.886822] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 363.915682] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 363.928895] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 365.145442] Bluetooth: hci0: command tx timeout [ 365.464529] Bluetooth: hci1: command tx timeout [ 365.721445] Bluetooth: hci5: command tx timeout [ 365.784605] Bluetooth: hci2: command tx timeout [ 365.849456] Bluetooth: hci3: command tx timeout [ 365.850292] Bluetooth: hci4: command tx timeout [ 365.912466] Bluetooth: hci6: command tx timeout [ 365.976574] Bluetooth: hci7: command tx timeout [ 367.194421] Bluetooth: hci0: command tx timeout [ 367.512586] Bluetooth: hci1: command tx timeout [ 367.769459] Bluetooth: hci5: command tx timeout [ 367.832760] Bluetooth: hci2: command tx timeout [ 367.896432] Bluetooth: hci4: command tx timeout [ 367.896490] Bluetooth: hci3: command tx timeout [ 367.960624] Bluetooth: hci6: command tx timeout [ 368.025427] Bluetooth: hci7: command tx timeout [ 369.240653] Bluetooth: hci0: command tx timeout [ 369.560439] Bluetooth: hci1: command tx timeout [ 369.816501] Bluetooth: hci5: command tx timeout [ 369.880616] Bluetooth: hci2: command tx timeout [ 369.944438] Bluetooth: hci3: command tx timeout [ 369.944481] Bluetooth: hci4: command tx timeout [ 370.010449] Bluetooth: hci6: command tx timeout [ 370.072460] Bluetooth: hci7: command tx timeout [ 371.288474] Bluetooth: hci0: command tx timeout [ 371.609632] Bluetooth: hci1: command tx timeout [ 371.864700] Bluetooth: hci5: command tx timeout [ 371.931393] Bluetooth: hci2: command tx timeout [ 371.992617] Bluetooth: hci4: command tx timeout [ 371.993442] Bluetooth: hci3: command tx timeout [ 372.056500] Bluetooth: hci6: command tx timeout [ 372.120445] Bluetooth: hci7: command tx timeout VM DIAGNOSIS: 14:55:32 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=ffff88806ce08e68 RCX=ffff88806ce089a4 RDX=0000000000000000 RSI=ffffffff85c1bac0 RDI=ffff8880287883fc RBP=ffff88806ce01000 RSP=ffff88806ce089e0 R8 =0000000000000001 R9 =ffff88806ce08a90 R10=000000000003b0c2 R11=00000000000231ac R12=ffff88806ce08a01 R13=ffff88806ce08a98 R14=ffff88806ce08e58 R15=ffff88806ce08a50 RIP=ffffffff81350850 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007effd4733540 00000000 00000000 GS =0000 ffff8880e564b000 00000000 00000000 LDT=0000 fffffe4900000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007effd47f08b0 CR3=000000002874c000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=000000ff0000000000000000000000ff XMM01=ffffff0000ff00ffffffffffffffff00 XMM02=494c4700362e322e325f4342494c4700 XMM03=00000000000000000000000000004700 XMM04=4342494c4700362e322e325f4342494c XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=ffffffff812d7179 RBX=ffffffff8645e490 RCX=ffffffff812d7115 RDX=0000000000000000 RSI=ffffffff8679cf8c RDI=ffffffff8645e484 RBP=ffffffff8645e484 RSP=ffff88806cf08948 R8 =ffffffff8679cf8c R9 =0000000000000001 R10=000000000003b0c2 R11=00000000000043ac R12=ffffffff8645e48c R13=ffffffff8645e484 R14=ffffffff8645e484 R15=dffffc0000000000 RIP=ffffffff8134feef RFL=00000297 [--S-APC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e574b000 00000000 00000000 LDT=0000 fffffe2500000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f27ecd5c620 CR3=0000000036c8e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ff00ffffffffffff0000000000000000 XMM01=0100010001000000ffffffffffffffff XMM02=0500050005000000455441564952505f XMM03=0000000000000000000000564952505f XMM04=00030005000500050005000000455441 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000