Debian GNU/Linux 11 syzkaller ttyS0 syzkaller login: [ 95.015547] sshd (249) used greatest stack depth: 25368 bytes left Warning: Permanently added '[localhost]:62593' (ECDSA) to the list of known hosts. 2025/05/01 15:18:58 fuzzer started 2025/05/01 15:18:58 dialing manager at localhost:43767 [ 105.578108] cgroup: Unknown subsys name 'net' [ 105.719894] cgroup: Unknown subsys name 'cpuset' [ 105.737653] cgroup: Unknown subsys name 'rlimit' 2025/05/01 15:19:17 syscalls: 206 2025/05/01 15:19:17 code coverage: enabled 2025/05/01 15:19:17 comparison tracing: enabled 2025/05/01 15:19:17 extra coverage: enabled 2025/05/01 15:19:17 setuid sandbox: enabled 2025/05/01 15:19:17 namespace sandbox: enabled 2025/05/01 15:19:17 Android sandbox: enabled 2025/05/01 15:19:17 fault injection: enabled 2025/05/01 15:19:17 leak checking: enabled 2025/05/01 15:19:17 net packet injection: enabled 2025/05/01 15:19:17 net device setup: enabled 2025/05/01 15:19:17 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/05/01 15:19:17 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/05/01 15:19:17 USB emulation: enabled 2025/05/01 15:19:17 hci packet injection: enabled 2025/05/01 15:19:17 wifi device emulation: enabled 2025/05/01 15:19:17 802.15.4 emulation: enabled 2025/05/01 15:19:17 fetching corpus: 0, signal 0/0 (executing program) 2025/05/01 15:19:18 starting 8 fuzzer processes 15:19:18 executing program 0: shmget$private(0x0, 0x3000, 0x8, &(0x7f0000ffc000/0x3000)=nil) r0 = shmget$private(0x0, 0x4000, 0x400, &(0x7f0000ffc000/0x4000)=nil) shmctl$IPC_INFO(r0, 0x3, &(0x7f0000000000)=""/172) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x100, 0x1f, 0x4, 0x1}, {0x1, 0x9, 0x4, 0x7}]}) r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffe000/0x2000)=nil) shmctl$SHM_STAT(r1, 0xd, &(0x7f0000000140)) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000180)='k\x00', &(0x7f00000001c0)='_\\-]^]}\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f0000000200)='\x00', &(0x7f0000000240)="8cca610e7e1495d6e7a5a610740ead03c80174bdc911ea05b7508c029068768042c22af30033392a3987945cde019fd50cd793afb0c58f6b1cab857896f621543a4c0ee87ba7c9f94c168653f8ff03484e09e95bf7b6a1bccb47a085da99e6e1023e19f0ea21643b8b826b031e2bb100bdc29d94b9dcdaccd71c6b8b05de20101f1cc4a0a4e9171c8fd5d97aa9a3d59af2978adb86008804fe66fbfdfde28ee88fa48f85bb3873233a7ef7ecf63d07382c62d425dbad287024016516fb432f0323b33319944aa17f7d0f2e1f7f9cce19f2852c942c070e54", 0xd8) r2 = fspick(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x34, 0x0, 0x20, 0x70bd2c, 0x7, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x9}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x81}]}, 0x34}}, 0x80) r4 = shmget(0x3, 0x4000, 0x8, &(0x7f0000ffc000/0x4000)=nil) shmctl$IPC_INFO(r4, 0x3, &(0x7f00000004c0)=""/241) ioctl$EVIOCGMTSLOTS(0xffffffffffffffff, 0x8040450a, &(0x7f00000005c0)=""/131) shmctl$SHM_UNLOCK(0xffffffffffffffff, 0xc) fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f0000000680)=':#]-/%+]&\x00', &(0x7f00000006c0)="40beb7015dc42c5d6c5c2263bb09c88d871c5afac46392b96d5c2f94eb1e", 0x1e) shmctl$IPC_STAT(0xffffffffffffffff, 0x2, &(0x7f0000000700)=""/84) shmctl$SHM_STAT(r1, 0xd, &(0x7f0000000780)=""/166) 15:19:18 executing program 1: pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f0000000040)='#!:\x00', &(0x7f0000000080)="efafcefbd646287eb5cfc212e8a84d32b587f91fd35304cbd6097bdeac98dbd1ccb762a4f72fa23227c9b2aa2c3516b1916d6c9fb4b7f15973", 0x39) r2 = fsmount(r0, 0x1, 0x79) fsconfig$FSCONFIG_SET_PATH(r2, 0x3, &(0x7f00000000c0)='^\x00', &(0x7f0000000100)='./file0\x00', r1) openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000240)={&(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ff9000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000180)="60f82f69937b0502b755589867e378bbf3a1b03bb2e05325e6a05ec9f131dc1fd4b9ea595dd48ac1735522f2b3b634f7e1566bc54a06d7c2b3390a965b93255ecb5f88577e844c62ed69e6c642cee6c88e0e2694a7c31a126a66addd1b77f830fa15b64520e896b94edf9f87524fa6f229f0c8291480f37103cc301463cee67bf1f8fa6a544513d49ebdd7f5351267715eec3fee626bba819ad015f292dd4525e26d7e4a333d089092cd55159df699ab1a8c295c47", 0xb5, r2}, 0x68) r3 = openat$cgroup_devices(r2, &(0x7f0000000300)='devices.allow\x00', 0x2, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000340)={&(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f00000002c0)="d39667f442a7444465c11ac2fc02dcf54af633ebd167db8ec9f94f583e714f86ff7dd6b6be738be2cca13647eebdac5aa45472e4", 0x34, r3}, 0x68) r4 = fspick(0xffffffffffffff9c, &(0x7f00000003c0)='\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r4, 0x5, &(0x7f0000000400)='\x00', 0x0, r0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000440)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x5, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x7) r5 = shmget$private(0x0, 0x4000, 0x78000000, &(0x7f0000ff9000/0x4000)=nil) shmctl$IPC_RMID(r5, 0x0) syz_io_uring_setup(0x7a96, &(0x7f0000000480)={0x0, 0xf885, 0x24, 0x2, 0x40}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000500), &(0x7f0000000540)=0x0) r7 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) syz_io_uring_submit(0x0, r6, &(0x7f00000005c0)=@IORING_OP_CLOSE={0x13, 0x5, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x2c, r8, 0x100, 0x70bd2b, 0x25dfdbfb, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40) r9 = fspick(r0, &(0x7f0000000740)='./file0\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r9, 0x6, 0x0, 0x0, 0x0) 15:19:18 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_CHANNEL(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x28, 0x0, 0x200, 0x70bd27, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x14ce, 0x43}}}}, [@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x185}]}, 0x28}}, 0x4040050) socket$inet_udplite(0x2, 0x2, 0x88) pipe2(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$rfkill(r2, &(0x7f0000000140)={0x7, 0x3, 0x0, 0x0, 0x1}, 0x8) fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f0000000180)='\x00', &(0x7f00000001c0)="9c539eebeaca47eed2a132f4782267212909ae4f55927b64401eb96fa94df446d1b115a6859d6abeed55c418daeb9361ba9e7178f1f482d018524a48d3a2ecae14329e8705ebca140b1436d9cca9e0783da01278c8164a47fe8053f8815de5f1a1dd96fc20964182e3dd8aaf8d48c64e6ca6eec3181f", 0x76) sendmsg$NL80211_CMD_TDLS_OPER(r0, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x24, 0x0, 0x4, 0x70bd2a, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x2}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x40011}, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000340), r1) socket$inet_udplite(0x2, 0x2, 0x88) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$smc(&(0x7f0000000380), r3) socketpair(0x2, 0x3, 0x6, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NL80211_CMD_SET_CHANNEL(r4, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x4c, 0x0, 0x100, 0x70bd29, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x36}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x5}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1716}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x4}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xe}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x180}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1af}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000810}, 0x20000000) ioctl$sock_ipv6_tunnel_SIOCDEL6RD(r1, 0x89fa, &(0x7f00000005c0)={'ip6_vti0\x00', &(0x7f0000000540)={'sit0\x00', 0x0, 0x2f, 0x4, 0x5, 0xfff, 0x20, @private2={0xfc, 0x2, '\x00', 0x1}, @mcast1, 0x700, 0x40, 0xfff, 0x9}}) connect$packet(r5, &(0x7f0000000600)={0x11, 0xd, r6, 0x1, 0x1b, 0x6, @multicast}, 0x14) r7 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000640), 0x80000, 0x0) r8 = syz_genetlink_get_family_id$devlink(&(0x7f00000006c0), r0) sendmsg$DEVLINK_CMD_PORT_GET(r7, &(0x7f00000007c0)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000780)={&(0x7f0000000700)={0x60, r8, 0x800, 0x70bd2d, 0x25dfdbfe, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x54}, 0x0) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000840), r7) sendmsg$NL80211_CMD_LEAVE_MESH(r2, &(0x7f0000000900)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x1c, r9, 0x1, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x9000}, 0x4000) 15:19:18 executing program 3: r0 = accept(0xffffffffffffffff, &(0x7f0000000000)=@pppoe, &(0x7f0000000080)=0x80) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NLBL_CALIPSO_C_LIST(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x34, r2, 0x300, 0x70bd25, 0x25dfdbff, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x20040081}, 0x4004080) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000240)={'tunl0\x00', &(0x7f0000000200)={'gre0\x00', 0x0, 0x10, 0x80, 0x4, 0x8, {{0x7, 0x4, 0x0, 0x2, 0x1c, 0x64, 0x0, 0x0, 0x29, 0x0, @multicast2, @empty, {[@rr={0x7, 0x7, 0x19, [@empty]}]}}}}}) sendmsg$NBD_CMD_RECONFIGURE(r1, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x38, 0x0, 0x100, 0x70bd25, 0x25dfdbfc, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x5424}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x1}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}]}, 0x38}, 0x1, 0x0, 0x0, 0x40}, 0x0) r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), r1) sendmsg$NL80211_CMD_GET_STATION(r0, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x48, 0x0, 0x400, 0x70bd2c, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x4, 0x3f}}}}, [@NL80211_ATTR_STA_PLINK_ACTION={0x5}, @NL80211_ATTR_STA_PLINK_STATE={0x5, 0x74, 0x1}, @NL80211_ATTR_STA_TX_POWER={0x6}, @NL80211_ATTR_MESH_PEER_AID={0x6, 0xed, 0x1d}, @NL80211_ATTR_STA_PLINK_ACTION={0x5, 0x19, 0x2}]}, 0x48}, 0x1, 0x0, 0x0, 0x8050}, 0x40) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), r0) sendmsg$NL80211_CMD_TDLS_OPER(r0, &(0x7f0000000640)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x80, r5, 0x20, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x7}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x4}, @NL80211_ATTR_TDLS_OPERATION={0x5}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x2}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_OPERATION={0x5}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x80}, 0x1, 0x0, 0x0, 0x880}, 0x20004080) sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000000780)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000740)={&(0x7f00000006c0)={0x7c, r4, 0x2, 0x70bd27, 0x25dfdbfc, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x25}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x8}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}, @NBD_ATTR_SERVER_FLAGS={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0xffffffffffff8001}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0xfffffffffffffbff}]}, 0x7c}, 0x1, 0x0, 0x0, 0x80}, 0x8006) socketpair(0x21, 0x5, 0x7fffffff, &(0x7f00000007c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NL80211_CMD_SET_CHANNEL(r7, &(0x7f00000008c0)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000880)={&(0x7f0000000840)={0x30, r5, 0x400, 0x70bd29, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x1, 0x1b}}}}, [@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xffffff3c}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x7fffffff}]}, 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x10) r8 = accept(r6, &(0x7f0000000900)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, &(0x7f0000000980)=0x80) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000a40)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_OCB(r8, &(0x7f0000000b40)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000b00)={&(0x7f0000000a80)={0x5c, r10, 0x800, 0x70bd26, 0x25dfdbff, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xe}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x1}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x4}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x23}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x96c}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40010}, 0x20048810) sendmsg$NL80211_CMD_NOTIFY_RADAR(r9, &(0x7f0000000c80)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000c40)={&(0x7f0000000bc0)={0x44, r10, 0x20, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16c1}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x2}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x3}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x4}]}, 0x44}, 0x1, 0x0, 0x0, 0x40010}, 0x10) io_uring_setup(0x27aa, &(0x7f0000000cc0)={0x0, 0x441b, 0x8, 0x1, 0x1f8}) [ 125.299426] audit: type=1400 audit(1746112758.884:7): avc: denied { execmem } for pid=285 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 15:19:18 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NLBL_CALIPSO_C_LISTALL(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, r1, 0x0, 0x70bd27, 0x25dfdbfe, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_DOI={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x90}, 0x20000015) r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000180), 0x20080, 0x0) socketpair(0x11, 0x6, 0x6, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) socketpair(0x2, 0x80000, 0x472bd1f, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r9 = openat$hpet(0xffffffffffffff9c, &(0x7f00000002c0), 0x100, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000400)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0x90, 0x0, 0x2, 0x70bd2a, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x8cb1}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x648290ac}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x200}, @NBD_ATTR_SOCKETS={0x4c, 0x7, 0x0, 0x1, [{0x8, 0x1, r2}, {0x8}, {0x8, 0x1, r3}, {0x8}, {0x8}, {0x8, 0x1, r5}, {0x8}, {0x8, 0x1, r6}, {0x8, 0x1, r7}]}, @NBD_ATTR_SOCKETS={0xc, 0x7, 0x0, 0x1, [{0x8, 0x1, r9}]}]}, 0x90}, 0x1, 0x0, 0x0, 0x8008}, 0x4080) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), r7) sendmsg$NL80211_CMD_RADAR_DETECT(r9, &(0x7f0000000580)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x68, r10, 0x200, 0x70bd26, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x2, 0x70}}}}, [@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x1b}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0xd}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1685}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x2d}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xf}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x7}]}, 0x68}, 0x1, 0x0, 0x0, 0xb1}, 0x20008090) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000600), r4) sendmsg$NL80211_CMD_REGISTER_FRAME(r6, &(0x7f0000000700)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x840000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)={0x68, r11, 0x800, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0xffffffff, 0x80}}}}, [@NL80211_ATTR_FRAME_MATCH={0x3f, 0x5b, "789e52614afad22bcf688df9b673c5b3c12508457b709904ca3f3ca725a6374ab34acc737ed23b753a0e573781eee821d8aaa71679c17ef2a63395"}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x8}]}, 0x68}}, 0x80) sendmsg$NL80211_CMD_GET_STATION(r2, &(0x7f0000000800)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x38, r11, 0x300, 0x70bd2b, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x8, 0x40}}}}, [@NL80211_ATTR_STA_PLINK_ACTION={0x5, 0x19, 0x1}, @NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x4db}]}, 0x38}, 0x1, 0x0, 0x0, 0x40}, 0x10008000) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000940)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000900)={&(0x7f0000000880)={0x48, 0x0, 0x200, 0x70bd27, 0x25dfdbfc, {}, [@NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0xfffffffffffff068}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}, {0x8, 0x1, r9}, {0x8, 0x1, r8}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x40000) r12 = fsmount(r3, 0x0, 0x74) r13 = syz_genetlink_get_family_id$nl80211(&(0x7f00000009c0), r8) sendmsg$NL80211_CMD_RADAR_DETECT(r12, &(0x7f0000000ac0)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a00)={0x60, r13, 0x400, 0x70bd2d, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x4, 0x23}}}}, [@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x2}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x2fd}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x3}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x5}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1699}]}, 0x60}, 0x1, 0x0, 0x0, 0x8040}, 0x8800) sendmsg$NL80211_CMD_JOIN_OCB(r7, &(0x7f0000000c00)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0xe0400}, 0xc, &(0x7f0000000bc0)={&(0x7f0000000b40)={0x50, 0x0, 0x400, 0x70bd2c, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x599, 0x47}}}}, [@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98a}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x281}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0xfffffff1}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x10000}]}, 0x50}, 0x1, 0x0, 0x0, 0x1}, 0x20000000) 15:19:18 executing program 6: shmctl$IPC_RMID(0x0, 0x0) shmctl$IPC_RMID(0x0, 0x0) shmctl$IPC_RMID(0x0, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', &(0x7f0000000000)={'gretap0\x00', 0x0, 0x10, 0x7800, 0x7, 0x6, {{0xa, 0x4, 0x1, 0x28, 0x28, 0x67, 0x0, 0xff, 0x4, 0x0, @remote, @multicast2, {[@cipso={0x86, 0x12, 0x3, [{0x6, 0xc, "dce62de4a6c1151b8627"}]}]}}}}}) shmat(0x0, &(0x7f0000ff9000/0x4000)=nil, 0x5000) remap_file_pages(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0x10001, 0x1) shmat(0xffffffffffffffff, &(0x7f0000ffa000/0x3000)=nil, 0x1000) shmat(0x0, &(0x7f0000ffc000/0x1000)=nil, 0x2000) r1 = shmget$private(0x0, 0x4000, 0x100, &(0x7f0000ff7000/0x4000)=nil) shmctl$IPC_STAT(r1, 0x2, &(0x7f00000000c0)=""/68) shmctl$SHM_STAT(r1, 0xd, &(0x7f0000000140)=""/141) shmctl$SHM_INFO(r1, 0xe, &(0x7f0000000200)=""/87) r2 = shmget$private(0x0, 0x4000, 0x1, &(0x7f0000ff9000/0x4000)=nil) shmctl$SHM_UNLOCK(r2, 0xc) shmctl$SHM_LOCK(r1, 0xb) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000280)=""/134) shmat(r2, &(0x7f0000ffc000/0x3000)=nil, 0x6000) mincore(&(0x7f0000ffd000/0x3000)=nil, 0x3000, &(0x7f0000000340)=""/129) mmap$usbmon(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x810, 0xffffffffffffffff, 0x8) 15:19:18 executing program 4: r0 = accept(0xffffffffffffffff, &(0x7f0000000000)=@pppoe={0x18, 0x0, {0x0, @random}}, &(0x7f0000000080)=0x80) r1 = accept(r0, 0x0, &(0x7f00000000c0)) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_OPER(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x44, r2, 0x4, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x5366405b, 0x32}}}}, [@NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x4}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x3}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x44}, 0x1, 0x0, 0x0, 0x8800}, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000400)={'syztnl2\x00', &(0x7f0000000380)={'ip6tnl0\x00', 0x0, 0x29, 0x8, 0x1f, 0x9, 0x9, @local, @remote, 0x20, 0x0, 0xffff, 0xaa}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f00000004c0)={'syztnl1\x00', &(0x7f0000000440)={'syztnl2\x00', r4, 0x2f, 0x0, 0x80, 0xfffffffb, 0x20, @private2, @private1, 0x10, 0x10, 0x100, 0xc4}}) inotify_init() ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000580)={'syztnl2\x00', &(0x7f0000000500)={'ip6gre0\x00', r5, 0x7b, 0x3, 0x9, 0x0, 0x24, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast2, 0x7, 0x8000, 0x1, 0x430}}) sendmsg$NL80211_CMD_TDLS_OPER(r1, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x44, r2, 0x300, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x3}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x7b32c54417586642}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000) socketpair(0x1a, 0x2, 0x3, &(0x7f0000000700)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r6, &(0x7f0000000840)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x44000}, 0xc, &(0x7f0000000800)={&(0x7f0000000780)={0x58, r2, 0x100, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x6, 0x1f}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x58}, 0x1, 0x0, 0x0, 0x40}, 0x20040080) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGMTSLOTS(0xffffffffffffffff, 0x8040450a, &(0x7f0000000880)=""/4) r8 = syz_genetlink_get_family_id$smc(&(0x7f0000000900), r0) sendmsg$SMC_PNETID_FLUSH(r7, &(0x7f00000009c0)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x2c, r8, 0x400, 0x70bd2c, 0x25dfdbff, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x50}, 0x20000000) syz_genetlink_get_family_id$smc(&(0x7f0000000a00), r7) sendmsg$NL80211_CMD_GET_REG(r7, &(0x7f0000000b00)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x34, r2, 0x400, 0x70bd29, 0x25dfdbfd, {}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x22}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x7f}]}, 0x34}, 0x1, 0x0, 0x0, 0x48000}, 0x8) socket$inet6_udp(0xa, 0x2, 0x0) 15:19:19 executing program 7: r0 = accept(0xffffffffffffffff, &(0x7f0000000000)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000000080)=0x80) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_LEAVE_MESH(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x14, r1, 0x400, 0x70bd2d, 0x25dfdbfd, {{}, {@void, @void}}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x85) r2 = syz_io_uring_setup(0x7cad, &(0x7f0000000200)={0x0, 0xe80, 0x0, 0x3, 0xfd}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000280), &(0x7f00000002c0)=0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000300)=@IORING_OP_ASYNC_CANCEL={0xe, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40) getresuid(&(0x7f0000000800)=0x0, &(0x7f0000000840)=0x0, &(0x7f0000000880)) r6 = syz_mount_image$nfs4(&(0x7f0000000340), &(0x7f0000000380)='./file0\x00', 0x68, 0x5, &(0x7f0000000780)=[{&(0x7f00000003c0)="9d673e7028004939188fc53c9104fef0dafdda9d0a28ba0e72fdf1fa2fb4edefef169d613148ec9b3466f2c0eb42987b169df22db9f73cf74a21951d6ed67b13ebaa3be5421a4cb9a31788e024ae3617dfbe50105d59c0e70ad4c77465173935a665247026ac009585eb4fd49b1fc2510c92959874438c437a21226b22e106920645d29d6ad86365cb68f0ed5e841d733321f40e6768bddf0b8730e40d428eadbae796b8c804a652fbdc2d1020d0b586d5e035893d194e7a7adcd6dc20f6887d7e4e2d04250ab7f0789e0db30a0a5f9e23f4f503f5ea90e2c6cc6a9ebd278ab492b99002a4d5d461a7d11f74227a", 0xee, 0xf803}, {&(0x7f00000004c0)="700454227a6eacb54c79d55f81b5a9fa245fc39e0944d3283d94caae26dc5c78065b4858bc61f746f2178c587fcc1bbb57766f6ae1e885225cde4e7044d97fabe412", 0x42}, {&(0x7f0000000540)="495f91d25147ee77825b903216a40868dda99412c316f09c520e224708b4d3ab1a56ef9fde856e25be698d9bf4a6851bf540077a721b07b35640d92b28d7799e9b08ddacc69efe4420102b8a25e55dcb71243999aa2b8eb59051a39ad540a267fea9176f48229d9dc3652d253b0aba9a1c3ffbd7e3235959c6c470639063b22f3d05be6eede9464a65985033fdd84cc1c381866af02a0f8566babdf90bb1e1ae30b3", 0xa2}, {&(0x7f0000000600)="1309dde27e4837ea230d0f90d1774744742005ddcb5cc982746be6c1601160325b5799f218a132ef27ba11519a3c2b663883b359c7b4494c2453b3109c3cdf1102c9cf3cc7a328a7d147e32eb22f7e59210afb5d01596a42ca1da695a5fa78", 0x5f, 0xb8000000000}, {&(0x7f0000000680)="129eb3bb74987fd07ee27990def3cd2b52dc2d2d570c1322068f70b64310fe12db76695573567c8a0a44e64c3d2ca3afd80dc89f98d85541c6c9a7579245d4f6e7341cb3f78b3f76d021430e8c71f23dc1b46fda3f87bb799391b3c5586afe791dea1102da9f62cca02e2ac1c840905ccf722ef5e587c16f23f94ba4809201e90e0cb26c479ee23943abe92b9be5eb35591afce4ead7302c2ca6f01699703ab05c789d83a1a2b697c9140000eec95f0b6dfe8868152aa7dbbd00e6069cc3e6619e36ee8128e4d5184046a5", 0xcb, 0x5}], 0x40040, &(0x7f00000008c0)={[{'nl80211\x00'}, {'\x00'}, {'$'}], [{@fowner_lt={'fowner<', 0xee00}}, {@fowner_eq}, {@func={'func', 0x3d, 'KEXEC_KERNEL_CHECK'}}, {@fowner_eq={'fowner', 0x3d, r4}}]}) r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x8010, r2, 0x8000000) syz_mount_image$iso9660(&(0x7f0000000940), &(0x7f0000000980)='./file0\x00', 0x3, 0x1, &(0x7f0000000ac0)=[{&(0x7f00000009c0)="365bdc9fe6e993579117ab4e93ebfd95528ef8ea32681206e964971be55fb677442aa2e37e38ffeca29e34092d5e067dfc8790704d3eac09b5f74884e842a97b8f75930951bc246ac842b2ab6483c96ecf10b098e9c19453812d589fe7532cc298d2c4c8970e1d0e65358f16c40eab4d8785ad71ce93a5992e08b85c4df93b02b1c7ddc052633140fbc5ad8364c7c44dd878bb0b8eed3eecc50bb0cfa8e89c87d15be2ae64020927dd63d0d599750eaaf26aa3d3b8fded6b9adb897d335367eea5166ffcaa2d41c9da8c377902461618c1d89396", 0xd4, 0x3}], 0x20020, &(0x7f0000000b00)={[{@sbsector={'sbsector', 0x3d, 0xf7}}], [{@euid_eq={'euid', 0x3d, r5}}, {@rootcontext={'rootcontext', 0x3d, 'system_u'}}]}) r8 = syz_mount_image$vfat(&(0x7f0000000b80), &(0x7f0000000bc0)='./file0\x00', 0xffffffff, 0x5, &(0x7f0000000fc0)=[{&(0x7f0000000c00)="991a2a0fc4fb20c6f7c8dde070ca87e55b8c5d8a0fa997ffbef4ef19b40924fb52971cd20cff9e4e380961976cf18bb92c2261472452766190192699562340d40407234ed74895eada1ca980587251ca34e8ebd543fe40028159fd032d82d5465efb16a214937eef7c24f9808c227cf692bdaad499e7de04d992be7ec6f4bfdb5a55e425b49525594e2ea50cc99929f09559f9812396cf79a81386dbd48be5f6d1d609905bae3911aa2d30923a97a4778aae2b4368b351973711", 0xba, 0x2a02}, {&(0x7f0000000cc0)="60256a6386a8b782ecdcc93d514932f64f5fef15979786b0e4a8f45eadf8b5cd1cea22a30a4294b8a33db08d887ebea925fa7d0aa985750420b3fb98a7cc7201d43bff750c88926a11211b1cebdfe27b6d0934731f7f9730b6fc350ae176158e69beb51b872aff466d7375e226cd77aeace687e18f9a7843bb8576b6c275ef3f0e84de7396028b307209a08a7b4c4ef0bbc6cde9c7bf48b562a0b0d1b1e57365b34c7faf8b0ef44bb26a18efda8a8b351ee53a13e7ed3c333787ffbf018cbb8532d09f982d13ebd7", 0xc8, 0x5}, {&(0x7f0000000dc0)="ea7d2c33775d93da9cdf5d389ce3e17e2e9465631e42428f9430d8de31d488d16e1c009d42ea29f540bdfc6c3cd786a3fe73413fd523d6c9f87a4a5fc370b95f7176c527748a640c88578552d8e744b3d5c9075cdd8032720f2e18fb5b4c520e25cac618636ce5cecb31a683c7a54a57523f7604a08f6dc74ef41b19d8439a145726926aaf4de3eb808b5f3df3b7c058f3aeca6194449ae9631d390ef53330310a5967fb7b0997443d24575c21e904ff308ca537b33e", 0xb6, 0x8}, {&(0x7f0000000e80)="37b82e2e7fd474166b7a01bcd92ca2bab48b10491181be96c6a72f123c47fb3c2e3bf51cfdb20a749ea4c2fe6fadbdaf0bac978bd36c1d44757f592ebef1b4222048b10dfb9360b8bfc66a0f183ae01a2c6bc5fe7f67075020ddec4dedaa912087b8247d6f97e7bc1c4670116a7737d947769c64ec0c7cc13c6bb518bcb38e29e7ac208bdc781bd194a19cbeb756a5b4a7966ef596", 0x95, 0x1000}, {&(0x7f0000000f40)="1babd269684aa543b070645c06fdf424e9d264ddaebd5edb714593ff1f6670a93032f2e9b20ba3d7ad165ed71769c51a0501ddd262747c91f5f0580565d75c559c8e3ce9b6a7539e", 0x48, 0x3ff}], 0xa460, &(0x7f0000001040)={[{@shortname_win95}, {@iocharset={'iocharset', 0x3d, 'cp852'}}, {@uni_xlate}], [{@subj_type={'subj_type', 0x3d, 'fowner'}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'func'}}, {@dont_appraise}, {@subj_user={'subj_user', 0x3d, ',.{,.^'}}, {@subj_role={'subj_role', 0x3d, '#{'}}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@permit_directio}, {@fowner_lt={'fowner<', r4}}, {@context={'context', 0x3d, 'staff_u'}}]}) syz_io_uring_submit(r7, r3, &(0x7f00000011c0)=@IORING_OP_OPENAT2={0x1c, 0x1, 0x0, r8, &(0x7f0000001140)={0x8000, 0x11, 0xa}, &(0x7f0000001180)='./file0\x00', 0x18, 0x0, 0x23456}, 0x70) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000001340)={&(0x7f0000001200)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000001300)={&(0x7f0000001240)={0xa4, r1, 0x8, 0x70bd29, 0x25dfdbfc, {{}, {@void, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x34e}], @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xa17e}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16fd}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_DURATION={0x8, 0x57, 0x1000}, @NL80211_ATTR_DURATION={0x8}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x9}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x2f0}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x4}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x5}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x7}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xe}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x263}], @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x5}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x6}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x9a3}], @NL80211_ATTR_DURATION={0x8, 0x57, 0x3}]}, 0xa4}, 0x1, 0x0, 0x0, 0x80800}, 0x40) ioctl$sock_ipv6_tunnel_SIOCADD6RD(r0, 0x89f9, &(0x7f0000001400)={'ip6_vti0\x00', &(0x7f0000001380)={'syztnl0\x00', 0x0, 0x29, 0xdf, 0xd2, 0xfffffff7, 0xe6ff6d9c8f273b3, @dev={0xfe, 0x80, '\x00', 0x2c}, @empty, 0x8, 0x20, 0x8, 0x2}}) ioctl$EVIOCGMTSLOTS(0xffffffffffffffff, 0x8040450a, &(0x7f0000001440)=""/208) r9 = fspick(0xffffffffffffffff, &(0x7f0000001540)='./file0\x00', 0x0) fsconfig$FSCONFIG_SET_PATH_EMPTY(r9, 0x4, &(0x7f0000001580)='\x00', &(0x7f00000015c0)='./file0\x00', r8) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000001600)) syz_io_uring_submit(r7, r3, &(0x7f0000001680)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd=r6, 0x0, 0x0, 0x0, 0x38b9f786817a4cb6, 0x1}, 0x2) r10 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000016c0), 0x0, 0x0) fsconfig$FSCONFIG_SET_FLAG(r10, 0x0, &(0x7f0000001700)='posixacl\x00', 0x0, 0x0) [ 126.567397] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 126.569436] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 126.570768] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 126.573901] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 126.581151] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 126.683609] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 126.687938] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 126.691032] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 126.695335] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 126.697803] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 126.753578] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 126.755847] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 126.764491] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 126.766272] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 126.768152] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 126.778342] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 126.780038] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 126.819386] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 126.828820] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 126.830568] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 126.847273] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 126.854799] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 126.863885] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 126.879574] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 126.893186] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 126.896586] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 126.915204] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 126.921535] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 126.924532] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 126.960014] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 126.962490] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 126.966338] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 126.967744] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 126.970701] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 126.973319] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 127.045306] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 127.052574] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 127.055498] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 127.059732] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 127.063851] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 128.648486] Bluetooth: hci0: command tx timeout [ 128.776406] Bluetooth: hci1: command tx timeout [ 128.904097] Bluetooth: hci2: command tx timeout [ 128.905857] Bluetooth: hci3: command tx timeout [ 129.032139] Bluetooth: hci4: command tx timeout [ 129.033694] Bluetooth: hci7: command tx timeout [ 129.033716] Bluetooth: hci5: command tx timeout [ 129.160059] Bluetooth: hci6: command tx timeout [ 130.696132] Bluetooth: hci0: command tx timeout [ 130.824233] Bluetooth: hci1: command tx timeout [ 130.953058] Bluetooth: hci2: command tx timeout [ 130.953106] Bluetooth: hci3: command tx timeout [ 131.082268] Bluetooth: hci4: command tx timeout [ 131.082489] Bluetooth: hci7: command tx timeout [ 131.083148] Bluetooth: hci5: command tx timeout [ 131.208100] Bluetooth: hci6: command tx timeout [ 132.744292] Bluetooth: hci0: command tx timeout [ 132.872044] Bluetooth: hci1: command tx timeout [ 133.001062] Bluetooth: hci3: command tx timeout [ 133.001088] Bluetooth: hci2: command tx timeout [ 133.128160] Bluetooth: hci5: command tx timeout [ 133.128408] Bluetooth: hci4: command tx timeout [ 133.129635] Bluetooth: hci7: command tx timeout [ 133.257281] Bluetooth: hci6: command tx timeout [ 134.793276] Bluetooth: hci0: command tx timeout [ 134.921038] Bluetooth: hci1: command tx timeout [ 135.049058] Bluetooth: hci3: command tx timeout [ 135.049454] Bluetooth: hci2: command tx timeout [ 135.176287] Bluetooth: hci4: command tx timeout [ 135.177526] Bluetooth: hci7: command tx timeout [ 135.177909] Bluetooth: hci5: command tx timeout [ 135.305256] Bluetooth: hci6: command tx timeout [ 186.796820] syz-executor.0 (297) used greatest stack depth: 25224 bytes left [ 187.097878] syz-executor.3 (293) used greatest stack depth: 24616 bytes left [ 189.533825] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 189.535727] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 189.537198] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 189.553322] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 189.555824] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 189.599643] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 189.609840] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 189.617489] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 189.619652] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 189.628396] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 189.628707] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 189.630893] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 189.631877] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 189.647786] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 189.651594] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 189.667712] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 189.676305] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 189.678841] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 189.684823] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 189.691945] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 189.738424] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 189.742331] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 189.744196] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 189.765834] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 189.768442] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 189.781229] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 189.784744] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 189.786894] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 189.787132] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 189.801645] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 189.805692] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 189.833788] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 189.835796] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 189.835801] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 189.838416] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 189.848326] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 189.855337] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 189.857600] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 189.859376] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 189.861737] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 191.625387] Bluetooth: hci0: command tx timeout [ 191.688147] Bluetooth: hci1: command tx timeout [ 191.688459] Bluetooth: hci2: command tx timeout [ 191.752069] Bluetooth: hci3: command tx timeout [ 191.817573] Bluetooth: hci4: command tx timeout [ 191.944608] Bluetooth: hci7: command tx timeout [ 191.944660] Bluetooth: hci5: command tx timeout [ 191.945943] Bluetooth: hci6: command tx timeout [ 193.672165] Bluetooth: hci0: command tx timeout [ 193.738001] Bluetooth: hci1: command tx timeout [ 193.738210] Bluetooth: hci2: command tx timeout [ 193.800109] Bluetooth: hci3: command tx timeout [ 193.867210] Bluetooth: hci4: command tx timeout [ 193.992431] Bluetooth: hci5: command tx timeout [ 193.992677] Bluetooth: hci6: command tx timeout [ 193.993155] Bluetooth: hci7: command tx timeout [ 195.721108] Bluetooth: hci0: command tx timeout [ 195.784398] Bluetooth: hci2: command tx timeout [ 195.784901] Bluetooth: hci1: command tx timeout [ 195.850042] Bluetooth: hci3: command tx timeout [ 195.912249] Bluetooth: hci4: command tx timeout [ 196.040113] Bluetooth: hci6: command tx timeout [ 196.040655] Bluetooth: hci5: command tx timeout [ 196.041006] Bluetooth: hci7: command tx timeout [ 197.768270] Bluetooth: hci0: command tx timeout [ 197.832088] Bluetooth: hci1: command tx timeout [ 197.832236] Bluetooth: hci2: command tx timeout [ 197.896307] Bluetooth: hci3: command tx timeout [ 197.960353] Bluetooth: hci4: command tx timeout [ 198.088422] Bluetooth: hci7: command tx timeout [ 198.088464] Bluetooth: hci5: command tx timeout [ 198.088521] Bluetooth: hci6: command tx timeout [ 251.917112] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 251.929454] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 251.939303] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 251.947715] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 251.950128] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 252.310288] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 252.315206] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 252.317819] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 252.322008] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 252.326110] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 252.355752] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 252.359914] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 252.367271] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 252.371542] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 252.372916] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 252.374600] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 252.378606] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 252.381525] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 252.383627] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 252.386289] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 252.387233] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 252.391299] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 252.392585] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 252.396248] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 252.397169] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 252.400199] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 252.401559] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 252.403037] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 252.405302] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 252.409623] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 252.411288] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 252.412921] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 252.428567] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 252.441117] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 252.448003] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 252.501686] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 252.516197] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 252.529875] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 252.543012] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 252.585316] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 254.024287] Bluetooth: hci0: command tx timeout [ 254.415110] Bluetooth: hci2: command tx timeout [ 254.472057] Bluetooth: hci4: command tx timeout [ 254.536046] Bluetooth: hci3: command tx timeout [ 254.537045] Bluetooth: hci6: command tx timeout [ 254.600090] Bluetooth: hci1: command tx timeout [ 254.600281] Bluetooth: hci5: command tx timeout [ 254.664674] Bluetooth: hci7: command tx timeout [ 256.073090] Bluetooth: hci0: command tx timeout [ 256.456048] Bluetooth: hci2: command tx timeout [ 256.520257] Bluetooth: hci4: command tx timeout [ 256.585126] Bluetooth: hci6: command tx timeout [ 256.585614] Bluetooth: hci3: command tx timeout [ 256.648053] Bluetooth: hci5: command tx timeout [ 256.648130] Bluetooth: hci1: command tx timeout [ 256.712233] Bluetooth: hci7: command tx timeout [ 258.120804] Bluetooth: hci0: command tx timeout [ 258.504082] Bluetooth: hci2: command tx timeout [ 258.570904] Bluetooth: hci4: command tx timeout [ 258.633330] Bluetooth: hci3: command tx timeout [ 258.633494] Bluetooth: hci6: command tx timeout [ 258.696265] Bluetooth: hci5: command tx timeout [ 258.696574] Bluetooth: hci1: command tx timeout [ 258.760029] Bluetooth: hci7: command tx timeout [ 260.168380] Bluetooth: hci0: command tx timeout [ 260.552354] Bluetooth: hci2: command tx timeout [ 260.616514] Bluetooth: hci4: command tx timeout [ 260.680091] Bluetooth: hci6: command tx timeout [ 260.680168] Bluetooth: hci3: command tx timeout [ 260.744280] Bluetooth: hci5: command tx timeout [ 260.744766] Bluetooth: hci1: command tx timeout [ 260.808276] Bluetooth: hci7: command tx timeout [ 314.817217] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 314.821793] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 314.826328] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 314.832518] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 314.837020] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 314.906230] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 314.941118] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 314.981111] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 314.994677] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 314.998673] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 314.999699] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 315.009257] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 315.011469] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 315.016300] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 315.019792] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 315.034595] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 315.056364] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 315.058630] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 315.065981] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 315.076505] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 315.125929] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 315.134883] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 315.137915] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 315.140676] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 315.147815] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 315.149104] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 315.149275] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 315.157443] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 315.164454] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 315.169728] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 315.171814] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 315.211500] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 315.212748] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 315.228274] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 315.232404] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 315.289555] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 315.297881] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 315.301751] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 315.306589] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 315.308696] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 316.872377] Bluetooth: hci0: command tx timeout [ 317.064075] Bluetooth: hci3: command tx timeout [ 317.064335] Bluetooth: hci1: command tx timeout [ 317.128411] Bluetooth: hci2: command tx timeout [ 317.257047] Bluetooth: hci4: command tx timeout [ 317.258025] Bluetooth: hci5: command tx timeout [ 317.448241] Bluetooth: hci6: command tx timeout [ 317.899040] Bluetooth: hci7: command tx timeout [ 318.921129] Bluetooth: hci0: command tx timeout [ 319.112474] Bluetooth: hci3: command tx timeout [ 319.113250] Bluetooth: hci1: command tx timeout [ 319.177086] Bluetooth: hci2: command tx timeout [ 319.305133] Bluetooth: hci4: command tx timeout [ 319.306828] Bluetooth: hci5: command tx timeout [ 319.496093] Bluetooth: hci6: command tx timeout [ 319.945299] Bluetooth: hci7: command tx timeout [ 320.970375] Bluetooth: hci0: command tx timeout [ 321.160246] Bluetooth: hci3: command tx timeout [ 321.161785] Bluetooth: hci1: command tx timeout [ 321.224864] Bluetooth: hci2: command tx timeout [ 321.353471] Bluetooth: hci4: command tx timeout [ 321.354214] Bluetooth: hci5: command tx timeout [ 321.545065] Bluetooth: hci6: command tx timeout [ 321.993313] Bluetooth: hci7: command tx timeout [ 323.017579] Bluetooth: hci0: command tx timeout [ 323.209765] Bluetooth: hci3: command tx timeout [ 323.211591] Bluetooth: hci1: command tx timeout [ 323.273680] Bluetooth: hci2: command tx timeout [ 323.401024] Bluetooth: hci5: command tx timeout [ 323.402427] Bluetooth: hci4: command tx timeout [ 323.593219] Bluetooth: hci6: command tx timeout [ 324.040064] Bluetooth: hci7: command tx timeout [ 377.560768] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 377.563700] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 377.567438] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 377.573045] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 377.578751] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 377.681540] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 377.691595] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 377.694625] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 377.699181] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 377.701938] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 377.825694] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 377.836517] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 377.838916] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 377.847762] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 377.851096] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 377.897742] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 377.907256] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 377.912298] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 377.934325] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 377.942104] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 377.953442] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 377.956691] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 377.957730] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 377.962284] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 377.968547] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 377.971976] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 377.974792] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 377.976632] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 377.993476] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 377.998427] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 378.001400] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 378.008351] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 378.013431] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 378.025199] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 378.033343] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 378.050802] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 378.057137] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 378.068364] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 378.122231] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 378.131429] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 379.662576] Bluetooth: hci0: command tx timeout [ 379.785054] Bluetooth: hci1: command tx timeout [ 379.912061] Bluetooth: hci2: command tx timeout [ 380.042095] Bluetooth: hci3: command tx timeout [ 380.042767] Bluetooth: hci6: command tx timeout [ 380.104088] Bluetooth: hci4: command tx timeout [ 380.104770] Bluetooth: hci5: command tx timeout [ 380.232197] Bluetooth: hci7: command tx timeout [ 381.705382] Bluetooth: hci0: command tx timeout [ 381.834891] Bluetooth: hci1: command tx timeout [ 381.960232] Bluetooth: hci2: command tx timeout [ 382.088062] Bluetooth: hci3: command tx timeout [ 382.089435] Bluetooth: hci6: command tx timeout [ 382.152317] Bluetooth: hci4: command tx timeout [ 382.152790] Bluetooth: hci5: command tx timeout [ 382.280245] Bluetooth: hci7: command tx timeout [ 383.752076] Bluetooth: hci0: command tx timeout [ 383.881379] Bluetooth: hci1: command tx timeout [ 384.011038] Bluetooth: hci2: command tx timeout [ 384.136126] Bluetooth: hci3: command tx timeout [ 384.136607] Bluetooth: hci6: command tx timeout [ 384.201053] Bluetooth: hci5: command tx timeout [ 384.201527] Bluetooth: hci4: command tx timeout [ 384.329940] Bluetooth: hci7: command tx timeout [ 385.800060] Bluetooth: hci0: command tx timeout [ 385.928450] Bluetooth: hci1: command tx timeout [ 386.056636] Bluetooth: hci2: command tx timeout [ 386.185064] Bluetooth: hci6: command tx timeout [ 386.185550] Bluetooth: hci3: command tx timeout [ 386.248279] Bluetooth: hci5: command tx timeout [ 386.248755] Bluetooth: hci4: command tx timeout [ 386.377979] Bluetooth: hci7: command tx timeout VM DIAGNOSIS: 15:24:28 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=ffff888036d7fc48 RCX=ffffffff84acec58 RDX=ffff888023e30000 RSI=ffffffff84acec76 RDI=0000000000000007 RBP=0000000000000000 RSP=ffff888036d7fa58 R8 =0000000000000001 R9 =fffff940000444fe R10=0000000000000000 R11=0000000000000000 R12=ffff88800f433700 R13=0000000000000066 R14=0000000000000066 R15=dffffc0000000000 RIP=ffffffff81730058 RFL=00000296 [--S-AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f1c534bb540 00000000 00000000 GS =0000 ffff8880e5647000 00000000 00000000 LDT=0000 fffffe4f00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f1c53700000 CR3=000000002a383000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffff00ffffffffffffffffffffff00ff XMM02=4c4700362e322e325f4342494c470035 XMM03=00000000000000000000000000470035 XMM04=4342494c4700362e322e325f4342494c XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000001 RBX=0000000000000000 RCX=0000000000000002 RDX=0000000000000000 RSI=ffffffff813508dd RDI=ffffffff85c1bac0 RBP=ffffffff85c1bac0 RSP=ffff8880362173b0 R8 =0000000000000000 R9 =0000000000000000 R10=000000000003b145 R11=0000000000025996 R12=0000000000000002 R13=0000000000000000 R14=0000000000000000 R15=ffff8880362174a8 RIP=ffffffff81adef26 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e5747000 00000000 00000000 LDT=0000 fffffe4f00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f4215b1d620 CR3=000000001cb20000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=2e6f747079726362696c2f756e672d78 XMM02=00312e312e6f732e6f74707972636269 XMM03=6c2f756e672d78756e696c2d34365f36 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000