[ OK ] Finished Update UTMP about System Runlevel Changes. [ 76.566263] audit: type=1400 audit(1748554919.678:6): avc: denied { checkpoint_restore } for pid=218 comm="agetty" capability=40 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 Debian GNU/Linux 11 syzkaller ttyS0 syzkaller login: [ 82.564522] sshd (230) used greatest stack depth: 24992 bytes left Warning: Permanently added '[localhost]:62468' (ECDSA) to the list of known hosts. 2025/05/29 21:42:08 fuzzer started 2025/05/29 21:42:08 dialing manager at localhost:35489 [ 85.731647] cgroup: Unknown subsys name 'net' [ 85.866281] cgroup: Unknown subsys name 'cpuset' [ 85.916003] cgroup: Unknown subsys name 'rlimit' 2025/05/29 21:42:24 syscalls: 204 2025/05/29 21:42:24 code coverage: enabled 2025/05/29 21:42:24 comparison tracing: enabled 2025/05/29 21:42:24 extra coverage: enabled 2025/05/29 21:42:24 setuid sandbox: enabled 2025/05/29 21:42:24 namespace sandbox: enabled 2025/05/29 21:42:24 Android sandbox: enabled 2025/05/29 21:42:24 fault injection: enabled 2025/05/29 21:42:24 leak checking: enabled 2025/05/29 21:42:24 net packet injection: enabled 2025/05/29 21:42:24 net device setup: enabled 2025/05/29 21:42:24 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/05/29 21:42:24 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/05/29 21:42:24 USB emulation: enabled 2025/05/29 21:42:24 hci packet injection: enabled 2025/05/29 21:42:24 wifi device emulation: enabled 2025/05/29 21:42:24 802.15.4 emulation: enabled 2025/05/29 21:42:24 fetching corpus: 0, signal 0/0 (executing program) 2025/05/29 21:42:25 starting 8 fuzzer processes 21:42:25 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$KDGKBENT(r0, 0x4b46, &(0x7f0000000000)={0x2, 0x7, 0x1}) getsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x67, &(0x7f0000000040), &(0x7f0000000080)=0x4) ioctl$sock_ipv6_tunnel_SIOCDEL6RD(0xffffffffffffffff, 0x89fa, &(0x7f0000000140)={'sit0\x00', &(0x7f00000000c0)={'ip6_vti0\x00', 0x0, 0x2f, 0x8, 0x1, 0x7, 0x2a, @dev={0xfe, 0x80, '\x00', 0x17}, @empty, 0x1, 0x1, 0x0, 0xb4da}}) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000200)={'syztnl2\x00', &(0x7f0000000180)={'syztnl1\x00', r1, 0x4, 0x6, 0x8, 0xc4, 0x12, @private2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x40, 0x8, 0x2, 0x6}}) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r2, 0x89f7, &(0x7f00000002c0)={'syztnl1\x00', &(0x7f0000000240)={'ip6tnl0\x00', r3, 0x4, 0xf7, 0x1, 0x4, 0x60, @ipv4={'\x00', '\xff\xff', @local}, @remote, 0x7840, 0x8000, 0x6, 0x8001}}) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCGETPRL(r4, 0x89f4, &(0x7f0000000380)={'ip6tnl0\x00', &(0x7f0000000300)={'ip6_vti0\x00', r1, 0x29, 0x4, 0x9, 0x7, 0x0, @mcast1, @private1, 0x0, 0x7, 0x0, 0x100}}) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_GATEWAYS(r5, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x2c, 0x0, 0x8, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}]}, 0x2c}}, 0x4004000) write$P9_RMKDIR(0xffffffffffffffff, &(0x7f00000004c0)={0x14, 0x49, 0x1, {0x80, 0x3}}, 0x14) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r6 = socket$inet6(0xa, 0x80000, 0x3) ioctl$sock_ipv6_tunnel_SIOCADD6RD(r6, 0x89f9, &(0x7f0000000580)={'syztnl1\x00', &(0x7f0000000500)={'sit0\x00', r1, 0x29, 0x3f, 0x0, 0x0, 0x20, @private0, @private2, 0x40, 0x1, 0x3ff, 0xdc8}}) r7 = socket(0x0, 0x800, 0x7667) setsockopt$inet6_udp_encap(r7, 0x11, 0x64, &(0x7f00000005c0)=0x2, 0x4) setsockopt$inet6_udp_encap(r2, 0x11, 0x64, &(0x7f0000000600)=0x3, 0x4) fsmount(0xffffffffffffffff, 0x1, 0xf0) fsmount(0xffffffffffffffff, 0x1, 0x70) 21:42:25 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_inet6_udp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000000)) ioctl$sock_ipv6_tunnel_SIOCDEL6RD(r0, 0x89fa, &(0x7f00000000c0)={'syztnl2\x00', &(0x7f0000000040)={'sit0\x00', 0x0, 0x4, 0x3, 0x5, 0x4, 0x40, @mcast1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x80, 0x0, 0x1, 0x40}}) ioctl$sock_ipv6_tunnel_SIOCDEL6RD(r0, 0x89fa, &(0x7f0000000180)={'syztnl2\x00', &(0x7f0000000100)={'ip6tnl0\x00', r1, 0x4, 0x14, 0x0, 0x10000, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8000, 0x7, 0x3e, 0x6}}) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000240)={'syztnl2\x00', &(0x7f00000001c0)={'ip6_vti0\x00', r2, 0x4, 0xed, 0x14, 0x40, 0x40, @empty, @mcast2, 0x700, 0x20, 0x1f, 0x3ff}}) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000280)) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r0, 0x89fb, &(0x7f0000000340)={'sit0\x00', &(0x7f00000002c0)={'ip6tnl0\x00', r2, 0x2f, 0x9d, 0xa0, 0x3ff, 0x10, @empty, @remote, 0x20, 0x8, 0x80000000, 0x2}}) r5 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r5, 0x89f2, &(0x7f0000000400)={'syztnl2\x00', &(0x7f0000000380)={'ip6tnl0\x00', r2, 0x2f, 0x5, 0x6, 0x1, 0x7a, @dev={0xfe, 0x80, '\x00', 0x2}, @empty, 0x1, 0x10, 0x1, 0x3}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r5, 0x89f2, &(0x7f00000004c0)={'ip6gre0\x00', &(0x7f0000000440)={'ip6gre0\x00', r1, 0x2f, 0xb8, 0x1f, 0x3, 0x20, @ipv4={'\x00', '\xff\xff', @empty}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x10, 0x7, 0x9}}) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r5, 0x89fb, &(0x7f0000000580)={'ip6tnl0\x00', &(0x7f0000000500)={'ip6tnl0\x00', r7, 0x6, 0x4, 0x1, 0x5, 0x32, @mcast2, @dev={0xfe, 0x80, '\x00', 0x25}, 0x7800, 0x7, 0x7e, 0xffffffff}}) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f0000000640)={'ip6gre0\x00', &(0x7f00000005c0)={'syztnl0\x00', r3, 0x29, 0xbf, 0x6, 0x7fff, 0x6, @private0={0xfc, 0x0, '\x00', 0x1}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x7, 0x10, 0x8, 0x5}}) ioctl$sock_ipv6_tunnel_SIOCDEL6RD(r5, 0x89fa, &(0x7f0000000700)={'ip6_vti0\x00', &(0x7f0000000680)={'sit0\x00', r2, 0x4, 0xaf, 0x81, 0x1ff, 0x12, @remote, @mcast1, 0x7800, 0x7, 0x5f70, 0x8}}) getgroups(0x1, &(0x7f0000000740)=[0xee01]) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000780)=0x1, 0x4) r8 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r8, 0x89f7, &(0x7f0000000840)={'sit0\x00', &(0x7f00000007c0)={'ip6gre0\x00', r6, 0x4, 0x7, 0x7, 0x0, 0x12, @empty, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x40, 0x80, 0x0, 0x401}}) ioctl$TIOCL_SELLOADLUT(0xffffffffffffffff, 0x541c, &(0x7f0000000880)={0x5, 0x12, 0xacad, 0x9, 0x7}) syz_open_dev$ttys(0xc, 0x2, 0x1) 21:42:25 executing program 2: r0 = socket(0xa, 0xa, 0x8100) syz_genetlink_get_family_id$batadv(&(0x7f0000000000), r0) socket(0x0, 0x1, 0x1ff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x48, 0x0, 0x100, 0x70bd27, 0x25dfdbfe, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x1ff}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_CLIENT_FLAGS={0xc}]}, 0x48}, 0x1, 0x0, 0x0, 0x22008090}, 0x4000) write$P9_RSYMLINK(0xffffffffffffffff, &(0x7f0000000180)={0x14, 0x11, 0x1, {0x0, 0x1, 0x4}}, 0x14) sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x2c, 0x0, 0x300, 0x70bd2b, 0x25dfdbfb, {}, [@NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x4}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x10001}]}, 0x2c}}, 0x0) sendmsg$NBD_CMD_RECONFIGURE(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, 0x0, 0x100, 0x70bd2c, 0x25dfdbfd, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004040}, 0x20000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_LEAVE_MESH(r2, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x1c, 0x0, 0x20, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, ["", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000800}, 0x40000) r4 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000540), r1) sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000740)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000700)={&(0x7f0000000580)={0x148, r4, 0x100, 0x70bd2d, 0x25dfdbfd, {}, [@NLBL_CIPSOV4_A_TAGLST={0x3c, 0x4, 0x0, 0x1, [{0x5}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x6}, {0x5, 0x3, 0x6}, {0x5, 0x3, 0x6}, {0x5, 0x3, 0x6}, {0x5, 0x3, 0x1}]}, @NLBL_CIPSOV4_A_MLSLVLLST={0x60, 0x8, 0x0, 0x1, [{0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x14}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xd8a7cd3}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x63fcf18c}]}, {0x3c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x70}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xed}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x6f6194e0}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xec}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x14caca00}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x55b9106e}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xf5}]}, {0x4}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}, @NLBL_CIPSOV4_A_MLSLVLLST={0x20, 0x8, 0x0, 0x1, [{0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x26c6f585}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xbd}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x2903a1d7}]}]}, @NLBL_CIPSOV4_A_MLSLVLLST={0x1c, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4b9d6efe}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x56}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x44, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x2}, {0x5, 0x3, 0x5}, {0x5}, {0x5, 0x3, 0x6}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}]}, 0x148}, 0x1, 0x0, 0x0, 0x8000}, 0x20040004) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000780)='/proc/tty/drivers\x00', 0x0, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(r5, &(0x7f00000008c0)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000880)={&(0x7f0000000800)={0x70, 0x0, 0x300, 0x70bd27, 0x25dfdbfe, {}, [@SEG6_ATTR_DSTLEN={0x8, 0x2, 0x4}, @SEG6_ATTR_DST={0x14, 0x1, @mcast1}, @SEG6_ATTR_SECRETLEN={0x5}, @SEG6_ATTR_ALGID={0x5, 0x6, 0xe3}, @SEG6_ATTR_SECRET={0x18, 0x4, [0x7fffffff, 0x8b, 0x4, 0x955, 0x0]}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x3}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x8}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}]}, 0x70}, 0x1, 0x0, 0x0, 0x20008000}, 0x40001) r6 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000940), r2) sendmsg$SEG6_CMD_SET_TUNSRC(r5, &(0x7f0000000a00)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000009c0)={&(0x7f0000000980)={0x2c, r6, 0x200, 0x70bd25, 0x25dfdbfe, {}, [@SEG6_ATTR_DSTLEN={0x8, 0x2, 0x8}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x1f}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x3}]}, 0x2c}}, 0x4000000) sendmsg$NL80211_CMD_LEAVE_MESH(r5, &(0x7f0000000b00)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x14, 0x0, 0x400, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000800}, 0x8805) getsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f0000000b40)=0x9, &(0x7f0000000b80)=0x4) sendmsg$NLBL_CIPSOV4_C_LISTALL(r1, &(0x7f0000000c80)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000c40)={&(0x7f0000000c00)={0x40, r4, 0x10, 0x70bd27, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_TAGLST={0x24, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x7}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x6}, {0x5}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000000}, 0x810) [ 102.417128] audit: type=1400 audit(1748554945.534:7): avc: denied { execmem } for pid=273 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 21:42:25 executing program 3: process_vm_readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000000)=""/95, 0x5f}], 0x1, &(0x7f0000001180)=[{&(0x7f00000000c0)=""/4096, 0x1000}, {&(0x7f00000010c0)=""/179, 0xb3}], 0x2, 0x0) process_vm_readv(0xffffffffffffffff, &(0x7f0000002500)=[{&(0x7f00000011c0)}, {&(0x7f0000001200)=""/4096, 0x1000}, {&(0x7f0000002200)=""/210, 0xd2}, {&(0x7f0000002300)=""/54, 0x36}, {&(0x7f0000002340)=""/228, 0xe4}, {&(0x7f0000002440)=""/67, 0x43}, {&(0x7f00000024c0)=""/60, 0x3c}], 0x7, &(0x7f00000025c0)=[{&(0x7f0000002580)=""/28, 0x1c}], 0x1, 0x0) syz_usb_connect$printer(0x1, 0x2d, &(0x7f0000002600)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x8, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x20, 0x100, 0xe6, [{{0x9, 0x4, 0x0, 0x4, 0x1, 0x7, 0x1, 0x2, 0x9, "", {{{0x9, 0x5, 0x1, 0x2, 0x10, 0x0, 0x3, 0x40}}}}}]}}]}}, &(0x7f00000028c0)={0xa, &(0x7f0000002640)={0xa, 0x6, 0x310, 0x6, 0xff, 0x6b, 0x8, 0x6}, 0x5, &(0x7f0000002680)={0x5, 0xf, 0x5}, 0x5, [{0x28, &(0x7f00000026c0)=@string={0x28, 0x3, "f4e18a3a17cb983d35e2cd39618fab7e607b72a203c0878b01b6c11377602e09e4fd09101a5c"}}, {0x4, &(0x7f0000002700)=@lang_id={0x4, 0x3, 0x459}}, {0x4, &(0x7f0000002740)=@lang_id={0x4, 0x3, 0x458}}, {0x91, &(0x7f0000002780)=@string={0x91, 0x3, "fd835f23467c540e1af574c5ba6dc83b8a451f82db1ad5ef04ff2d1c73fc6df01262be75924c527ea6e81ebd7aa2217521828ef811c1c0a97eab4c295b33da0fe18433f9959752e8c68671def457f2d8c9de2fedde6186f8f367b117585ab26d0f8bbbeac65083356b0b1b900698969e98af8268c5c46c4514f14b296d4a3472c7b905902a99e92077c0c354d1c956"}}, {0x77, &(0x7f0000002840)=@string={0x77, 0x3, "59544f36cc97a2067eecef6e3562ce8ed0ee0566e3773800fca67b449e2181f8c1e978be0fc08f628e661889b7792b839623ee8d95427471509b6579e34426c31ecea7c3c48d21a87efecf45a58957809c5b281ba6d93bb9a357117b72bebe7e3e8a16b21e702f198f20198905cde611101ae129c6"}}]}) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000002a00)={&(0x7f0000002940)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000029c0)={&(0x7f0000002980)={0x28, 0x0, 0x8, 0x70bd28, 0x25dfdbfb, {}, [@SEG6_ATTR_DST={0x14, 0x1, @mcast2}]}, 0x28}, 0x1, 0x0, 0x0, 0x20040000}, 0x240048d0) process_vm_readv(0xffffffffffffffff, &(0x7f0000004d00)=[{&(0x7f0000002a40)=""/63, 0x3f}, {&(0x7f0000002a80)=""/29, 0x1d}, {&(0x7f0000002ac0)=""/4096, 0x1000}, {&(0x7f0000003ac0)=""/4096, 0x1000}, {&(0x7f0000004ac0)=""/96, 0x60}, {&(0x7f0000004b40)=""/114, 0x72}, {&(0x7f0000004bc0)=""/164, 0xa4}, {&(0x7f0000004c80)=""/114, 0x72}], 0x8, &(0x7f0000004e40)=[{&(0x7f0000004d80)=""/192, 0xc0}], 0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r0, &(0x7f0000004f40)={&(0x7f0000004e80)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000004f00)={&(0x7f0000004ec0)={0x14, 0x0, 0x100, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4040880}, 0x4000080) r1 = gettid() process_vm_readv(r1, &(0x7f0000005240)=[{&(0x7f0000004f80)=""/43, 0x2b}, {&(0x7f0000004fc0)=""/172, 0xac}, {&(0x7f0000005080)=""/227, 0xe3}, {&(0x7f0000005180)=""/154, 0x9a}], 0x4, &(0x7f0000006680)=[{&(0x7f0000005280)=""/171, 0xab}, {&(0x7f0000005340)=""/12, 0xc}, {&(0x7f0000005380)=""/5, 0x5}, {&(0x7f00000053c0)}, {&(0x7f0000005400)=""/107, 0x6b}, {&(0x7f0000005480)=""/186, 0xba}, {&(0x7f0000005540)=""/4096, 0x1000}, {&(0x7f0000006540)=""/60, 0x3c}, {&(0x7f0000006580)=""/250, 0xfa}], 0x9, 0x0) ioctl$KDGKBENT(0xffffffffffffffff, 0x4b46, &(0x7f0000006740)={0x81, 0x7f}) sendmsg$BATADV_CMD_GET_GATEWAYS(r0, &(0x7f0000006840)={&(0x7f0000006780)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000006800)={&(0x7f00000067c0)={0x34, 0x0, 0x100, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x4}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x100}]}, 0x34}, 0x1, 0x0, 0x0, 0x2}, 0x20004000) r2 = syz_genetlink_get_family_id$batadv(&(0x7f00000068c0), r0) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r0, &(0x7f0000006980)={&(0x7f0000006880), 0xc, &(0x7f0000006940)={&(0x7f0000006900)={0x24, r2, 0x200, 0x70bd2c, 0x25dfdbfc, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0xffff8001}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000090}, 0x0) waitid(0x2, r1, &(0x7f00000069c0), 0x2, &(0x7f0000006a40)) ptrace$poke(0x4, r1, &(0x7f0000006b00), 0x6) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000006b80), r0) sendmsg$BATADV_CMD_GET_GATEWAYS(r3, &(0x7f0000006c40)={&(0x7f0000006b40)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000006c00)={&(0x7f0000006bc0)={0x38, r4, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x6}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xffff}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x3}]}, 0x38}, 0x1, 0x0, 0x0, 0x24000811}, 0x10) r5 = socket(0xb, 0x80000, 0x7) sendmsg$BATADV_CMD_TP_METER_CANCEL(r5, &(0x7f0000006d40)={&(0x7f0000006c80)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000006d00)={&(0x7f0000006cc0)={0x24, r2, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xe4}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040000) 21:42:25 executing program 4: pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) write$P9_RLERRORu(r0, &(0x7f0000000040)={0x15, 0x7, 0x2, {{0x8, '\'\'@/&+\'$'}, 0x400}}, 0x15) write$P9_RREADDIR(r0, &(0x7f0000000080)={0x68, 0x29, 0x2, {0xc01, [{{0xc, 0x2, 0x5}, 0x466, 0x40, 0x7, './file0'}, {{0x0, 0x1, 0x8}, 0xfffffffffffffff7, 0xff, 0x7, './file0'}, {{0x10, 0x3, 0x7}, 0xfffffffffffffffd, 0x4, 0x7, './file0'}]}}, 0x68) write$P9_RLERROR(r0, &(0x7f0000000100)={0xd, 0x7, 0x1, {0x4, '-/){'}}, 0xd) write$P9_RSETATTR(r0, &(0x7f0000000140)={0x7, 0x1b, 0x1}, 0x7) write$P9_RUNLINKAT(r0, &(0x7f0000000180)={0x7, 0x4d, 0x1}, 0x7) write$P9_RREMOVE(r0, &(0x7f00000001c0)={0x7, 0x7b, 0x2}, 0x7) write$P9_RFSYNC(r0, &(0x7f0000000200)={0x7, 0x33, 0x1}, 0x7) write$P9_RLOCK(r0, &(0x7f0000000240)={0x8, 0x35, 0x2, 0x1}, 0x8) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000280)={{{@in6=@ipv4={""/10, ""/2, @local}, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in=@multicast2}}, &(0x7f0000000380)=0xe8) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000003c0)={{{@in=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in6=@private1}}, &(0x7f00000004c0)=0xe8) write$P9_RSTATu(r0, &(0x7f0000000500)={0x6b, 0x7d, 0x1, {{0x0, 0x4e, 0x9, 0x4, {0x8, 0x3, 0x6}, 0x80000, 0x6, 0x81, 0xa6e, 0x4, '-@^^', 0x8, '\'\'@/&+\'$', 0x8, '\'\'@/&+\'$', 0x7, '@,/^[#-'}, 0x8, '\'\'@/&+\'$', r1, 0xee00, r3}}, 0x6b) r4 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCDEL6RD(r4, 0x89fa, &(0x7f0000000600)={'syztnl1\x00', &(0x7f0000000580)={'syztnl2\x00', r2, 0x2f, 0x80, 0x80, 0x2, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, 0x40, 0x700, 0xbbfb}}) write$P9_RLINK(r0, &(0x7f0000000640)={0x7, 0x47, 0x1}, 0x7) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000680)='/proc/mdstat\x00', 0x0, 0x0) write$P9_RREADLINK(r5, &(0x7f00000006c0)={0x10, 0x17, 0x2, {0x7, './file1'}}, 0x10) write$P9_RSETATTR(r5, &(0x7f0000000700)={0x7, 0x1b, 0x1}, 0x7) write$P9_RSTATu(r0, &(0x7f0000000740)={0x5c, 0x7d, 0x1, {{0x0, 0x46, 0x8, 0x1, {0x10, 0x1}, 0x4200000, 0x7, 0xbca, 0x5, 0x7, '@,/^[#-', 0x3, '[\'[', 0x2, '):', 0x7, '@,/^[#-'}, 0x1, '.', r1, 0x0, r1}}, 0x5c) write$P9_RCREATE(0xffffffffffffffff, &(0x7f00000007c0)={0x18, 0x73, 0x2, {{0x40, 0x4, 0x4}, 0x200}}, 0x18) 21:42:25 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r1, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x40004) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000140)={'gre0\x00', 0x0, 0x8, 0x80, 0x3f, 0xfffffff7, {{0xc, 0x4, 0x0, 0x8, 0x30, 0x64, 0x0, 0x6, 0x2f, 0x0, @rand_addr=0x64010100, @local, {[@ra={0x94, 0x4}, @lsrr={0x83, 0x17, 0x54, [@local, @empty, @broadcast, @broadcast, @dev={0xac, 0x14, 0x14, 0x1d}]}, @end]}}}}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000200)={'ip6_vti0\x00', r2, 0x2f, 0x0, 0x20, 0xfffffbb2, 0x41, @dev={0xfe, 0x80, '\x00', 0x1b}, @private2, 0x700, 0x7800, 0x3, 0x2}}) setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, &(0x7f00000002c0), 0x4) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r0, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x24, r1, 0x400, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0xf938c7e65ec42996) sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x38, r1, 0x100, 0x70bd2d, 0x25dfdbfd, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @local}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x38}, 0x1, 0x0, 0x0, 0x4841}, 0x24000000) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000500)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCADD6RD(r3, 0x89f9, &(0x7f00000005c0)={'syztnl0\x00', &(0x7f0000000540)={'syztnl0\x00', r4, 0x2f, 0x81, 0x5, 0x8001, 0x42, @remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x1, 0x40, 0x6513, 0x7}}) ioctl$sock_ipv6_tunnel_SIOCDEL6RD(r3, 0x89fa, &(0x7f0000000680)={'syztnl0\x00', &(0x7f0000000600)={'syztnl1\x00', r4, 0x4, 0x4, 0x20, 0x5, 0x8, @remote, @private2, 0x10, 0x700, 0xe69, 0x1}}) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000740)={'gretap0\x00', &(0x7f00000006c0)={'syztnl2\x00', 0x0, 0x8000, 0x1, 0x1, 0x3ff, {{0x14, 0x4, 0x2, 0xb, 0x50, 0x66, 0x0, 0xfb, 0x29, 0x0, @multicast2, @local, {[@timestamp_prespec={0x44, 0x34, 0xf, 0x3, 0x5, [{@empty, 0x20002000}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x7f}, {@empty, 0x6}, {@dev={0xac, 0x14, 0x14, 0x3e}, 0x6}, {@dev={0xac, 0x14, 0x14, 0x31}, 0x2}, {@loopback, 0x9b}]}, @end, @ra={0x94, 0x4}, @end, @noop]}}}}}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000000800)={'syztnl1\x00', &(0x7f0000000780)={'syztnl0\x00', 0x0, 0x29, 0x77, 0x4, 0x8, 0x0, @empty, @mcast2, 0x20, 0x1, 0x1000, 0x4}}) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000840)='/proc/sysvipc/sem\x00', 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r5, 0x89f6, &(0x7f0000000900)={'sit0\x00', &(0x7f0000000880)={'ip6gre0\x00', r2, 0x2f, 0xe1, 0x57, 0x51c5, 0x10, @dev={0xfe, 0x80, '\x00', 0x36}, @private2, 0x8000, 0x8000, 0xfffffffd, 0xfffff001}}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000940), r0) openat$tun(0xffffffffffffff9c, &(0x7f0000000980), 0x20800, 0x0) sendmsg$BATADV_CMD_TP_METER(r5, &(0x7f0000000a80)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000a40)={&(0x7f0000000a00)={0x2c, r1, 0x100, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_HOP_PENALTY={0x5}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x24004805) sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000000b80)={&(0x7f0000000ac0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000b40)={&(0x7f0000000b00)={0x1c, r1, 0x200, 0x70bd27, 0x25dfdbfd, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0xfffffe01}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000001}, 0x8001) 21:42:25 executing program 7: setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x67, &(0x7f0000000000)=0x1, 0x4) write$P9_RLOCK(0xffffffffffffffff, &(0x7f0000000040)={0x8, 0x35, 0x2, 0x1}, 0x8) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000180)={'syztnl2\x00', &(0x7f0000000080)={'gre0\x00', 0x0, 0x7, 0x40, 0x3, 0x1, {{0x37, 0x4, 0x2, 0x0, 0xdc, 0x68, 0x0, 0x20, 0x4, 0x0, @rand_addr=0x64010101, @private=0xa010100, {[@cipso={0x86, 0x40, 0x2, [{0x5, 0x8, "a51df74557a2"}, {0x7, 0xf, "d7a19052010873688b9fface58"}, {0x0, 0x10, "6cdc288a66ec4296715f91218214"}, {0x5, 0x7, "1b50f5fec6"}, {0x6, 0x2}, {0x6, 0xa, "770d642e00fbd985"}]}, @generic={0x94, 0x7, "6f34cbdc39"}, @ra={0x94, 0x4, 0x1}, @timestamp_prespec={0x44, 0x34, 0xc1, 0x3, 0x7, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0xfc00}, {@multicast1, 0x3}, {@local, 0x4}, {@local, 0x3}, {@empty, 0x7}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x1}]}, @timestamp_addr={0x44, 0x44, 0xcd, 0x1, 0xe, [{@broadcast, 0x48f}, {@multicast1, 0x81}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4}, {@empty, 0x2}, {@broadcast, 0x7}, {@remote}, {@dev={0xac, 0x14, 0x14, 0x18}, 0x7}, {@multicast2, 0x8}]}, @generic={0xc2, 0x3, '<'}]}}}}}) connect$bt_l2cap(0xffffffffffffffff, &(0x7f00000001c0)={0x1f, 0x5, @none, 0xfff}, 0xe) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r1, 0xb32, 0x70bd28, 0x25dfdbfc, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x44050) sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x44, r1, 0x400, 0x70bd29, 0x25dfdbfc, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xffffffff}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}]}, 0x44}, 0x1, 0x0, 0x0, 0x40040}, 0x44000) socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$BATADV_CMD_GET_ORIGINATORS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r1, 0x2, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xffffffff}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x4000004) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_LEAVE_MESH(r2, &(0x7f0000000640)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x20, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x5, 0x54}}}}, ["", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x4040000}, 0x8000) sendmsg$BATADV_CMD_SET_VLAN(r2, &(0x7f0000000740)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x1c, r1, 0x20, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0xfff}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4010}, 0x4008040) prctl$PR_GET_SECUREBITS(0x1b) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r3, &(0x7f0000000840)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x24, r1, 0x300, 0x70bd25, 0x25dfdbff, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r0}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r0}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000040}, 0x4) r4 = syz_genetlink_get_family_id$batadv(&(0x7f00000008c0), r3) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r3, &(0x7f0000000980)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x1c, r4, 0x300, 0x70bd27, 0x25dfdbff, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40890}, 0x20008054) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r5, 0x89f8, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'ip6_vti0\x00', r0, 0x29, 0x3, 0x80, 0x7, 0x70, @private0, @loopback, 0x40, 0x80, 0x80000001, 0xf95}}) write$P9_RSETATTR(0xffffffffffffffff, &(0x7f0000000ac0)={0x7, 0x1b, 0x1}, 0x7) 21:42:25 executing program 6: r0 = accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @none}, &(0x7f0000000040)=0xe, 0x0) getsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f0000000080)=0x80, &(0x7f00000000c0)=0x2) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'batadv0\x00', 0x0}) r2 = accept4$bt_l2cap(r0, &(0x7f0000000140)={0x1f, 0x0, @none}, &(0x7f0000000180)=0xe, 0x1000) getsockopt$bt_BT_FLUSHABLE(r2, 0x112, 0x8, &(0x7f00000001c0)=0x2, &(0x7f0000000200)=0x4) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, 0x0, 0x300, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x3}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x81}, 0x50004) r3 = socket(0x0, 0x1, 0x5) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r3, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x10, 0x70bd2d, 0x25dfdbfb, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x50004}, 0x0) sendmsg$BATADV_CMD_SET_VLAN(r3, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x64, 0x0, 0x400, 0x70bd27, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x954}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0xb221}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x9}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xffff}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x8}, @BATADV_ATTR_GW_MODE={0x5}]}, 0x64}, 0x1, 0x0, 0x0, 0x40}, 0x20040000) r4 = socket(0x2, 0x3, 0x1f) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f0000000680)={'erspan0\x00', &(0x7f0000000580)={'gretap0\x00', r1, 0x8000, 0x10, 0xc0, 0x3, {{0x35, 0x4, 0x3, 0x7, 0xd4, 0x68, 0x0, 0x80, 0x29, 0x0, @broadcast, @multicast2, {[@timestamp_prespec={0x44, 0x1c, 0x9a, 0x3, 0x8, [{@dev={0xac, 0x14, 0x14, 0x33}, 0xde89}, {@multicast2, 0x78b}, {@remote, 0x80000000}]}, @timestamp_addr={0x44, 0x24, 0xf, 0x1, 0x2, [{@private=0xa010100, 0x9}, {@multicast1, 0x87}, {@remote, 0x3}, {@empty}]}, @generic={0x83, 0x10, "18abc14b404f9417819b0cba9d8e"}, @end, @cipso={0x86, 0x66, 0xffffffffffffffff, [{0x2, 0x9, "8368f84948f02c"}, {0x1, 0xf, "a760efde737d44826f31efb331"}, {0x480b688da3203afc, 0xa, "3fd34db379139ba6"}, {0x2, 0x5, "689b82"}, {0x7, 0xe, "fe34a26dbd8e0e44a5573a03"}, {0x6, 0x8, "83643abb90ca"}, {0x7, 0xe, "81e216cfa1bbd7d26330df0d"}, {0x1, 0x5, "f54599"}, {0x1, 0x10, "1aa7dd7f887aadbc07d7c22ddb86"}]}, @timestamp={0x44, 0x8, 0x81, 0x0, 0x0, [0x7fffffff]}, @noop]}}}}}) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000000780)={'gretap0\x00', &(0x7f00000006c0)={'gre0\x00', r5, 0x0, 0x700, 0x9, 0x6, {{0x26, 0x4, 0x0, 0x27, 0x98, 0x65, 0x0, 0x2, 0x4, 0x0, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@noop, @ssrr={0x89, 0x27, 0x2f, [@dev={0xac, 0x14, 0x14, 0x2e}, @remote, @empty, @private=0xa010100, @loopback, @multicast1, @loopback, @private=0xa010101, @empty]}, @ra={0x94, 0x4, 0x1}, @timestamp_prespec={0x44, 0x34, 0x31, 0x3, 0x0, [{@loopback, 0x8}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x3}, {@remote, 0x5c}, {@dev={0xac, 0x14, 0x14, 0x3b}, 0xe0ae}, {@multicast2, 0x478}, {@dev={0xac, 0x14, 0x14, 0x1b}, 0x4}]}, @timestamp={0x44, 0x8, 0xce, 0x0, 0x2, [0x9]}, @timestamp={0x44, 0x8, 0xa7, 0x0, 0xc, [0x7fffffff]}, @noop, @ra={0x94, 0x4, 0x1}, @rr={0x7, 0xf, 0xc1, [@remote, @empty, @broadcast]}]}}}}}) sendmsg$BATADV_CMD_GET_NEIGHBORS(r4, &(0x7f00000008c0)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000880)={&(0x7f0000000800)={0x44, 0x0, 0x0, 0x70bd2b, 0x25dfdbfb, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xc33}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x40}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000}, 0x24000004) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000940), 0xffffffffffffffff) sendmsg$BATADV_CMD_TP_METER(r3, &(0x7f0000000a00)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000009c0)={&(0x7f0000000980)={0x34, r6, 0x200, 0x70bd27, 0x25dfdbff, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x6}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x5f2}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x44810}, 0x40) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r3, &(0x7f0000000b40)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000b00)={&(0x7f0000000a80)={0x64, r6, 0x200, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x8}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x2}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x7}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x5}]}, 0x64}, 0x1, 0x0, 0x0, 0x80}, 0x200008b0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000b80), 0xffffffffffffffff) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_RECONFIGURE(r7, &(0x7f0000000d00)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000c00)={0x84, 0x0, 0x2, 0x70bd29, 0xeff, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_SOCKETS={0xc, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}]}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x1f}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x8}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x8}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}]}, 0x84}, 0x1, 0x0, 0x0, 0x40000}, 0x20004000) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, &(0x7f0000000e80)={'ip6gre0\x00', &(0x7f0000000e00)={'syztnl1\x00', 0x0, 0x2f, 0x1e, 0x7, 0x55, 0x0, @dev={0xfe, 0x80, '\x00', 0x28}, @ipv4={'\x00', '\xff\xff', @loopback}, 0x8000, 0x80, 0x80000000, 0x3}}) [ 103.737061] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 103.741051] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 103.745054] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 103.752937] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 103.757125] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 103.854627] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 103.859149] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 103.871902] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 103.878913] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 103.889038] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 103.978835] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 103.982029] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 103.984815] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 103.994804] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 103.999731] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 104.002904] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 104.007895] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 104.010723] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 104.014296] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 104.016619] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 104.025190] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 104.031007] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 104.050035] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 104.066785] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 104.106072] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 104.108827] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 104.122901] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 104.128285] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 104.134943] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 104.143342] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 104.151239] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 104.153034] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 104.161194] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 104.170003] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 104.175100] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 104.180246] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 104.194011] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 104.204131] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 104.226051] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 104.243000] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 105.820300] Bluetooth: hci0: command tx timeout [ 105.947820] Bluetooth: hci1: command tx timeout [ 106.139774] Bluetooth: hci2: command tx timeout [ 106.206881] Bluetooth: hci3: command tx timeout [ 106.206914] Bluetooth: hci4: command tx timeout [ 106.208070] Bluetooth: hci5: command tx timeout [ 106.268687] Bluetooth: hci7: command tx timeout [ 106.331703] Bluetooth: hci6: command tx timeout [ 107.867623] Bluetooth: hci0: command tx timeout [ 107.998580] Bluetooth: hci1: command tx timeout [ 108.187734] Bluetooth: hci2: command tx timeout [ 108.251694] Bluetooth: hci5: command tx timeout [ 108.252706] Bluetooth: hci3: command tx timeout [ 108.253166] Bluetooth: hci4: command tx timeout [ 108.315638] Bluetooth: hci7: command tx timeout [ 108.379475] Bluetooth: hci6: command tx timeout [ 109.915896] Bluetooth: hci0: command tx timeout [ 110.044470] Bluetooth: hci1: command tx timeout [ 110.235501] Bluetooth: hci2: command tx timeout [ 110.299558] Bluetooth: hci4: command tx timeout [ 110.299635] Bluetooth: hci3: command tx timeout [ 110.299993] Bluetooth: hci5: command tx timeout [ 110.363653] Bluetooth: hci7: command tx timeout [ 110.427722] Bluetooth: hci6: command tx timeout [ 111.963536] Bluetooth: hci0: command tx timeout [ 112.091475] Bluetooth: hci1: command tx timeout [ 112.283689] Bluetooth: hci2: command tx timeout [ 112.347801] Bluetooth: hci5: command tx timeout [ 112.348291] Bluetooth: hci3: command tx timeout [ 112.349459] Bluetooth: hci4: command tx timeout [ 112.411713] Bluetooth: hci7: command tx timeout [ 112.476065] Bluetooth: hci6: command tx timeout [ 163.784324] syz-executor.0 (285) used greatest stack depth: 24640 bytes left [ 166.131200] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 166.133353] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 166.135086] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 166.143774] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 166.146198] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 166.204559] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 166.206987] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 166.209573] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 166.217537] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 166.222533] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 166.321134] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 166.332935] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 166.338290] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 166.349707] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 166.355702] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 166.387085] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 166.396976] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 166.401144] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 166.410558] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 166.425830] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 166.426551] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 166.436899] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 166.456799] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 166.482061] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 166.484359] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 166.491588] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 166.495747] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 166.505710] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 166.507553] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 166.545645] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 166.548303] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 166.559695] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 166.593914] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 166.627862] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 166.669748] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 166.671194] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 166.716248] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 166.720838] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 166.747772] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 166.782806] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 168.220585] Bluetooth: hci0: command tx timeout [ 168.284201] Bluetooth: hci1: command tx timeout [ 168.476607] Bluetooth: hci2: command tx timeout [ 168.541467] Bluetooth: hci4: command tx timeout [ 168.604555] Bluetooth: hci3: command tx timeout [ 168.731614] Bluetooth: hci5: command tx timeout [ 168.795708] Bluetooth: hci6: command tx timeout [ 168.859948] Bluetooth: hci7: command tx timeout [ 170.267597] Bluetooth: hci0: command tx timeout [ 170.331665] Bluetooth: hci1: command tx timeout [ 170.523702] Bluetooth: hci2: command tx timeout [ 170.588645] Bluetooth: hci4: command tx timeout [ 170.652441] Bluetooth: hci3: command tx timeout [ 170.780894] Bluetooth: hci5: command tx timeout [ 170.843535] Bluetooth: hci6: command tx timeout [ 170.907705] Bluetooth: hci7: command tx timeout [ 172.315479] Bluetooth: hci0: command tx timeout [ 172.379674] Bluetooth: hci1: command tx timeout [ 172.571796] Bluetooth: hci2: command tx timeout [ 172.636478] Bluetooth: hci4: command tx timeout [ 172.700472] Bluetooth: hci3: command tx timeout [ 172.828740] Bluetooth: hci5: command tx timeout [ 172.891522] Bluetooth: hci6: command tx timeout [ 172.955661] Bluetooth: hci7: command tx timeout [ 174.364623] Bluetooth: hci0: command tx timeout [ 174.429215] Bluetooth: hci1: command tx timeout [ 174.620748] Bluetooth: hci2: command tx timeout [ 174.684648] Bluetooth: hci4: command tx timeout [ 174.748797] Bluetooth: hci3: command tx timeout [ 174.877468] Bluetooth: hci5: command tx timeout [ 174.940709] Bluetooth: hci6: command tx timeout [ 175.005701] Bluetooth: hci7: command tx timeout [ 228.582383] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 228.584864] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 228.590997] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 228.602471] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 228.605596] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 228.664378] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 228.667803] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 228.672370] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 228.681297] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 228.685564] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 228.776537] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 228.781809] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 228.791740] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 228.802189] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 228.815618] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 228.859286] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 228.877905] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 228.879444] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 228.887905] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 228.894560] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 228.919000] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 228.920600] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 228.921848] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 228.930712] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 228.932486] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 228.936343] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 228.939782] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 228.949115] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 228.956791] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 229.002423] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 229.039206] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 229.051864] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 229.055628] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 229.057906] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 229.058969] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 229.061987] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 229.063663] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 229.084644] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 229.107924] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 229.182859] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 230.620692] Bluetooth: hci0: command tx timeout [ 230.747492] Bluetooth: hci1: command tx timeout [ 230.875615] Bluetooth: hci2: command tx timeout [ 230.939464] Bluetooth: hci3: command tx timeout [ 231.003499] Bluetooth: hci4: command tx timeout [ 231.068062] Bluetooth: hci5: command tx timeout [ 231.131511] Bluetooth: hci6: command tx timeout [ 231.259590] Bluetooth: hci7: command tx timeout [ 232.667499] Bluetooth: hci0: command tx timeout [ 232.795488] Bluetooth: hci1: command tx timeout [ 232.923740] Bluetooth: hci2: command tx timeout [ 232.987683] Bluetooth: hci3: command tx timeout [ 233.053512] Bluetooth: hci4: command tx timeout [ 233.117739] Bluetooth: hci5: command tx timeout [ 233.180586] Bluetooth: hci6: command tx timeout [ 233.307587] Bluetooth: hci7: command tx timeout [ 234.715566] Bluetooth: hci0: command tx timeout [ 234.843983] Bluetooth: hci1: command tx timeout [ 234.971558] Bluetooth: hci2: command tx timeout [ 235.035956] Bluetooth: hci3: command tx timeout [ 235.099709] Bluetooth: hci4: command tx timeout [ 235.164309] Bluetooth: hci5: command tx timeout [ 235.227579] Bluetooth: hci6: command tx timeout [ 235.355652] Bluetooth: hci7: command tx timeout [ 236.763544] Bluetooth: hci0: command tx timeout [ 236.893518] Bluetooth: hci1: command tx timeout [ 237.019787] Bluetooth: hci2: command tx timeout [ 237.083514] Bluetooth: hci3: command tx timeout [ 237.147475] Bluetooth: hci4: command tx timeout [ 237.211843] Bluetooth: hci5: command tx timeout [ 237.275492] Bluetooth: hci6: command tx timeout [ 237.403557] Bluetooth: hci7: command tx timeout [ 290.934531] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 290.941104] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 290.953916] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 290.974922] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 290.979146] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 291.195316] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 291.200086] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 291.203033] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 291.218786] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 291.232695] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 291.255836] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 291.258378] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 291.260552] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 291.265551] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 291.269638] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 291.445879] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 291.454889] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 291.466086] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 291.490695] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 291.496728] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 291.499336] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 291.507491] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 291.534469] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 291.548372] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 291.561085] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 291.600839] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 291.601007] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 291.604937] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 291.676482] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 291.678235] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 291.687968] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 291.692949] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 291.740326] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 291.796012] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 291.829987] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 291.944357] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 291.952066] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 291.956225] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 292.027218] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 292.058966] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 293.020693] Bluetooth: hci0: command tx timeout [ 293.340659] Bluetooth: hci2: command tx timeout [ 293.342104] Bluetooth: hci1: command tx timeout [ 293.660823] Bluetooth: hci3: command tx timeout [ 293.661762] Bluetooth: hci4: command tx timeout [ 293.851509] Bluetooth: hci6: command tx timeout [ 293.915550] Bluetooth: hci5: command tx timeout [ 294.107555] Bluetooth: hci7: command tx timeout [ 295.067481] Bluetooth: hci0: command tx timeout [ 295.388800] Bluetooth: hci1: command tx timeout [ 295.389295] Bluetooth: hci2: command tx timeout [ 295.708371] Bluetooth: hci3: command tx timeout [ 295.708885] Bluetooth: hci4: command tx timeout [ 295.899540] Bluetooth: hci6: command tx timeout [ 295.964736] Bluetooth: hci5: command tx timeout [ 296.156802] Bluetooth: hci7: command tx timeout [ 297.116598] Bluetooth: hci0: command tx timeout [ 297.435540] Bluetooth: hci1: command tx timeout [ 297.436014] Bluetooth: hci2: command tx timeout [ 297.757464] Bluetooth: hci4: command tx timeout [ 297.757941] Bluetooth: hci3: command tx timeout [ 297.948744] Bluetooth: hci6: command tx timeout [ 298.012339] Bluetooth: hci5: command tx timeout [ 298.204719] Bluetooth: hci7: command tx timeout [ 299.163750] Bluetooth: hci0: command tx timeout [ 299.485474] Bluetooth: hci1: command tx timeout [ 299.485921] Bluetooth: hci2: command tx timeout [ 299.804547] Bluetooth: hci3: command tx timeout [ 299.804979] Bluetooth: hci4: command tx timeout [ 299.995661] Bluetooth: hci6: command tx timeout [ 300.059488] Bluetooth: hci5: command tx timeout [ 300.251844] Bluetooth: hci7: command tx timeout [ 353.523478] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 353.526800] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 353.530222] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 353.545743] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 353.550940] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 353.730908] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 353.734169] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 353.741072] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 353.756308] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 353.763847] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 353.790207] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 353.803104] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 353.808076] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 353.829279] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 353.837026] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 353.928128] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 353.949032] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 353.956868] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 353.974825] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 353.979718] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 353.982640] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 353.987916] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 353.991908] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 353.995385] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 354.019859] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 354.031183] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 354.079656] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 354.095162] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 354.110583] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 354.121340] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 354.164071] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 354.165727] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 354.175664] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 354.177023] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 354.184723] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 354.192678] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 354.193702] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 354.228663] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 354.245916] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 354.266774] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 355.611540] Bluetooth: hci0: command tx timeout [ 355.803553] Bluetooth: hci1: command tx timeout [ 355.868172] Bluetooth: hci2: command tx timeout [ 356.059562] Bluetooth: hci4: command tx timeout [ 356.123569] Bluetooth: hci3: command tx timeout [ 356.315665] Bluetooth: hci6: command tx timeout [ 356.379736] Bluetooth: hci7: command tx timeout [ 356.380058] Bluetooth: hci5: command tx timeout [ 357.659630] Bluetooth: hci0: command tx timeout [ 357.852453] Bluetooth: hci1: command tx timeout [ 357.915474] Bluetooth: hci2: command tx timeout [ 358.108480] Bluetooth: hci4: command tx timeout [ 358.171575] Bluetooth: hci3: command tx timeout [ 358.363766] Bluetooth: hci6: command tx timeout [ 358.428505] Bluetooth: hci5: command tx timeout [ 358.428683] Bluetooth: hci7: command tx timeout [ 359.709579] Bluetooth: hci0: command tx timeout [ 359.900508] Bluetooth: hci1: command tx timeout [ 359.963467] Bluetooth: hci2: command tx timeout [ 360.155679] Bluetooth: hci4: command tx timeout [ 360.219711] Bluetooth: hci3: command tx timeout [ 360.411579] Bluetooth: hci6: command tx timeout [ 360.477818] Bluetooth: hci7: command tx timeout [ 360.477919] Bluetooth: hci5: command tx timeout [ 361.756506] Bluetooth: hci0: command tx timeout [ 361.947470] Bluetooth: hci1: command tx timeout [ 362.012727] Bluetooth: hci2: command tx timeout [ 362.203632] Bluetooth: hci4: command tx timeout [ 362.268501] Bluetooth: hci3: command tx timeout [ 362.459565] Bluetooth: hci6: command tx timeout [ 362.523708] Bluetooth: hci7: command tx timeout [ 362.524843] Bluetooth: hci5: command tx timeout VM DIAGNOSIS: 21:47:27 Registers: info registers vcpu 0 RAX=0000000000000001 RBX=ffffffff85c28bc0 RCX=ffffffff8151f434 RDX=fffffbfff0b85179 RSI=0000000000000004 RDI=ffffffff85c28bc0 RBP=1ffff110012c4f8b RSP=ffff888009627c40 R8 =0000000000000001 R9 =fffffbfff0b85178 R10=ffffffff85c28bc3 R11=0000000000000001 R12=ffffffff85c28bc8 R13=ffffffff85c28bd0 R14=ffff888009627e00 R15=0000000000000000 RIP=ffffffff84b66c40 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e561b000 00000000 00000000 LDT=0000 fffffe7c00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fe3f70c2269 CR3=00000000281f1000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=6461657268747062696c2f756e672d78 XMM02=00302e6f732e6461657268747062696c XMM03=2f756e672d78756e696c2d34365f3638 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=ffff888036107ef0 RBX=0000000000000001 RCX=ffff88803610709c RDX=1ffff11006c20e32 RSI=ffffffff812af5b7 RDI=ffff888036107148 RBP=ffff8880361071a0 RSP=ffff8880361070d8 R8 =0000000000000001 R9 =ffff888036107188 R10=000000000003b6bd R11=000000000002186a R12=0000000000000000 R13=ffff888036107190 R14=ffff88802cd19b80 R15=ffff888036107148 RIP=ffffffff81353c45 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e571b000 00000000 00000000 LDT=0000 fffffe2f00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fd8eed37810 CR3=000000001b780000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=322e6f732e6c6462696c2f756e672d78 XMM02=00322e6f732e6c6462696c2f756e672d XMM03=78756e696c2d34365f3638782f62696c XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000