Warning: Permanently added '[localhost]:65040' (ECDSA) to the list of known hosts. 2025/05/31 01:05:21 fuzzer started 2025/05/31 01:05:22 dialing manager at localhost:34361 syzkaller login: [ 94.950853] cgroup: Unknown subsys name 'net' [ 95.090145] cgroup: Unknown subsys name 'cpuset' [ 95.129974] cgroup: Unknown subsys name 'rlimit' 2025/05/31 01:05:38 syscalls: 202 2025/05/31 01:05:38 code coverage: enabled 2025/05/31 01:05:38 comparison tracing: enabled 2025/05/31 01:05:38 extra coverage: enabled 2025/05/31 01:05:38 setuid sandbox: enabled 2025/05/31 01:05:38 namespace sandbox: enabled 2025/05/31 01:05:38 Android sandbox: enabled 2025/05/31 01:05:38 fault injection: enabled 2025/05/31 01:05:38 leak checking: enabled 2025/05/31 01:05:38 net packet injection: enabled 2025/05/31 01:05:38 net device setup: enabled 2025/05/31 01:05:38 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/05/31 01:05:38 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/05/31 01:05:38 USB emulation: enabled 2025/05/31 01:05:38 hci packet injection: enabled 2025/05/31 01:05:38 wifi device emulation: enabled 2025/05/31 01:05:38 802.15.4 emulation: enabled 2025/05/31 01:05:38 fetching corpus: 0, signal 0/0 (executing program) 2025/05/31 01:05:40 starting 8 fuzzer processes 01:05:40 executing program 0: r0 = syz_open_dev$ptys(0xc, 0x3, 0x0) r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x5a, 0x3, 0x1, 0x7, 0x0, 0xffffffffffffff7f, 0x80000, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x4, 0x6}, 0x8005, 0xffffffffffffffed, 0x7, 0x7, 0x4, 0x1, 0x1, 0x0, 0xcd, 0x0, 0x1000}, 0x0, 0xa, 0xffffffffffffffff, 0xd) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000080)=[0xffffffffffffffff, r0, r1], 0x3) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000e, 0x2010, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000100)={0x2, 0x80, 0x9, 0x8, 0x53, 0x0, 0x0, 0x5, 0x880, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x2, @perf_bp={&(0x7f00000000c0), 0x1}, 0x0, 0x2, 0x0, 0x7, 0x0, 0x1, 0x9, 0x0, 0x1, 0x0, 0x2}) io_uring_register$IORING_REGISTER_PROBE(0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x0, 0x0, 0x0, '\x00', [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}]}, 0xa) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0x1000) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000200)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(0xffffffffffffffff, 0x40082102, &(0x7f0000000280)=r2) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2, 0x8010, 0xffffffffffffffff, 0x0) sendmsg$NL80211_CMD_GET_FTM_RESPONDER_STATS(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x20, 0x0, 0x2, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x1, 0x12}}}}, ["", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x8820}, 0x80) r3 = syz_io_uring_setup(0xfc4, &(0x7f00000003c0)={0x0, 0xd202, 0x0, 0x3, 0xad}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000440), &(0x7f0000000480)) io_uring_register$IORING_REGISTER_PROBE(r3, 0x8, &(0x7f00000004c0)={0x0, 0x0, 0x0, '\x00', [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}]}, 0x27) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(0xffffffffffffffff, 0xc0305302, &(0x7f0000000640)={0x6, 0x4, 0x44d, 0x8, 0x7, 0x3ff}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r3, 0xa, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_SEND(0xffffffffffffffff, 0xc0182101, &(0x7f0000000680)={r2, 0x0, 0x6}) ioctl$RNDCLEARPOOL(0xffffffffffffffff, 0x5206, &(0x7f00000006c0)=0xa0) ioctl$MON_IOCQ_RING_SIZE(0xffffffffffffffff, 0x9205) io_uring_register$IORING_UNREGISTER_FILES(r3, 0x3, 0x0, 0x0) ioctl$KDGKBTYPE(r0, 0x4b33, &(0x7f0000000700)) 01:05:40 executing program 1: mmap$perf(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x4, 0x8010, 0xffffffffffffffff, 0xffffffffffffff00) r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x800, 0x40) mmap$usbmon(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x300000c, 0x110, r0, 0xffffffff) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x8000) read$usbmon(r0, &(0x7f0000000040)=""/62, 0x3e) r1 = syz_open_dev$usbmon(&(0x7f0000000080), 0x8, 0x301902) ioctl$MON_IOCQ_URB_LEN(r1, 0x9201) read$usbmon(0xffffffffffffffff, &(0x7f00000000c0)=""/162, 0xa2) r2 = syz_open_dev$usbmon(&(0x7f0000000180), 0x408f1b55, 0x281) ioctl$MON_IOCT_RING_SIZE(r2, 0x9204, 0x18949) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x60, 0x0, 0x300, 0x70bd2c, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r0}, @NL802154_ATTR_PID={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000001}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}]}, 0x60}, 0x1, 0x0, 0x0, 0x4044850}, 0x24040080) ioctl$MON_IOCG_STATS(r2, 0x80089203, &(0x7f0000000300)) r3 = syz_open_dev$usbmon(&(0x7f0000000340), 0x7, 0x200) mmap$usbmon(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000009, 0x20010, r3, 0x98) io_uring_register$IORING_UNREGISTER_BUFFERS(0xffffffffffffffff, 0x1, 0x0, 0x0) ioctl$MON_IOCX_MFETCH(r1, 0xc0109207, &(0x7f00000003c0)={&(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6, 0x58}) r4 = perf_event_open$cgroup(&(0x7f0000000400)={0x4, 0x80, 0x7, 0x0, 0x4, 0xd5, 0x0, 0xfff, 0x1, 0xa, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x101, 0x1, @perf_config_ext={0x7, 0x1}, 0x2100, 0x6, 0x4, 0x2ac986e7937e41c, 0x5, 0x4c, 0x2153, 0x0, 0x8, 0x0, 0x7}, 0xffffffffffffffff, 0x6, 0xffffffffffffffff, 0x1) r5 = eventfd2(0x7fffffff, 0x80800) io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x6, &(0x7f00000004c0)={0x7ff, 0x0, &(0x7f0000000480)=[r0, r3, r4, r0, r5]}, 0x5) io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0xa, 0x0, 0x0) 01:05:40 executing program 2: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x420000, 0x0) ioctl$MON_IOCQ_URB_LEN(r0, 0x9201) ioctl$MON_IOCX_GET(r0, 0x40189206, &(0x7f00000000c0)={&(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000080)=""/60, 0x3c}) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x8, 0x1010, 0xffffffffffffffff, 0x6) r1 = syz_open_dev$usbmon(&(0x7f0000000100), 0x8, 0x100) ioctl$MON_IOCQ_URB_LEN(r1, 0x9201) ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000180)={&(0x7f0000000140)=[0x0, 0x0], 0x2, 0x4}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f00000001c0)='/dev/usbmon#\x00') ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000200)={{0x7f, 0x8}, {0x5, 0x8}, 0x6, 0x5, 0x6f}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0) sendmsg$NL80211_CMD_SET_NOACK_MAP(r0, &(0x7f0000000380)={&(0x7f0000000280), 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x38, r2, 0x8, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x9, 0x27}}}}, [@NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x1156}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x7ff}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x20000001) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r3, 0x40605346, &(0x7f0000000400)={0x3, 0x0, {0x3, 0x0, 0x0, 0x3, 0xf82}}) setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000480)=0x3, 0x4) ioctl$MON_IOCX_GETX(r0, 0x4018920a, &(0x7f0000000540)={&(0x7f00000004c0), &(0x7f0000000500)=""/40, 0x28}) sendmsg$NL80211_CMD_SET_BSS(r3, &(0x7f0000000640)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x3c, r2, 0x8, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_BSS_HT_OPMODE={0x6, 0x6d, 0x40}, @NL80211_ATTR_P2P_OPPPS={0x5, 0xa3, 0x1}, @NL80211_ATTR_BSS_SHORT_SLOT_TIME={0x5, 0x1e, 0x90}, @NL80211_ATTR_P2P_CTWINDOW={0x5, 0xa2, 0x3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000}, 0x881) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), r0) sendmsg$NL80211_CMD_SET_NOACK_MAP(r4, &(0x7f00000007c0)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000780)={&(0x7f0000000700)={0x64, r5, 0x10, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x5}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x3}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x4}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x2}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x400}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x5}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x6}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x20}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x81}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000}, 0x20000051) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(0xffffffffffffffff, 0xc0105303, &(0x7f0000000840)={0x2c, 0x0, 0x7}) 01:05:40 executing program 3: r0 = socket(0x18, 0xa, 0x1) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_BSS(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, r1, 0x4, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_BSS_CTS_PROT={0x5, 0x1c, 0xff}, @NL80211_ATTR_BSS_SHORT_PREAMBLE={0x5, 0x1d, 0x67}, @NL80211_ATTR_BSS_SHORT_PREAMBLE={0x5, 0x1d, 0x4}, @NL80211_ATTR_BSS_SHORT_SLOT_TIME={0x5, 0x1e, 0x80}]}, 0x3c}, 0x1, 0x0, 0x0, 0x44004}, 0x28041) r3 = syz_open_dev$ptys(0xc, 0x3, 0x1) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r0, &(0x7f00000002c0)={&(0x7f0000000180), 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x58, r4, 0xa00, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x7fff, 0x1f}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x38}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x6b}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x80}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x2a}]}, 0x58}}, 0x4000000) ioctl$RNDCLEARPOOL(0xffffffffffffffff, 0x5206, &(0x7f0000000300)=0x1) ioctl$sock_SIOCADDRT(r0, 0x890b, &(0x7f0000000380)={0x0, @sco={0x1f, @none}, @l2={0x1f, 0x9ab, @none, 0x8, 0x3}, @qipcrtr={0x2a, 0x0, 0x4001}, 0xff, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000340)='ip6gre0\x00', 0x3, 0x1, 0x4b}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), r0) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r0, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x28, r5, 0x200, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x71}]}, 0x28}, 0x1, 0x0, 0x0, 0x881}, 0x0) ioctl$TIOCSPTLCK(r3, 0x40045431, &(0x7f0000000540)) r6 = io_uring_setup(0x32c0, &(0x7f0000000580)={0x0, 0x90ab, 0x1, 0x2, 0x60, 0x0, r3}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)={0x50, r5, 0x2, 0x70bd26, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x0, 0x56}}}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x2e}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x8}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x4}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x2c}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x1d}]}, 0x50}, 0x1, 0x0, 0x0, 0x48000}, 0x8000) r7 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000740), 0x2100, 0x0) io_uring_setup(0x62a, &(0x7f0000000780)={0x0, 0xd138, 0x8, 0x0, 0x2dd, 0x0, r7}) r8 = io_uring_setup(0x2d6b, &(0x7f0000000800)={0x0, 0x29f5, 0x8, 0x1, 0x47}) io_uring_register$IORING_REGISTER_FILES_UPDATE(r8, 0x6, &(0x7f00000008c0)={0x3e, 0x0, &(0x7f0000000880)=[0xffffffffffffffff, r3, r0, r7, r7, r6]}, 0x6) sendmsg$NL80211_CMD_SET_BSS(r7, &(0x7f0000000a00)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000009c0)={&(0x7f0000000940)={0x48, r4, 0x100, 0x70bd27, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x8, 0x37}}}}, [@NL80211_ATTR_AP_ISOLATE={0x5, 0x60, 0x2}, @NL80211_ATTR_BSS_SHORT_PREAMBLE={0x5, 0x1d, 0x8}, @NL80211_ATTR_AP_ISOLATE={0x5, 0x60, 0xdb}, @NL80211_ATTR_BSS_HT_OPMODE={0x6, 0x6d, 0x2ead}, @NL80211_ATTR_BSS_SHORT_PREAMBLE={0x5, 0x1d, 0x2}]}, 0x48}}, 0x24048801) ioctl$TCSETS2(0xffffffffffffffff, 0x402c542b, &(0x7f0000000a80)={0x2, 0x7f, 0x1ff, 0x1, 0x5c, "615eb47863ee9219c18232b3eb64db42651fa7", 0x644, 0x7}) [ 112.664554] audit: type=1400 audit(1748653540.229:7): avc: denied { execmem } for pid=273 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 01:05:40 executing program 4: ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, &(0x7f0000000000)={{0x1f, 0xff}, 0x1, 0x0, 0x8, {0x6, 0x8}, 0x7, 0x4}) accept4$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000000c0)=0x14, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r0, 0xc0a85322, &(0x7f0000000140)) socketpair(0x8, 0x8, 0x1, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendto$packet(r1, &(0x7f0000000240)="998107208ca4d75b9dcb412b7297dd14e0519bcc6ef769e6b7f9f8ec0bb4b706fe9f5a8d1ccbdbfc0bafa451508ca8d675cef14b756661d234292b1bc120a8af6412fe9d1cc13f5c5898db0d07c7f8c9367403abd0944dc0cc6c2a202515e28a2ada3d9353c0bcd54ad9a168b4ff85a07d0b3e290d8009be3c11f3fab8a3069f0737b8e9e7257fd9bd90e919517c924e3fe79e699164eec4a63c121804d352cad8d0fdc80cd4bc458858c3ca37a6a39890463144c4996f247c1969fe4e02221ead47b478630def5fa3a6ea28c75186cf0cf21bfd", 0xd4, 0x8800, 0x0, 0x0) socketpair(0x5, 0x0, 0x7, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) socket(0x18, 0x1, 0x8) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000380)={'wlan1\x00'}) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(r0, 0xc0bc5310, &(0x7f00000003c0)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000480)=""/32, 0x20}, {&(0x7f00000004c0)=""/157, 0x9d}, {&(0x7f0000000580)=""/129, 0x81}, {&(0x7f0000000640)=""/1, 0x1}, {&(0x7f0000000680)=""/203, 0xcb}, {&(0x7f0000000780)=""/8, 0x8}], 0x6) mmap$IORING_OFF_SQES(&(0x7f0000ff7000/0x8000)=nil, 0x8000, 0x2000001, 0x11, 0xffffffffffffffff, 0x10000000) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r0, 0x408c5333, &(0x7f0000000840)={0x0, 0x7, 0x0, 'queue1\x00', 0x1c}) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000900)={0x1, 0x101, 0xadcf, 0x1020000, 0x785, 0xa00}) getsockname$packet(r2, &(0x7f0000000980)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f00000009c0)=0x14) sendmsg$NL80211_CMD_GET_FTM_RESPONDER_STATS(r1, &(0x7f0000000ac0)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a40)={0x1c, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8}, @void}}, ["", ""]}, 0x1c}}, 0x26004005) r3 = syz_open_pts(0xffffffffffffffff, 0x101000) ioctl$KDFONTOP_SET(r3, 0x4b72, &(0x7f0000000f00)={0x0, 0x0, 0x1c, 0x11, 0x154, &(0x7f0000000b00)="3784efb5812a87abd52e020439cca804cbd7040be729e39215fc38ddca566f94186abd36884ea07f038f311a5cc1570f5a8aa00facce9dd629aae904f13bb6cb7c68a2568c4869eabcc546ca6bd1eac7af1de1484c59ab0faa9aa07d78916ced0c02854a091f3e18c6ab765d039aec316f125fa6d2b84528da83348086dbe9fef744cce4f97e564c2f0d0c06b040b61d674cf58798b0f4266af568ca197dbf6df419df824f9595da9db0c03c8495a816d2a25440ed6497fe058ed128760ee5cd0587a43de2ff31da76ddf08fdefb37e6f5a7df19f8ddcbeb76791a3610bb27f5192e3e2daf4bcfb3185a055eb97f12ce4042835fffa91872c42025ea88e856a9e31ab12ef02da68ca885c0d567d30e0df2f565301eee173c57e8d4eeae7e0af0c203e2fa7fb4f1d398943086384e978ff0d208151209a45681b61afde765ca7b9aade9e891e1643ee3ec4c118c30307c17691cac96e2c4c3533ff7f2e6cbc4662deec3e0ba4691936736ca297e1540f0f34992e8dfd56ac74c41aeab9847197bc7cf1adcf41c38199c108325c2ebf67e6c23a5f98dc3926b2ee67a40d4b6b076a617bd402be062c490726a4f67723c0126d2f8de9b527ab6272076c8d5f548e52ba0d2a4d217b97ab57ad78304f4fc6b5dd88d28da8b28a0e044d5485dd6e3ab1eed5676bca1b5721559f32e6419c17c2e5e6abcbfb796b59b84e0d2fafb956e9a286d1dbf570b0eb3a665ef0abc7eb9d00792b211c88165cff0b043a941d9564965031933b8ddc04a9bde92b730e25d77ab50f6826c503d42827cb7f018aba35d34bf6c3eb00da948ac0c27fdb9955c2054a6f087a994f5b5dc6fd46e2b3d6801061e9dd61d8d9af2564430be8fd08f3e31faaa099ed8a78f9f13957fedaa585bb07f1a3680556e577e5c0a6cf056740667dfc6aa91f361c48515756078b772e70f7a3141f6ad4e3174b1e612bf7d5f9487600a9ad7ef0c5f30efe3e0d3604804ac1d02fdd96b40619d7d7a63c227b8f88a47a55c183f94fee9fb5e5eedf3f3af29bd86a630d857aded4a858814f44af81374ef26b0c81f677e240cab2486b5960de0b952549134665cc16467a3126710ef695b825755119d84cedcfdf0898340754574b242a3f742c07f8e3fe128cefe297efcf7ffa4543a65d2ef4edf26fb8bb6d900415220689747e1363702e7ebe6e093bf165622d1c96e96941054627976d182961d2d353c7b75b1d7a77c382f5e66373d8bee5ae582c745f2afc8809293212c795efb71713bbf254ce3177d9a2b63c69124dbd6d624727b4370376bf021ef5070a70fcfd64e1096a2a591f5cedc03bc101305ba018e286798b2d625ab4e57671a502b6a5643295a6ef921c453919694fcd768a1b7820f4916c17d3dee8713673bc19532dba5810ebd49546c601754234a49389c063e282d1f3b388b9a"}) r4 = socket(0x0, 0x2, 0x80) sendmsg$NL80211_CMD_SET_WOWLAN(r4, &(0x7f0000001140)={&(0x7f0000000f40)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000001100)={&(0x7f0000000f80)={0x168, 0x0, 0x100, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x1, 0x3c}, @void, @val={0xc, 0x99, {0x1, 0x68}}}}, [@NL80211_ATTR_WOWLAN_TRIGGERS={0x1c, 0x75, 0x0, 0x1, [@NL80211_WOWLAN_TRIG_ANY={0x4}, @NL80211_WOWLAN_TRIG_PKT_PATTERN={0x14, 0x4, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NL80211_PKTPAT_OFFSET={0x8, 0x3, 0x6ac}, @NL80211_PKTPAT_MASK={0x4}]}]}]}, @NL80211_ATTR_WOWLAN_TRIGGERS={0x114, 0x75, 0x0, 0x1, [@NL80211_WOWLAN_TRIG_TCP_CONNECTION={0x104, 0xe, 0x0, 0x1, [@NL80211_WOWLAN_TCP_DATA_INTERVAL={0x8, 0x9, 0x400}, @NL80211_WOWLAN_TCP_SRC_PORT={0x6, 0x4, 0x3}, @NL80211_WOWLAN_TCP_DATA_PAYLOAD={0x69, 0x6, "8ebbdacfeacf044231851f82309979fc06938b44c7dfd7193b0585b2bde504cde2faf6d5fba0932da19fad58d3592627836664dc480271b829d2faf556bfda5ba479200411b1cb7c2cd6f836de1ab50617f1435666d912cdb5f6f661bbf66f3600c7536f91"}, @NL80211_WOWLAN_TCP_SRC_PORT={0x6, 0x4, 0x7}, @NL80211_WOWLAN_TCP_DATA_PAYLOAD={0x23, 0x6, "22c1c0ee78be95d48982b6ae5fdf30295aa591e955770d6d56d25688598269"}, @NL80211_WOWLAN_TCP_WAKE_PAYLOAD={0x58, 0xa, "b2d1cff487d466c0c4ed0a1018544450d8329070879c91f1596c865a3044c5eb66ccd837d23a3f5b8fc5f3623ab0c5ed490c6e18aedd817e443382717eb080aa6c33035a460b5c91d9124ea9c67d37d60296d5c6"}]}, @NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE={0x4}, @NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE={0x4}, @NL80211_WOWLAN_TRIG_RFKILL_RELEASE={0x4}]}, @NL80211_ATTR_WOWLAN_TRIGGERS={0x10, 0x75, 0x0, 0x1, [@NL80211_WOWLAN_TRIG_DISCONNECT={0x4}, @NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE={0x4}, @NL80211_WOWLAN_TRIG_RFKILL_RELEASE={0x4}]}]}, 0x168}, 0x1, 0x0, 0x0, 0x1}, 0x2000000) 01:05:40 executing program 5: syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x4058534c, &(0x7f0000000040)={0x7fff, 0xff, 0x1, 0xffffffff, 0x0, 0x3}) ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f00000000c0)={0x2, {0x2, 0x2, 0xd8cd, 0x3, 0x7fff, 0xf}}) r0 = accept$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000140)=0x14) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000001}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x40, 0x0, 0x8, 0x2, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x2, 0x3d}}}}, [@NL80211_ATTR_P2P_CTWINDOW={0x5, 0xa2, 0x7f}, @NL80211_ATTR_BSS_HT_OPMODE={0x6, 0x6d, 0x7}, @NL80211_ATTR_P2P_CTWINDOW={0x5, 0xa2, 0xf9}]}, 0x40}, 0x1, 0x0, 0x0, 0x8010}, 0x1) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_FTM_RESPONDER_STATS(r0, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, r2, 0x8, 0x70bd26, 0x25dfdbff, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x7, 0xf}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x2400c808) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000400), 0x149d00, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r3, 0x4058534c, &(0x7f0000000440)={0x5, 0x3, 0x86, 0x6, 0x1}) r4 = syz_open_dev$usbmon(&(0x7f00000004c0), 0x0, 0x600001) mmap$usbmon(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x3000000, 0x20010, r4, 0xfffffffffffffff9) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r3) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000540), 0xa801) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r6, 0x40605346, &(0x7f0000000580)={0x2, 0x2, {0x1, 0x3, 0x80000000, 0x1, 0x6}, 0x8001}) sendmsg$NL80211_CMD_VENDOR(r3, &(0x7f0000001700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000016c0)={&(0x7f0000000640)={0x1044, r2, 0x2, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8, 0x1, 0x4}, @val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x9, 0x60}}}}, [@NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x3ff}, @NL80211_ATTR_VENDOR_DATA={0x1004, 0xc5, "b15e0e7147351932b1daabe4a90841adfacf20169e94cc6797a9eb032098096f47272555601f44728c01523ae2fd85a12b481fdee38531e846a7712aaf44b21d564566d2e318f3855d2627f7b907025a40ce4fe4e7b7e6e488d07406b7fe1ee712df1a16281a6d4e8eda21b5d3c2af68e841e231d3adf03c297043a29952b92e15bf0ba5eea811105c11cb10dc3a21aec32d3204ee6bacf8081b782360f3612605405cf40f824b3bef43dc38850c5037a35e2e36e170bc336c321ff5d63f74a5604e0e03fa50053f1e87efca9923f216d0fada7204f966d08d327317f67890964b55a31f887d2421aa81bc19c8c38e3dab8a71ccdb9179f3719bbe5a68bf70b9d7609dfb94a83be244943fd73eeef783f731d6e1a107e984ada0ecc36a358e015d9aad6a85a7b8eb9c29bc7e8ea7b1dab8ff6c51370d471bea27d91b325bb5e69903bfdd92539b1c33b3fbbf33e2e9d04cb0cde230ff24b8cd5f54c01ada6c34bdc9a58c604e9c032d54aa4b560a1b31e7638c7029df0976c235cc414b190a9e1e1e07b89bb52ec486481fabb7b63eff1bebd0307ec2e05612ac82f3e0a53c8c56778650130d21be5cecde1a1d9353e83df428d9e8ae14196e2fdae601b0561ad5d8dfbb6cf8d82f70690202362dab16d08ac6830854e2198226f0a416a0ace3a0dd0146d135ad25dcb274261f9dcd6977321aab56f45413bc4e2ca3a887edbf7e9db60641cb543e307b013e348f855baf8a16a70bb56f44b1883cac7bffddc13135c3911f61a60ad54be60bb7e92452bf2666290e73649a031993d320d225d893793bc086abf4a52a6361486eabe0612e0df25f249cb9ecb7119e2e92a2009b2e5a2215184932d5937844fdc85b886704dee043202cb533ac1858cae45f7963590cb8ed906e5196771570ae3fd1bb36e63efdeb3dcc9d746bf773ceef6ad3954482beb34871473e7c39a43cfbe3ff7c5aa55c6d08f9f2a98fd0f295193c7a65c7580b51f455fda3f390e5aea8b1183e5cb809b2695c35019fb30c9b54f05bc1d5db2fb52c19643f2a4d36ccde384e7011d3e1f0b27e2db64154d5d51981c3d3aad327292ea12f43569886b2b0f8be901dadd49777feffc1704f70d87ea934e5aabd8d11f811f58ecba152d6d06d16aebb0ca8c88b8632333c4962dc83477f70a76246efa732950f1bbf325b96ae10d06204451751ff9f6640e9bdc907df65b7c1cc0986085f7efd81f7e8dc1d8a26f7cc053bc41c01cedf75803cae33575de601b14965ebd917525c6997e772963a3162c55deffbd8893cbe5130a20af4b85439a51b8f3ed8e9d12867b7a6b0d93a1f451164efb36c2a159ed0fabe176817bd46ff32bcbba4fc1ffe3a1c499f346d61c854c83530fdccbfd9c0d131c8b34f375d6370a4679721bb49be5ec45293ef77ada50cae770d7076ebad4117721ac4a4e79824f4fdd33c8aa3206ff3686d6900c8d2ac0fd743bb9e73317f886206129368fd6840904f2d6f2a7352a70529bf056f70419565da2a77b4bc4568767c51b78bbd5279fd39ac0fe5b16f827951b0f7a2c10e9ce3fb45515d4863dbe3846d8f6e190b86e3a63ecfe14228f2598c3a1442d874143c78a43086bea364dcfb4b572d90975b25c20ca42b5c8bf39758aa1d0d67da57d950731b6bf03cb7b9976ecdab9e86e49bef7db4a020999e4dea56e6612c05402bf8c4a1e2c6954a49b174697a68267d39e542bd8ee2cec21aa0cf1b9c274353e971d8a938570400a81997c66d814158a3829444d4496f100283e936765b4fad71050c8cb3bd8d4e2e262833f96c59551fbf4becb090ea3dfa72971e4a43052cedef7dcc5b96b58830e3d23058d324a065d5e7ae2e58e0283a7b456e4b72afd29dc651cd23360ea79861eb95e09f266dafc91954c4eb8823a1c5ec628a6dad04f72befed64bb8789033d255bcac9eb3c3d133f9ceae4fb13d3a1158b3c42b18384e267af1f521aa69b8d72e4d2cfe96c2631076fd1d89473d2f2a90663d65823e157f649ed8d390f3a17c8527f5356828a6f5f8fda9e4bd366ca67d1d2f0b5d8e33b55bd9e5eeaa17db3a218b36bb30e9faaf64698cba3b3d470a9416fb52c437f08c5b83dca90011a7886d0cce58d2e2d01c33412cf3e7796e24bfa8ccb713c302dbf529504eb7904bad822dc91eb8d865ad634f46a633d2869466e455d5b0dc14ad5e9bdaa4f01a51230dd1e7d00c1d1ea0f7c0677df55bd9e459b852108549e3194c06fff89a8db8ab3a2d2bc16176abe829b8c82fb613a87d8983bed4d9d7a1f4005010502fb3e656ad3faae61abd834b5930dd3aff0f66d3ded2d77d9c380f8b1b2cd696c5e1ae5357d88a58241d3b251922272f91fd05b92e15513654f4650a8bb2c17410bef23a935c4b64f565c8d67dbfb5d10b360eb0e6b148def3a7dcfc0bdd83e792f57d459d6ebde77987e220b37ffc650432db8c7e5f0277fef8743da7c043c2f7fae1fc7d7d1061151058bacf014c9bd2759c5959438a73d667fa11c2f244e87f70e05b0f69813af0d2bade15f732fa339645ba13a4fe1d216864afbb9fa89b4adef9cd2c0d66cdb95f2040763cb8b6d69a2752dcd0462d0ea33a99347d30b77876f5564b21dc679acd73376690ade108c2cc4c029fe216a881d764b35581ad1298762bbd10494426c5dc60cf196eb43fc6ed584b51700db4f9a56001029c35cdfd3c99e96c151183e9867a7e00bad91a6d95f5481ef38772008248075c930199280bbf173807b81151960a46da6b53be2d1dc8634a371ba46814c7bcb9782e614f08546d935ffca2d4dbc6baaa1d3524dd06c5f96189c61fc7ae6d12b89196cecd09f9c9ab4d993a5208eb3ac5498af027158262bad2a2af2a9fbd5997e4ed8f83f211715e78f29c7d5de30f7ce7022edc276d782e74deb9348816b7fbd5dd020ec077355a502f071c17c9193849d3c881d98dd427603af5a9db8bc452d5b8c88e22946fab39190feebf6dea51711820e6aba4ff17e8e03aad997860c6ef557154704e69cbbe9aff0e2f3aa3fa0bb57f993cdd1002f5fa204b732b0ca9be5ede80e9eb3a23218c2ac39aad2078808191a7d186523b8caa6b6702d2717e095566c308d01263d064fe1de8abf0df7c492531959532c60ce18fc355a66a673a9b079473bb081e2041d937b37df899f4672dc812e7374500ec24a26ff6f39130d316c3206eae83b9bdd35afcc79f39d83393d486381f1ae1a29daf6c949dfc396a49f261b8eeae1fc80868010d7d0f78e0139e44d8c2ba3d6c9a797969c0935489f79c21b4cc2615ee56ab553b86b460ea0fdd8b4ec637c25f177b59cf895cfb41ceba8e46faf498754b5e649a8d10eeb83e64d78bd7ea2f0f8109f082603f39e0991131bb1e7042e9b2f58baf7f93b112fbc70e93e367e8d00353bdeada5c954684695668da76d0af49408be957b55094e905e3c6bb8040303f555ccf1a613ff90886fe2cb82ea32767eeae79731f5f0218230f1b6ff48a88f6c582abf1827c8ee19b6d42a57c1a33a76c3414bfc92b6a61e4eccf0c881be54b8ea7c47084dfb2546a61fc434c6684d5bb1cedf7ae7a4b40bcb8787da20b3bbe55a2f414224b615baf839d7026d2f2f423a9b37f094fe78757cac4f315c9c4302d2fcdb6f52dda2f2be2b26c12b6e04166302403ddd879570e621b2645ec35b5f50867e4185b2fa719d754ea03d0fca120669484d2d7fb68e43ce101cda737afeb1bbe3271fe7e3c207658da40dccb7ceefd0fff473158ccb07ea9e9934f0c2e4b0c33ab5560b321bc3e33ee4386effc1b2cc72314206dd86df73a803aa1d64924dc503c2d7e29131b9a4371e4a9501eeeb347108b7960dfb43bed44a11eddc4f1570f305274d056987178d72e9f898726002695fd47fc281e687d559b763a7f2a8730ce7e1809fb5bd016f23e0436a8d62bd83cf116616a35e0b437cfe6c1fbd88d9e5bf0f3d11e598cdaec5e170959a701a3c3806b60a2f134c6537d0852c649ca141ab994577c0b12c2d32367930be39b2857bb5c5ba2420329f76cfeeb82a15d33c544b0ff4c876d10aee003cf80a2bc97a1cc5beef42d41f67fdbb66e9c1db4f480ce3d21fdcaad1b8f1185af9fb0f898bdab52020c8109491317bd7734f648bd9353c138f4ee754acfff71a5a7738692e80c3f6090bd0af46ba0929e6b45daa6142e65ff1856a4e23f18bffd24adbf59612ad5bc8dfa97623da0f42a6a0f7123765a7c1272116f5a6d878ad1d340a0c692e1756097552c54d0b00e92ed3500da732b43dc657e7732f4264acf8b0b03eee62f03010fdf129ba7426e339c05a546397cfa1ef85852a8e2dae75eb09a51f0bdaaf31c041d64fcdf76d70ddedc430326301f4cfc1033ea327db0bfcefa6e79dd4613f64c68ca1f4aff08a311a3a81bbd277db0b6044e56665df1d496af8f54e23f8001abf4ffeab2ba2bb2252396d0c9ed2da79e87cab22d42deaa8245c1340dd0b5b479b89fa03158e5b5dccf7ebf8deb75812dff33755bc9f7fedd752a5c9b7bdd18476709ab90bc2527aaafeb7aab333be68a7801f5084cad33bec1da6f78fc29dee35537a6afd6405fe8405be1cb5f9911ed045361a31a6c7119571f706ab7b348d2f0cb48edac83a91cdf845c2bf3a4972cc5891a9857affaae09fc33fea3892c3a5cb8f77da60c83e4575b400c6448261c9a22947040927d225f4cb5c1b2ddd9c334459749f1b8bc4007998253327b49b475864c2b6ef06e23df02d8f06e2c376b648d9975b8b82fda562b2cf7f5501f521c8fbc4d5f35b1893d7bd50cc398d7e6a6c876165d2fedbd244deb45d610ae5b38cfdc48d9b3755926c76a51354dd098d34e2e3f25a594f44c69ebeda23831cf8c7b62d3a8ebe1a967e7c66ada3727c331192ad25aa58aa03aa8ef914c6b199fb477b88b947bb5da67478d3707223013dc6e71c0beab494173c66b2da61e17a99060c6c83585e000d0d9199d2d61a592e64d6689508191676204b2c43bf0b827483b9b386f523b2ca3627c685b64354437c9f4bb2af60b4088a0105264a2a172df3ee8102da33131a3b0bc7ae210d620a3fc5035746b0c8ca372c3104dc54feb328ea32ec4d38c0ce0de2c73c8a312aee0da670c29f1dd9334b98604443a91b5d2a781cfb088332aee35114bfaf65fee74b8270ebb82c1c72e73a55206d28130395fbb510dabd0880f24fb8648f224bbc0359f432fe782519c29fdaa708249e0dcbd809befe5649f62c647220198749a99abb661ec4c0d85417394fdd89afd3c01878f88d42f4c3a3f8f8b2f214e170e9faf3a62a74690e96138117a64bec0c7de8e9bc49f692d9f12b7c44bd36a87c03930a21fadfb52af8f8066f512ae8f94d65ba930715f5f1681be902ea144381f30f3cc476d96fceb181e1dbf9441eebd562cc231686eb4cd2ae8290c7c3385f6ba85eebe608d8b719d958c0c0403fdea7415af6a91e584539c13dd7ad3869840b68b7c5fb27de06b813cfa20185fcfe827fb72beac249fd79f68b8298d6064ee7eda1527cc447c9a862e4175942112fa01092867a128b51113e445682fd0a5b575d099bd09c9fbe81181782e0192b69a421c50fe438e1b6164752a5bd6a7edae7e763339441fbfbaba8fbe3c7210fa912a55f915979dd54b0126806886a071a3f487adecb8c1dc60781ad5614fcfa94fde6be814162cafb7b0db9946c835479405fccdb16a346d79f8fe956684053a144bac144b0b8f94ba9755fb413c3a71c0be013df3d5fbff99bf615fec89cae3ec96e97f50b"}, @NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0x716}]}, 0x1044}, 0x1, 0x0, 0x0, 0x20008004}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r6, 0xc0505350, &(0x7f0000001740)={{0x7d, 0x5}, {0x70, 0x9}, 0x8, 0x4, 0x8}) sendmsg$NL802154_CMD_GET_SEC_KEY(0xffffffffffffffff, &(0x7f0000001880)={&(0x7f00000017c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000001840)={&(0x7f0000001800)={0x3c, 0x0, 0x200, 0x70bd2b, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8010}, 0x4000000) r7 = socket(0x2, 0x1, 0x7) sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(r7, &(0x7f0000001980)={&(0x7f00000018c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000001940)={&(0x7f0000001900)={0x34, r5, 0x100, 0x70bd27, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x4, 0x3a}}}}, [@NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x8081) 01:05:40 executing program 6: timer_delete(0x0) timer_create(0x5, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_getoverrun(r0) timer_settime(r0, 0x0, &(0x7f0000000080)={{}, {0x77359400}}, &(0x7f00000000c0)) ioctl$TCSETS2(0xffffffffffffffff, 0x402c542b, &(0x7f0000000100)={0x8, 0x1ff, 0x1, 0xfffffffd, 0x4, "56bfd85251d54f0da0aca63786db3c7eb87a95", 0x80, 0x5}) keyctl$get_persistent(0x16, 0xee00, 0xfffffffffffffffd) timer_getoverrun(r0) timer_create(0x4, &(0x7f0000000140)={0x0, 0x6}, &(0x7f0000000180)=0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5334, &(0x7f00000001c0)={0x3, 0x2, 0x1, 'queue0\x00', 0x9}) timer_getoverrun(r0) ioctl$KDGETMODE(0xffffffffffffffff, 0x4b3b, &(0x7f0000000280)) ioctl$KDGETMODE(0xffffffffffffffff, 0x4b3b, &(0x7f00000002c0)) ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000000300)={0x2, {0x2, 0xc9, 0x2, 0xfe00, 0x5, 0x2}}) io_uring_setup(0x3bd5, &(0x7f0000000340)={0x0, 0x9038, 0x2, 0x0, 0xea}) ioctl$TIOCSPTLCK(0xffffffffffffffff, 0x40045431, &(0x7f00000003c0)=0x1) ioctl$TIOCSPTLCK(0xffffffffffffffff, 0x40045431, &(0x7f0000000400)=0x1) timer_getoverrun(r0) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) timer_settime(r1, 0x0, &(0x7f0000000480)={{r2, r3+60000000}, {0x77359400}}, &(0x7f00000004c0)) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(0xffffffffffffffff, 0xc0105303, &(0x7f0000000500)={0x0, 0x7, 0x6}) 01:05:40 executing program 7: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x3c0080, 0x0) ioctl$TIOCGLCKTRMIOS(r0, 0x5456, &(0x7f0000000040)={0x100, 0xf3c, 0x1, 0x7, 0x13, "b03c1db3013dddafef1d421b9a0a376353a434"}) ioctl$TIOCMSET(0xffffffffffffffff, 0x5418, &(0x7f0000000080)=0x20) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100), 0x8002, 0x0) r2 = accept$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) ioctl$TIOCGRS485(r1, 0x542e, &(0x7f00000001c0)) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000240)=0x14) r4 = socket(0x23, 0x800, 0x5) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000380)={'ip6tnl0\x00', &(0x7f0000000300)={'syztnl1\x00', r3, 0x2f, 0xcd, 0x81, 0x3, 0x22, @rand_addr=' \x01\x00', @private1={0xfc, 0x1, '\x00', 0x1}, 0x7800, 0x20, 0x40, 0x17fec657}}) setsockopt$packet_add_memb(r4, 0x107, 0x1, &(0x7f00000003c0)={r5, 0x1, 0x6}, 0x10) mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0xc000)=nil, 0xc000, 0x1, 0x40010, r0, 0x10000000) r6 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$KDGETMODE(r6, 0x4b3b, &(0x7f0000000400)) ioctl$TCSETS2(r6, 0x402c542b, &(0x7f0000000440)={0x3, 0x7, 0x64, 0x3f, 0x8, "87b498f5995cc94a6b802cbc547919a0aa79f4", 0x81, 0x3ff}) sendto$packet(r2, &(0x7f0000000480)="070ed8ff116b3d46f1512d0f8fa9d7dbfb42c13b43191f08bf613bafc3afe78c16307ec402f74df6bbb9ebd0428bb24735f42911d7249f956f82ac35bc984ff5e2a3318ed6edacf1e535d636f27b7015ee4f2bd19844822b7385095aaaadbcf8080ba408f95fe2", 0x67, 0x4008080, &(0x7f0000000500)={0x11, 0x15, r3, 0x1, 0x6, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x44}}, 0x14) socket(0xf, 0x80000, 0x0) setsockopt$packet_fanout_data(r2, 0x107, 0x16, &(0x7f0000000580)={0x5, &(0x7f0000000540)=[{0x3972, 0x3, 0x8, 0x8}, {0x0, 0x1, 0x5, 0xffffffc1}, {0x0, 0x5, 0x3f, 0x9}, {0x9, 0x40, 0x8, 0xfffffc01}, {0x0, 0x20, 0xf9, 0x7}]}, 0x10) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r1, 0x40bc5311, &(0x7f00000005c0)={0x6, 0x0, 'client0\x00', 0x0, "867a03fef6d41b13", "146ab345dda6db454f4f90f0227742956a6724c87a95442bf93708e00fe660c9", 0x8, 0x7fff}) syz_open_dev$ttys(0xc, 0x2, 0x0) [ 113.980058] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 113.982136] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 113.983707] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 113.991756] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 113.994987] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 114.048285] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 114.056684] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 114.058064] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 114.061486] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 114.064180] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 114.068869] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 114.070921] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 114.072309] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 114.084612] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 114.090573] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 114.124753] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 114.128425] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 114.129251] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 114.135120] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 114.136598] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 114.138144] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 114.150669] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 114.152761] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 114.156755] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 114.166282] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 114.172028] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 114.175004] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 114.177629] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 114.183501] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 114.188931] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 114.190897] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 114.194661] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 114.207713] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 114.233476] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 114.244188] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 114.246404] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 114.247975] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 114.249098] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 114.251752] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 114.253297] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 116.073812] Bluetooth: hci0: command tx timeout [ 116.138434] Bluetooth: hci2: command tx timeout [ 116.138520] Bluetooth: hci1: command tx timeout [ 116.201470] Bluetooth: hci4: command tx timeout [ 116.266805] Bluetooth: hci7: command tx timeout [ 116.266832] Bluetooth: hci3: command tx timeout [ 116.267519] Bluetooth: hci5: command tx timeout [ 116.329476] Bluetooth: hci6: command tx timeout [ 118.122419] Bluetooth: hci0: command tx timeout [ 118.185663] Bluetooth: hci1: command tx timeout [ 118.186591] Bluetooth: hci2: command tx timeout [ 118.249500] Bluetooth: hci4: command tx timeout [ 118.313888] Bluetooth: hci5: command tx timeout [ 118.314601] Bluetooth: hci3: command tx timeout [ 118.315231] Bluetooth: hci7: command tx timeout [ 118.377524] Bluetooth: hci6: command tx timeout [ 120.169876] Bluetooth: hci0: command tx timeout [ 120.233548] Bluetooth: hci2: command tx timeout [ 120.233568] Bluetooth: hci1: command tx timeout [ 120.297448] Bluetooth: hci4: command tx timeout [ 120.362571] Bluetooth: hci7: command tx timeout [ 120.362593] Bluetooth: hci3: command tx timeout [ 120.362636] Bluetooth: hci5: command tx timeout [ 120.425488] Bluetooth: hci6: command tx timeout [ 122.218436] Bluetooth: hci0: command tx timeout [ 122.282070] Bluetooth: hci1: command tx timeout [ 122.282589] Bluetooth: hci2: command tx timeout [ 122.345646] Bluetooth: hci4: command tx timeout [ 122.409556] Bluetooth: hci7: command tx timeout [ 122.410024] Bluetooth: hci3: command tx timeout [ 122.410723] Bluetooth: hci5: command tx timeout [ 122.474593] Bluetooth: hci6: command tx timeout [ 176.312586] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 176.314148] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 176.315673] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 176.321489] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 176.324090] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 176.384964] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 176.387085] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 176.391153] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 176.398569] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 176.403705] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 176.459195] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 176.470832] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 176.473912] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 176.480668] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 176.486475] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 176.488651] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 176.510648] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 176.518263] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 176.520326] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 176.535720] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 176.539943] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 176.542668] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 176.551647] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 176.553200] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 176.572838] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 176.575739] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 176.582522] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 176.584899] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 176.590710] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 176.605768] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 176.607574] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 176.625966] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 176.631979] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 176.636087] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 176.639169] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 176.641458] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 176.653031] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 176.655133] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 176.678959] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 176.699610] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 178.410443] Bluetooth: hci0: command tx timeout [ 178.474492] Bluetooth: hci1: command tx timeout [ 178.665462] Bluetooth: hci2: command tx timeout [ 178.729555] Bluetooth: hci4: command tx timeout [ 178.729607] Bluetooth: hci5: command tx timeout [ 178.730217] Bluetooth: hci3: command tx timeout [ 178.730940] Bluetooth: hci6: command tx timeout [ 178.795209] Bluetooth: hci7: command tx timeout [ 180.460555] Bluetooth: hci0: command tx timeout [ 180.521579] Bluetooth: hci1: command tx timeout [ 180.713669] Bluetooth: hci2: command tx timeout [ 180.777501] Bluetooth: hci4: command tx timeout [ 180.778012] Bluetooth: hci6: command tx timeout [ 180.778484] Bluetooth: hci3: command tx timeout [ 180.778905] Bluetooth: hci5: command tx timeout [ 180.841531] Bluetooth: hci7: command tx timeout [ 182.506391] Bluetooth: hci0: command tx timeout [ 182.569465] Bluetooth: hci1: command tx timeout [ 182.762370] Bluetooth: hci2: command tx timeout [ 182.825672] Bluetooth: hci5: command tx timeout [ 182.826143] Bluetooth: hci3: command tx timeout [ 182.827485] Bluetooth: hci6: command tx timeout [ 182.827555] Bluetooth: hci4: command tx timeout [ 182.890372] Bluetooth: hci7: command tx timeout [ 184.553446] Bluetooth: hci0: command tx timeout [ 184.618400] Bluetooth: hci1: command tx timeout [ 184.809515] Bluetooth: hci2: command tx timeout [ 184.873444] Bluetooth: hci3: command tx timeout [ 184.873883] Bluetooth: hci4: command tx timeout [ 184.874275] Bluetooth: hci6: command tx timeout [ 184.874725] Bluetooth: hci5: command tx timeout [ 184.937570] Bluetooth: hci7: command tx timeout [ 239.115752] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 239.118829] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 239.121887] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 239.123518] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 239.127704] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 239.130924] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 239.132004] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 239.138765] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 239.140876] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 239.143290] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 239.221790] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 239.224788] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 239.235965] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 239.244711] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 239.250061] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 239.304228] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 239.308828] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 239.312673] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 239.320729] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 239.342581] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 239.485323] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 239.489859] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 239.491867] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 239.495522] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 239.499227] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 239.554241] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 239.570772] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 239.579167] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 239.585238] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 239.608790] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 239.610890] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 239.615827] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 239.629969] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 239.635031] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 239.643594] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 239.693223] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 239.695927] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 239.699024] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 239.705559] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 239.709284] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 241.194264] Bluetooth: hci0: command tx timeout [ 241.194317] Bluetooth: hci1: command tx timeout [ 241.323479] Bluetooth: hci2: command tx timeout [ 241.385489] Bluetooth: hci3: command tx timeout [ 241.577857] Bluetooth: hci4: command tx timeout [ 241.769491] Bluetooth: hci6: command tx timeout [ 241.897517] Bluetooth: hci7: command tx timeout [ 241.897718] Bluetooth: hci5: command tx timeout [ 243.241815] Bluetooth: hci1: command tx timeout [ 243.242959] Bluetooth: hci0: command tx timeout [ 243.369632] Bluetooth: hci2: command tx timeout [ 243.434397] Bluetooth: hci3: command tx timeout [ 243.627372] Bluetooth: hci4: command tx timeout [ 243.817688] Bluetooth: hci6: command tx timeout [ 243.945763] Bluetooth: hci5: command tx timeout [ 243.946153] Bluetooth: hci7: command tx timeout [ 245.289752] Bluetooth: hci1: command tx timeout [ 245.292405] Bluetooth: hci0: command tx timeout [ 245.420383] Bluetooth: hci2: command tx timeout [ 245.481424] Bluetooth: hci3: command tx timeout [ 245.674480] Bluetooth: hci4: command tx timeout [ 245.865470] Bluetooth: hci6: command tx timeout [ 245.993809] Bluetooth: hci5: command tx timeout [ 245.995376] Bluetooth: hci7: command tx timeout [ 247.337431] Bluetooth: hci0: command tx timeout [ 247.337452] Bluetooth: hci1: command tx timeout [ 247.467439] Bluetooth: hci2: command tx timeout [ 247.529526] Bluetooth: hci3: command tx timeout [ 247.722489] Bluetooth: hci4: command tx timeout [ 247.913741] Bluetooth: hci6: command tx timeout [ 248.041514] Bluetooth: hci7: command tx timeout [ 248.042014] Bluetooth: hci5: command tx timeout [ 299.528469] syz-executor.2 (5052) used greatest stack depth: 24336 bytes left [ 301.824615] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 301.831516] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 301.836443] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 301.844005] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 301.853281] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 302.077076] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 302.081532] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 302.085150] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 302.091006] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 302.097321] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 302.288876] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 302.297921] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 302.302119] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 302.315081] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 302.319262] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 302.322281] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 302.329742] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 302.335163] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 302.339994] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 302.343146] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 302.358404] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 302.438405] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 302.441120] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 302.485841] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 302.494385] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 302.498888] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 302.500809] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 302.503945] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 302.507675] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 302.510847] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 302.517153] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 302.527963] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 302.537963] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 302.538188] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 302.546861] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 302.554894] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 302.586055] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 302.586150] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 302.594312] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 302.645969] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 303.914691] Bluetooth: hci0: command tx timeout [ 304.170857] Bluetooth: hci1: command tx timeout [ 304.425968] Bluetooth: hci4: command tx timeout [ 304.427633] Bluetooth: hci3: command tx timeout [ 304.617588] Bluetooth: hci2: command tx timeout [ 304.745520] Bluetooth: hci5: command tx timeout [ 304.746446] Bluetooth: hci7: command tx timeout [ 304.747038] Bluetooth: hci6: command tx timeout [ 305.961908] Bluetooth: hci0: command tx timeout [ 306.217808] Bluetooth: hci1: command tx timeout [ 306.475535] Bluetooth: hci4: command tx timeout [ 306.477426] Bluetooth: hci3: command tx timeout [ 306.665780] Bluetooth: hci2: command tx timeout [ 306.793627] Bluetooth: hci5: command tx timeout [ 306.794468] Bluetooth: hci6: command tx timeout [ 306.795183] Bluetooth: hci7: command tx timeout [ 308.009436] Bluetooth: hci0: command tx timeout [ 308.267474] Bluetooth: hci1: command tx timeout [ 308.521455] Bluetooth: hci4: command tx timeout [ 308.521947] Bluetooth: hci3: command tx timeout [ 308.714603] Bluetooth: hci2: command tx timeout [ 308.841480] Bluetooth: hci5: command tx timeout [ 308.841964] Bluetooth: hci7: command tx timeout [ 308.842958] Bluetooth: hci6: command tx timeout [ 310.057402] Bluetooth: hci0: command tx timeout [ 310.314713] Bluetooth: hci1: command tx timeout [ 310.569450] Bluetooth: hci3: command tx timeout [ 310.569927] Bluetooth: hci4: command tx timeout [ 310.761412] Bluetooth: hci2: command tx timeout [ 310.889699] Bluetooth: hci6: command tx timeout [ 310.890144] Bluetooth: hci7: command tx timeout [ 310.891457] Bluetooth: hci5: command tx timeout [ 363.973659] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 363.980645] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 363.990992] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 364.005769] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 364.011818] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 364.215836] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 364.222638] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 364.226184] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 364.236139] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 364.241745] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 364.313649] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 364.316254] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 364.319844] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 364.321714] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 364.324036] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 364.327949] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 364.337986] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 364.339904] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 364.344648] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 364.346767] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 364.763836] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 364.775603] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 364.796801] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 364.809768] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 364.810916] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 364.842664] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 364.843493] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 364.863708] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 364.869810] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 364.872030] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 364.875979] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 364.899049] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 364.899151] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 364.903241] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 364.913871] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 364.936670] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 364.966819] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 364.995894] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 365.006590] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 365.026714] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 366.057907] Bluetooth: hci0: command tx timeout [ 366.313452] Bluetooth: hci1: command tx timeout [ 366.442503] Bluetooth: hci2: command tx timeout [ 366.443256] Bluetooth: hci3: command tx timeout [ 367.017698] Bluetooth: hci6: command tx timeout [ 367.145860] Bluetooth: hci4: command tx timeout [ 367.146753] Bluetooth: hci7: command tx timeout [ 367.209453] Bluetooth: hci5: command tx timeout [ 368.106400] Bluetooth: hci0: command tx timeout [ 368.361424] Bluetooth: hci1: command tx timeout [ 368.490061] Bluetooth: hci2: command tx timeout [ 368.490582] Bluetooth: hci3: command tx timeout [ 369.065871] Bluetooth: hci6: command tx timeout [ 369.193996] Bluetooth: hci4: command tx timeout [ 369.195306] Bluetooth: hci7: command tx timeout [ 369.257539] Bluetooth: hci5: command tx timeout [ 370.153421] Bluetooth: hci0: command tx timeout [ 370.410840] Bluetooth: hci1: command tx timeout [ 370.538840] Bluetooth: hci3: command tx timeout [ 370.539502] Bluetooth: hci2: command tx timeout [ 371.113432] Bluetooth: hci6: command tx timeout [ 371.241427] Bluetooth: hci7: command tx timeout [ 371.241900] Bluetooth: hci4: command tx timeout [ 371.305387] Bluetooth: hci5: command tx timeout [ 372.201438] Bluetooth: hci0: command tx timeout [ 372.457562] Bluetooth: hci1: command tx timeout [ 372.585520] Bluetooth: hci2: command tx timeout [ 372.586001] Bluetooth: hci3: command tx timeout [ 373.161630] Bluetooth: hci6: command tx timeout [ 373.289516] Bluetooth: hci4: command tx timeout [ 373.290023] Bluetooth: hci7: command tx timeout [ 373.353713] Bluetooth: hci5: command tx timeout VM DIAGNOSIS: 01:10:40 Registers: info registers vcpu 0 RAX=ffff88806ce08e58 RBX=0000000000000002 RCX=0000000000000002 RDX=ffff88806ce08d01 RSI=ffff88806ce08de8 RDI=ffff88806ce08ac8 RBP=ffff88806ce08ad0 RSP=ffff88806ce08a08 R8 =0000000000000001 R9 =ffff88806ce08ab8 R10=000000000003b6bd R11=0000000000024ac5 R12=ffff88806ce08ad8 R13=ffff88806ce08ac0 R14=ffff88806ce08de8 R15=ffff88806ce08a78 RIP=ffffffff8135549c RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e561b000 00000000 00000000 LDT=0000 fffffe3d00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fd9408be4a1 CR3=0000000028cf9000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=25252525252525252525252525252525 XMM01=00000000000000000000ffffffffffff XMM02=00000000000000000000ffffffffffff XMM03=2d646c6f2074736f0065736100006266 XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=676f6c206d6f74737563000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=ffff8880198d0a80 RBX=ffff888023c77a18 RCX=ffff888023c7791c RDX=0000000000000000 RSI=ffffffff85c1d1c0 RDI=ffff8880198d0a80 RBP=ffffffff85c1d1c0 RSP=ffff888023c77910 R8 =0000000000000001 R9 =ffff888023c77a58 R10=000000000003b6bd R11=0000000000006bfa R12=ffffffff81354102 R13=0000000000000202 R14=ffff8880198d0000 R15=0000000000000002 RIP=ffffffff8151ae64 RFL=00000082 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e571b000 00000000 00000000 LDT=0000 fffffe4500000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f047f705260 CR3=000000000e4aa000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=2e6f747079726362696c2f756e672d78 XMM02=00312e312e6f732e6f74707972636269 XMM03=6c2f756e672d78756e696c2d34365f36 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000