Warning: Permanently added '[localhost]:6925' (ECDSA) to the list of known hosts. 2025/05/31 16:50:26 fuzzer started 2025/05/31 16:50:27 dialing manager at localhost:34361 syzkaller login: [ 98.199867] cgroup: Unknown subsys name 'net' [ 98.354139] cgroup: Unknown subsys name 'cpuset' [ 98.420759] cgroup: Unknown subsys name 'rlimit' 2025/05/31 16:50:43 syscalls: 205 2025/05/31 16:50:43 code coverage: enabled 2025/05/31 16:50:43 comparison tracing: enabled 2025/05/31 16:50:43 extra coverage: enabled 2025/05/31 16:50:43 setuid sandbox: enabled 2025/05/31 16:50:43 namespace sandbox: enabled 2025/05/31 16:50:43 Android sandbox: enabled 2025/05/31 16:50:43 fault injection: enabled 2025/05/31 16:50:43 leak checking: enabled 2025/05/31 16:50:43 net packet injection: enabled 2025/05/31 16:50:43 net device setup: enabled 2025/05/31 16:50:43 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/05/31 16:50:43 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/05/31 16:50:43 USB emulation: enabled 2025/05/31 16:50:43 hci packet injection: enabled 2025/05/31 16:50:43 wifi device emulation: enabled 2025/05/31 16:50:43 802.15.4 emulation: enabled 2025/05/31 16:50:43 fetching corpus: 0, signal 0/0 (executing program) 2025/05/31 16:50:45 starting 8 fuzzer processes 16:50:45 executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$BLKBSZSET(r0, 0x40081271, &(0x7f0000000040)=0x100) ioctl$BLKROTATIONAL(r0, 0x127e, &(0x7f0000000080)) ioctl$IOC_PR_RELEASE(r0, 0x401070ca, &(0x7f00000000c0)={0x6, 0x3, 0x1}) r1 = syz_open_dev$loop(&(0x7f0000000100), 0x1e0000, 0xa0001) ioctl$IOC_PR_RELEASE(r1, 0x401070ca, &(0x7f0000000140)={0x7, 0x52}) ioctl$IOC_PR_RESERVE(0xffffffffffffffff, 0x401070c9, &(0x7f0000000180)={0x20, 0x1, 0x1}) openat$cgroup_procs(r0, &(0x7f00000001c0)='cgroup.threads\x00', 0x2, 0x0) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x61f9011e9926c167, 0x0) ioctl$SNDRV_TIMER_IOCTL_STOP(r2, 0x54a1) ioctl$BLKROSET(r1, 0x125d, &(0x7f0000000240)=0x7) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_SERVICE(r3, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, 0x0, 0x800, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x80}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x40) r4 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000380)='/proc/self/attr/exec\x00', 0x2, 0x0) write$selinux_attr(r4, &(0x7f00000003c0)='system_u:object_r:syslog_conf_t:s0\x00', 0x23) ioctl$BLKGETSIZE(r0, 0x1260, &(0x7f0000000400)) ioctl$SG_GET_PACK_ID(r0, 0x227c, &(0x7f0000000440)) r5 = syz_open_dev$loop(&(0x7f0000000480), 0x816c, 0x0) ioctl$BLKSECTGET(r5, 0x1267, &(0x7f00000004c0)) eventfd(0xfffffff7) 16:50:45 executing program 1: r0 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder-control\x00', 0x1000, 0x0) ioctl$BINDER_CTL_ADD(r0, 0xc1086201, &(0x7f0000000040)={'custom1\x00'}) ioctl$BLKREPORTZONE(0xffffffffffffffff, 0xc0101282, &(0x7f0000000180)={0x6, 0x6, 0x0, [{0x5, 0x80000000, 0x20, 0x8, 0xe5, 0x9, 0x81}, {0x100000000, 0xfffffffffffff873, 0x3e00000000000000, 0x3, 0x8, 0x3, 0xf8}, {0x8, 0x0, 0xf242, 0x65, 0x7, 0x6, 0x6}, {0x1, 0x3, 0x81, 0x9, 0x1f, 0xfb, 0x8}, {0xfffffffffffffffe, 0x6, 0xfffffffffffff07c, 0x9, 0x2, 0x1, 0x40}, {0x1, 0x81, 0xff, 0x8, 0xff, 0x7f, 0x3}]}) capset(&(0x7f0000000340)={0x20071026}, &(0x7f0000000380)={0x9, 0x2, 0x2, 0x10000, 0x6}) r1 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x40, 0x0) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f0000000400)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000480), r1) sendmsg$IPVS_CMD_GET_CONFIG(r2, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000580)={&(0x7f00000004c0)={0x94, r3, 0x100, 0x70bd2a, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0x2c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e22}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e22}, @IPVS_DEST_ATTR_FWD_METHOD={0x8}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e20}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x3ef}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xa8}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x8001}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xb02}, @IPVS_CMD_ATTR_DAEMON={0x2c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x6}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x3}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1}]}, 0x94}, 0x1, 0x0, 0x0, 0x24040001}, 0x404c080) syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000600)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc626, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x3, 0xdb06eaae19874219, 0x7, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x3, 0x1, 0x1, 0x20, {0x9, 0x21, 0x3ff, 0x5, 0x1, {0x22, 0xa87}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0xfb, 0x6, 0x8}}}}}]}}]}}, &(0x7f00000006c0)={0xa, &(0x7f0000000640)={0xa, 0x6, 0x250, 0x0, 0x1, 0x8, 0xff, 0x4}, 0x35, &(0x7f0000000680)={0x5, 0xf, 0x35, 0x4, [@wireless={0xb, 0x10, 0x1, 0x4, 0x40, 0x1, 0x0, 0x3, 0x3f}, @ssp_cap={0x18, 0x10, 0xa, 0x40, 0x3, 0x8026, 0xf08, 0x80, [0xc0, 0xff0000, 0x69f332868a16e41a]}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x1, 0xb9, 0x76, 0x4}, @ptm_cap={0x3}]}}) syz_usb_connect$hid(0x4, 0x3f, &(0x7f0000000700)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0xff, 0x56a, 0x26, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x0, 0xf0, 0x2, [{{0x9, 0x4, 0x0, 0x80, 0x1, 0x3, 0x1, 0x2, 0x60, {0x9, 0x21, 0x3, 0x20, 0x1, {0x22, 0xa93}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x40, 0x5, 0xbb}}, [{{0x9, 0x5, 0x2, 0x3, 0x3ff, 0x1, 0x4, 0x7}}]}}}]}}]}}, &(0x7f0000000a00)={0xa, &(0x7f0000000740)={0xa, 0x6, 0x200, 0x3f, 0x7f, 0x1f, 0x8, 0x1b}, 0x5, &(0x7f0000000780)={0x5, 0xf, 0x5}, 0x3, [{0x8c, &(0x7f00000007c0)=@string={0x8c, 0x3, "19f8c858e492d4132020357c99ab8e6624b834d107dcb5f5a1331ef023c017bf053ec470d6335634977d287a4550fd075026c3fb0b4dc992845f95d94219da736f43fd076f3c7f7fc56832dd31a8bd8cf369bc171856fd0f023c14e41bd827ef38477bc9f7ade2f5d0285bcad857ef20814646d3f80f06e5c74ee049045468b75cb95f75264431ee1bb5"}}, {0xae, &(0x7f0000000880)=@string={0xae, 0x3, "a6edb64cc23551412a052f4e27a69e58810fcdb495b2e5507e8f0755689f337f7a6e410f713f2f0ec6f289e21cdd87d7e479df482e5c25c6cd2fd1dd0add998c3590f446f6c3107653760e599bd7260aef1e38054561a3b94424fa6c9a27f0f430caf859ce2371a117a20f78acce1779af438c9e81873bdd9cd13153afa33305ea00c8121688ebe6709336899b5b8c089edd471100752e8b32af714fb6c0fcfd070a33336656b4e8756db60e"}}, {0x9d, &(0x7f0000000940)=@string={0x9d, 0x3, "85c0b148d3b365040edbd935ecf7262d074965c11e52bdff85b821e09064e12788fd80e3841b1dd04acf0278a9883c1bbb64cea7ca56df14b117c677566ac12e4a556e8edef75577761a05d01237397b1d24654108221c2a5d67a2fd9327907d8ca432017d8e401b91fae2a7fb5fa0ea2916b0b69a3bd8bde0dc36a49f1a54af4eec4a85861dbc6efac017e7b88291372b0872401c64cee74ffc19"}}]}) ioctl$SG_SET_KEEP_ORPHAN(0xffffffffffffffff, 0x2287, &(0x7f0000000a40)=0x7) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, &(0x7f0000000a80)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct}}) ioctl$BLKROGET(r1, 0x125e, &(0x7f0000000e80)) ioctl$BINDER_CTL_ADD(r1, 0xc1086201, &(0x7f0000000ec0)={'custom1\x00'}) ioctl$BLKROTATIONAL(r1, 0x127e, &(0x7f0000001000)) socketpair(0x27, 0x1, 0x0, &(0x7f0000001040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f00000010c0), r2) sendmsg$IPVS_CMD_GET_SERVICE(r4, &(0x7f0000001180)={&(0x7f0000001080)={0x10, 0x0, 0x0, 0x8a0210}, 0xc, &(0x7f0000001140)={&(0x7f0000001100)={0x24, r5, 0x7c9096a2a1e1d2cc, 0x70bd2b, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0xd, 0x15}}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x841}, 0x22004881) ioctl$HDIO_GETGEO(0xffffffffffffffff, 0x301, &(0x7f00000011c0)) 16:50:45 executing program 2: ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454cb, 0x0) ioctl$TUNGETFILTER(0xffffffffffffffff, 0x801054db, &(0x7f0000000000)=""/153) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x10000, 0x0) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x60802, 0x0) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000180)={0x3, &(0x7f0000000140)=[{0x3, 0x0, 0x7f, 0x8001}, {0x7, 0x9, 0x8, 0x6}, {0x6, 0x7, 0x50, 0x889}]}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0xbc, 0x0, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x6}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x1}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x1}, @NBD_ATTR_TIMEOUT={0xc}, @NBD_ATTR_CLIENT_FLAGS={0xc}, @NBD_ATTR_SOCKETS={0x54, 0x7, 0x0, 0x1, [{0x8}, {0x8, 0x1, r2}, {0x8}, {0x8}, {0x8}, {0x8, 0x1, r3}, {0x8}, {0x8}, {0x8}, {0x8}]}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x8cf7cd}, @NBD_ATTR_SERVER_FLAGS={0xc}]}, 0xbc}, 0x1, 0x0, 0x0, 0x4000}, 0x4044000) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000400), r3) sendmsg$IPVS_CMD_GET_DAEMON(r4, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000500)={&(0x7f0000000440)={0xb0, r5, 0x20, 0x70bd27, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DEST={0x40, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x11}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x2138}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x8c1}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x14ebf736}, @IPVS_CMD_ATTR_DEST={0x48, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x70}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x3}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e23}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@mcast2}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x7fff}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x40}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x2b1606b}, @IPVS_CMD_ATTR_DEST={0x4}]}, 0xb0}, 0x1, 0x0, 0x0, 0x10}, 0x4004004) ioctl$BLKFLSBUF(r3, 0x1261, &(0x7f0000000580)=0x3) ioctl$TUNDETACHFILTER(r1, 0x401054d6, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x1) sendmsg$NL80211_CMD_NEW_STATION(r3, &(0x7f0000000780)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000600)={0x118, 0x0, 0x8, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x0, 0x72}}}}, [@NL80211_ATTR_MGMT_SUBTYPE={0x5, 0x29, 0xc}, @NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x5c, 0xbe, "d104b23e64c9438015a9410bc59dcabe96e629b91d3ae9ab8cb45b92ba2b678c0525c8c774a95c638b1d6081843733452537bb378085ea8ed64c983430c53b5df56da2897a8d4da82f179a00d331577c8a3b62c1b52411ce"}, @NL80211_ATTR_STA_FLAGS2={0xc, 0x43, {0x6, 0x3f}}, @NL80211_ATTR_VLAN_ID={0x6, 0x11a, 0x2}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_PLINK_STATE={0x5, 0x74, 0x2}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0xef}, @NL80211_ATTR_STA_EXT_CAPABILITY={0x4c, 0xac, "c27a92929dc5ec86666340e2df7506b9cc45419778ed0af5f0a9c22db9fff828337243a66b322dddab9ebba65e1a65e603da45de63fd70704ce2a42e4ebf3f44f81a2e817bdb0d7e"}, @NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x5d5}]}, 0x118}, 0x1, 0x0, 0x0, 0x48010}, 0x17cf380e1f5c6f63) ioctl$TUNSETOFFLOAD(r1, 0x400454d0, 0x1) sendmsg$IPVS_CMD_GET_INFO(r3, &(0x7f00000008c0)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000880)={&(0x7f0000000800)={0x44, r5, 0x200, 0x70bd29, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_SERVICE={0x30, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0xfffffff7}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x75}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x20, 0x3}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000000}, 0x8001) r6 = syz_genetlink_get_family_id$nbd(&(0x7f0000000940), 0xffffffffffffffff) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f0000000b80)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000b40)={&(0x7f0000000ac0)={0x60, r6, 0x2, 0x70bd27, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x40}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x8000}, @NBD_ATTR_SOCKETS={0x34, 0x7, 0x0, 0x1, [{0x8, 0x1, r3}, {0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4008000}, 0x40011) 16:50:45 executing program 3: r0 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x20, r0, 0x300, 0x70bd2b, 0x25dfdbfc, {}, [@NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0xff}]}, 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x80000) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x4000, 0x0) r2 = socket(0xa, 0xa, 0x0) r3 = socket(0x2a, 0x80000, 0xffffffff) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x78, r0, 0x2, 0x70bd2b, 0x25dfdbfb, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x20}, @NBD_ATTR_SOCKETS={0x4c, 0x7, 0x0, 0x1, [{0x8}, {0x8}, {0x8, 0x1, r1}, {0x8}, {0x8}, {0x8, 0x1, r2}, {0x8}, {0x8}, {0x8, 0x1, r3}]}]}, 0x78}}, 0x4000000) socket(0x21, 0x80000, 0x1) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r1) sendmsg$NL80211_CMD_SET_BSS(r2, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x38, r4, 0x4, 0x70bd26, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0xff, 0x50}}}}, [@NL80211_ATTR_BSS_SHORT_SLOT_TIME={0x5, 0x1e, 0x1}, @NL80211_ATTR_BSS_CTS_PROT={0x5}, @NL80211_ATTR_BSS_HT_OPMODE={0x6, 0x6d, 0x7fff}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x20008090) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0) write$tun(r1, &(0x7f0000000400)={@val={0x0, 0xa01}, @val={0x0, 0x4, 0x9, 0x5, 0x8}, @llc={@llc={0x80, 0xfe, "27a9", "5a7092334325c9a72e"}}}, 0x1b) r5 = socket(0x1a, 0x800, 0x3) syz_genetlink_get_family_id$ipvs(&(0x7f0000000440), r5) r6 = syz_genetlink_get_family_id$nbd(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x34, r6, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x4}, @NBD_ATTR_SERVER_FLAGS={0xc}]}, 0x34}, 0x1, 0x0, 0x0, 0x48000}, 0x4000) openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f00000005c0)='./binderfs/binder-control\x00', 0x800, 0x0) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x20, r6, 0x1, 0x70bd26, 0x25dfdbfd, {}, [@NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x10000}]}, 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x20000002) syz_open_dev$loop(&(0x7f0000000700), 0x7f, 0x10000) sendmsg$NL80211_CMD_START_SCHED_SCAN(r3, &(0x7f0000000800)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x3c, r4, 0x300, 0x70bd28, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x52, 0x5e}}}}, [@NL80211_ATTR_SCHED_SCAN_MULTI={0x4}, @NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x871}, @NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x4}, @NL80211_ATTR_BG_SCAN_PERIOD={0x6, 0x98, 0xce2d}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4080}, 0x80) sendmsg$NL80211_CMD_SET_BSS(r5, &(0x7f00000009c0)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000980)={&(0x7f0000000900)={0x54, 0x0, 0x200, 0x70bd27, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_P2P_OPPPS={0x5, 0xa3, 0x2}, @NL80211_ATTR_P2P_CTWINDOW={0x5, 0xa2, 0x1f}, @NL80211_ATTR_BSS_SHORT_SLOT_TIME={0x5, 0x1e, 0x7f}, @NL80211_ATTR_P2P_CTWINDOW={0x5, 0xa2, 0x75}, @NL80211_ATTR_P2P_OPPPS={0x5, 0xa3, 0x1}, @NL80211_ATTR_BSS_SHORT_PREAMBLE={0x5, 0x1d, 0x3f}, @NL80211_ATTR_AP_ISOLATE={0x5}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000000}, 0x81) [ 116.325469] audit: type=1400 audit(1748710245.774:7): avc: denied { execmem } for pid=273 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 16:50:45 executing program 4: sched_rr_get_interval(0xffffffffffffffff, &(0x7f0000000000)) ioctl$BLKSECTGET(0xffffffffffffffff, 0x1267, &(0x7f0000000040)) r0 = syz_open_dev$loop(&(0x7f0000000080), 0x1, 0x0) ioctl$BLKBSZSET(r0, 0x40081271, &(0x7f00000000c0)=0x8) ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000000100)={0x3a, 0x1, 0x0, [{0x2, 0x10000, 0xff, 0x4, 0x6, 0x7, 0xb9}]}) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0x94, 0x0, 0x10, 0x70bd27, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}, @IPVS_CMD_ATTR_DAEMON={0x34, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'wg1\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'lo\x00'}]}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x5c}]}, @IPVS_CMD_ATTR_DAEMON={0x28, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @broadcast}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'geneve0\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @remote}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5bc5}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}]}, 0x94}, 0x1, 0x0, 0x0, 0x1}, 0x8810) ioctl$BLKROTATIONAL(r0, 0x127e, &(0x7f0000000300)) r1 = syz_open_dev$loop(&(0x7f0000000340), 0x5, 0x8f47f3dcb10490a8) ioctl$BLKROTATIONAL(r1, 0x127e, &(0x7f0000000380)) ioctl$BLKBSZSET(r0, 0x40081271, &(0x7f00000003c0)=0x6) ioctl$SCSI_IOCTL_STOP_UNIT(0xffffffffffffffff, 0x6) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x44, r2, 0x400, 0x70bd28, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e23}]}, @IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'fo\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0xd}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e23}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x8800}, 0x801) ioctl$IOC_PR_RELEASE(r0, 0x401070ca, &(0x7f0000000580)={0x1, 0x80, 0x1}) sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000600)={0x98, r2, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DAEMON={0x6c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x5}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @local}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x20}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'syzkaller1\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x3}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x4729}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x8001}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3ff}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x708}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}]}, 0x98}, 0x1, 0x0, 0x0, 0x44082}, 0x54) ioctl$IOC_PR_RESERVE(r0, 0x401070c9, &(0x7f0000000740)={0xfffffffffffffff9, 0x2, 0x1}) r3 = eventfd2(0x8, 0x1) io_uring_register$IORING_REGISTER_EVENTFD(0xffffffffffffffff, 0x4, &(0x7f0000000780)=r3, 0x1) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_INFO(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000880)={&(0x7f0000000840)={0x28, r4, 0x300, 0x70bd2a, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'nq\x00'}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e23}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x40000) 16:50:45 executing program 5: r0 = perf_event_open(&(0x7f0000000000)={0x3, 0x80, 0x4d, 0xff, 0x1, 0x7f, 0x0, 0x9, 0x8020, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x8001, 0x1, @perf_config_ext={0x8000}, 0x2288, 0x0, 0xc20, 0x6, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x5, 0xffffffffffffffff, 0x1) ioctl$BLKROSET(0xffffffffffffffff, 0x125d, &(0x7f0000000080)=0x8) ioctl$BLKROGET(0xffffffffffffffff, 0x125e, &(0x7f00000000c0)) ioctl$BLKGETSIZE64(0xffffffffffffffff, 0x80081272, &(0x7f0000000100)) r1 = syz_open_dev$loop(&(0x7f0000000140), 0x3, 0x200) ioctl$IOC_PR_RESERVE(r1, 0x401070c9, &(0x7f0000000180)={0x3f}) ioctl$HDIO_GETGEO(r1, 0x301, &(0x7f00000001c0)) ioctl$BLKIOMIN(r0, 0x1278, &(0x7f0000000200)) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x400800, 0x0) ioctl$BLKGETSIZE64(r2, 0x80081272, &(0x7f0000000280)) ioctl$BLKSECTGET(r1, 0x1267, &(0x7f00000002c0)) ioctl$BLKROSET(r2, 0x125d, &(0x7f0000000300)=0x8) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000500)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000380)={0x130, 0x0, 0x10, 0x70bd29, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x101}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}, @IPVS_CMD_ATTR_DAEMON={0x6c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @private2}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @private=0xa010100}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x2}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast2}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'ipvlan1\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0x64010100}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @private=0xa010102}, @IPVS_DAEMON_ATTR_STATE={0x8}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x3a, 0x2a}}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x8001}, @IPVS_CMD_ATTR_DEST={0x34, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x6}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x4}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x10000}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x4}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e23}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x7}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}]}, @IPVS_CMD_ATTR_SERVICE={0x28, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@private0={0xfc, 0x0, '\x00', 0x1}}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2c}]}]}, 0x130}, 0x1, 0x0, 0x0, 0x20044001}, 0x2004c004) r4 = syz_open_dev$loop(&(0x7f0000000540), 0x4, 0x107001) ioctl$BLKPG(r4, 0x1269, &(0x7f0000000680)={0x0, 0x10000000, 0xfa, &(0x7f0000000580)="0c1f66754b79d265b2a4768c1b328cbdd7d3de4d19501ddf7d684dbc0d8df7c65f65c03c1bef9938c3929db77e9af7c753825ca7bf62dc560476efb2fced509f8d4c3dc54f507a9bbf9c94e69e50398308220c322f8451e3142a6e424145bd8e4cba0dfd5c2314765b3b734427ac29cef955097582e0cc3d573775650d25595565124638e5b603990cafa086aceb4b6b7240e71e12e89d3702d9dd56320b133b04774a508272b70d31e2637ae9e2c8feb75a7ee183f573986ae98a5cde417a9eb969120906d26968155176cccf519ec5e9e97abf9cb88df0bad7b3b9e533bae9885158799a8660612acdff63e6dca488e14ae27a8db158131a44"}) ioctl$BLKREPORTZONE(r4, 0xc0101282, &(0x7f00000006c0)={0xc5, 0x2, 0x0, [{0x7, 0x9, 0xbf, 0x8, 0x41, 0x6, 0x30}, {0xfffffffffffffffa, 0xfffffffffffffffa, 0x5, 0x8, 0x5, 0x56, 0x1f}]}) ioctl$BLKSECDISCARD(r4, 0x127d, &(0x7f0000000780)) r5 = syz_open_dev$loop(&(0x7f00000007c0), 0x3, 0x1a000) ioctl$BLKFLSBUF(r5, 0x1261, &(0x7f0000000800)=0xffff) 16:50:45 executing program 6: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x28, r0, 0x400, 0x70bd2d, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x255, 0x18}}}}, [@NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x2}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000011}, 0x20000000) socketpair(0x23, 0x800, 0x53, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_SERVICE(r1, &(0x7f0000000280)={&(0x7f0000000180), 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x34, r2, 0x4, 0x70bd2d, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0xc, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x38}]}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x7}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x80}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0xc080) sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000002c0), 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0xd0, r2, 0x200, 0x70bd28, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DAEMON={0x40, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'macvtap0\x00'}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth0_to_hsr\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast1}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x31, 0x4}}]}, @IPVS_CMD_ATTR_DEST={0x4c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@multicast2}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0xfffffc00}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@multicast2}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e22}]}, @IPVS_CMD_ATTR_DEST={0x18, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@mcast2}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9}]}, 0xd0}, 0x1, 0x0, 0x0, 0x88}, 0x40814) socketpair(0x2, 0x5, 0x1, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NL80211_CMD_ASSOCIATE(r3, &(0x7f0000000580)={&(0x7f00000004c0), 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x20, r0, 0x4, 0x70bd27, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_USE_RRM={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4040}, 0x10000) sendmsg$NL80211_CMD_SET_BSS(r4, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x78, 0x0, 0x400, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x3f, 0x41}}}}, [@NL80211_ATTR_BSS_SHORT_PREAMBLE={0x5, 0x1d, 0x2}, @NL80211_ATTR_BSS_SHORT_SLOT_TIME={0x5, 0x1e, 0x3f}, @NL80211_ATTR_BSS_CTS_PROT={0x5, 0x1c, 0x5}, @NL80211_ATTR_P2P_CTWINDOW={0x5}, @NL80211_ATTR_P2P_OPPPS={0x5, 0xa3, 0x1}, @NL80211_ATTR_P2P_OPPPS={0x5, 0xa3, 0x1}, @NL80211_ATTR_AP_ISOLATE={0x5, 0x60, 0xff}, @NL80211_ATTR_P2P_OPPPS={0x5}, @NL80211_ATTR_BSS_SHORT_SLOT_TIME={0x5, 0x1e, 0x3f}, @NL80211_ATTR_P2P_CTWINDOW={0x5, 0xa2, 0x5}]}, 0x78}, 0x1, 0x0, 0x0, 0x40890}, 0x1) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000740), r4) sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000800)={&(0x7f0000000780)={0x68, r5, 0x0, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x6, 0x6f}}}}, [@NL80211_ATTR_P2P_OPPPS={0x5, 0xa3, 0x1}, @NL80211_ATTR_BSS_SHORT_PREAMBLE={0x5, 0x1d, 0x1f}, @NL80211_ATTR_P2P_CTWINDOW={0x5, 0xa2, 0x7f}, @NL80211_ATTR_BSS_CTS_PROT={0x5, 0x1c, 0x49}, @NL80211_ATTR_BSS_CTS_PROT={0x5, 0x1c, 0x80}, @NL80211_ATTR_BSS_CTS_PROT={0x5, 0x1c, 0x7}, @NL80211_ATTR_BSS_SHORT_SLOT_TIME={0x5, 0x1e, 0xbb}, @NL80211_ATTR_AP_ISOLATE={0x5, 0x60, 0x1f}]}, 0x68}, 0x1, 0x0, 0x0, 0x4000}, 0x400c004) r6 = openat$zero(0xffffffffffffff9c, &(0x7f0000000880), 0x8c00, 0x0) sendmsg$IPVS_CMD_SET_CONFIG(r6, &(0x7f0000000a00)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000009c0)={&(0x7f0000000900)={0x88, r2, 0x400, 0x70bd27, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DAEMON={0x28, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_team\x00'}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}]}, @IPVS_CMD_ATTR_DAEMON={0x4c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x3f}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x8}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x4}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0xc0}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e23}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x4000040}, 0x8040) r7 = syz_open_dev$loop(&(0x7f0000000a40), 0x2, 0x8401) ioctl$BLKBSZGET(r7, 0x80081270, &(0x7f0000000a80)) socketpair(0x1a, 0x3, 0xac2, &(0x7f0000000ac0)) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_SET_CONFIG(r8, &(0x7f0000000d00)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000b40)={0x17c, 0x0, 0x500, 0x70bd29, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DEST={0x54, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x6}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x6}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x10001}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x2}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x1000}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xffffff13}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x8}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x40}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xffffff81}, @IPVS_CMD_ATTR_DEST={0x30, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x3}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@empty}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x8001}]}, @IPVS_CMD_ATTR_SERVICE={0x3c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x36, 0x27}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x78}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2f}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x58}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x9, 0x30}}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wlc\x00'}]}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x9}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2}]}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}]}, @IPVS_CMD_ATTR_DAEMON={0x4c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'batadv_slave_1\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @local}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @remote}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @remote}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'batadv_slave_0\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x81}]}, @IPVS_CMD_ATTR_SERVICE={0x20, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x7, 0x8}}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'ovf\x00'}, @IPVS_SVC_ATTR_FWMARK={0x8}]}]}, 0x17c}, 0x1, 0x0, 0x0, 0x4}, 0x80000) sendmsg$IPVS_CMD_SET_SERVICE(r4, &(0x7f0000000e40)={&(0x7f0000000d40)={0x10, 0x0, 0x0, 0x200004}, 0xc, &(0x7f0000000e00)={&(0x7f0000000d80)={0x7c, r2, 0x400, 0x70bd29, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x8d}]}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e23}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x8}, @IPVS_CMD_ATTR_DAEMON={0x38, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x3}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth0_vlan\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast2}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4}, 0x8000) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 16:50:45 executing program 7: nanosleep(&(0x7f0000000000)={0x77359400}, &(0x7f0000000040)) clock_gettime(0x2, &(0x7f0000000080)) sched_rr_get_interval(0x0, &(0x7f00000000c0)) semget$private(0x0, 0x1, 0x50) write$cgroup_devices(0xffffffffffffffff, &(0x7f0000000100)={'a', ' *:* ', 'wm\x00'}, 0x9) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_ASSOCIATE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x28, r0, 0x100, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x44004) mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000002, 0x20010, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan1\x00'}) ioctl$BLKFRASET(0xffffffffffffffff, 0x1264, &(0x7f0000000300)=0x5fd) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000340), 0x8000, 0x0) ioctl$IOC_PR_REGISTER(r2, 0x401870c8, &(0x7f0000000380)={0x8}) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x286300, 0x0) setsockopt$bt_hci_HCI_FILTER(r3, 0x0, 0x2, &(0x7f0000000400)={0x3ff, [0x80000001, 0x1], 0x401}, 0x10) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000480), 0x143100, 0x0) io_uring_register$IORING_REGISTER_EVENTFD(r4, 0x4, &(0x7f00000004c0)=r5, 0x1) r6 = io_uring_setup(0x3d65, &(0x7f0000000500)={0x0, 0xdb5b, 0x1, 0x3, 0x46, 0x0, r4}) io_uring_register$IORING_REGISTER_EVENTFD(r6, 0x4, &(0x7f0000000580)=r3, 0x1) [ 117.804638] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 117.811306] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 117.812601] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 117.817977] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 117.818851] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 117.824024] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 117.829862] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 117.835739] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 117.840779] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 117.841679] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 117.859472] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 117.860954] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 117.876674] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 117.884345] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 117.886314] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 117.887206] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 117.893671] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 117.898658] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 117.915708] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 117.919475] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 117.927508] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 117.928687] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 117.948644] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 117.966358] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 117.974558] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 117.978773] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 117.982765] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 117.988913] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 118.001373] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 118.015283] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 118.042569] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 118.046308] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 118.056572] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 118.056847] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 118.066631] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 118.084861] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 118.087930] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 118.102747] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 118.122833] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 118.142159] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 119.875032] Bluetooth: hci1: command tx timeout [ 119.939467] Bluetooth: hci2: command tx timeout [ 119.940011] Bluetooth: hci0: command tx timeout [ 120.002188] Bluetooth: hci3: command tx timeout [ 120.066318] Bluetooth: hci4: command tx timeout [ 120.132633] Bluetooth: hci5: command tx timeout [ 120.194175] Bluetooth: hci6: command tx timeout [ 120.258399] Bluetooth: hci7: command tx timeout [ 121.922921] Bluetooth: hci1: command tx timeout [ 121.986180] Bluetooth: hci0: command tx timeout [ 121.986614] Bluetooth: hci2: command tx timeout [ 122.050145] Bluetooth: hci3: command tx timeout [ 122.114383] Bluetooth: hci4: command tx timeout [ 122.178328] Bluetooth: hci5: command tx timeout [ 122.243425] Bluetooth: hci6: command tx timeout [ 122.306898] Bluetooth: hci7: command tx timeout [ 123.970261] Bluetooth: hci1: command tx timeout [ 124.034208] Bluetooth: hci2: command tx timeout [ 124.034696] Bluetooth: hci0: command tx timeout [ 124.098233] Bluetooth: hci3: command tx timeout [ 124.162353] Bluetooth: hci4: command tx timeout [ 124.226246] Bluetooth: hci5: command tx timeout [ 124.290386] Bluetooth: hci6: command tx timeout [ 124.354285] Bluetooth: hci7: command tx timeout [ 126.018280] Bluetooth: hci1: command tx timeout [ 126.082172] Bluetooth: hci0: command tx timeout [ 126.082609] Bluetooth: hci2: command tx timeout [ 126.146521] Bluetooth: hci3: command tx timeout [ 126.210200] Bluetooth: hci4: command tx timeout [ 126.275014] Bluetooth: hci5: command tx timeout [ 126.338324] Bluetooth: hci6: command tx timeout [ 126.402435] Bluetooth: hci7: command tx timeout [ 180.450780] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 180.458173] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 180.462684] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 180.475815] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 180.480263] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 180.540508] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 180.544386] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 180.549927] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 180.571124] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 180.573545] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 180.580828] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 180.582254] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 180.586599] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 180.598304] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 180.603595] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 180.642329] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 180.646840] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 180.649125] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 180.654802] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 180.658770] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 180.697911] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 180.703466] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 180.707790] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 180.708121] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 180.711250] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 180.718404] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 180.719190] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 180.724273] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 180.739547] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 180.744036] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 180.744501] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 180.747729] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 180.750303] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 180.756043] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 180.818595] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 180.822559] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 180.829520] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 180.838597] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 180.849683] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 180.864485] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 182.530162] Bluetooth: hci0: command tx timeout [ 182.659178] Bluetooth: hci1: command tx timeout [ 182.723605] Bluetooth: hci2: command tx timeout [ 182.723732] Bluetooth: hci4: command tx timeout [ 182.850181] Bluetooth: hci3: command tx timeout [ 182.914144] Bluetooth: hci5: command tx timeout [ 182.914340] Bluetooth: hci7: command tx timeout [ 182.978148] Bluetooth: hci6: command tx timeout [ 184.578295] Bluetooth: hci0: command tx timeout [ 184.707265] Bluetooth: hci1: command tx timeout [ 184.770165] Bluetooth: hci4: command tx timeout [ 184.770597] Bluetooth: hci2: command tx timeout [ 184.898277] Bluetooth: hci3: command tx timeout [ 184.962554] Bluetooth: hci5: command tx timeout [ 184.962627] Bluetooth: hci7: command tx timeout [ 185.026148] Bluetooth: hci6: command tx timeout [ 186.626132] Bluetooth: hci0: command tx timeout [ 186.754129] Bluetooth: hci1: command tx timeout [ 186.818888] Bluetooth: hci2: command tx timeout [ 186.818909] Bluetooth: hci4: command tx timeout [ 186.947132] Bluetooth: hci3: command tx timeout [ 187.012378] Bluetooth: hci7: command tx timeout [ 187.012834] Bluetooth: hci5: command tx timeout [ 187.074160] Bluetooth: hci6: command tx timeout [ 188.674582] Bluetooth: hci0: command tx timeout [ 188.803130] Bluetooth: hci1: command tx timeout [ 188.866435] Bluetooth: hci2: command tx timeout [ 188.867209] Bluetooth: hci4: command tx timeout [ 188.994558] Bluetooth: hci3: command tx timeout [ 189.058229] Bluetooth: hci5: command tx timeout [ 189.058412] Bluetooth: hci7: command tx timeout [ 189.123103] Bluetooth: hci6: command tx timeout [ 243.285645] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 243.287994] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 243.291775] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 243.305274] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 243.308809] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 243.418928] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 243.430553] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 243.432976] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 243.439365] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 243.443521] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 243.452569] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 243.461454] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 243.465686] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 243.483608] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 243.497653] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 243.551090] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 243.554544] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 243.557017] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 243.569513] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 243.577714] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 243.643736] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 243.647090] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 243.656237] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 243.670402] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 243.677182] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 243.734572] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 243.740009] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 243.747576] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 243.756920] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 243.768222] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 243.769836] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 243.779332] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 243.783285] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 243.788747] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 243.810637] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 244.064092] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 244.067783] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 244.074278] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 244.213111] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 244.217760] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 245.378229] Bluetooth: hci0: command tx timeout [ 245.506573] Bluetooth: hci1: command tx timeout [ 245.570282] Bluetooth: hci2: command tx timeout [ 245.635116] Bluetooth: hci3: command tx timeout [ 245.762253] Bluetooth: hci4: command tx timeout [ 245.890757] Bluetooth: hci7: command tx timeout [ 246.082201] Bluetooth: hci5: command tx timeout [ 246.274640] Bluetooth: hci6: command tx timeout [ 247.426157] Bluetooth: hci0: command tx timeout [ 247.555154] Bluetooth: hci1: command tx timeout [ 247.618146] Bluetooth: hci2: command tx timeout [ 247.682365] Bluetooth: hci3: command tx timeout [ 247.811167] Bluetooth: hci4: command tx timeout [ 247.939552] Bluetooth: hci7: command tx timeout [ 248.131195] Bluetooth: hci5: command tx timeout [ 248.324096] Bluetooth: hci6: command tx timeout [ 249.475142] Bluetooth: hci0: command tx timeout [ 249.602158] Bluetooth: hci1: command tx timeout [ 249.667107] Bluetooth: hci2: command tx timeout [ 249.731410] Bluetooth: hci3: command tx timeout [ 249.859135] Bluetooth: hci4: command tx timeout [ 249.988417] Bluetooth: hci7: command tx timeout [ 250.179166] Bluetooth: hci5: command tx timeout [ 250.371148] Bluetooth: hci6: command tx timeout [ 251.522423] Bluetooth: hci0: command tx timeout [ 251.650320] Bluetooth: hci1: command tx timeout [ 251.714215] Bluetooth: hci2: command tx timeout [ 251.778106] Bluetooth: hci3: command tx timeout [ 251.907298] Bluetooth: hci4: command tx timeout [ 252.034120] Bluetooth: hci7: command tx timeout [ 252.226141] Bluetooth: hci5: command tx timeout [ 252.419186] Bluetooth: hci6: command tx timeout [ 305.691873] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 305.699702] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 305.703038] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 305.714398] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 305.721752] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 306.090690] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 306.093903] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 306.099797] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 306.103918] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 306.107793] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 306.111568] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 306.113385] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 306.120674] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 306.137624] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 306.140740] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 306.190375] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 306.195263] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 306.205251] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 306.230324] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 306.237242] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 306.240908] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 306.246621] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 306.251927] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 306.256837] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 306.266700] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 306.304622] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 306.324774] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 306.336720] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 306.346479] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 306.385463] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 306.391937] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 306.397645] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 306.412976] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 306.449611] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 306.473739] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 306.474028] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 306.479576] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 306.484224] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 306.527796] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 306.534605] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 307.778156] Bluetooth: hci0: command tx timeout [ 308.226538] Bluetooth: hci1: command tx timeout [ 308.226580] Bluetooth: hci2: command tx timeout [ 308.291267] Bluetooth: hci4: command tx timeout [ 308.354249] Bluetooth: hci3: command tx timeout [ 308.611100] Bluetooth: hci5: command tx timeout [ 308.674238] Bluetooth: hci6: command tx timeout [ 308.674631] Bluetooth: hci7: command tx timeout [ 309.826315] Bluetooth: hci0: command tx timeout [ 310.274496] Bluetooth: hci2: command tx timeout [ 310.274534] Bluetooth: hci1: command tx timeout [ 310.338285] Bluetooth: hci4: command tx timeout [ 310.402378] Bluetooth: hci3: command tx timeout [ 310.659858] Bluetooth: hci5: command tx timeout [ 310.722122] Bluetooth: hci6: command tx timeout [ 310.723110] Bluetooth: hci7: command tx timeout [ 311.874397] Bluetooth: hci0: command tx timeout [ 312.322404] Bluetooth: hci2: command tx timeout [ 312.322586] Bluetooth: hci1: command tx timeout [ 312.387073] Bluetooth: hci4: command tx timeout [ 312.450303] Bluetooth: hci3: command tx timeout [ 312.707121] Bluetooth: hci5: command tx timeout [ 312.772135] Bluetooth: hci7: command tx timeout [ 312.772321] Bluetooth: hci6: command tx timeout [ 313.924374] Bluetooth: hci0: command tx timeout [ 314.370159] Bluetooth: hci1: command tx timeout [ 314.370240] Bluetooth: hci2: command tx timeout [ 314.435449] Bluetooth: hci4: command tx timeout [ 314.498297] Bluetooth: hci3: command tx timeout [ 314.754491] Bluetooth: hci5: command tx timeout [ 314.818320] Bluetooth: hci6: command tx timeout [ 314.819204] Bluetooth: hci7: command tx timeout [ 368.606257] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 368.614836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 368.619999] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 368.635928] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 368.648523] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 368.732566] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 368.736994] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 368.739951] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 368.747734] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 368.755484] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 368.882710] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 368.885921] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 368.887921] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 368.893763] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 368.897526] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 369.003462] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 369.022405] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 369.035624] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 369.051031] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 369.072687] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 369.083663] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 369.085447] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 369.093247] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 369.095446] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 369.105821] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 369.107572] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 369.117588] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 369.121762] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 369.126536] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 369.134973] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 369.139752] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 369.147411] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 369.147969] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 369.151494] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 369.156557] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 369.161613] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 369.195554] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 369.236347] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 369.237929] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 369.280208] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 370.691166] Bluetooth: hci0: command tx timeout [ 370.818398] Bluetooth: hci1: command tx timeout [ 370.946447] Bluetooth: hci2: command tx timeout [ 371.202169] Bluetooth: hci5: command tx timeout [ 371.202213] Bluetooth: hci3: command tx timeout [ 371.266263] Bluetooth: hci7: command tx timeout [ 371.331979] Bluetooth: hci4: command tx timeout [ 371.394344] Bluetooth: hci6: command tx timeout [ 372.738670] Bluetooth: hci0: command tx timeout [ 372.866207] Bluetooth: hci1: command tx timeout [ 372.995085] Bluetooth: hci2: command tx timeout [ 373.250137] Bluetooth: hci3: command tx timeout [ 373.250181] Bluetooth: hci5: command tx timeout [ 373.314744] Bluetooth: hci7: command tx timeout [ 373.378281] Bluetooth: hci4: command tx timeout [ 373.442348] Bluetooth: hci6: command tx timeout [ 374.786329] Bluetooth: hci0: command tx timeout [ 374.914145] Bluetooth: hci1: command tx timeout [ 375.045123] Bluetooth: hci2: command tx timeout [ 375.298233] Bluetooth: hci3: command tx timeout [ 375.298416] Bluetooth: hci5: command tx timeout [ 375.363075] Bluetooth: hci7: command tx timeout [ 375.426212] Bluetooth: hci4: command tx timeout [ 375.490246] Bluetooth: hci6: command tx timeout [ 376.834695] Bluetooth: hci0: command tx timeout [ 376.962459] Bluetooth: hci1: command tx timeout [ 377.092092] Bluetooth: hci2: command tx timeout [ 377.346415] Bluetooth: hci5: command tx timeout [ 377.346902] Bluetooth: hci3: command tx timeout [ 377.411125] Bluetooth: hci7: command tx timeout [ 377.476370] Bluetooth: hci4: command tx timeout [ 377.539225] Bluetooth: hci6: command tx timeout VM DIAGNOSIS: 16:55:55 Registers: info registers vcpu 0 RAX=00000000000000c4 RBX=ffff88800f9f9b80 RCX=0000000000000200 RDX=0000000000000008 RSI=ffff88800f9fa628 RDI=ffff88800f9fa600 RBP=ffff88800f9fa5d8 RSP=ffff88806ce088c8 R8 =0000000000000002 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=ffff88800f9fa628 R13=b503ba001073dead R14=0000000000000000 R15=0000000000000002 RIP=ffffffff815147c3 RFL=00000003 [------C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f4c3f277540 00000000 00000000 GS =0000 ffff8880e561b000 00000000 00000000 LDT=0000 fffffe0e00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000560ac06934c8 CR3=000000002802e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00642e65626f7270646f6d2f6374652f XMM01=00642e65626f7270646f6d2f6374652f XMM02=00000000000000000000ffffffffffff XMM03=00000000000000000000ff00000000ff XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=676f6c206d6f74737563000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000001 RBX=ffff88802eae79f8 RCX=0000000000000001 RDX=0000000000000000 RSI=ffffffff81354102 RDI=ffffffff85c1d1c0 RBP=ffffffff85c1d1c0 RSP=ffff88806cf08970 R8 =0000000000000001 R9 =ffff88806cf08a68 R10=000000000003b6bd R11=00000000000226df R12=ffffffff81354102 R13=ffff88806cf08a70 R14=ffff88802eae79c8 R15=ffff88806cf08a28 RIP=ffffffff8151adcc RFL=00000247 [---Z-PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e571b000 00000000 00000000 LDT=0000 fffffe7400000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f6b5edbf8e0 CR3=0000000018e63000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=00362e6f732e6362696c2f756e672d78 XMM02=ffff0000000000ffffffffffffffffff XMM03=ffffffffffffffffffffffffffffffff XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000