Warning: Permanently added '[localhost]:15170' (ECDSA) to the list of known hosts. 2025/06/01 23:45:05 fuzzer started 2025/06/01 23:45:05 dialing manager at localhost:34361 syzkaller login: [ 87.470580] cgroup: Unknown subsys name 'net' [ 87.608047] cgroup: Unknown subsys name 'cpuset' [ 87.649254] cgroup: Unknown subsys name 'rlimit' 2025/06/01 23:45:19 syscalls: 216 2025/06/01 23:45:19 code coverage: enabled 2025/06/01 23:45:19 comparison tracing: enabled 2025/06/01 23:45:19 extra coverage: enabled 2025/06/01 23:45:19 setuid sandbox: enabled 2025/06/01 23:45:19 namespace sandbox: enabled 2025/06/01 23:45:19 Android sandbox: enabled 2025/06/01 23:45:19 fault injection: enabled 2025/06/01 23:45:19 leak checking: enabled 2025/06/01 23:45:19 net packet injection: enabled 2025/06/01 23:45:19 net device setup: enabled 2025/06/01 23:45:19 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/06/01 23:45:19 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/06/01 23:45:19 USB emulation: enabled 2025/06/01 23:45:19 hci packet injection: enabled 2025/06/01 23:45:19 wifi device emulation: enabled 2025/06/01 23:45:19 802.15.4 emulation: enabled 2025/06/01 23:45:19 fetching corpus: 0, signal 0/0 (executing program) 2025/06/01 23:45:21 starting 8 fuzzer processes 23:45:21 executing program 0: ioctl$SG_GET_COMMAND_Q(0xffffffffffffffff, 0x2270, &(0x7f0000000000)) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000040)={0x21, ""/33}) ioctl$SCSI_IOCTL_STOP_UNIT(0xffffffffffffffff, 0x6) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000500)={0x0, 0xfffffffffffffffd, 0x0, 0x9, @scatter={0x6, 0x0, &(0x7f0000000340)=[{&(0x7f0000000080)=""/4, 0x4}, {&(0x7f00000000c0)=""/4, 0x4}, {&(0x7f0000000100)=""/48, 0x30}, {&(0x7f0000000140)=""/203, 0xcb}, {&(0x7f0000000240)=""/60, 0x3c}, {&(0x7f0000000280)=""/189, 0xbd}]}, &(0x7f00000003c0), &(0x7f0000000400)=""/192, 0x7, 0x10002, 0x3, &(0x7f00000004c0)}) r0 = syz_open_dev$sg(&(0x7f0000000580), 0xffff, 0x40402) sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x50, 0x0, 0x8, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x8000, 0x5}}}}, [@NL80211_ATTR_BANDS={0x8, 0xef, 0x6}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x8}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0xf}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x2d}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x4}]}, 0x50}, 0x1, 0x0, 0x0, 0x2000000}, 0x40004) ioctl$SG_GET_COMMAND_Q(r0, 0x2270, &(0x7f0000000700)) r1 = socket(0x5, 0x3, 0x3) getsockopt$packet_buf(r1, 0x107, 0x1, &(0x7f0000000740)=""/131, &(0x7f0000000800)=0x83) r2 = syz_open_dev$sg(&(0x7f0000000840), 0x0, 0x10000) ioctl$SG_EMULATED_HOST(r2, 0x2203, &(0x7f0000000880)) ioctl$SG_SET_DEBUG(r0, 0x227e, &(0x7f00000008c0)) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000900)=0x741, 0x4) accept4$inet(r1, &(0x7f0000000940)={0x2, 0x0, @loopback}, &(0x7f0000000980)=0x10, 0x80800) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000009c0), &(0x7f0000000a00)=0xc) r3 = accept4(r1, &(0x7f0000000a40)=@alg, &(0x7f0000000ac0)=0x80, 0x80c00) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000b40), r1) sendmsg$NL80211_CMD_STOP_NAN(r3, &(0x7f0000000c00)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000bc0)={&(0x7f0000000b80)={0x20, r4, 0x20, 0x70bd2a, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x63, 0x57}}}}, ["", "", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x20000041) ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, r1) fsmount(0xffffffffffffffff, 0x1, 0x70) 23:45:21 executing program 1: ioctl$sock_ipv6_tunnel_SIOCDELPRL(0xffffffffffffffff, 0x89f6, &(0x7f0000000200)={'syztnl2\x00', &(0x7f0000000180)={'syztnl0\x00', 0x0, 0x2f, 0x81, 0x81, 0x8, 0x5, @ipv4={'\x00', '\xff\xff', @loopback}, @empty, 0x20, 0x10, 0x8000, 0x7}}) ioctl$sock_ipv6_tunnel_SIOCDELPRL(0xffffffffffffffff, 0x89f6, &(0x7f00000002c0)={'ip6gre0\x00', &(0x7f0000000240)={'syztnl2\x00', r0, 0x1e9168d84596716e, 0x1, 0x5b, 0x4, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x40, 0x8, 0x7, 0xffffff80}}) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000300)) r2 = accept4$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, @private}, &(0x7f0000000380)=0x10, 0x0) getsockopt$inet_mreqn(r2, 0x0, 0x24, &(0x7f00000003c0)={@rand_addr, @empty, 0x0}, &(0x7f0000000400)=0xc) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/uprobe', 0x50080, 0x107) sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS(r4, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x28, 0x0, 0x4, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x4, 0x2d}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x4000000) socketpair(0x2c, 0x2, 0x3, &(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$SEG6_CMD_GET_TUNSRC(r5, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x74, 0x0, 0x700, 0x70bd27, 0x25dfdbfb, {}, [@SEG6_ATTR_DST={0x14, 0x1, @mcast2}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x8}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x4}, @SEG6_ATTR_DST={0x14, 0x1, @loopback}, @SEG6_ATTR_SECRET={0x14, 0x4, [0x4, 0x81, 0x55, 0x101]}, @SEG6_ATTR_DST={0x14, 0x1, @loopback}]}, 0x74}, 0x1, 0x0, 0x0, 0x40000}, 0x4000800) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r5, 0x89f6, &(0x7f0000000780)={'ip6tnl0\x00', &(0x7f0000000700)={'syztnl0\x00', r3, 0x29, 0x6c, 0x4, 0x7ff, 0x0, @empty, @private1={0xfc, 0x1, '\x00', 0x1}, 0x8, 0x10, 0x6, 0x3ff}}) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCDELRT(r6, 0x890c, &(0x7f0000000800)={0x0, @l2={0x1f, 0xa3b, @none, 0xfff9, 0x2}, @isdn={0x22, 0x0, 0x0, 0x3, 0xff}, @nl=@proc={0x10, 0x0, 0x25dfdbfb, 0x8000}, 0xfff, 0x0, 0x0, 0x0, 0x5, &(0x7f00000007c0)='veth0\x00', 0x7fff, 0x4, 0x3}) r7 = fsmount(r4, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCADD6RD(r7, 0x89f9, &(0x7f0000000900)={'syztnl1\x00', &(0x7f0000000880)={'ip6_vti0\x00', r3, 0x2d, 0x9, 0x80, 0x8, 0x1, @loopback, @local, 0x50, 0x7, 0x35f, 0x1}}) r8 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000940)='/sys/kernel/oops_count', 0x40000, 0xe) fspick(r8, &(0x7f0000000980)='./file0\x00', 0x1) sendmsg$NL80211_CMD_SET_COALESCE(0xffffffffffffffff, &(0x7f0000000a80)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000a40)={&(0x7f0000000a00)={0x30, 0x0, 0x1, 0x70bd2a, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0xffffff75, 0x4c}}}}, [@NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x828a}, @NL80211_ATTR_COALESCE_RULE_CONDITION={0x8, 0x2, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x40001}, 0x8000) accept4(r4, &(0x7f0000000ac0)=@l2tp6={0xa, 0x0, 0x0, @empty}, &(0x7f0000000b40)=0x80, 0x0) getsockopt$packet_int(r2, 0x107, 0x13, &(0x7f0000000b80), &(0x7f0000000bc0)=0x4) 23:45:21 executing program 2: connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e23, @multicast2}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x39}}, 0x10) getsockopt$IPT_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x0, 0x43, &(0x7f0000000080)={'IDLETIMER\x00'}, &(0x7f00000000c0)=0x1e) bind$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) setsockopt$inet_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x0, 0x2d, &(0x7f0000000140)={0x2, {{0x2, 0x4e21, @remote}}}, 0x88) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000200)={@empty, @remote}, 0xc) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x9) bind$inet(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$IP_VS_SO_SET_STARTDAEMON(0xffffffffffffffff, 0x0, 0x48b, &(0x7f0000000280)={0x0, 'vlan1\x00', 0x3}, 0x18) recvmmsg(0xffffffffffffffff, &(0x7f00000046c0)=[{{&(0x7f00000002c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4={""/10, ""/2, @local}}}}, 0x80, &(0x7f0000001580)=[{&(0x7f0000000340)=""/178, 0xb2}, {&(0x7f0000000400)=""/213, 0xd5}, {&(0x7f0000000500)=""/123, 0x7b}, {&(0x7f0000000580)=""/4096, 0x1000}], 0x4, &(0x7f00000015c0)}, 0x3}, {{0x0, 0x0, &(0x7f0000002680)=[{&(0x7f0000001600)=""/4096, 0x1000}, {&(0x7f0000002600)=""/87, 0x57}], 0x2, &(0x7f00000026c0)=""/54, 0x36}, 0xf1}, {{&(0x7f0000002700)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10}, 0x80, &(0x7f0000002900)=[{&(0x7f0000002780)=""/104, 0x68}, {&(0x7f0000002800)=""/216, 0xd8}], 0x2, &(0x7f0000002940)=""/27, 0x1b}, 0x5}, {{&(0x7f0000002980)=@caif=@dgm, 0x80, &(0x7f0000002c00)=[{&(0x7f0000002a00)=""/142, 0x8e}, {&(0x7f0000002ac0)=""/70, 0x46}, {&(0x7f0000002b40)=""/174, 0xae}], 0x3}, 0x8}, {{&(0x7f0000002c40)=@ieee802154={0x24, @short}, 0x80, &(0x7f0000003d00)=[{&(0x7f0000002cc0)=""/52, 0x34}, {&(0x7f0000002d00)=""/4096, 0x1000}], 0x2, &(0x7f0000003d40)=""/73, 0x49}, 0x5}, {{0x0, 0x0, &(0x7f0000003f00)=[{&(0x7f0000003dc0)=""/22, 0x16}, {&(0x7f0000003e00)=""/94, 0x5e}, {&(0x7f0000003e80)=""/112, 0x70}], 0x3, &(0x7f0000003f40)=""/224, 0xe0}, 0x8bf2}, {{0x0, 0x0, &(0x7f00000045c0)=[{&(0x7f0000004040)=""/163, 0xa3}, {&(0x7f0000004100)=""/97, 0x61}, {&(0x7f0000004180)=""/61, 0x3d}, {&(0x7f00000041c0)=""/26, 0x1a}, {&(0x7f0000004200)=""/76, 0x4c}, {&(0x7f0000004280)=""/129, 0x81}, {&(0x7f0000004340)=""/36, 0x24}, {&(0x7f0000004380)=""/160, 0xa0}, {&(0x7f0000004440)=""/219, 0xdb}, {&(0x7f0000004540)=""/99, 0x63}], 0xa, &(0x7f0000004680)=""/48, 0x30}, 0x8000}], 0x7, 0x22, &(0x7f0000004880)) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f00000048c0)={0x1, {{0x2, 0x4e21, @remote}}, {{0x2, 0x4e20, @local}}}, 0x108) accept$packet(r0, &(0x7f0000004a00)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000004a40)=0x14) accept$inet(r0, &(0x7f0000004a80)={0x2, 0x0, @private}, &(0x7f0000004ac0)=0x10) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000004b80)={'syztnl1\x00', &(0x7f0000004b00)={'syztnl0\x00', r1, 0x29, 0x40, 0x39, 0x4, 0x10, @remote, @dev={0xfe, 0x80, '\x00', 0x35}, 0x20, 0x0, 0x4, 0x1}}) setsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f0000004bc0)={@empty, @local, r2}, 0xc) r3 = accept4(0xffffffffffffffff, 0x0, &(0x7f0000004c00), 0x80000) setsockopt$IP_VS_SO_SET_STARTDAEMON(r3, 0x0, 0x48b, &(0x7f0000004c40)={0x0, 'veth1_vlan\x00', 0x3}, 0x18) getresuid(&(0x7f0000004c80), &(0x7f0000004cc0), &(0x7f0000004d00)) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000004f80)=@filter={'filter\x00', 0xe, 0x1, 0x1ce, [0x0, 0x20004d80, 0x20004db0, 0x20004de0], 0x0, &(0x7f0000004d40), &(0x7f0000004d80)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{0x5, 0xf, 0x6558, 'bridge_slave_1\x00', 'syzkaller1\x00', 'lo\x00', 'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, [0x0, 0xff, 0xff, 0xff], @dev={'\xaa\xaa\xaa\xaa\xaa', 0x20}, [0xff, 0x0, 0x0, 0x0, 0xff, 0xff], 0xee, 0xee, 0x13e, [@quota={{'quota\x00', 0x0, 0x18}, {{0x1, 0x0, 0x20, {0x3}}}}, @devgroup={{'devgroup\x00', 0x0, 0x18}, {{0x19, 0x7, 0x2, 0x9, 0x12d}}}], [], @common=@LED={'LED\x00', 0x28, {{'syz1\x00', 0x1, 0x2, {0xffffffff00000000}}}}}]}]}, 0x246) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000005000)={'wlan1\x00'}) 23:45:21 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_UPDATE_FT_IES(r0, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x90, 0x0, 0x400, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x4, 0x2}}}}, [@NL80211_ATTR_MDID={0x6, 0xb1, 0x1}, @NL80211_ATTR_MDID={0x6, 0xb1, 0x5d7}, @NL80211_ATTR_MDID={0x6, 0xb1, 0x4}, @NL80211_ATTR_MDID={0x6, 0xb1, 0x5}, @NL80211_ATTR_IE={0x46, 0x2a, [@tim={0x5, 0x40, {0x80, 0xa3, 0x8, "2830da1ccc488fca9d8aa30f521f02d4a31c960a3c2b66eb99a86668e7a66775c486016c3c6623c2bb52bf851ea425ed57b7f8b30f1139e06e448da6cf"}}]}]}, 0x90}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$NL80211_CMD_UPDATE_FT_IES(r0, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x34, 0x0, 0x200, 0x70bd2d, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_MDID={0x6, 0xb1, 0x1000}, @NL80211_ATTR_IE={0x18, 0x2a, [@link_id={0x65, 0x12, {@initial, @device_a, @device_b}}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x810) sendmsg$NL80211_CMD_LEAVE_MESH(r0, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x20, 0x0, 0x100, 0x70bd2d, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x3, 0x77}}}}, ["", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x200048c0) clock_gettime(0x0, &(0x7f0000005700)={0x0, 0x0}) recvmmsg(r0, &(0x7f00000055c0)=[{{&(0x7f00000003c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, &(0x7f0000001500)=[{&(0x7f0000000440)=""/4096, 0x1000}, {&(0x7f0000001440)=""/131, 0x83}], 0x2, &(0x7f0000001540)=""/246, 0xf6}, 0x5}, {{&(0x7f0000001640)=@pptp={0x18, 0x2, {0x0, @broadcast}}, 0x80, &(0x7f0000001740)=[{&(0x7f00000016c0)=""/99, 0x63}], 0x1}, 0xfff}, {{&(0x7f0000001780)=@alg, 0x80, &(0x7f0000002bc0)=[{&(0x7f0000001800)=""/62, 0x3e}, {&(0x7f0000001840)=""/37, 0x25}, {&(0x7f0000001880)=""/107, 0x6b}, {&(0x7f0000001900)=""/239, 0xef}, {&(0x7f0000001a00)=""/4096, 0x1000}, {&(0x7f0000002a00)=""/89, 0x59}, {&(0x7f0000002a80)=""/118, 0x76}, {&(0x7f0000002b00)=""/166, 0xa6}], 0x8, &(0x7f0000002c40)=""/228, 0xe4}}, {{&(0x7f0000002d40)=@hci, 0x80, &(0x7f00000031c0)=[{&(0x7f0000002dc0)=""/196, 0xc4}, {&(0x7f0000002ec0)=""/122, 0x7a}, {&(0x7f0000002f40)=""/104, 0x68}, {&(0x7f0000002fc0)=""/59, 0x3b}, {&(0x7f0000003000)=""/236, 0xec}, {&(0x7f0000003100)=""/169, 0xa9}], 0x6, &(0x7f0000003240)=""/4096, 0x1000}, 0xfffff001}, {{0x0, 0x0, &(0x7f0000004580)=[{&(0x7f0000004240)=""/154, 0x9a}, {&(0x7f0000004300)=""/210, 0xd2}, {&(0x7f0000004400)=""/73, 0x49}, {&(0x7f0000004480)=""/245, 0xf5}], 0x4, &(0x7f00000045c0)=""/4096, 0x1000}, 0x9}], 0x5, 0x10101, &(0x7f0000005740)={r2, r3+10000000}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000057c0), r0) sendmsg$NL80211_CMD_DEAUTHENTICATE(r4, &(0x7f0000005940)={&(0x7f0000005780)={0x10, 0x0, 0x0, 0x14028201}, 0xc, &(0x7f0000005900)={&(0x7f0000005800)={0xe4, r5, 0x300, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x2, 0x5d}}}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x8}, @NL80211_ATTR_IE={0x9b, 0x2a, [@tim={0x5, 0x87, {0x1, 0xe2, 0x6, "2ad6783638708792926435cc565bba95ba47f177eca20be5fc4c257953ff90c9264f629d07166403a89ad6a402e8bce6390d4ebbcd9774e3f08eedcd7102495882bc73f1888461ae9790a47abc3bd526c4d00e774f10efcdf4273cc8a6d1b8071778074375f31cc0272b79bcd1d1b2970b0a17fcec60d2f11bc536eb2bee4ddfd02c23b3"}}, @cf={0x4, 0x6, {0x0, 0xf9, 0xbf, 0x81}}, @erp={0x2a, 0x1, {0x1, 0x0, 0x1}}, @dsss={0x3, 0x1, 0x7}]}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0xe4}}, 0x0) clock_gettime(0x0, &(0x7f0000005a40)={0x0, 0x0}) pselect6(0x40, &(0x7f0000005980)={0x3, 0xd351, 0x4, 0x9, 0x3f, 0x400, 0x75, 0x100000001}, &(0x7f00000059c0)={0x7, 0x0, 0x5, 0x401, 0x6, 0x6, 0x5, 0x100000000}, &(0x7f0000005a00)={0x0, 0x4, 0x5, 0x100000000, 0x6d29, 0x7, 0x80, 0xa19}, &(0x7f0000005a80)={r6, r7+60000000}, &(0x7f0000005b00)={&(0x7f0000005ac0), 0x8}) ioctl$KDGETMODE(r0, 0x4b3b, &(0x7f0000005b40)) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000005c40)={&(0x7f0000005b80)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000005c00)={&(0x7f0000005bc0)={0x28, r5, 0x8, 0x70bd25, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xbf, 0x4c}}}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0x1046}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000011}, 0x8082) sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000006040)={&(0x7f0000005c80)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000006000)={&(0x7f0000005cc0)={0x308, r5, 0x20, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_TID_CONFIG={0x2e8, 0x11d, 0x0, 0x1, [{0x20, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x1}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x9}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}, {0x10, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}, {0x238, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x220, 0xd, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x28, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x23, 0x1, [0x24, 0xb, 0x9, 0x60, 0x2, 0x18, 0x48, 0x16, 0x36, 0x4, 0x3, 0x6c, 0x2, 0x9, 0x18, 0x30, 0x16, 0x1b, 0x12, 0x48, 0x24, 0x4, 0x20, 0x36, 0xb, 0x60, 0x60, 0x24, 0x9, 0xb, 0x36]}]}, @NL80211_BAND_2GHZ={0x108, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x4f, 0x2, [{0x4, 0x7}, {0x5, 0x6}, {0x7, 0xa}, {0x5, 0xa}, {0x1, 0x9}, {0x0, 0x5}, {0x0, 0x5}, {0x6, 0x9}, {0x2, 0x8}, {0x1, 0x2}, {0x6, 0x6}, {0x4, 0x7}, {0x2, 0x4}, {0x2, 0xa}, {0x1, 0x8}, {0x1, 0x4}, {0x0, 0xa}, {0x2, 0x9}, {0x3, 0x9}, {0x7, 0x6}, {0x0, 0x4}, {0x5, 0xa}, {0x4, 0x4}, {0x0, 0x8}, {0x0, 0x4}, {0x2, 0x4}, {0x1, 0x1}, {0x4, 0x8}, {0x3, 0x4}, {0x7, 0x7}, {0x3, 0x7}, {0x0, 0xa}, {0x4, 0x5}, {0x1, 0x1}, {0x5, 0x8}, {0x4, 0x3}, {0x6}, {0x1, 0x7}, {0x0, 0x9}, {0x4, 0x7}, {0x2, 0x3}, {0x5, 0x9}, {0x5, 0x3}, {0x4, 0x8}, {0x7, 0x2}, {0x0, 0x9}, {0x7, 0x7}, {}, {}, {0x0, 0x7}, {0x5, 0x5}, {0x3, 0x6}, {0x1}, {0x3, 0x1}, {0x5, 0xa}, {0x6, 0x3}, {0x2, 0x7}, {0x0, 0x2}, {0x3, 0x1}, {0x3, 0xa}, {0x3, 0x6}, {0x6, 0xa}, {0x6, 0x4}, {0x2, 0xa}, {0x0, 0x9}, {0x5}, {0x7, 0x6}, {0x6, 0x8}, {0x4, 0x5}, {0x1, 0x3}, {0x7, 0xa}, {0x7, 0x1}, {0x2, 0x8}, {0x6, 0x4}, {}]}, @NL80211_TXRATE_HT={0x1d, 0x2, [{0x5, 0x1}, {0x5, 0x1}, {0x0, 0x6}, {0x4}, {0x4, 0x2}, {0x7, 0x7}, {0x5, 0x9}, {0x2, 0x8}, {0x5, 0x9}, {0x6, 0x3}, {0x6, 0x2}, {0x0, 0x4}, {0x4, 0x2}, {0x2, 0x9}, {0x3, 0x7}, {0x4, 0x4}, {0x6}, {0x1, 0x1}, {0x0, 0x9}, {0x0, 0x2}, {0x3, 0x9}, {0x4}, {0x6, 0x7}, {0x0, 0xa}, {0x3, 0x9}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xfff, 0x800, 0x9, 0x1f, 0x20, 0x5, 0x2, 0x1]}}, @NL80211_TXRATE_LEGACY={0x23, 0x1, [0x2, 0x53, 0x24, 0x6c, 0x2, 0x12, 0x4, 0x30, 0x9, 0x2, 0x2, 0x12, 0xb, 0x18, 0x4, 0x60, 0x36, 0x24, 0x24, 0x36, 0xc, 0x16, 0x3, 0x5, 0x18, 0x1, 0x30, 0x12, 0x3, 0xb, 0xb]}, @NL80211_TXRATE_HT={0x2a, 0x2, [{0x5, 0x5}, {0x5}, {0x7, 0xa}, {0x6, 0x1}, {0x4, 0xa}, {0x6, 0x9}, {0x1, 0x5}, {0x5, 0x8}, {0x0, 0x2}, {0x3, 0x9}, {0x0, 0x1}, {0x1, 0x9}, {0x0, 0x6}, {0x2, 0x7}, {0x3, 0x5}, {0x3}, {0x0, 0x4}, {0x2, 0x3}, {0x1, 0x2}, {0x3, 0x4}, {0x0, 0x9}, {0x6, 0x5}, {0x3}, {0x4, 0x8}, {0x2, 0x9}, {0x4, 0x8}, {0x3, 0x8}, {0x5, 0x7}, {0x1, 0x2}, {0x3, 0xa}, {0x2}, {0x4, 0x7}, {0x1, 0x9}, {0x3, 0x9}, {0x0, 0x9}, {0x2}, {0x0, 0x4}, {0x6, 0x2}]}, @NL80211_TXRATE_HT={0x2e, 0x2, [{0x6, 0x4}, {0x2, 0x5}, {0x7, 0x8}, {0x0, 0x8}, {0x0, 0x6}, {0x4, 0x9}, {0x7, 0xa}, {0x5, 0x9}, {0x0, 0x1}, {0x0, 0x4}, {0x2, 0x8}, {0x6, 0x7}, {0x2, 0x9}, {0x6, 0x3}, {0x0, 0x4}, {0x5, 0x9}, {0x6, 0x4}, {0x0, 0x2}, {0x6, 0x8}, {0x2, 0x9}, {0x2, 0x3}, {0x5, 0x4}, {0x7, 0x5}, {0x1, 0x8}, {0x5, 0x1}, {0x0, 0xa}, {0x0, 0x7}, {0x4, 0x5}, {0x4, 0xa}, {}, {0x7, 0x6}, {0x1}, {0x0, 0x6}, {0x0, 0x1}, {0x3, 0x2}, {0x0, 0x4}, {0x5, 0x2}, {0x6, 0x4}, {0x1, 0x7}, {0x2, 0x6}, {0x2, 0x8}, {0x1, 0x2}]}]}, @NL80211_BAND_60GHZ={0x38, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_LEGACY={0x21, 0x1, [0x4, 0x6c, 0x4, 0x4, 0x30, 0x30, 0x1, 0x6, 0xb, 0x12, 0x48, 0x16, 0x2e, 0x1b, 0x6c, 0x1b, 0x30, 0x1, 0x68, 0x4, 0x6, 0xb, 0xb, 0xb, 0x24, 0x5, 0x36, 0x1, 0x24]}, @NL80211_TXRATE_LEGACY={0x6, 0x1, [0x6c, 0xb]}]}, @NL80211_BAND_5GHZ={0x20, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x7, 0x448d, 0x2, 0x5, 0xfff, 0xffc1, 0x401]}}, @NL80211_TXRATE_LEGACY={0x6, 0x1, [0x60, 0x18]}]}, @NL80211_BAND_6GHZ={0x94, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0x2, 0x9, 0x8, 0x1, 0xda, 0xdf13, 0x5]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0x1f, 0x1, 0x4, 0x5, 0x20, 0x9, 0x5]}}, @NL80211_TXRATE_LEGACY={0x1f, 0x1, [0xc, 0x6c, 0x1b, 0x4, 0x16, 0xc, 0x60, 0x6c, 0x5, 0x36, 0x4, 0x6c, 0x1, 0x3, 0x5, 0x6, 0x3, 0x2, 0x24, 0x0, 0xc, 0x1, 0x36, 0x1, 0x1, 0xb, 0x3b23c81a76866aa7]}, @NL80211_TXRATE_HT={0x1b, 0x2, [{0x0, 0x7}, {0x0, 0x7}, {0x7, 0x8}, {0x4, 0x9}, {0x4, 0x1}, {0x6, 0x6}, {0x5, 0x7}, {0x4, 0x9}, {0x3, 0x1}, {0x4, 0x1}, {0x1, 0x8}, {0x1, 0x3}, {0x4, 0x1}, {0x0, 0x9}, {0x2, 0x5}, {0x1, 0x5}, {0x0, 0x4}, {0x2, 0x3}, {0x4, 0x4}, {0x7, 0x1}, {0x6, 0x6}, {0x0, 0xa}, {0x2, 0x3}]}, @NL80211_TXRATE_HT={0x19, 0x2, [{0x3, 0x1}, {0x5, 0x8}, {0x7}, {0x1, 0x8}, {0x0, 0x4}, {0x5, 0x2}, {0x6, 0x4}, {0x0, 0x9}, {0x7, 0x8}, {0x6, 0x5}, {0x4, 0x9}, {0x0, 0x9}, {0x1, 0x3}, {0x1, 0x8}, {0x3, 0x5}, {0x6, 0x1}, {0x7, 0x7}, {0x1}, {0x2, 0x3}, {0x7, 0x2}, {0x6, 0x4}]}]}]}]}, {0x10, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x4}]}, {0x28, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x36}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x3}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x1d}]}, {0x2c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x8}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x5}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_NOACK={0x5}]}]}]}, 0x308}, 0x1, 0x0, 0x0, 0x24008001}, 0x4000000) sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r4, &(0x7f0000006140)={&(0x7f0000006080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000006100)={&(0x7f00000060c0)={0x14, r5, 0x1, 0x70bd27, 0x25dfdbfc, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) clock_gettime(0x5, &(0x7f0000006180)) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000006200)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f00000062c0)={&(0x7f00000061c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000006280)={&(0x7f0000006240)={0x40, r5, 0x100, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x401, 0x42}}}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x20}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x1c}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x5}]}, 0x40}, 0x1, 0x0, 0x0, 0x8000}, 0x14) getsockopt$ARPT_SO_GET_ENTRIES(r4, 0x0, 0x61, &(0x7f0000006300)={'filter\x00', 0x4, "735d8646"}, &(0x7f0000006340)=0x28) sendmsg$NL80211_CMD_DEL_PMK(r4, &(0x7f0000006480)={&(0x7f0000006380)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000006440)={&(0x7f00000063c0)={0x74, r5, 0x16, 0x70bd2b, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x4, 0x37}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x74}, 0x1, 0x0, 0x0, 0x8800}, 0x10) 23:45:21 executing program 4: ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_PMK(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, 0x0, 0x300, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x3, r0}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x34}, 0x1, 0x0, 0x0, 0x440c0}, 0xc814) getsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000140)={@multicast1, @loopback, @initdev}, &(0x7f0000000180)=0xc) setsockopt$IP_VS_SO_SET_EDIT(0xffffffffffffffff, 0x0, 0x483, &(0x7f00000001c0)={0x32, @rand_addr=0x64010100, 0x4e20, 0x4, 'none\x00', 0x8, 0xe304, 0x43}, 0x2c) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/bus/pci', 0x480, 0x80) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x30, 0x0, 0x100, 0x70bd2b, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r0}, @val={0xc, 0x99, {0x2, 0x23}}}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x10) sendmsg$SEG6_CMD_SET_TUNSRC(r1, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x24, 0x0, 0x8, 0x70bd26, 0x25dfdbfc, {}, [@SEG6_ATTR_SECRET={0x10, 0x4, [0x40, 0x2, 0xfffffffd]}]}, 0x24}, 0x1, 0x0, 0x0, 0x40040}, 0x4000000) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x3c, 0x0, 0x20, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r0}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_CHANNELS={0xe, 0xbd, [0x401, 0xffe0, 0x9, 0x6, 0xf5]}, @NL80211_ATTR_STA_PLINK_ACTION={0x5}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x325}]}, 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x0) ioctl$TIOCGWINSZ(r1, 0x5413, &(0x7f0000000540)) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000580)=0x2, 0x4) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000600), r1) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000780)={&(0x7f0000000640)={0x138, r2, 0x4, 0x70bd25, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_MESH_PEER_AID={0x6, 0xed, 0x3b3}, @NL80211_ATTR_AIRTIME_WEIGHT={0x6, 0x112, 0x5}, @NL80211_ATTR_MESH_PEER_AID={0x6, 0xed, 0x59d}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0xe1}, @NL80211_ATTR_STA_FLAGS2={0xc, 0x43, {0x7, 0x80}}, @NL80211_ATTR_STA_FLAGS2={0xc, 0x43, {0x100, 0x1}}, @NL80211_ATTR_STA_EXT_CAPABILITY={0xd4, 0xac, "490caf279f53092a9e0f77281615e351a583580146540252a80e8cc9ff02583a82fe9ab7e149ef915d50f1a95a4812ad43419190161aed57a2f580f6653582fd4351b61f570bb8b41794d945173ca4e9d7d38244ed77c480ad4b5458971c669ce35fef5c45fec5d35136bd88eccefe3764a579537571792a74494940fc4e5446789136f48c3d9eb69530d56d6b6ff64e8dc42c863915b235089e3e920ac1b7792a9c67d03b874487e2250bd648599f1de7125e418504dbb43f859131cd7220c2342f1f58d92c2671daef63e33c2d64ab"}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x17, 0x13, [{0x12}, {0x30, 0x1}, {0x1b, 0x1}, {0x60, 0x1}, {0x2}, {0xc}, {0x1b, 0x1}, {0x18}, {0x24, 0x1}, {0x6c, 0x1}, {0x18, 0x1}, {0x24}, {0x16, 0x1}, {0xc}, {0x6, 0x1}, {0x1}, {0x48, 0x1}, {0x0, 0x1}, {0x77}]}]}, 0x138}, 0x1, 0x0, 0x0, 0x40000}, 0x1) r3 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$sock_timeval(r3, 0x1, 0x0, &(0x7f0000000800)={0x0, 0xea60}, 0x10) sendmsg$NL80211_CMD_STOP_P2P_DEVICE(r1, &(0x7f0000000900)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x14, r2, 0x10, 0x70bd27, 0x25dfdbfb, {{}, {@void, @void}}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4008080}, 0x44000) sendmsg$NL80211_CMD_SET_NOACK_MAP(r1, &(0x7f0000000a00)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000009c0)={&(0x7f0000000980)={0x28, r2, 0x100, 0x70bd29, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x7, 0xf}}}}, [@NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x90}, 0x10000) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000008b40), r1) sendmsg$NL80211_CMD_NEW_KEY(r4, &(0x7f0000008c80)={&(0x7f0000008b00)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000008c40)={&(0x7f0000008b80)={0x98, r5, 0x8, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r0}, @void}}, [@NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_SEQ={0x9, 0xa, "a362be6b58"}, @NL80211_ATTR_KEY_CIPHER={0x8}, @NL80211_ATTR_KEY={0x14, 0x50, 0x0, 0x1, [@NL80211_KEY_MODE={0x5, 0x9, 0x1}, @NL80211_KEY_IDX={0x5, 0x2, 0x3}]}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_SEQ={0x6, 0xa, "d604"}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x24, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "5a452a1d520a8bbf81f29fe924"}]}, 0x98}}, 0x50) sendmsg$NL80211_CMD_RADAR_DETECT(r3, &(0x7f0000008dc0)={&(0x7f0000008cc0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000008d80)={&(0x7f0000008d40)={0x34, 0x0, 0x4, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8, 0x3, r0}, @void}}, [@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x80000001}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xf}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x24044000) [ 103.514199] audit: type=1400 audit(1748821521.826:7): avc: denied { execmem } for pid=274 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 23:45:21 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000000)={0x1, 'syzkaller1\x00', 0x3}, 0x18) setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000040)={{0x0, @local, 0x4e20, 0x4, 'lblcr\x00', 0x49, 0x0, 0x32}, {@private=0xa010101, 0x4e24, 0x10000, 0x8, 0x10000, 0x6098}}, 0x44) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(r1, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x30, 0x0, 0x0, 0x70bd26, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x54}}}}, [@NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000000}, 0x400c800) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)={0xec, 0x0, 0x200, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x5}], @NL80211_ATTR_MESH_CONFIG={0x3c, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HT_OPMODE={0x6, 0x16, 0x4}, @NL80211_MESHCONF_RETRY_TIMEOUT={0x6, 0x1, 0x76}, @NL80211_MESHCONF_CONNECTED_TO_GATE={0x5, 0x1d, 0x1}, @NL80211_MESHCONF_RSSI_THRESHOLD={0x8, 0x14, 0xffffffffffffff5e}, @NL80211_MESHCONF_POWER_MODE={0x8, 0x1a, 0x1}, @NL80211_MESHCONF_HWMP_ROOTMODE={0x5, 0xe, 0x3}, @NL80211_MESHCONF_AUTO_OPEN_PLINKS={0x5, 0x7, 0x1f}]}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x9}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x19}, @NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0x2}, @NL80211_ATTR_MESH_CONFIG={0x34, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_GATE_ANNOUNCEMENTS={0x5, 0x11, 0x1}, @NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR={0x8, 0x15, 0xf7}, @NL80211_MESHCONF_PLINK_TIMEOUT={0x8, 0x1c, 0x1f}, @NL80211_MESHCONF_TTL={0x5, 0x6, 0x81}, @NL80211_MESHCONF_HWMP_ROOTMODE={0x5}, @NL80211_MESHCONF_RSSI_THRESHOLD={0x8, 0x14, 0xffffffffffffff8c}]}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x5}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x17}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x4}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x5}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x4}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x248}]]}, 0xec}, 0x1, 0x0, 0x0, 0x20000045}, 0x8804) r2 = socket$inet(0x2, 0x80000, 0xc44) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r2, 0x6, 0x15, &(0x7f0000000380)=0x1, 0x4) socketpair(0x1d, 0x5, 0x8, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), r1) sendmsg$NL80211_CMD_SET_REG(r3, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x28, r5, 0x4, 0x70bd2b, 0x25dfdbfe, {}, [@NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'b\x00'}, @NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'b\x00'}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x40040}, 0xc008) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), r1) sendmsg$NL80211_CMD_STOP_SCHED_SCAN(r3, &(0x7f0000000680)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x80, r6, 0x0, 0x70bd29, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x81, 0xc}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x7c}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0xa}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x18}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x8}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x46}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x11}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x9}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0xf}]}, 0x80}, 0x1, 0x0, 0x0, 0x4001}, 0x20000001) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f00000006c0)={'filter\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) r7 = syz_open_dev$sg(&(0x7f0000000740), 0x8, 0x2) ioctl$SG_SET_DEBUG(r7, 0x227e, &(0x7f0000000780)=0x1) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), r4) sendmsg$NL80211_CMD_DEL_PMKSA(r4, &(0x7f00000008c0)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000880)={&(0x7f0000000840)={0x24, r8, 0x20, 0x70bd28, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x62}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x2c46fc64f193acae}, 0x44) setsockopt$inet_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x0, 0x2d, &(0x7f0000000980)={0x9, {{0x2, 0x4e20, @multicast2}}}, 0x88) 23:45:21 executing program 6: ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000000)=0x0) process_vm_writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000040)=""/128, 0x80}, {&(0x7f00000000c0)=""/193, 0xc1}, {&(0x7f00000001c0)=""/57, 0x39}, {&(0x7f0000000200)=""/112, 0x70}, {&(0x7f0000000280)}], 0x5, &(0x7f0000001840)=[{&(0x7f0000000340)=""/236, 0xec}, {&(0x7f0000000440)=""/133, 0x85}, {&(0x7f0000000500)=""/43, 0x2b}, {&(0x7f0000000540)=""/180, 0xb4}, {&(0x7f0000000600)=""/4096, 0x1000}, {&(0x7f0000001600)=""/199, 0xc7}, {&(0x7f0000001700)=""/78, 0x4e}, {&(0x7f0000001780)=""/192, 0xc0}], 0x8, 0x0) pselect6(0x40, &(0x7f00000018c0)={0xffffffff, 0x8, 0x62b800000000000, 0x9, 0x5d, 0x6, 0x4, 0x1}, &(0x7f0000001900)={0x80, 0x143, 0x9, 0x80, 0x40, 0xffffffff, 0xfffffffffffff801, 0x3e0000000000}, &(0x7f0000001940)={0xfff, 0xdd, 0x1000000000000000, 0x2, 0x800, 0x2e, 0x7, 0x3f}, &(0x7f0000001980)={0x0, 0x3938700}, &(0x7f0000001a00)={&(0x7f00000019c0)={[0x4]}, 0x8}) r1 = accept$packet(0xffffffffffffffff, &(0x7f0000001a40)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000001a80)=0x14) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000001b40)={'syztnl2\x00', &(0x7f0000001ac0)={'ip6gre0\x00', r2, 0x2f, 0x0, 0x0, 0x5, 0x12, @remote, @ipv4={'\x00', '\xff\xff', @remote}, 0x10020, 0x7800, 0x1f, 0xdb67}}) ioctl$SG_GET_REQUEST_TABLE(0xffffffffffffffff, 0x2286, &(0x7f0000001b80)) ioctl$sock_SIOCSPGRP(r1, 0x8902, &(0x7f0000001d00)) r4 = fspick(r1, &(0x7f0000001d40)='./file0\x00', 0x0) r5 = fsmount(r4, 0x0, 0x7b) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r6, &(0x7f0000001e80)={&(0x7f0000001d80)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000001e40)={&(0x7f0000001dc0)={0x78, 0x0, 0x100, 0x70bd2c, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x7, 0x68}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x288}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x1f}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x100}, @NL80211_ATTR_CHANNEL_WIDTH={0x8}], @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x2e}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x4}], @NL80211_ATTR_DURATION={0x8, 0x57, 0x1}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x7}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x200}, @NL80211_ATTR_DURATION={0x8, 0x57, 0xffffffff}]}, 0x78}, 0x1, 0x0, 0x0, 0x4004850}, 0x40080) setsockopt$packet_add_memb(r5, 0x107, 0x1, &(0x7f0000001ec0)={r3, 0x1, 0x6, @broadcast}, 0x10) r7 = accept(r6, 0x0, &(0x7f0000001f00)) clock_gettime(0x0, &(0x7f0000002000)={0x0, 0x0}) pselect6(0x40, &(0x7f0000001f40)={0x7d, 0x80000001, 0xfffffffffffffffc, 0x0, 0x8, 0x3f, 0x8, 0x4}, &(0x7f0000001f80)={0x401, 0x9213242000000000, 0x1ff, 0x4480, 0x6, 0x763c, 0x6, 0x3e95bbcb}, &(0x7f0000001fc0)={0xfffffffffffffff9, 0x0, 0x2, 0x3, 0x7, 0x37f3, 0x3, 0x100}, &(0x7f0000002040)={r8, r9+10000000}, &(0x7f00000020c0)={&(0x7f0000002080)={[0x6]}, 0x8}) getsockopt$inet_int(0xffffffffffffffff, 0x0, 0x13, &(0x7f0000002100), &(0x7f0000002140)=0x4) syz_open_dev$tty20(0xc, 0x4, 0x0) getsockopt$inet_mreqsrc(r7, 0x0, 0x27, &(0x7f0000002180)={@multicast1, @private, @multicast1}, &(0x7f00000021c0)=0xc) recvmmsg(r5, &(0x7f0000008b00)=[{{0x0, 0x0, &(0x7f00000022c0)=[{&(0x7f0000002200)=""/142, 0x8e}], 0x1, &(0x7f0000002300)=""/117, 0x75}, 0xfffff000}, {{0x0, 0x0, &(0x7f0000002700)=[{&(0x7f0000002380)=""/75, 0x4b}, {&(0x7f0000002400)=""/208, 0xd0}, {&(0x7f0000002500)=""/182, 0xb6}, {&(0x7f00000025c0)=""/74, 0x4a}, {&(0x7f0000002640)=""/78, 0x4e}, {&(0x7f00000026c0)=""/56, 0x38}], 0x6, &(0x7f0000002780)}, 0x7}, {{0x0, 0x0, &(0x7f0000002980)=[{&(0x7f00000027c0)=""/150, 0x96}, {&(0x7f0000002880)=""/33, 0x21}, {&(0x7f00000028c0)}, {&(0x7f0000002900)=""/86, 0x56}], 0x4, &(0x7f00000029c0)=""/139, 0x8b}, 0x20}, {{&(0x7f0000002a80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, 0x80, &(0x7f0000005080)=[{&(0x7f0000002b00)=""/179, 0xb3}, {&(0x7f0000002bc0)=""/125, 0x7d}, {&(0x7f0000002c40)=""/153, 0x99}, {&(0x7f0000002d00)=""/168, 0xa8}, {&(0x7f0000002dc0)=""/181, 0xb5}, {&(0x7f0000002e80)=""/4096, 0x1000}, {&(0x7f0000003e80)=""/4096, 0x1000}, {&(0x7f0000004e80)=""/211, 0xd3}, {&(0x7f0000004f80)=""/181, 0xb5}, {&(0x7f0000005040)=""/27, 0x1b}], 0xa, &(0x7f0000005140)=""/111, 0x6f}, 0x3}, {{&(0x7f00000051c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x80, &(0x7f0000005340)=[{&(0x7f0000005240)=""/60, 0x3c}, {&(0x7f0000005280)=""/134, 0x86}], 0x2, &(0x7f0000005380)=""/98, 0x62}, 0x8}, {{&(0x7f0000005400)=@tipc, 0x80, &(0x7f0000007680)=[{&(0x7f0000005480)=""/23, 0x17}, {&(0x7f00000054c0)=""/125, 0x7d}, {&(0x7f0000005540)=""/120, 0x78}, {&(0x7f00000055c0)=""/134, 0x86}, {&(0x7f0000005680)=""/4096, 0x1000}, {&(0x7f0000006680)=""/4096, 0x1000}], 0x6, &(0x7f0000007700)=""/107, 0x6b}, 0x400}, {{&(0x7f0000007780)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @private}}}, 0x80, &(0x7f00000089c0)=[{&(0x7f0000007800)=""/75, 0x4b}, {&(0x7f0000007880)=""/4096, 0x1000}, {&(0x7f0000008880)=""/68, 0x44}, {&(0x7f0000008900)=""/164, 0xa4}], 0x4, &(0x7f0000008a00)=""/199, 0xc7}, 0x8001}], 0x7, 0x22100, &(0x7f0000008cc0)={0x77359400}) sendmsg$NL80211_CMD_SET_KEY(r10, &(0x7f0000008e40)={&(0x7f0000008d00)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000008e00)={&(0x7f0000008d40)={0xb4, 0x0, 0x100, 0x70bd29, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "47e08be994"}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x24, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "e99dac94bc91a9421f9766e86f"}, @NL80211_ATTR_KEY_SEQ={0x8, 0xa, "2fd660a5"}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac05}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac05}, @NL80211_ATTR_KEY={0x44, 0x50, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPES={0x20, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_KEY_IDX={0x5, 0x2, 0x4}, @NL80211_KEY_SEQ={0x7, 0x4, "411277"}, @NL80211_KEY_IDX={0x5, 0x2, 0x1}, @NL80211_KEY_IDX={0x5, 0x2, 0x1}]}]}, 0xb4}}, 0x800) 23:45:21 executing program 7: ioctl$sock_inet_SIOCRTMSG(0xffffffffffffffff, 0x890d, &(0x7f0000000000)={0x0, {0x2, 0x4e24, @local}, {0x2, 0x4e23, @broadcast}, {0x2, 0x4e21, @loopback}, 0x40, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0xb8, 0x9, 0x7}) r0 = accept4(0xffffffffffffffff, 0x0, &(0x7f0000000080), 0x0) clock_gettime(0x2, &(0x7f00000000c0)) getsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000100), &(0x7f0000000140)=0x4) r1 = socket$inet(0x2, 0x1, 0x5) getpeername(r1, &(0x7f0000000180)=@tipc, &(0x7f0000000200)=0x80) ioctl$PIO_UNISCRNMAP(0xffffffffffffffff, 0x4b6a, &(0x7f0000000240)="131cc935b460c7e4950496cd47d41c81e1f6a1025575aa59e9fc8f15af2761b34c0792177f4847436ca2adcd244e4959e6ba6a2a3dc939fcbead337909fd34e50574242d2d4bfe09f193665fa1c81e089c708aec114e30d177bf8bcd0d971e109262234b196f475e4906b966ae025de36b1e13380f3c91") syz_open_pts(0xffffffffffffffff, 0x800) r2 = accept$inet(r1, &(0x7f00000002c0)={0x2, 0x0, @empty}, &(0x7f0000000300)=0x10) ioctl$sock_SIOCDELRT(r1, 0x890c, &(0x7f0000000380)={0x0, @xdp={0x2c, 0x3, 0x0, 0x13}, @hci={0x1f, 0x2}, @sco={0x1f, @none}, 0x3f, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000340)='vlan0\x00', 0x800, 0x5}) setsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000400)={{{@in=@empty, @in6=@private0, 0x4e24, 0x20, 0x4e23, 0x7, 0xa, 0x30, 0x20, 0x29, r3, 0xee01}, {0xf89300, 0x1, 0x5, 0x7, 0x1765fb19, 0x3, 0xe5e9, 0x80}, {0x2, 0x7fff, 0x8, 0x8}, 0x400, 0x0, 0x2, 0x0, 0x3, 0x1}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4d4, 0x32}, 0xa, @in6=@dev={0xfe, 0x80, '\x00', 0xd}, 0x0, 0x1, 0x1, 0x1, 0x15, 0x81, 0x5}}, 0xe8) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000500), 0x202400, 0x0) r5 = syz_open_pts(r4, 0x101000) ioctl$PIO_UNISCRNMAP(r5, 0x4b6a, &(0x7f0000000540)="206bf3f56e3a88ca6f37352d220c47c6fe05e70ea4f96720a851cbac95eb10e31003d9ae7296b9341c5a2cdacd22ae0e86903529ac7eb740406db856afba4de60bd0a99155ad75b1f73ed0a3e90dc03d0621e4241a8183136e9d9ed86a27732ee9ed8d806730fb1823ccf99722949aba38e58fe2c37aa3b322cd408f19ba9de202343bea7d64b701749222689b8cac1281f60dd822834b1636041b3089ff7d8b53303228840ea9b9a7e433111714517f1693ade08a3ac504d3c3") ioctl$sock_SIOCGIFVLAN_SET_VLAN_FLAG_CMD(r1, 0x8982, &(0x7f0000000600)={0x7, 'veth1_to_batadv\x00', {0x5}, 0x1000}) ioctl$sock_ipv6_tunnel_SIOCADD6RD(r0, 0x89f9, &(0x7f00000006c0)={'ip6tnl0\x00', &(0x7f0000000640)={'ip6gre0\x00', 0x0, 0x29, 0x1, 0x3f, 0xffff, 0x1a, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast2, 0x7, 0x700, 0x5e, 0x1}}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000780)={'syztnl1\x00', &(0x7f0000000700)={'ip6_vti0\x00', r6, 0x29, 0x2, 0x0, 0xfffff001, 0x4, @local, @rand_addr=' \x01\x00', 0x40, 0x20, 0x800, 0x428}}) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$SEG6(&(0x7f00000007c0), r7) [ 104.883207] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 104.887056] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 104.889740] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 104.896289] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 104.900046] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 104.951824] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 104.961405] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 104.967253] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 104.972034] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 104.974577] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 104.976999] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 104.979951] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 104.987006] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 104.993443] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 104.998834] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 105.001069] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 105.002739] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 105.019022] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 105.036219] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 105.048305] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 105.055349] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 105.063020] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 105.073303] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 105.084591] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 105.089580] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 105.094346] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 105.098580] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 105.100793] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 105.104346] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 105.105961] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 105.109479] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 105.111969] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 105.125481] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 105.125620] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 105.129589] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 105.131327] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 105.176133] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 105.178411] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 105.185573] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 105.209941] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 106.968722] Bluetooth: hci0: command tx timeout [ 107.030724] Bluetooth: hci1: command tx timeout [ 107.094744] Bluetooth: hci2: command tx timeout [ 107.158949] Bluetooth: hci6: command tx timeout [ 107.159719] Bluetooth: hci3: command tx timeout [ 107.223721] Bluetooth: hci4: command tx timeout [ 107.223739] Bluetooth: hci5: command tx timeout [ 107.286808] Bluetooth: hci7: command tx timeout [ 109.016000] Bluetooth: hci0: command tx timeout [ 109.078721] Bluetooth: hci1: command tx timeout [ 109.144753] Bluetooth: hci2: command tx timeout [ 109.206814] Bluetooth: hci6: command tx timeout [ 109.206836] Bluetooth: hci3: command tx timeout [ 109.270730] Bluetooth: hci4: command tx timeout [ 109.270780] Bluetooth: hci5: command tx timeout [ 109.334753] Bluetooth: hci7: command tx timeout [ 111.062766] Bluetooth: hci0: command tx timeout [ 111.126806] Bluetooth: hci1: command tx timeout [ 111.190789] Bluetooth: hci2: command tx timeout [ 111.256013] Bluetooth: hci6: command tx timeout [ 111.256060] Bluetooth: hci3: command tx timeout [ 111.320678] Bluetooth: hci5: command tx timeout [ 111.320744] Bluetooth: hci4: command tx timeout [ 111.383873] Bluetooth: hci7: command tx timeout [ 113.110874] Bluetooth: hci0: command tx timeout [ 113.174766] Bluetooth: hci1: command tx timeout [ 113.238845] Bluetooth: hci2: command tx timeout [ 113.303715] Bluetooth: hci3: command tx timeout [ 113.304538] Bluetooth: hci6: command tx timeout [ 113.366850] Bluetooth: hci5: command tx timeout [ 113.367725] Bluetooth: hci4: command tx timeout [ 113.430866] Bluetooth: hci7: command tx timeout [ 167.332605] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 167.336170] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 167.338593] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 167.343080] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 167.346468] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 167.462675] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 167.467584] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 167.470253] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 167.473178] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 167.474207] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 167.477995] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 167.480459] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 167.484352] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 167.485092] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 167.490047] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 167.491793] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 167.508987] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 167.519260] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 167.523702] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 167.525338] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 167.533099] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 167.536997] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 167.543445] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 167.551017] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 167.556815] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 167.607386] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 167.609544] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 167.611799] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 167.614547] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 167.622875] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 167.624937] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 167.629891] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 167.630942] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 167.641129] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 167.648963] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 167.667134] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 167.669207] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 167.669704] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 167.670988] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 167.678070] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 169.366791] Bluetooth: hci0: command tx timeout [ 169.558808] Bluetooth: hci1: command tx timeout [ 169.558851] Bluetooth: hci3: command tx timeout [ 169.622825] Bluetooth: hci4: command tx timeout [ 169.622848] Bluetooth: hci2: command tx timeout [ 169.686774] Bluetooth: hci6: command tx timeout [ 169.814763] Bluetooth: hci7: command tx timeout [ 169.815789] Bluetooth: hci5: command tx timeout [ 171.415884] Bluetooth: hci0: command tx timeout [ 171.606757] Bluetooth: hci3: command tx timeout [ 171.609816] Bluetooth: hci1: command tx timeout [ 171.670981] Bluetooth: hci4: command tx timeout [ 171.672249] Bluetooth: hci2: command tx timeout [ 171.734735] Bluetooth: hci6: command tx timeout [ 171.863368] Bluetooth: hci7: command tx timeout [ 171.865694] Bluetooth: hci5: command tx timeout [ 173.462732] Bluetooth: hci0: command tx timeout [ 173.655705] Bluetooth: hci1: command tx timeout [ 173.656173] Bluetooth: hci3: command tx timeout [ 173.718928] Bluetooth: hci2: command tx timeout [ 173.719512] Bluetooth: hci4: command tx timeout [ 173.783691] Bluetooth: hci6: command tx timeout [ 173.910703] Bluetooth: hci7: command tx timeout [ 173.911736] Bluetooth: hci5: command tx timeout [ 175.511946] Bluetooth: hci0: command tx timeout [ 175.703033] Bluetooth: hci1: command tx timeout [ 175.703062] Bluetooth: hci3: command tx timeout [ 175.766715] Bluetooth: hci2: command tx timeout [ 175.766728] Bluetooth: hci4: command tx timeout [ 175.830871] Bluetooth: hci6: command tx timeout [ 175.958739] Bluetooth: hci5: command tx timeout [ 175.958786] Bluetooth: hci7: command tx timeout [ 229.674674] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 229.679203] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 229.682917] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 229.692772] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 229.701126] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 229.758479] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 229.767109] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 229.772206] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 229.780018] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 229.787525] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 229.863421] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 229.866534] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 229.877055] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 229.885288] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 229.889051] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 229.890176] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 229.902146] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 229.913217] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 229.929896] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 229.934182] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 229.942146] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 229.958506] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 229.961483] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 229.966156] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 229.972299] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 230.153561] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 230.182604] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 230.201231] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 230.206773] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 230.210536] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 230.215884] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 230.221679] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 230.229514] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 230.230765] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 230.234921] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 230.254055] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 230.282079] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 230.297196] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 230.304014] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 230.318198] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 231.767668] Bluetooth: hci0: command tx timeout [ 231.831307] Bluetooth: hci1: command tx timeout [ 231.959825] Bluetooth: hci2: command tx timeout [ 232.086733] Bluetooth: hci3: command tx timeout [ 232.087481] Bluetooth: hci4: command tx timeout [ 232.343020] Bluetooth: hci5: command tx timeout [ 232.408141] Bluetooth: hci7: command tx timeout [ 232.471684] Bluetooth: hci6: command tx timeout [ 233.815720] Bluetooth: hci0: command tx timeout [ 233.878756] Bluetooth: hci1: command tx timeout [ 234.006838] Bluetooth: hci2: command tx timeout [ 234.136280] Bluetooth: hci3: command tx timeout [ 234.136768] Bluetooth: hci4: command tx timeout [ 234.391900] Bluetooth: hci5: command tx timeout [ 234.454941] Bluetooth: hci7: command tx timeout [ 234.518738] Bluetooth: hci6: command tx timeout [ 235.863751] Bluetooth: hci0: command tx timeout [ 235.927569] Bluetooth: hci1: command tx timeout [ 236.055813] Bluetooth: hci2: command tx timeout [ 236.183309] Bluetooth: hci3: command tx timeout [ 236.184925] Bluetooth: hci4: command tx timeout [ 236.439075] Bluetooth: hci5: command tx timeout [ 236.502815] Bluetooth: hci7: command tx timeout [ 236.567375] Bluetooth: hci6: command tx timeout [ 237.910737] Bluetooth: hci0: command tx timeout [ 237.974753] Bluetooth: hci1: command tx timeout [ 238.103006] Bluetooth: hci2: command tx timeout [ 238.230778] Bluetooth: hci4: command tx timeout [ 238.231385] Bluetooth: hci3: command tx timeout [ 238.486752] Bluetooth: hci5: command tx timeout [ 238.551235] Bluetooth: hci7: command tx timeout [ 238.614761] Bluetooth: hci6: command tx timeout [ 292.097468] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 292.100554] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 292.104418] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 292.108262] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 292.118682] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 292.122412] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 292.124330] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 292.132574] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 292.137142] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 292.145223] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 292.210274] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 292.226096] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 292.228263] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 292.240327] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 292.244465] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 292.294159] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 292.302917] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 292.309309] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 292.320125] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 292.330980] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 292.499923] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 292.542153] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 292.563547] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 292.565305] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 292.574470] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 292.579554] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 292.583938] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 292.593271] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 292.595912] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 292.606883] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 292.616215] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 292.626852] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 292.632596] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 292.647000] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 292.648513] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 292.657841] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 292.669303] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 292.676153] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 292.684144] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 292.701230] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 294.168697] Bluetooth: hci1: command tx timeout [ 294.231987] Bluetooth: hci0: command tx timeout [ 294.359928] Bluetooth: hci2: command tx timeout [ 294.424093] Bluetooth: hci3: command tx timeout [ 294.742720] Bluetooth: hci5: command tx timeout [ 294.743986] Bluetooth: hci4: command tx timeout [ 294.807396] Bluetooth: hci7: command tx timeout [ 294.807572] Bluetooth: hci6: command tx timeout [ 296.214944] Bluetooth: hci1: command tx timeout [ 296.279738] Bluetooth: hci0: command tx timeout [ 296.406705] Bluetooth: hci2: command tx timeout [ 296.471965] Bluetooth: hci3: command tx timeout [ 296.791017] Bluetooth: hci4: command tx timeout [ 296.791059] Bluetooth: hci5: command tx timeout [ 296.854705] Bluetooth: hci6: command tx timeout [ 296.855704] Bluetooth: hci7: command tx timeout [ 298.262858] Bluetooth: hci1: command tx timeout [ 298.326704] Bluetooth: hci0: command tx timeout [ 298.454726] Bluetooth: hci2: command tx timeout [ 298.518733] Bluetooth: hci3: command tx timeout [ 298.838744] Bluetooth: hci5: command tx timeout [ 298.838827] Bluetooth: hci4: command tx timeout [ 298.902705] Bluetooth: hci7: command tx timeout [ 298.902744] Bluetooth: hci6: command tx timeout [ 300.310801] Bluetooth: hci1: command tx timeout [ 300.374939] Bluetooth: hci0: command tx timeout [ 300.502864] Bluetooth: hci2: command tx timeout [ 300.566694] Bluetooth: hci3: command tx timeout [ 300.887662] Bluetooth: hci4: command tx timeout [ 300.888161] Bluetooth: hci5: command tx timeout [ 300.950986] Bluetooth: hci6: command tx timeout [ 300.951255] Bluetooth: hci7: command tx timeout [ 352.430750] syz-executor.6 (8002) used greatest stack depth: 24752 bytes left [ 354.606196] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 354.609740] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 354.617567] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 354.625886] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 354.630706] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 354.787697] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 354.790424] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 354.795230] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 354.797978] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 354.805413] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 354.808597] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 354.811947] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 354.826112] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 354.827559] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 354.833156] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 354.837608] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 354.840058] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 354.844920] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 354.851908] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 354.856837] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 354.938687] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 354.981189] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 354.999367] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 355.048504] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 355.050966] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 355.054133] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 355.056732] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 355.062506] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 355.065774] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 355.085226] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 355.096548] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 355.101386] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 355.104757] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 355.110395] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 355.114527] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 355.126985] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 355.146569] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 355.178461] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 355.189914] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 355.194755] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 356.695910] Bluetooth: hci0: command tx timeout [ 356.886930] Bluetooth: hci2: command tx timeout [ 356.951997] Bluetooth: hci1: command tx timeout [ 356.952319] Bluetooth: hci3: command tx timeout [ 357.078763] Bluetooth: hci5: command tx timeout [ 357.207927] Bluetooth: hci4: command tx timeout [ 357.270764] Bluetooth: hci7: command tx timeout [ 357.334947] Bluetooth: hci6: command tx timeout [ 358.742936] Bluetooth: hci0: command tx timeout [ 358.936690] Bluetooth: hci2: command tx timeout [ 358.999685] Bluetooth: hci1: command tx timeout [ 359.000190] Bluetooth: hci3: command tx timeout [ 359.126699] Bluetooth: hci5: command tx timeout [ 359.254708] Bluetooth: hci4: command tx timeout [ 359.318829] Bluetooth: hci7: command tx timeout [ 359.384660] Bluetooth: hci6: command tx timeout [ 360.790893] Bluetooth: hci0: command tx timeout [ 360.982704] Bluetooth: hci2: command tx timeout [ 361.046877] Bluetooth: hci1: command tx timeout [ 361.047094] Bluetooth: hci3: command tx timeout [ 361.177667] Bluetooth: hci5: command tx timeout [ 361.303841] Bluetooth: hci4: command tx timeout [ 361.368672] Bluetooth: hci7: command tx timeout [ 361.431812] Bluetooth: hci6: command tx timeout [ 362.838730] Bluetooth: hci0: command tx timeout [ 363.031705] Bluetooth: hci2: command tx timeout [ 363.094939] Bluetooth: hci3: command tx timeout [ 363.095676] Bluetooth: hci1: command tx timeout [ 363.222728] Bluetooth: hci5: command tx timeout [ 363.350922] Bluetooth: hci4: command tx timeout [ 363.414725] Bluetooth: hci7: command tx timeout [ 363.479383] Bluetooth: hci6: command tx timeout VM DIAGNOSIS: 23:50:23 Registers: info registers vcpu 0 RAX=0000000000000001 RBX=ffff88802d8c7f30 RCX=ffffffff8679c188 RDX=ffff88802d8c8001 RSI=0000000000000000 RDI=ffff88802d8c7650 RBP=ffff88802d8c0000 RSP=ffff88802d8c75c8 R8 =ffffffff8679c18c R9 =ffff88802d8c7680 R10=000000000003b6bd R11=000000000000054e R12=ffff88802d8c7601 R13=ffff88802d8c7688 R14=ffff88802d8c7f30 R15=ffff88802d8c7640 RIP=ffffffff815ab9e0 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e561b000 00000000 00000000 LDT=0000 fffffe5a00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f722d0b36f4 CR3=000000002a152000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f722d0c247000007f722d0c1f20 XMM02=00000000000000000000000000000000 XMM03=756e20796d6d756420736e6f6974706f XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=73253d656d616e6c6165722073253d73 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000001 RBX=ffff8880e571b000 RCX=828a7dc2b759b861 RDX=0000000000000000 RSI=0000000032ff91ed RDI=ffff88806cf31850 RBP=00007f14d99ebd82 RSP=ffff88802d5e73b0 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=ffff88802d5e7400 R13=0000000000000000 R14=ffff888019a73700 R15=0000000000000cc0 RIP=ffffffff815aba2d RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e571b000 00000000 00000000 LDT=0000 fffffe4f00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000563d6abc1080 CR3=0000000014316000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=2e6f747079726362696c2f756e672d78 XMM02=00312e312e6f732e6f74707972636269 XMM03=6c2f756e672d78756e696c2d34365f36 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000