Warning: Permanently added '[localhost]:29200' (ECDSA) to the list of known hosts. 2025/06/02 17:52:04 fuzzer started 2025/06/02 17:52:05 dialing manager at localhost:34361 syzkaller login: [ 92.922182] cgroup: Unknown subsys name 'net' [ 93.068802] cgroup: Unknown subsys name 'cpuset' [ 93.111275] cgroup: Unknown subsys name 'rlimit' 2025/06/02 17:52:19 syscalls: 210 2025/06/02 17:52:19 code coverage: enabled 2025/06/02 17:52:19 comparison tracing: enabled 2025/06/02 17:52:19 extra coverage: enabled 2025/06/02 17:52:19 setuid sandbox: enabled 2025/06/02 17:52:19 namespace sandbox: enabled 2025/06/02 17:52:19 Android sandbox: enabled 2025/06/02 17:52:19 fault injection: enabled 2025/06/02 17:52:19 leak checking: enabled 2025/06/02 17:52:19 net packet injection: enabled 2025/06/02 17:52:19 net device setup: enabled 2025/06/02 17:52:19 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/06/02 17:52:19 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/06/02 17:52:19 USB emulation: enabled 2025/06/02 17:52:19 hci packet injection: enabled 2025/06/02 17:52:19 wifi device emulation: enabled 2025/06/02 17:52:19 802.15.4 emulation: enabled 2025/06/02 17:52:19 fetching corpus: 0, signal 0/0 (executing program) 2025/06/02 17:52:21 starting 8 fuzzer processes 17:52:21 executing program 0: getsockname$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000040)=0x14) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000080)={0x0}) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x24, r1, 0xf01, 0x70bd2b, 0x25dfdbfc, {{}, {}, {0x8}}, ["", ""]}, 0x24}}, 0x80) ioctl$SECCOMP_IOCTL_NOTIF_SEND(0xffffffffffffffff, 0xc0182101, &(0x7f0000000240)={0x0, 0xc1f7, 0x40}) sendmsg$NL80211_CMD_SET_NOACK_MAP(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x2c, 0x0, 0x400, 0x70bd27, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x52df}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x2}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x6a}]}, 0x2c}}, 0x20000000) ioctl$sock_inet6_tcp_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, &(0x7f0000000380)) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x68, r1, 0x100, 0x70bd25, 0x25dfdbfd, {{}, {}, {0x4c, 0x18, {0x1f, @link='syz0\x00'}}}, ["", "", "", "", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x40008052}, 0x4000) syz_usb_ep_write$ath9k_ep2(0xffffffffffffffff, 0x83, 0x10, &(0x7f0000000500)=@ready={0x0, 0x0, 0x8, "af9bef4f", {0x1, 0x4, 0x2, 0x9, 0x8}}) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000540), &(0x7f0000000580)=0x14) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$BATADV_CMD_TP_METER_CANCEL(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)={0x5c, r2, 0x919, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x4ad}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x3}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x7e0}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x6}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40800}, 0x880) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000740)={r0, 0x2, 0xffffffffffffffff, 0xc9, 0x80000}) r3 = socket(0x1, 0x80000, 0x0) ioctl$sock_inet_tcp_SIOCOUTQNSD(r3, 0x894b, &(0x7f0000000900)) sendmsg$BATADV_CMD_GET_MESH(r3, &(0x7f0000000a00)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000009c0)={&(0x7f0000000980)={0x2c, r2, 0x800, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x4a}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a80), r3) sendmsg$NL80211_CMD_SET_CQM(r3, &(0x7f0000000b40)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000b00)={&(0x7f0000000ac0)={0x2c, r4, 0x200, 0x70bd25, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x400, 0x1}}}}, [@NL80211_ATTR_CQM={0xc, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THOLD={0x8, 0x1, [0x9]}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r3, 0x894b, &(0x7f0000000b80)) ioctl$sock_inet_tcp_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, &(0x7f0000000bc0)) 17:52:21 executing program 1: ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) ioctl$sock_inet6_tcp_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, &(0x7f0000000040)) setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f0000000080)=@ccm_128={{0x7}, "1c43214efa75c2b5", "862e932a48cb2fbdcf650a8d4503ad4a", "bd66e29b", "72bd8c343c1c2172"}, 0x28) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f00000000c0)=0x1, 0x4) ioctl$sock_inet6_tcp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000100)) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000140)={@in6={{0xa, 0x4e24, 0xf9, @private1={0xfc, 0x1, '\x00', 0x1}, 0x8}}, 0x0, 0x0, 0x3f, 0x0, "aab8635148fa4b863db7db35aa09e7409914880f113e38468bdf5e5d1225833a883b5b60460a3a064470260416727745503f438dcf310fdecda7f666190e09286f7375518b60b3d79bc82c98da9acdd4"}, 0xd8) sched_getparam(0x0, &(0x7f0000000240)) r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000280), 0x20040, 0x0) ioctl$PTP_SYS_OFFSET_EXTENDED(r0, 0xc4c03d09, &(0x7f00000002c0)={0x11}) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000780), &(0x7f00000007c0)=0x14) r1 = getpgrp(0x0) r2 = getpgrp(r1) sched_rr_get_interval(r2, &(0x7f0000000800)) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000840), &(0x7f0000000880)=0x14) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000008c0)={'batadv_slave_0\x00'}) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000900)={@in6={{0xa, 0x4e20, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8}}, 0x0, 0x0, 0x50, 0x0, "9704bce414492aba1fb021ff4c67527229ce6349795015353335d166fc8effeeaa64be6f406f7530d063a56e3acb1eaba2d97f558471533a9efdb19c43648933a45f5256b09f5df77b3fea2cb8f68333"}, 0xd8) syz_genetlink_get_family_id$l2tp(&(0x7f0000000a00), r0) setsockopt$inet_tcp_int(r0, 0x6, 0x3, &(0x7f0000000a40)=0x35, 0x4) sched_setscheduler(r1, 0x6, &(0x7f0000000a80)=0x1) sched_rr_get_interval(r1, &(0x7f0000000ac0)) 17:52:21 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000000)) getsockopt$inet6_tcp_buf(r0, 0x6, 0xb, &(0x7f0000000040)=""/109, &(0x7f00000000c0)=0x6d) setsockopt$inet6_tcp_int(r0, 0x6, 0x29, &(0x7f0000000100)=0x9, 0x4) r1 = socket(0x22, 0x3, 0xbe35) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f00000002c0)={&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, &(0x7f0000000140)=""/84, 0x54, 0x1, &(0x7f00000001c0)=""/253, 0xfd}, &(0x7f0000000300)=0x40) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000340)=@gcm_128={{0x304}, "0418a4d39d6e304e", "7489dda53dc7bf40cdbb6c12329dd5b7", "0c6dfe19", "e8c830c856eb3b81"}, 0x28) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000380), 0x4) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000003c0)={@in6={{0xa, 0x4e21, 0x2, @loopback, 0x8001}}, 0x0, 0x0, 0x34, 0x0, "001b5e664673e0b1b962ca2dd4a4808edcaf779ef5fd757a49da718758fdb5e21a5b3328f2c4446dcafeb7a287f06b75edd40af1ce5fc4c40068224d0c91004c57986bed87c46fe299040a73bb4072e0"}, 0xd8) ioctl$sock_SIOCADDRT(r0, 0x890b, &(0x7f0000000500)={0x0, @l2tp={0x2, 0x0, @empty, 0x1}, @isdn={0x22, 0x9, 0x0, 0x40, 0x2f}, @generic={0x8, "e581548554ab79fdc702326d6791"}, 0x40, 0x0, 0x0, 0x0, 0x228, &(0x7f00000004c0)='veth1_macvtap\x00', 0xfffffffffffffeff, 0x4, 0x8}) getsockopt$inet6_tcp_int(r1, 0x6, 0x11, &(0x7f0000000580), &(0x7f00000005c0)=0x4) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000600), 0x304200, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000640)=[@window={0x3, 0x0, 0x4}], 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_buf(r3, 0x6, 0xe, &(0x7f0000000680), &(0x7f00000006c0)) ioctl$sock_inet6_tcp_SIOCATMARK(r2, 0x8905, &(0x7f0000000700)) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r4, 0x6, 0x21, &(0x7f0000000800)="fbd0ffc7e538ba91e8e637f04888558f", 0x10) r5 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000900), 0xa041, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000000940)=0x1, 0x4) 17:52:21 executing program 3: setsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x1c, &(0x7f0000000000)="bc5036deb2a0cfc1b237b4506a", 0xd) r0 = accept(0xffffffffffffffff, &(0x7f0000000100)=@x25={0x9, @remote}, &(0x7f0000000180)=0x80) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f00000001c0), &(0x7f0000000200)=0x14) r1 = socket(0x1d, 0x5, 0xffff8001) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000240)={0x0, 0x0, r1, 0x3}) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000002c0)={0x1, &(0x7f0000000280)=[{0x8001, 0x1, 0x4, 0x5}]}) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000300)={@in={{0x2, 0x4e21, @broadcast}}, 0x0, 0x0, 0x18, 0x0, "5431e3fa3907f75b974423312b9b9efcd2a05cd4c71a53dfcca2b79395b3377b1fb9b9b4f7bc3ee2ce2364b2b4d2e41f551052292e829d5c3479e323a0109df067cff512a4acf854dcfb08d4784b80a4"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000400)=0x2, 0x4) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000440)=""/4096, &(0x7f0000001440)=0x1000) r3 = socket(0xf, 0x1, 0x6) getsockopt$inet6_tcp_int(r3, 0x6, 0x6, &(0x7f0000001480), &(0x7f00000014c0)=0x4) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000001500)=[@timestamp, @sack_perm, @window={0x3, 0x5, 0x7ff}, @window={0x3, 0x6, 0x8}, @timestamp, @window={0x3, 0x9, 0x3}], 0x6) getsockname(r3, &(0x7f0000001540)=@un=@abs, &(0x7f00000015c0)=0x80) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r2, 0xc0182101, &(0x7f0000001600)={0x0, 0x1, 0x400}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000001680)={0x7, &(0x7f0000001640)=[{0x2, 0x6, 0x8, 0xbd7}, {0x401, 0x0, 0x7f, 0x8}, {0xae, 0x1, 0x40, 0x7fffffff}, {0x0, 0x2, 0x7, 0x2c}, {0x401, 0x73, 0x8}, {0x177, 0x0, 0x4}, {0x5, 0x5, 0x3f, 0xe5b}]}) r4 = openat$nvram(0xffffffffffffff9c, &(0x7f00000016c0), 0x200140, 0x0) getsockopt$inet6_tcp_int(r4, 0x6, 0xb, &(0x7f0000001700), &(0x7f0000001740)=0x4) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000001780)={0x1, 0x0, 0xfffffff9, 0x6, 0x800}, 0x14) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) setgroups(0x1, &(0x7f00000017c0)=[0x0]) [ 108.716220] audit: type=1400 audit(1748886741.091:7): avc: denied { execmem } for pid=274 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 17:52:21 executing program 4: ioctl$PTP_SYS_OFFSET_PRECISE(0xffffffffffffffff, 0xc0403d08, &(0x7f0000000000)) syz_genetlink_get_family_id$SEG6(&(0x7f0000000040), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x0, 0x20, 0x70bd2d, 0x25dfdbfb, {}, [@BATADV_ATTR_HOP_PENALTY={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc0}, 0x1) r1 = accept(r0, &(0x7f0000000180)=@rc, &(0x7f0000000200)=0x80) getsockname$packet(r1, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000280)=0x14) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000500), 0x22200, 0x0) r4 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000580), r1) sendmsg$SEG6_CMD_SETHMAC(r3, &(0x7f0000000680)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x48, r4, 0x0, 0x70bd2d, 0x25dfdbfd, {}, [@SEG6_ATTR_DST={0x14, 0x1, @loopback}, @SEG6_ATTR_ALGID={0x5}, @SEG6_ATTR_SECRET={0x8, 0x4, [0xbe]}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x1f}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x2}]}, 0x48}, 0x1, 0x0, 0x0, 0x200000c4}, 0x0) arch_prctl$ARCH_GET_CPUID(0x1011) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x24, 0x0, 0x200, 0x70bd2d, 0x25dfdbff, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x4}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x8040}, 0x40000) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000007c0), r5) r7 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_ipv6_tunnel_SIOCDEL6RD(r1, 0x89fa, &(0x7f0000000880)={'syztnl2\x00', &(0x7f0000000800)={'syztnl0\x00', r2, 0x2f, 0xff, 0x9, 0x7fffffff, 0x10, @private0, @private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x7837, 0x2, 0x7f}}) ioctl$sock_SIOCADDRT(r7, 0x890b, &(0x7f0000000900)={0x0, @tipc=@nameseq={0x1e, 0x1, 0x0, {0x0, 0x2, 0x1}}, @can={0x1d, r8}, @rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x2}, 0x3, 0x0, 0x0, 0x0, 0x80, &(0x7f00000008c0)='macvlan1\x00', 0x648, 0x4, 0xffff}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000980)={'batadv_slave_1\x00'}) r9 = accept(r0, 0x0, &(0x7f00000009c0)) sendmsg$TIPC_CMD_ENABLE_BEARER(r9, &(0x7f0000000ac0)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a40)={0x34, r6, 0x200, 0x70bd2d, 0x25dfdbff, {{}, {}, {0x18, 0x17, {0x16, 0x7, @udp='udp:syz0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x5a265e9f37faf517}, 0x4044000) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000c40)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000c00)={&(0x7f0000000b80)={0x6c, 0x0, 0x8, 0x70bd2b, 0x25dfdbff, {}, [@SEG6_ATTR_SECRET={0x18, 0x4, [0x2, 0x7fff, 0xe874, 0xffffffff, 0x4]}, @SEG6_ATTR_SECRET={0x10, 0x4, [0x6, 0x81, 0x9]}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0xdb4}, @SEG6_ATTR_DST={0x14, 0x1, @mcast1}, @SEG6_ATTR_DST={0x14, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4048000}, 0x800) 17:52:21 executing program 5: write$nbd(0xffffffffffffffff, &(0x7f0000000000)={0x67446698, 0x1, 0x2, 0x4, 0x1, "f7ca1263ede2d5a16c6d47ca83402a7d9ab54b1c1dab96f8c67951cb030985c75e89a6cb8aa95716c38e64d77a11096ab586be08cb9f6eed0b7cea46f90b5aa789bc8abf8d1ce8dba395a1262d9b02e0b4872c7e79254985254457f28f4c6469bac0ff390ae5012de81c1e0bdfcdcc8d07121305dc4ba02037035028fa2d5b619828764a48bada99fa45c25b0de8fcd731d1c576c48c6494c1110e1658feb90b9247767ae12bed9ea136a15896e48f8ec2bb194cbf115f"}, 0xc7) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x60, 0x0, 0x20, 0x70bd2a, 0x25dfdbfe, {}, [@SEG6_ATTR_DSTLEN={0x8, 0x2, 0x6}, @SEG6_ATTR_DST={0x14, 0x1, @dev={0xfe, 0x80, '\x00', 0x19}}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x6}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x2}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x400}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x40}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x1}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x41}]}, 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x20040010) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_SET_LINK_PRI(r0, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x68, 0x0, 0x2, 0x70bd2a, 0x25dfdbfc, {{}, {}, {0x4c, 0x18, {0x40, @media='ib\x00'}}}, ["", "", "", "", "", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x4000841}, 0x1) r1 = socket(0x2b, 0x1, 0xb236) sendmsg$SEG6_CMD_SET_TUNSRC(r1, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, 0x0, 0x300, 0x70bd2a, 0x25dfdbfc, {}, [@SEG6_ATTR_ALGID={0x5, 0x6, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40051}, 0x8010) r2 = syz_genetlink_get_family_id$batadv(&(0x7f00000004c0), r1) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x24, r2, 0x4, 0x70bd29, 0x25dfdbfb, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x8040}, 0x4005) syz_genetlink_get_family_id$batadv(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_DEL_SEC_KEY(0xffffffffffffffff, &(0x7f0000000900)={&(0x7f0000000600), 0xc, &(0x7f00000008c0)={&(0x7f0000000640)={0x278, 0x0, 0x4, 0x70bd27, 0x25dfdbfe, {}, [@NL802154_ATTR_SEC_KEY={0x4c, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "ed9f131422d59588cd0a0a56908b70df2dbeb9a099c355f19a70d475d8bf1345"}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "272c160c26323e196969c207a5b8de9aaced3478bed8979a58e91a63d66df6e2"}]}, @NL802154_ATTR_SEC_KEY={0xac, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_BYTES={0x14, 0x4, "8a70940e916b9daa9af75a5f1875c47c"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x3f}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x4}, @NL802154_KEY_ATTR_ID={0x70, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x8001}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x5c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0x10001}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xfffe}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5}]}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "c6dda8dad028c27156eb31ae76cba96e"}]}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_KEY={0x150, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_ID={0x8c, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x24, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa0}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0xa12}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x2c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xffff}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa1}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}]}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x80000001}, @NL802154_KEY_ID_ATTR_IMPLICIT={0xc, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x1}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}]}, @NL802154_KEY_ATTR_ID={0x2c, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x14, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_SHORT={0x6}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}]}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x9}]}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "a7a49a7ed1997f2c3393adaee43413aa89fdbbeb8fcc1a3b439bd83a6905fd3f"}, @NL802154_KEY_ATTR_ID={0x68, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x48, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}]}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x10, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}]}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x100}]}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x8}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}]}, 0x278}, 0x1, 0x0, 0x0, 0x4080}, 0x400) sendmsg$SEG6_CMD_SETHMAC(r0, &(0x7f0000000a40)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000a00)={&(0x7f0000000980)={0x78, 0x0, 0x300, 0x70bd26, 0x25dfdbfc, {}, [@SEG6_ATTR_SECRET={0x10, 0x4, [0x5, 0x7, 0x1]}, @SEG6_ATTR_SECRET={0x8, 0x4, [0xfffffff8]}, @SEG6_ATTR_DST={0x14, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x6}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0xffffffff}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x10000}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x3}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x426}]}, 0x78}, 0x1, 0x0, 0x0, 0x40001}, 0x8000) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000a80)='vegas\x00', 0x6) r3 = socket(0x5, 0x800, 0x95) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000b00), r1) sendmsg$BATADV_CMD_SET_VLAN(r3, &(0x7f0000000bc0)={&(0x7f0000000ac0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000b80)={&(0x7f0000000b40)={0x1c, r4, 0x800, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x40) socket$inet6_tcp(0xa, 0x1, 0x0) r5 = accept(r1, &(0x7f0000000c00)=@ieee802154={0x24, @long}, &(0x7f0000000c80)=0x80) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r5, 0x6, 0x15, &(0x7f0000000cc0)=0x8, 0x4) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_SET_HARDIF(r6, &(0x7f0000000e00)={&(0x7f0000000d00)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000d80)={0x1c, 0x0, 0x2, 0x70bd29, 0x25dfdbfc, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004001) 17:52:21 executing program 6: ioctl$sock_ipv6_tunnel_SIOCADD6RD(0xffffffffffffffff, 0x89f9, &(0x7f0000000080)={'syztnl2\x00', &(0x7f0000000000)={'syztnl0\x00', 0x0, 0x2f, 0xc0, 0x0, 0x6, 0x5, @loopback, @mcast1, 0x1, 0x80, 0x1, 0x2}}) r0 = getgid() getresgid(&(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)) ioperm(0x5, 0x80000001, 0x1) getgid() ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000280)={'gretap0\x00', &(0x7f0000000180)={'syztnl0\x00', 0x0, 0x40, 0x1, 0x4, 0xffff3713, {{0x2a, 0x4, 0x3, 0x7, 0xa8, 0x64, 0x0, 0x8, 0x29, 0x0, @loopback, @loopback, {[@generic={0x86, 0x5, "f6dfa0"}, @lsrr={0x83, 0x1f, 0xd1, [@rand_addr=0x64010101, @loopback, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @multicast2, @empty, @multicast2]}, @timestamp={0x44, 0x28, 0x29, 0x0, 0x8, [0xbb, 0xe1, 0x4, 0x7, 0x9, 0x3, 0x8001, 0x1, 0x6]}, @timestamp_addr={0x44, 0x2c, 0xa4, 0x1, 0x2, [{@private=0xa010100, 0x20}, {@loopback, 0xc54c}, {@multicast1, 0x20}, {@remote, 0xff}, {@multicast2, 0xffff8000}]}, @lsrr={0x83, 0x1b, 0xd8, [@initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010101, @broadcast, @rand_addr=0x64010100, @dev={0xac, 0x14, 0x14, 0x1e}, @dev={0xac, 0x14, 0x14, 0x3e}]}]}}}}}) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000002c0), 0x2d0140, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000300)=[@sack_perm], 0x1) keyctl$instantiate(0xc, 0x0, &(0x7f0000000340)=@encrypted_new={'new ', 'default', 0x20, 'trusted:', '/dev/nvram\x00', 0x20, 0x8}, 0x35, 0xfffffffffffffffc) getresgid(&(0x7f0000000380)=0x0, &(0x7f00000003c0), &(0x7f0000000400)) ioctl$BTRFS_IOC_START_SYNC(r1, 0x80089418, &(0x7f0000000440)) getgid() r3 = openat$nvram(0xffffffffffffff9c, 0xfffffffffffffffc, 0x8000, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000480)=0x1, 0x4) syz_usb_connect$cdc_ecm(0x1, 0x78, &(0x7f00000004c0)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x66, 0x1, 0x1, 0x0, 0x80, 0x0, [{{0x9, 0x4, 0x0, 0xeb, 0x2, 0x2, 0x6, 0x0, 0x8, {{0x6, 0x24, 0x6, 0x0, 0x0, '~'}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0x6, 0x1ff, 0x3, 0x7}, [@mdlm={0x15, 0x24, 0x12, 0x400}, @network_terminal={0x7, 0x24, 0xa, 0x6, 0x4, 0xff, 0x7}, @obex={0x5, 0x24, 0x15, 0x1}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x400, 0x1, 0x0, 0x2}}], {{0x9, 0x5, 0x82, 0x2, 0x40, 0x39, 0x2, 0x7}}, {{0x9, 0x5, 0x3, 0x2, 0x230, 0x1f, 0x53, 0x7}}}}}]}}]}}, &(0x7f0000000a00)={0xa, &(0x7f0000000540)={0xa, 0x6, 0x310, 0x1, 0x9, 0x9, 0x20, 0x3}, 0x17, &(0x7f0000000580)={0x5, 0xf, 0x17, 0x2, [@ext_cap={0x7, 0x10, 0x2, 0x8, 0xf, 0x1}, @wireless={0xb, 0x10, 0x1, 0xc, 0x2, 0x4, 0x80, 0x2, 0x9}]}, 0x7, [{0xfe, &(0x7f00000005c0)=@string={0xfe, 0x3, "beca3d74c584d1bcbd447e616927e8e2cc2b709d15b8f48bfa8c673fabb4d8fcea8cd9314d42d0c14d0937d8f0da4f8b4ba9c3df921e3b45edbcbb682597c7e8957cf970e921bae75d57be91c00987163de795dcf431021a3dba461f0578d4bce124b7f54927d04d37b8cf44adb73a2ee97162c6aed01d0626394875969b0933c009e822030c624500afcc4b85fcb8b13c3157f45a845b4e7bf606e76e3a9c3e246fe0e087ac48ad638a36b9652ae03580a36bb7fd2e744aaaa62834421d7a2b6a34ba4dc57b42dece8b95cadb3b995052906ecb55cbd8451611a39468dd6ba3fa8cf8df4f25c0801d6958b5feaf582807a10bdc45d1c88bb5c1301b"}}, {0x4, &(0x7f00000006c0)=@lang_id={0x4, 0x3, 0x82c}}, {0x90, &(0x7f0000000700)=@string={0x90, 0x3, "9933af6e93406a62cfcdef51538631a5bb6d0c560c0758221eebf294bb755ce8b20f93ec90199970177cfad77f6b06740fcf8d179d49861beeb2451135fe40970439662c242744de61e2aa8575161aed3a12f75cf0cf36dfd3e620df0b679459b092edb127c895e12031cb4becae523e2b913cdbb9c293328364e8f927d7c1550299970698e91c2542f3e827a9ae"}}, {0xf4, &(0x7f00000007c0)=@string={0xf4, 0x3, "2bb0e0212347c78f54ccd7c65b515272d346d4fb4af83203256d9b3914814d48a6e529eaf6fb27422d0a4db09ba18221dd975e2c5d785b1a75e5ef100a22386d579cdd404beac0562b519c0e3abfadda1cf3843db36f070647f289e257d1b9f6244694f41dcb1c7863ba85648667423983767a4db72e81557dc891080bc90c746c12e26f9fefc7ba84383be63f14281f398b0b1e8b2ab428b5fd02563155a05046537e819c0be822086d016dd5469e25fc779ca0aa56db90f75b4b0adae16a91696537d1e89c2b1f1e4bf9e8d7aa7f9158c617b718acfe57bef5c35c20533df92c5cdba091cbad0bfd982e7f138c35c915cc"}}, {0x4, &(0x7f00000008c0)=@lang_id={0x4, 0x3, 0x2c0a}}, {0xb2, &(0x7f0000000900)=@string={0xb2, 0x3, "43bf54002c2fb104bbbfec5910cb692b39537eddecba6837612f5d6c49fed9e1980b9892d8bfa9b72c1ce9f86e956c874b3a1c8d539d6319e06d8908dcda6bb6c2dbca967332675f1e81433d79f251550bd105b8dc9896f2881b184a85d6f85cb6b6b4c28b2d207bd8dfe8e7ce9fd190bb5befb08a70752a9e6f882f61e8faae300d6b6ec593f47822623ba34244d4e7d954a23e474e7bbff17f3586d904142c5626cbb4a26977c285b6ad080423c3d7"}}, {0x4, &(0x7f00000009c0)=@lang_id={0x4}}]}) syz_usb_connect$cdc_ecm(0x5, 0x101, &(0x7f0000000a80)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xef, 0x1, 0x1, 0x3, 0x40, 0xe0, [{{0x9, 0x4, 0x0, 0x40, 0x2, 0x2, 0x6, 0x0, 0x4, {{0x7, 0x24, 0x6, 0x0, 0x0, "52ac"}, {0x5, 0x24, 0x0, 0x51a}, {0xd, 0x24, 0xf, 0x1, 0x1000, 0x800, 0x7, 0x6}, [@mdlm_detail={0x84, 0x24, 0x13, 0x6, "7928710e12e76545626f2ab8a33e31af6eac229a3b1e810f68d3dd57897385bdc05a6da0c9e9f768d5a7c1d397198816d650e6d0e77dc867b1e09d2f6d505ae263808f58aa5307a8ecebbdcd4e1556fcb599febbdeba1870e5214c314aae2989fa96867819addc04568208b353dd0301d5d974677051e09c927d11849b3152eb"}, @country_functional={0x8, 0x24, 0x7, 0xff, 0x4, [0x2]}, @acm={0x4, 0x24, 0x2, 0x2}, @mdlm={0x15, 0x24, 0x12, 0x1ff}, @mbim_extended={0x8, 0x24, 0x1c, 0x3, 0x8, 0x401}, @call_mgmt={0x5, 0x24, 0x1, 0x3, 0x2}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x20, 0x1, 0x0, 0x7}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0x5, 0x81}}}}}]}}]}}, &(0x7f0000000d00)={0xa, &(0x7f0000000bc0)={0xa, 0x6, 0x310, 0x9, 0xc7, 0x20, 0x0, 0x8d}, 0x45, &(0x7f0000000c00)={0x5, 0xf, 0x45, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x7, 0xe, 0x4}, @ss_container_id={0x14, 0x10, 0x4, 0x1, "cde39de36a62044d15a590f2f8f3a373"}, @ss_container_id={0x14, 0x10, 0x4, 0x1, "693f60b8b855e807a19334e87001361c"}, @ptm_cap={0x3}, @ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0x2, 0x8, 0x1, 0x3, 0x7ef, 0xff}]}, 0x1, [{0x70, &(0x7f0000000c80)=@string={0x70, 0x3, "e95e3633510fee167a5112e4a859c725ff88d7b27a22819892305d1b44f58a8ef2ceec595bf5c6b273cd3f637735ef80f56caf0f64be124f4b70977d60f53ea73150d9afeea8fe5d6ceccb4c67669352c1443a82d8610a9df6e9bac3b712da981993ca2041301b383558b2d862d2"}}]}) syz_usb_connect$cdc_ecm(0x2, 0x10e, &(0x7f0000000d40)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xfc, 0x1, 0x1, 0x81, 0x50, 0x70, [{{0x9, 0x4, 0x0, 0x4f, 0x2, 0x2, 0x6, 0x0, 0x2, {{0xb, 0x24, 0x6, 0x0, 0x0, "56d93e2d92f1"}, {0x5, 0x24, 0x0, 0x3}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x0, 0x6f1f, 0xf0}, [@country_functional={0xe, 0x24, 0x7, 0x1, 0xfff, [0x401, 0x9, 0x100, 0x82]}, @country_functional={0xc, 0x24, 0x7, 0x7, 0xfff7, [0x7b, 0x1000, 0x2]}, @mdlm_detail={0x98, 0x24, 0x13, 0x7f, "9703660fe032bdb0c4db98879390343af17db47d8f66f31e13898954657308d1cb09f6d5f3b75439f156cfe11680b69fafe1c9821b19924829aafe41ca1cc2e6d77eff3f1a4287ad3f91deccd5e758aab52419d1f99791431d575273e7070bbc19d8c73f2d6cf318a2e621aea08438521442b1ccf6860bc27c4204b4170dc13adc24c0b3a65b24364c47fcd692d6027f467129b4"}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x200, 0x8, 0x9, 0x4}}], {{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x2, 0x0, 0x79}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0x7, 0x20, 0x3}}}}}]}}]}}, &(0x7f0000001040)={0xa, &(0x7f0000000e80)={0xa, 0x6, 0x111, 0x9, 0x6, 0x1, 0x40, 0x7}, 0x5, &(0x7f0000000ec0)={0x5, 0xf, 0x5}, 0x3, [{0x4, &(0x7f0000000f00)=@lang_id={0x4, 0x3, 0x827}}, {0x9c, &(0x7f0000000f40)=@string={0x9c, 0x3, "9b82a247e47750bbbcf8e8d350e4ac4b9abdb09e4cbfab60afaa59bc3ad97443c99209aaa0a53ef4e665f2454eca46c90d6f5d5e9188274fb14a62908e3188e03192da0bd9602991e3e7740aacacc8689146f869f03de6823515ee212036eb44accedccdbd30e7182bb6625c740d0f9530125e96879d85da2f2cebc4b2f4cc1bb3a3c00c1fa7c8ef0c1a0cee77f890827eaff3e09f76302ced6b"}}, {0x4, &(0x7f0000001000)=@lang_id={0x4, 0x3, 0x401}}]}) getgid() getresgid(&(0x7f0000001080), &(0x7f00000010c0)=0x0, &(0x7f0000001100)) setgroups(0x5, &(0x7f00000012c0)=[r4, r0, 0x0, r2, 0x0]) 17:52:21 executing program 7: r0 = accept(0xffffffffffffffff, &(0x7f0000000100)=@ax25={{0x3, @rose}, [@netrom, @rose, @bcast, @null, @bcast, @netrom, @default, @bcast]}, &(0x7f0000000180)=0x80) syz_genetlink_get_family_id$tipc(&(0x7f0000000000), r0) getsockname(r0, &(0x7f00000001c0)=@ax25={{0x3, @netrom}, [@netrom, @default, @netrom, @null, @default, @rose, @bcast, @default]}, &(0x7f0000000240)=0x80) keyctl$get_persistent(0x16, 0x0, 0xfffffffffffffffb) keyctl$assume_authority(0x10, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) accept(r0, 0x0, &(0x7f0000000280)) keyctl$read(0xb, 0x0, &(0x7f00000002c0)=""/105, 0x69) keyctl$KEYCTL_MOVE(0x1e, 0x0, 0xfffffffffffffffc, 0xffffffffffffffff, 0x0) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000380), r0) sendmsg$TIPC_CMD_GET_BEARER_NAMES(r0, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, r2, 0x800, 0x70bd29, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x40c4) r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000540), 0x2400, 0x0) setsockopt$inet_tcp_TLS_TX(r3, 0x6, 0x1, &(0x7f0000000580)=@gcm_256={{0x304}, "f8d152f28305f8fe", "13c755d7baa4b622c067827fa6a5a6384ad324fa3beaf4fce97e3edcec33ab36", "3db7db70", "3a692fdb4506779e"}, 0x38) ioctl$sock_ipv6_tunnel_SIOCDEL6RD(r3, 0x89fa, &(0x7f0000000640)={'ip6tnl0\x00', &(0x7f00000005c0)={'syztnl0\x00', 0x0, 0x2f, 0x1, 0x4, 0x2b, 0x34, @empty, @private2, 0x10, 0x8000, 0x6, 0x200}}) ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f00000006c0)={0x0, @isdn={0x22, 0x2, 0x1f, 0x2, 0x9}, @l2tp={0x2, 0x0, @loopback, 0x2}, @rc={0x1f, @none}, 0x7, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000680)='ip6tnl0\x00', 0x4, 0x100, 0x7}) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_MESH(r4, &(0x7f00000009c0)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000980)={&(0x7f0000000900)={0x54, 0x0, 0x200, 0x70bd27, 0x25dfdbfc, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x265}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0xbe4}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x100}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x4}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}]}, 0x54}, 0x1, 0x0, 0x0, 0x850}, 0x4000080) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_MESH_CONFIG(r5, &(0x7f0000000ac0)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0xa102}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a40)={0x2c, 0x0, 0x20, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x76}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x80}]}, 0x2c}, 0x1, 0x0, 0x0, 0x280080d0}, 0x0) ioctl$LOOP_CTL_ADD(r3, 0x4c80, r1) [ 110.123691] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 110.127669] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 110.129888] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 110.137888] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 110.141753] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 110.185999] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 110.188581] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 110.190847] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 110.199420] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 110.203520] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 110.253938] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 110.256884] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 110.259343] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 110.265269] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 110.269796] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 110.335205] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 110.354198] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 110.362859] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 110.387816] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 110.389601] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 110.403729] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 110.406848] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 110.407473] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 110.411892] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 110.414242] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 110.424863] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 110.437084] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 110.442857] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 110.455243] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 110.479073] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 110.488757] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 110.490988] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 110.495886] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 110.508255] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 110.520192] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 110.523215] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 110.534902] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 110.537781] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 110.595042] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 110.654591] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 112.213042] Bluetooth: hci0: command tx timeout [ 112.276639] Bluetooth: hci1: command tx timeout [ 112.340410] Bluetooth: hci2: command tx timeout [ 112.597493] Bluetooth: hci3: command tx timeout [ 112.598184] Bluetooth: hci4: command tx timeout [ 112.598523] Bluetooth: hci5: command tx timeout [ 112.661342] Bluetooth: hci7: command tx timeout [ 112.724395] Bluetooth: hci6: command tx timeout [ 114.262060] Bluetooth: hci0: command tx timeout [ 114.324389] Bluetooth: hci1: command tx timeout [ 114.390418] Bluetooth: hci2: command tx timeout [ 114.644608] Bluetooth: hci5: command tx timeout [ 114.645067] Bluetooth: hci4: command tx timeout [ 114.645516] Bluetooth: hci3: command tx timeout [ 114.708660] Bluetooth: hci7: command tx timeout [ 114.772528] Bluetooth: hci6: command tx timeout [ 116.308929] Bluetooth: hci0: command tx timeout [ 116.372381] Bluetooth: hci1: command tx timeout [ 116.436474] Bluetooth: hci2: command tx timeout [ 116.693476] Bluetooth: hci3: command tx timeout [ 116.693932] Bluetooth: hci4: command tx timeout [ 116.695251] Bluetooth: hci5: command tx timeout [ 116.756400] Bluetooth: hci7: command tx timeout [ 116.820381] Bluetooth: hci6: command tx timeout [ 118.357502] Bluetooth: hci0: command tx timeout [ 118.420768] Bluetooth: hci1: command tx timeout [ 118.484699] Bluetooth: hci2: command tx timeout [ 118.740411] Bluetooth: hci5: command tx timeout [ 118.740907] Bluetooth: hci4: command tx timeout [ 118.741394] Bluetooth: hci3: command tx timeout [ 118.804450] Bluetooth: hci7: command tx timeout [ 118.868549] Bluetooth: hci6: command tx timeout [ 170.736185] syz-executor.2 (287) used greatest stack depth: 24912 bytes left [ 173.484360] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 173.486195] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 173.489453] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 173.499327] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 173.504900] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 173.549453] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 173.552198] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 173.556228] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 173.568222] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 173.573799] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 173.634475] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 173.638710] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 173.644556] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 173.648816] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 173.651953] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 173.654190] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 173.655723] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 173.657722] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 173.659832] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 173.668064] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 173.669000] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 173.672893] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 173.676452] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 173.677388] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 173.684476] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 173.686680] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 173.690755] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 173.695907] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 173.697071] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 173.700843] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 173.704173] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 173.706866] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 173.731658] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 173.754549] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 173.756137] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 173.799353] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 173.803988] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 173.806920] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 173.810762] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 173.830827] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 175.572691] Bluetooth: hci0: command tx timeout [ 175.636704] Bluetooth: hci1: command tx timeout [ 175.764783] Bluetooth: hci3: command tx timeout [ 175.828518] Bluetooth: hci5: command tx timeout [ 175.828558] Bluetooth: hci6: command tx timeout [ 175.828949] Bluetooth: hci4: command tx timeout [ 175.893068] Bluetooth: hci2: command tx timeout [ 175.956434] Bluetooth: hci7: command tx timeout [ 177.620540] Bluetooth: hci0: command tx timeout [ 177.684520] Bluetooth: hci1: command tx timeout [ 177.812553] Bluetooth: hci3: command tx timeout [ 177.876739] Bluetooth: hci4: command tx timeout [ 177.876852] Bluetooth: hci5: command tx timeout [ 177.877145] Bluetooth: hci6: command tx timeout [ 177.940395] Bluetooth: hci2: command tx timeout [ 178.004362] Bluetooth: hci7: command tx timeout [ 179.669055] Bluetooth: hci0: command tx timeout [ 179.734057] Bluetooth: hci1: command tx timeout [ 179.861456] Bluetooth: hci3: command tx timeout [ 179.924620] Bluetooth: hci6: command tx timeout [ 179.926031] Bluetooth: hci5: command tx timeout [ 179.926126] Bluetooth: hci4: command tx timeout [ 179.988513] Bluetooth: hci2: command tx timeout [ 180.052491] Bluetooth: hci7: command tx timeout [ 181.716466] Bluetooth: hci0: command tx timeout [ 181.780785] Bluetooth: hci1: command tx timeout [ 181.908597] Bluetooth: hci3: command tx timeout [ 181.972400] Bluetooth: hci4: command tx timeout [ 181.972436] Bluetooth: hci5: command tx timeout [ 181.972871] Bluetooth: hci6: command tx timeout [ 182.036396] Bluetooth: hci2: command tx timeout [ 182.101357] Bluetooth: hci7: command tx timeout [ 235.629143] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 235.635852] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 235.638621] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 235.644904] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 235.648925] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 235.844908] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 235.848052] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 235.850281] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 235.871424] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 235.888837] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 235.941661] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 235.947059] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 235.949879] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 235.961879] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 235.970921] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 235.991474] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 236.008878] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 236.049141] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 236.070964] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 236.089592] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 236.120749] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 236.132058] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 236.145369] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 236.162876] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 236.164875] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 236.190153] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 236.195927] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 236.203247] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 236.210124] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 236.216208] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 236.222605] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 236.232838] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 236.256742] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 236.297170] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 236.312809] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 236.377843] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 236.380562] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 236.382708] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 236.387799] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 236.390977] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 237.717424] Bluetooth: hci0: command tx timeout [ 237.973440] Bluetooth: hci1: command tx timeout [ 238.036949] Bluetooth: hci2: command tx timeout [ 238.356441] Bluetooth: hci3: command tx timeout [ 238.357238] Bluetooth: hci5: command tx timeout [ 238.421565] Bluetooth: hci6: command tx timeout [ 238.422179] Bluetooth: hci4: command tx timeout [ 238.484485] Bluetooth: hci7: command tx timeout [ 239.765423] Bluetooth: hci0: command tx timeout [ 240.021720] Bluetooth: hci1: command tx timeout [ 240.085404] Bluetooth: hci2: command tx timeout [ 240.405522] Bluetooth: hci5: command tx timeout [ 240.406025] Bluetooth: hci3: command tx timeout [ 240.469596] Bluetooth: hci4: command tx timeout [ 240.470043] Bluetooth: hci6: command tx timeout [ 240.533659] Bluetooth: hci7: command tx timeout [ 241.813372] Bluetooth: hci0: command tx timeout [ 242.069354] Bluetooth: hci1: command tx timeout [ 242.132394] Bluetooth: hci2: command tx timeout [ 242.453733] Bluetooth: hci3: command tx timeout [ 242.454197] Bluetooth: hci5: command tx timeout [ 242.517906] Bluetooth: hci6: command tx timeout [ 242.518349] Bluetooth: hci4: command tx timeout [ 242.580386] Bluetooth: hci7: command tx timeout [ 243.860631] Bluetooth: hci0: command tx timeout [ 244.118391] Bluetooth: hci1: command tx timeout [ 244.181503] Bluetooth: hci2: command tx timeout [ 244.501722] Bluetooth: hci5: command tx timeout [ 244.501794] Bluetooth: hci3: command tx timeout [ 244.564403] Bluetooth: hci4: command tx timeout [ 244.564422] Bluetooth: hci6: command tx timeout [ 244.628501] Bluetooth: hci7: command tx timeout [ 295.741928] syz-executor.2 (5595) used greatest stack depth: 24544 bytes left [ 297.897081] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 297.903846] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 297.911407] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 297.918069] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 297.924837] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 298.033123] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 298.040817] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 298.044936] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 298.054441] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 298.062972] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 298.156804] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 298.166511] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 298.183918] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 298.196234] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 298.208863] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 298.217900] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 298.225835] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 298.233857] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 298.246735] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 298.251806] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 298.254097] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 298.264864] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 298.276272] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 298.290912] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 298.302764] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 298.316226] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 298.324787] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 298.331758] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 298.342060] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 298.346814] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 298.405054] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 298.421776] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 298.426744] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 298.439043] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 298.446153] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 298.462712] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 298.474424] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 298.485128] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 298.497173] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 298.521887] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 299.988408] Bluetooth: hci0: command tx timeout [ 300.118349] Bluetooth: hci1: command tx timeout [ 300.309634] Bluetooth: hci2: command tx timeout [ 300.372536] Bluetooth: hci5: command tx timeout [ 300.373201] Bluetooth: hci4: command tx timeout [ 300.436381] Bluetooth: hci3: command tx timeout [ 300.500418] Bluetooth: hci6: command tx timeout [ 300.628409] Bluetooth: hci7: command tx timeout [ 302.037718] Bluetooth: hci0: command tx timeout [ 302.165841] Bluetooth: hci1: command tx timeout [ 302.357458] Bluetooth: hci2: command tx timeout [ 302.423368] Bluetooth: hci4: command tx timeout [ 302.423890] Bluetooth: hci5: command tx timeout [ 302.485810] Bluetooth: hci3: command tx timeout [ 302.549352] Bluetooth: hci6: command tx timeout [ 302.676453] Bluetooth: hci7: command tx timeout [ 304.085375] Bluetooth: hci0: command tx timeout [ 304.213778] Bluetooth: hci1: command tx timeout [ 304.406377] Bluetooth: hci2: command tx timeout [ 304.469388] Bluetooth: hci5: command tx timeout [ 304.469909] Bluetooth: hci4: command tx timeout [ 304.532355] Bluetooth: hci3: command tx timeout [ 304.597387] Bluetooth: hci6: command tx timeout [ 304.724405] Bluetooth: hci7: command tx timeout [ 306.133580] Bluetooth: hci0: command tx timeout [ 306.260435] Bluetooth: hci1: command tx timeout [ 306.453940] Bluetooth: hci2: command tx timeout [ 306.517334] Bluetooth: hci4: command tx timeout [ 306.517790] Bluetooth: hci5: command tx timeout [ 306.581403] Bluetooth: hci3: command tx timeout [ 306.644470] Bluetooth: hci6: command tx timeout [ 306.773486] Bluetooth: hci7: command tx timeout [ 360.429852] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 360.435673] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 360.438755] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 360.454388] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 360.460878] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 360.588738] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 360.597152] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 360.610660] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 360.621024] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 360.627414] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 360.709754] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 360.713522] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 360.715849] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 360.718965] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 360.723242] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 360.729274] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 360.733168] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 360.750390] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 360.753853] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 360.760417] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 360.766206] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 360.823441] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 360.839194] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 360.848826] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 360.858845] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 360.873766] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 360.884626] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 360.890014] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 360.908391] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 360.908972] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 360.916979] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 360.935543] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 360.948687] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 360.983443] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 361.000826] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 361.060240] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 361.093682] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 361.099755] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 361.113609] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 361.127574] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 362.516523] Bluetooth: hci0: command tx timeout [ 362.708494] Bluetooth: hci1: command tx timeout [ 362.836390] Bluetooth: hci3: command tx timeout [ 362.837380] Bluetooth: hci2: command tx timeout [ 363.093621] Bluetooth: hci5: command tx timeout [ 363.220643] Bluetooth: hci4: command tx timeout [ 363.284377] Bluetooth: hci6: command tx timeout [ 363.348809] Bluetooth: hci7: command tx timeout [ 364.565339] Bluetooth: hci0: command tx timeout [ 364.757315] Bluetooth: hci1: command tx timeout [ 364.884494] Bluetooth: hci2: command tx timeout [ 364.885015] Bluetooth: hci3: command tx timeout [ 365.140377] Bluetooth: hci5: command tx timeout [ 365.269482] Bluetooth: hci4: command tx timeout [ 365.332356] Bluetooth: hci6: command tx timeout [ 365.396363] Bluetooth: hci7: command tx timeout [ 366.612954] Bluetooth: hci0: command tx timeout [ 366.806382] Bluetooth: hci1: command tx timeout [ 366.932553] Bluetooth: hci3: command tx timeout [ 366.932606] Bluetooth: hci2: command tx timeout [ 367.189378] Bluetooth: hci5: command tx timeout [ 367.318336] Bluetooth: hci4: command tx timeout [ 367.380369] Bluetooth: hci6: command tx timeout [ 367.444566] Bluetooth: hci7: command tx timeout [ 368.661601] Bluetooth: hci0: command tx timeout [ 368.853355] Bluetooth: hci1: command tx timeout [ 368.980757] Bluetooth: hci2: command tx timeout [ 368.981369] Bluetooth: hci3: command tx timeout [ 369.236822] Bluetooth: hci5: command tx timeout [ 369.364389] Bluetooth: hci4: command tx timeout [ 369.428579] Bluetooth: hci6: command tx timeout [ 369.492476] Bluetooth: hci7: command tx timeout VM DIAGNOSIS: 17:57:23 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=ffff88803111d280 RCX=0000000000000002 RDX=0000000088307f01 RSI=0000000000000000 RDI=ffffffff85c1d1c0 RBP=ffffffff85c1d1c0 RSP=ffff88802c7ef648 R8 =0000000000000000 R9 =ffffffff87a55508 R10=0000000000000001 R11=0000000000000000 R12=0000000000000002 R13=0000000000000000 R14=0000000000000000 R15=0000000000000002 RIP=ffffffff81518e84 RFL=00000082 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e561b000 00000000 00000000 LDT=0000 fffffe4f00000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f24e8db06f4 CR3=000000001bcf1000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f24e8dbf47000007f24e8dbef20 XMM02=00000000000000000000000000000000 XMM03=756e20796d6d756420736e6f6974706f XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=73253d656d616e6c6165722073253d73 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff817baf76 RDX=fffffbfff0c83f6b RSI=0000000000000008 RDI=ffffffff8641fb50 RBP=ffff88800b698a68 RSP=ffff88806cf08db8 R8 =0000000000000000 R9 =fffffbfff0c83f6a R10=ffffffff8641fb57 R11=0000000000000001 R12=ffff888008c7f140 R13=ffffea0000d9fa80 R14=0000000000000000 R15=ffff8880367ea600 RIP=ffffffff817baf7e RFL=00000047 [---Z-PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e571b000 00000000 00000000 LDT=0000 fffffe0100000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f5eaa2f06f4 CR3=000000002e1ea000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f5eaa2ff47000007f5eaa2fef20 XMM02=00000000000000000000000000000000 XMM03=756e20796d6d756420736e6f6974706f XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=73253d656d616e6c6165722073253d73 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000