Debian GNU/Linux 11 syzkaller ttyS0 syzkaller login: [ 91.358820] sshd (250) used greatest stack depth: 24992 bytes left Warning: Permanently added '[localhost]:51682' (ECDSA) to the list of known hosts. 2025/06/22 00:40:44 fuzzer started 2025/06/22 00:40:44 dialing manager at localhost:33119 [ 93.446497] cgroup: Unknown subsys name 'net' [ 93.597931] cgroup: Unknown subsys name 'cpuset' [ 93.643700] cgroup: Unknown subsys name 'rlimit' 2025/06/22 00:41:11 syscalls: 201 2025/06/22 00:41:11 code coverage: enabled 2025/06/22 00:41:11 comparison tracing: enabled 2025/06/22 00:41:11 extra coverage: enabled 2025/06/22 00:41:11 setuid sandbox: enabled 2025/06/22 00:41:11 namespace sandbox: enabled 2025/06/22 00:41:11 Android sandbox: enabled 2025/06/22 00:41:11 fault injection: enabled 2025/06/22 00:41:11 leak checking: enabled 2025/06/22 00:41:11 net packet injection: enabled 2025/06/22 00:41:11 net device setup: enabled 2025/06/22 00:41:11 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/06/22 00:41:11 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/06/22 00:41:11 USB emulation: enabled 2025/06/22 00:41:11 hci packet injection: enabled 2025/06/22 00:41:11 wifi device emulation: enabled 2025/06/22 00:41:11 802.15.4 emulation: enabled 2025/06/22 00:41:11 fetching corpus: 0, signal 0/0 (executing program) 2025/06/22 00:41:13 starting 8 fuzzer processes 00:41:13 executing program 0: r0 = syz_open_dev$vcsn(&(0x7f0000000000), 0x0, 0x311600) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000040)={0x3f, 0x7, 0xc6, 0x4, 0x1}, 0x14) setsockopt$bt_hci_HCI_DATA_DIR(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000080)=0x7, 0x4) r1 = socket(0x2, 0x5, 0x7) sendmsg$BATADV_CMD_GET_DAT_CACHE(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, 0x0, 0x2, 0x70bd27, 0x25dfdbfe, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x8d2}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000014}, 0x4004c) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000200), 0x22000, 0x0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r0, 0x7, &(0x7f0000000240)=r2, 0x1) io_uring_register$IORING_REGISTER_EVENTFD(r2, 0x4, &(0x7f0000000280)=r0, 0x1) r3 = openat$cgroup_procs(r2, &(0x7f00000002c0)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r3, &(0x7f0000000300), 0x12) r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000340), 0x240040, 0x0) recvmsg$unix(r4, &(0x7f0000000940)={&(0x7f0000000380), 0x6e, &(0x7f00000007c0)=[{&(0x7f0000000400)=""/216, 0xd8}, {&(0x7f0000000500)=""/36, 0x24}, {&(0x7f0000000540)=""/198, 0xc6}, {&(0x7f0000000640)=""/82, 0x52}, {&(0x7f00000006c0)=""/237, 0xed}], 0x5, &(0x7f0000000840)=[@cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0}}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x100}, 0x40012000) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000980)) r7 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000009c0), 0xea103, 0x0) read$eventfd(r7, &(0x7f0000000a00), 0x8) syz_open_dev$vcsn(&(0x7f0000000a40), 0x100000000, 0x503040) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000a80)='./cgroup/syz1\x00', 0x200002, 0x0) r8 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000ac0), 0x600080, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f0000000b00)) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000b80)=r6, 0x12) 00:41:13 executing program 1: ioctl$PTP_PEROUT_REQUEST(0xffffffffffffffff, 0x40383d03, &(0x7f0000000000)={{0x3, 0x9}, {0x3, 0x6}, 0x18000}) ioctl$SG_GET_COMMAND_Q(0xffffffffffffffff, 0x2270, &(0x7f0000000040)) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_STOP_P2P_DEVICE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x28, r0, 0x800, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x10000, 0x7b}}}}, [""]}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x4000) read$ptp(0xffffffffffffffff, &(0x7f0000000200)=""/222, 0xde) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000300), 0x410500, 0x0) sendmsg$BATADV_CMD_SET_VLAN(r2, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x68, 0x0, 0x400, 0x70bd28, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x3}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0xe98}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x7}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x7f}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x3}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x5}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x843d}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}]}, 0x68}, 0x1, 0x0, 0x0, 0x20040000}, 0x4000000) r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000480), 0x101000, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_NEIGHBORS(r4, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x1c, 0x0, 0x400, 0x70bd27, 0x25dfdbfc, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008000}, 0x48801) ioctl$SCSI_IOCTL_DOORLOCK(r2, 0x5380) r5 = openat$null(0xffffffffffffff9c, &(0x7f00000005c0), 0x2140, 0x0) ioctl$PTP_PIN_GETFUNC(r5, 0xc0603d06, &(0x7f0000000600)={'\x00', 0x1, 0x2, 0x5}) r6 = syz_open_dev$vcsn(&(0x7f0000000680), 0x2, 0x442) ioctl$SCSI_IOCTL_DOORUNLOCK(r6, 0x5381) ioctl$SCSI_IOCTL_DOORLOCK(r3, 0x5380) ioctl$SCSI_IOCTL_DOORLOCK(r3, 0x5380) syz_open_dev$sg(&(0x7f00000006c0), 0x98, 0x444200) syz_genetlink_get_family_id$batadv(&(0x7f0000000700), r6) 00:41:13 executing program 2: r0 = accept4$unix(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000080)=0x6e, 0x0) recvmsg$unix(r0, &(0x7f0000001280)={&(0x7f00000000c0), 0x6e, &(0x7f00000011c0)=[{&(0x7f0000000140)=""/101, 0x65}, {&(0x7f00000001c0)=""/4096, 0x1000}], 0x2, &(0x7f0000001200)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x70}, 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000012c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendto$unix(r4, &(0x7f0000001300)="f45389fc1a3159ac0150982e5a7dad5ff6789bb2994117897ea6ae6db6afc84267140ae340d91c2b0b55e08edb4bcd752867d54e4f59a0bdba11d25b255c9d0539b026023c2989e1760f93ec0569a6b15340e77c5da2141de9fe2381290c24d2d02511529d8f7b68366b32cb9144acc8068952245afc1ffae80f8e9c68631a367b3b43d00243b5718d3dfb2f6d888963658ef702f98431a959d53da9b2e61ece6c6b16fa95630237584942214dd1f93a8d840e47505ff336c756c986ebfe", 0xbe, 0x20000000, &(0x7f00000013c0)=@file={0x1, './file0\x00'}, 0x6e) accept4$unix(r3, &(0x7f0000001440), &(0x7f00000014c0)=0x6e, 0x80800) connect$unix(r2, &(0x7f0000001500)=@file={0x0, './file0\x00'}, 0x6e) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r2, 0x10e, 0x8, &(0x7f0000001580)=0x2e7, 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000015c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r5, &(0x7f0000001b00)={&(0x7f0000001600), 0x6e, &(0x7f0000001a40)=[{&(0x7f0000001680)=""/197, 0xc5}, {&(0x7f0000001780)=""/216, 0xd8}, {&(0x7f0000001880)=""/130, 0x82}, {&(0x7f0000001940)=""/254, 0xfe}], 0x4, &(0x7f0000001a80)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x50}, 0x40000000) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, &(0x7f0000001b40)={0x9, 0x8f, 0x2, 0x80}, 0x10) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r1, 0x894b, &(0x7f0000001b80)) accept4$unix(r6, &(0x7f0000001bc0), &(0x7f0000001c40)=0x6e, 0x100000) r8 = accept4$unix(r2, 0x0, &(0x7f0000001c80), 0x0) sendto$unix(r8, &(0x7f0000001cc0)="375ec021512ec697975203aa1a0d708fe727600c27d0a36d2365db8725d4bdc98957cc9964d39a631a7afe7efc3d8add9cd88f25bab9ef3416fa247b", 0x3c, 0x4000, &(0x7f0000001d00)=@file={0x1, './file0\x00'}, 0x6e) io_uring_register$IORING_REGISTER_EVENTFD(r7, 0x4, &(0x7f0000001d80), 0x1) r9 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000001dc0), 0x5011c0, 0x0) recvmsg$unix(r9, &(0x7f0000002080)={&(0x7f0000001e00), 0x6e, &(0x7f0000001f80)=[{&(0x7f0000001e80)=""/217, 0xd9}], 0x1, &(0x7f0000001fc0)=[@cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x88}, 0x1) r11 = syz_genetlink_get_family_id$batadv(&(0x7f0000002100), r7) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r10, &(0x7f00000021c0)={&(0x7f00000020c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000002180)={&(0x7f0000002140)={0x24, r11, 0x86f78a1df897171b, 0x70bd2a, 0x25dfdbfd, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x4}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x8880}, 0x404c080) sendmsg$BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, &(0x7f0000002680)={&(0x7f0000002580)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000002640)={&(0x7f00000025c0)={0x44, r11, 0x100, 0x70bd28, 0x25dfdbfc, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x2}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x7}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x2}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x1ff}]}, 0x44}, 0x1, 0x0, 0x0, 0x24000800}, 0x4000) [ 121.442829] audit: type=1400 audit(1750552873.174:7): avc: denied { execmem } for pid=281 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 00:41:13 executing program 3: sendmsg$NL802154_CMD_NEW_SEC_DEV(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x60, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x4a8b6aa8da2f50ac}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000000}, 0x8081) sendmsg$NL802154_CMD_GET_SEC_KEY(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80081000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x28, 0x0, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x28}, 0x1, 0x0, 0x0, 0x24040000}, 0x4800) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000240), 0x40440, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x58, r1, 0x200, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "5a9ae4443948a0e1861d5d7cfe"}, @NL80211_ATTR_KEY_SEQ={0xf, 0xa, "cb66915ae6bca8b79e7dc4"}, @NL80211_ATTR_KEY={0x14, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5, 0x2, 0x5}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac05}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x1000}, 0x24004004) r2 = syz_open_dev$vcsn(&(0x7f0000000400), 0xa542, 0x80000) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x30, 0x0, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @multicast}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x8004}, 0x840) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000580), r0) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r0, &(0x7f0000000680)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, r3, 0x200, 0x70bd28, 0x25dfdbfb, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x8}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x6}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x7}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x4348}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x5}]}, 0x54}, 0x1, 0x0, 0x0, 0x4080}, 0xc000) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f00000006c0), 0xa4043, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000740)={'batadv_slave_0\x00', 0x0}) sendmsg$BATADV_CMD_TP_METER_CANCEL(r4, &(0x7f0000000800)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x2c, r3, 0x200, 0x70bd29, 0x25dfdbfb, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0xffffffff}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r5}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x1ff}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4080}, 0x45) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f0000000940)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000900)={&(0x7f0000000880)={0x5c, r3, 0x300, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x7fffffff}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x4}, @BATADV_ATTR_ELP_INTERVAL={0x8}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r5}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4) r6 = accept4$unix(r4, &(0x7f0000000980)=@abs, &(0x7f0000000a00)=0x6e, 0x80800) r7 = geteuid() recvmsg$unix(r4, &(0x7f0000002000)={&(0x7f0000000c40)=@abs, 0x6e, &(0x7f0000001f40)=[{&(0x7f0000000cc0)=""/186, 0xba}, {&(0x7f0000000d80)=""/132, 0x84}, {&(0x7f0000000e40)=""/4096, 0x1000}, {&(0x7f0000001e40)=""/70, 0x46}, {&(0x7f0000001ec0)=""/11, 0xb}, {&(0x7f0000001f00)=""/50, 0x32}], 0x6, &(0x7f0000001fc0)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0x0}}}], 0x20}, 0x10042) r9 = syz_open_dev$hidraw(&(0x7f0000002040), 0x4b44, 0x4000) r10 = eventfd(0x5) recvmsg$unix(r2, &(0x7f00000022c0)={&(0x7f0000002080)=@abs, 0x6e, &(0x7f0000002200)=[{&(0x7f0000002100)=""/249, 0xf9}], 0x1, &(0x7f0000002240)=[@rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0}}}], 0x58}, 0x0) sendmsg$unix(r6, &(0x7f0000002640)={&(0x7f0000000a40)=@file={0x3, './file0\x00'}, 0x6e, &(0x7f0000000c00)=[{&(0x7f0000000ac0)="1a5400b8811aae1b975196d723f4cbf02f9daec9fb93947e0495de4b2f661b76ffc1f03f3f5f598ea8f99ec67429154d51686e46684aeb8d3d2a63dc49bc06bd", 0x40}, {&(0x7f0000000b00)="b73fb59e5be62cac35d0c98cbd9e02be9536c5b1e4bcc28d1d6499ead6f4d21653ac639d6fd07158238c3f50c2882429489ef76e449d6254ee0e340f1046ea852cc13e51376103ad50e7d5e6c5bafc396c7df6c55995f2665bde758ba2a016c738775d5d096dbc23de228a487b0cecc808021fdb9a8f9f27e95d28c7a1387b3c9ecc59388fdb587fa502327bbcfce034d94132027e79ca1615ed2a57933a8b07250d3eaa10e4a7b375b5fb216f994cc46f4b4187dd72d7752382cf3bef46eb643f0236e359d0", 0xc6}, {0xffffffffffffffff}], 0x3, &(0x7f0000002580)=[@cred={{0x1c, 0x1, 0x2, {0x0, r7, r8}}}, @rights={{0x28, 0x1, 0x1, [r4, r9, r0, r4, r4, r10]}}, @cred={{0x1c, 0x1, 0x2, {r11, 0x0, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0x0, 0xffffffffffffffff}}}, @rights={{0x30, 0x1, 0x1, [r4, r2, r0, r4, r2, r0, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xb8, 0x4008080}, 0xc04c080) 00:41:13 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x5c, r1, 0x2, 0x70bd25, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x8001, 0x44}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x31}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x66}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x1d}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x23}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x37}]}, 0x5c}, 0x1, 0x0, 0x0, 0x400}, 0x4000000) sendmsg$NLBL_CALIPSO_C_ADD(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x44, 0x0, 0x4, 0x70bd2c, 0x25dfdbfe, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000081}, 0x4000001) sendmsg$BATADV_CMD_GET_VLAN(r0, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x3c, 0x0, 0x200, 0x70bd2c, 0x25dfdbfd, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x7}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x8}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4}, 0x8000) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x1c, 0x0, 0x200, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x881}, 0x80) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f00000004c0), 0x24200, 0x0) sendmsg$BATADV_CMD_GET_ORIGINATORS(r2, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x24, 0x0, 0x4, 0x70bd27, 0x25dfdbfc, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_GW_MODE={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x5) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r2, &(0x7f00000006c0)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x24, 0x0, 0x400, 0x70bd29, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x8}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x7c}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x2) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000740), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000780)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_SET_CHANNEL(r3, &(0x7f0000000840)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x38, r4, 0x10, 0x70bd2d, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_PAGE={0x5, 0x7, 0x1a}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000804}, 0x51) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_NEW_INTERFACE(r6, &(0x7f0000000980)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000940)={&(0x7f00000008c0)={0x4c, r4, 0x220, 0x70bd28, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_EXTENDED_ADDR={0xc}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_EXTENDED_ADDR={0xc}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, {0xaaaaaaaaaaaa0002}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x14}, 0x20000000) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f00000009c0), r7) sendmsg$BATADV_CMD_GET_DAT_CACHE(r2, &(0x7f0000000ac0)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a40)={0x34, 0x0, 0x800, 0x70bd2d, 0x25dfdbfd, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000804}, 0x40000) r8 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000b00), 0x600001, 0x0) sendmsg$BATADV_CMD_TP_METER(r8, &(0x7f0000000c80)={&(0x7f0000000b40)={0x10, 0x0, 0x0, 0x80d04}, 0xc, &(0x7f0000000c40)={&(0x7f0000000bc0)={0x4c, 0x0, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x6e3}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0xca11}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x80000000}]}, 0x4c}}, 0x4008850) 00:41:13 executing program 5: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_GET_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, r0, 0x605, 0x70bd26, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x200008c0) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_SET_MAX_FRAME_RETRIES(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x48, r0, 0x904, 0x70bd29, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_MAX_FRAME_RETRIES={0x5, 0xf, 0x43}, @NL802154_ATTR_MAX_FRAME_RETRIES={0x5, 0xf, 0x1}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x20000000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'batadv_slave_0\x00'}) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x54, r0, 0x400, 0x70bd26, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x54}, 0x1, 0x0, 0x0, 0x1}, 0x40000) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000500), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r4, &(0x7f0000000600)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x200000d0}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x30, r5, 0x0, 0x70bd25, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_ORIGINATORS(r7, &(0x7f0000000700)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x28, 0x0, 0x100, 0x70bd27, 0x25dfdbff, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local}]}, 0x28}, 0x1, 0x0, 0x0, 0x4004004}, 0x4000000) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000780), r4) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r8, &(0x7f0000000a40)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000a00)={&(0x7f00000007c0)={0x22c, r9, 0x400, 0x70bd2d, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_SEC_DEVKEY={0x158, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x84, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x1ef2}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x11c}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x64, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xffff}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xfffe}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xfffc}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x1}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}]}]}, @NL802154_DEVKEY_ATTR_ID={0xb4, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x30, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa1}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xffff}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa3}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0xfffffff8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x38, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xffff}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xffff}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x7fffffff}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x8000}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x8}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xce2}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0202}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0xc789}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x1}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_SEC_DEVKEY={0x9c, 0x24, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x84, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x3c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa1}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}]}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x1}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x34, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0x3}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6}]}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x9}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}]}]}, 0x22c}, 0x1, 0x0, 0x0, 0x24008000}, 0x80) r10 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000ac0), r8) sendmsg$NL802154_CMD_GET_SEC_DEVKEY(r4, &(0x7f0000000bc0)={&(0x7f0000000a80), 0xc, &(0x7f0000000b80)={&(0x7f0000000b00)={0x4c, r10, 0x100, 0x70bd2a, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0xa0e20c71cd11367b}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x48000) 00:41:13 executing program 6: r0 = io_uring_setup(0x71fd, &(0x7f0000000000)={0x0, 0x4aa4, 0x0, 0x0, 0x10e}) io_uring_setup(0x553, &(0x7f0000000080)={0x0, 0x58d5, 0x2, 0x0, 0x362, 0x0, r0}) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x7, &(0x7f0000000140), 0x1) io_uring_register$IORING_REGISTER_EVENTFD(r1, 0x4, &(0x7f0000000180)=r1, 0x1) r2 = openat$null(0xffffffffffffff9c, &(0x7f00000001c0), 0x10000, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(r2, 0x5385, &(0x7f0000000200)={0x8e, ""/142}) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f00000002c0)=0x9) ioctl$SG_GET_TIMEOUT(r1, 0x2202, 0x0) ioctl$HIDIOCGRAWNAME(r1, 0x80404804, &(0x7f0000000300)) ioctl$SCSI_IOCTL_PROBE_HOST(r1, 0x5385, &(0x7f0000000340)={0x9d, ""/157}) ioctl$SG_GET_COMMAND_Q(r2, 0x2270, &(0x7f0000000400)) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r2) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x24, r3, 0x4, 0x70bd2c, 0x25dfdbfd, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x37}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4c080}, 0x40000) ioctl$SCSI_IOCTL_START_UNIT(r2, 0x5) r4 = semget$private(0x0, 0x4, 0x82) semctl$SEM_STAT_ANY(r4, 0x4, 0x14, &(0x7f0000000580)=""/4096) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000001580), 0x109001, 0x0) ioctl$SCSI_IOCTL_GET_IDLUN(r5, 0x5382, &(0x7f00000015c0)) openat$ptp0(0xffffffffffffff9c, &(0x7f0000001600), 0x300, 0x0) 00:41:13 executing program 7: ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wpan3\x00', 0x0}) sendmsg$NL802154_CMD_SET_LBT_MODE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x38, 0x0, 0x10, 0x70bd2b, 0x25dfdbfb, {}, [@NL802154_ATTR_LBT_MODE={0x5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_LBT_MODE={0x5, 0x13, 0x1}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r0}]}, 0x38}, 0x1, 0x0, 0x0, 0x40800}, 0x4010) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000140), r1) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000180), r1) sendmsg$NL802154_CMD_SET_CCA_MODE(r1, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x2c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [@NL802154_ATTR_CCA_OPT={0x8}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_CCA_MODE={0x8, 0xc, 0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040000) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_SEC_LEVEL(r1, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x34, r2, 0x2, 0x70bd2c, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x400}, 0x11) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_TX_POWER(r1, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14, r3, 0x8, 0x70bd2d, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x24000040) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000580)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_DEV(r4, &(0x7f0000000680)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x80, r2, 0x0, 0x70bd29, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r0}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000003}, @NL802154_ATTR_SEC_DEVICE={0x3c, 0x23, 0x0, 0x1, [@NL802154_DEV_ATTR_FRAME_COUNTER={0x6, 0x1, 0x401}, @NL802154_DEV_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEV_ATTR_KEY_MODE={0x8, 0x6, 0x2}, @NL802154_DEV_ATTR_SECLEVEL_EXEMPT={0x5, 0x5, 0x1}, @NL802154_DEV_ATTR_EXTENDED_ADDR={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ATTR_PAN_ID={0x6, 0x2, 0xfffc}]}, @NL802154_ATTR_SEC_DEVICE={0x14, 0x23, 0x0, 0x1, [@NL802154_DEV_ATTR_SHORT_ADDR={0x6, 0x3, 0xfffe}, @NL802154_DEV_ATTR_PAN_ID={0x6, 0x2, 0x3}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}]}, 0x80}}, 0x20008000) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000700), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f0000000740)={'wpan4\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_DEV(r6, &(0x7f0000000880)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000840)={&(0x7f0000000780)={0xac, r7, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_SEC_DEVICE={0x50, 0x23, 0x0, 0x1, [@NL802154_DEV_ATTR_EXTENDED_ADDR={0xc, 0x4, {0x100}}, @NL802154_DEV_ATTR_KEY_MODE={0x8, 0x6, 0x1}, @NL802154_DEV_ATTR_SHORT_ADDR={0x6, 0x3, 0xaaa2}, @NL802154_DEV_ATTR_SHORT_ADDR={0x6, 0x3, 0xffff}, @NL802154_DEV_ATTR_SECLEVEL_EXEMPT={0x5, 0x5, 0x1}, @NL802154_DEV_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEV_ATTR_SECLEVEL_EXEMPT={0x5, 0x5, 0x1}, @NL802154_DEV_ATTR_EXTENDED_ADDR={0xc, 0x4, {0xaaaaaaaaaaaa0002}}]}, @NL802154_ATTR_SEC_DEVICE={0x28, 0x23, 0x0, 0x1, [@NL802154_DEV_ATTR_EXTENDED_ADDR={0xc, 0x4, {0xaaaaaaaaaaaa0202}}, @NL802154_DEV_ATTR_EXTENDED_ADDR={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ATTR_EXTENDED_ADDR={0xc, 0x4, {0xaaaaaaaaaaaa0202}}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}]}, 0xac}, 0x1, 0x0, 0x0, 0x4044000}, 0x404c850) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CALIPSO_C_LIST(r9, &(0x7f0000000980)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x1c, 0x0, 0x4, 0x70bd28, 0x25dfdbfe, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc800}, 0x24002051) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(0xffffffffffffffff, 0x7, &(0x7f00000009c0), 0x1) [ 122.939823] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 122.944717] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 122.951589] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 122.959919] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 122.964847] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 123.002637] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 123.005677] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 123.015272] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 123.020872] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 123.026454] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 123.122940] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 123.149185] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 123.154211] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 123.168581] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 123.173792] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 123.273923] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 123.277260] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 123.281769] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 123.285096] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 123.289598] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 123.292367] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 123.296818] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 123.313896] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 123.313927] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 123.327937] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 123.375843] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 123.387731] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 123.418254] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 123.427290] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 123.431848] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 123.433091] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 123.442436] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 123.450422] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 123.451778] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 123.459033] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 123.482738] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 123.489470] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 123.503309] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 123.511010] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 123.566070] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 125.025664] Bluetooth: hci0: command tx timeout [ 125.091125] Bluetooth: hci1: command tx timeout [ 125.217204] Bluetooth: hci2: command tx timeout [ 125.409174] Bluetooth: hci3: command tx timeout [ 125.411438] Bluetooth: hci4: command tx timeout [ 125.537131] Bluetooth: hci5: command tx timeout [ 125.601190] Bluetooth: hci7: command tx timeout [ 125.665127] Bluetooth: hci6: command tx timeout [ 127.073061] Bluetooth: hci0: command tx timeout [ 127.137085] Bluetooth: hci1: command tx timeout [ 127.265027] Bluetooth: hci2: command tx timeout [ 127.457076] Bluetooth: hci3: command tx timeout [ 127.457540] Bluetooth: hci4: command tx timeout [ 127.585069] Bluetooth: hci5: command tx timeout [ 127.649112] Bluetooth: hci7: command tx timeout [ 127.713352] Bluetooth: hci6: command tx timeout [ 129.121199] Bluetooth: hci0: command tx timeout [ 129.185169] Bluetooth: hci1: command tx timeout [ 129.313190] Bluetooth: hci2: command tx timeout [ 129.505143] Bluetooth: hci3: command tx timeout [ 129.506080] Bluetooth: hci4: command tx timeout [ 129.633136] Bluetooth: hci5: command tx timeout [ 129.697090] Bluetooth: hci7: command tx timeout [ 129.762277] Bluetooth: hci6: command tx timeout [ 131.170236] Bluetooth: hci0: command tx timeout [ 131.234125] Bluetooth: hci1: command tx timeout [ 131.361301] Bluetooth: hci2: command tx timeout [ 131.553329] Bluetooth: hci3: command tx timeout [ 131.553814] Bluetooth: hci4: command tx timeout [ 131.681178] Bluetooth: hci5: command tx timeout [ 131.745077] Bluetooth: hci7: command tx timeout [ 131.809994] Bluetooth: hci6: command tx timeout [ 182.785615] syz-executor.1 (290) used greatest stack depth: 24848 bytes left [ 182.972819] syz-executor.3 (295) used greatest stack depth: 24544 bytes left [ 185.471589] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 185.475200] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 185.478663] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 185.487356] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 185.496349] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 185.497461] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 185.502350] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 185.517734] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 185.532487] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 185.547600] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 185.552308] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 185.559210] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 185.571508] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 185.589774] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 185.601914] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 185.727446] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 185.740253] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 185.762649] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 185.778864] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 185.788382] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 185.790082] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 185.808555] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 185.814243] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 185.820410] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 185.827291] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 185.840838] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 185.851654] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 185.901846] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 185.905289] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 185.908606] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 185.912811] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 185.926474] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 185.929142] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 185.942446] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 185.942700] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 185.970441] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 185.992681] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 186.008541] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 186.037859] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 186.039248] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 187.553385] Bluetooth: hci1: command tx timeout [ 187.618027] Bluetooth: hci0: command tx timeout [ 187.681029] Bluetooth: hci2: command tx timeout [ 187.873064] Bluetooth: hci3: command tx timeout [ 188.001095] Bluetooth: hci6: command tx timeout [ 188.129117] Bluetooth: hci4: command tx timeout [ 188.130304] Bluetooth: hci5: command tx timeout [ 188.130498] Bluetooth: hci7: command tx timeout [ 189.601086] Bluetooth: hci1: command tx timeout [ 189.665053] Bluetooth: hci0: command tx timeout [ 189.729244] Bluetooth: hci2: command tx timeout [ 189.921118] Bluetooth: hci3: command tx timeout [ 190.049546] Bluetooth: hci6: command tx timeout [ 190.177377] Bluetooth: hci7: command tx timeout [ 190.177993] Bluetooth: hci5: command tx timeout [ 190.178482] Bluetooth: hci4: command tx timeout [ 191.650115] Bluetooth: hci1: command tx timeout [ 191.714039] Bluetooth: hci0: command tx timeout [ 191.778179] Bluetooth: hci2: command tx timeout [ 191.969024] Bluetooth: hci3: command tx timeout [ 192.097356] Bluetooth: hci6: command tx timeout [ 192.225149] Bluetooth: hci5: command tx timeout [ 192.225669] Bluetooth: hci7: command tx timeout [ 192.226420] Bluetooth: hci4: command tx timeout [ 193.697990] Bluetooth: hci1: command tx timeout [ 193.762083] Bluetooth: hci0: command tx timeout [ 193.826068] Bluetooth: hci2: command tx timeout [ 194.017987] Bluetooth: hci3: command tx timeout [ 194.146203] Bluetooth: hci6: command tx timeout [ 194.274070] Bluetooth: hci7: command tx timeout [ 194.274581] Bluetooth: hci4: command tx timeout [ 194.274874] Bluetooth: hci5: command tx timeout [ 247.672147] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 247.681321] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 247.685269] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 247.698604] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 247.707616] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 247.757533] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 247.768873] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 247.775260] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 247.800899] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 247.807628] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 247.971707] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 248.006395] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 248.010665] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 248.016295] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 248.029891] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 248.038025] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 248.049557] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 248.051395] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 248.053527] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 248.054450] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 248.056307] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 248.057577] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 248.068541] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 248.071674] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 248.078661] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 248.091231] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 248.092761] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 248.101714] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 248.107283] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 248.114747] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 248.307642] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 248.312734] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 248.316477] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 248.340758] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 248.371489] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 248.377910] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 248.381255] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 248.422593] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 248.476630] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 248.521486] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 249.762027] Bluetooth: hci0: command tx timeout [ 249.890121] Bluetooth: hci1: command tx timeout [ 250.210281] Bluetooth: hci5: command tx timeout [ 250.211180] Bluetooth: hci4: command tx timeout [ 250.211676] Bluetooth: hci2: command tx timeout [ 250.273097] Bluetooth: hci3: command tx timeout [ 250.465225] Bluetooth: hci6: command tx timeout [ 250.593029] Bluetooth: hci7: command tx timeout [ 251.809043] Bluetooth: hci0: command tx timeout [ 251.937017] Bluetooth: hci1: command tx timeout [ 252.257200] Bluetooth: hci2: command tx timeout [ 252.257649] Bluetooth: hci4: command tx timeout [ 252.258343] Bluetooth: hci5: command tx timeout [ 252.322157] Bluetooth: hci3: command tx timeout [ 252.513118] Bluetooth: hci6: command tx timeout [ 252.641190] Bluetooth: hci7: command tx timeout [ 253.857046] Bluetooth: hci0: command tx timeout [ 253.986177] Bluetooth: hci1: command tx timeout [ 254.305204] Bluetooth: hci5: command tx timeout [ 254.305334] Bluetooth: hci4: command tx timeout [ 254.305917] Bluetooth: hci2: command tx timeout [ 254.370178] Bluetooth: hci3: command tx timeout [ 254.561171] Bluetooth: hci6: command tx timeout [ 254.689981] Bluetooth: hci7: command tx timeout [ 255.905635] Bluetooth: hci0: command tx timeout [ 256.033199] Bluetooth: hci1: command tx timeout [ 256.354327] Bluetooth: hci5: command tx timeout [ 256.354706] Bluetooth: hci2: command tx timeout [ 256.355492] Bluetooth: hci4: command tx timeout [ 256.417163] Bluetooth: hci3: command tx timeout [ 256.609150] Bluetooth: hci6: command tx timeout [ 256.737195] Bluetooth: hci7: command tx timeout [ 310.262504] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 310.268534] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 310.271068] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 310.280675] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 310.288179] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 310.512288] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 310.516881] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 310.519762] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 310.528989] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 310.537616] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 310.550528] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 310.555436] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 310.558290] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 310.570206] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 310.577655] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 310.683165] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 310.735824] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 310.739836] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 310.760065] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 310.761997] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 310.768618] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 310.810528] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 310.819425] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 310.831639] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 310.844709] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 310.877622] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 310.880022] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 310.893311] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 310.931635] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 310.933534] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 310.981775] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 310.985613] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 310.989385] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 310.991792] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 311.033498] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 311.041323] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 311.046122] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 311.062489] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 311.111170] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 311.131369] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 312.353175] Bluetooth: hci0: command tx timeout [ 312.609715] Bluetooth: hci2: command tx timeout [ 312.610734] Bluetooth: hci1: command tx timeout [ 312.865094] Bluetooth: hci3: command tx timeout [ 313.058466] Bluetooth: hci4: command tx timeout [ 313.121044] Bluetooth: hci5: command tx timeout [ 313.185114] Bluetooth: hci6: command tx timeout [ 313.250020] Bluetooth: hci7: command tx timeout [ 314.401055] Bluetooth: hci0: command tx timeout [ 314.657243] Bluetooth: hci2: command tx timeout [ 314.657718] Bluetooth: hci1: command tx timeout [ 314.913221] Bluetooth: hci3: command tx timeout [ 315.106975] Bluetooth: hci4: command tx timeout [ 315.169369] Bluetooth: hci5: command tx timeout [ 315.233330] Bluetooth: hci6: command tx timeout [ 315.297921] Bluetooth: hci7: command tx timeout [ 316.450061] Bluetooth: hci0: command tx timeout [ 316.708026] Bluetooth: hci2: command tx timeout [ 316.708499] Bluetooth: hci1: command tx timeout [ 316.961040] Bluetooth: hci3: command tx timeout [ 317.153255] Bluetooth: hci4: command tx timeout [ 317.217356] Bluetooth: hci5: command tx timeout [ 317.281008] Bluetooth: hci6: command tx timeout [ 317.346300] Bluetooth: hci7: command tx timeout [ 318.498014] Bluetooth: hci0: command tx timeout [ 318.753184] Bluetooth: hci2: command tx timeout [ 318.754846] Bluetooth: hci1: command tx timeout [ 319.010570] Bluetooth: hci3: command tx timeout [ 319.201211] Bluetooth: hci4: command tx timeout [ 319.265131] Bluetooth: hci5: command tx timeout [ 319.329409] Bluetooth: hci6: command tx timeout [ 319.393079] Bluetooth: hci7: command tx timeout [ 372.602740] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 372.606643] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 372.609557] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 372.619831] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 372.625570] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 372.980533] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 372.987334] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 372.990319] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 373.001795] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 373.006347] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 373.055728] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 373.064282] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 373.067744] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 373.079174] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 373.086263] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 373.150900] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 373.160494] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 373.176289] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 373.178684] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 373.184298] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 373.190550] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 373.196569] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 373.198305] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 373.203242] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 373.206235] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 373.213508] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 373.215592] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 373.215770] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 373.220074] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 373.229443] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 373.236357] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 373.241470] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 373.245392] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 373.251703] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 373.260482] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 373.382384] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 373.391500] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 373.403498] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 373.482420] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 373.516518] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 374.689192] Bluetooth: hci0: command tx timeout [ 375.073209] Bluetooth: hci1: command tx timeout [ 375.138072] Bluetooth: hci2: command tx timeout [ 375.329381] Bluetooth: hci5: command tx timeout [ 375.394213] Bluetooth: hci3: command tx timeout [ 375.395530] Bluetooth: hci4: command tx timeout [ 375.395618] Bluetooth: hci6: command tx timeout [ 375.713045] Bluetooth: hci7: command tx timeout [ 376.737045] Bluetooth: hci0: command tx timeout [ 377.121034] Bluetooth: hci1: command tx timeout [ 377.185373] Bluetooth: hci2: command tx timeout [ 377.377068] Bluetooth: hci5: command tx timeout [ 377.441037] Bluetooth: hci4: command tx timeout [ 377.441470] Bluetooth: hci6: command tx timeout [ 377.441519] Bluetooth: hci3: command tx timeout [ 377.761062] Bluetooth: hci7: command tx timeout [ 378.785193] Bluetooth: hci0: command tx timeout [ 379.169185] Bluetooth: hci1: command tx timeout [ 379.233524] Bluetooth: hci2: command tx timeout [ 379.426132] Bluetooth: hci5: command tx timeout [ 379.489207] Bluetooth: hci4: command tx timeout [ 379.489637] Bluetooth: hci6: command tx timeout [ 379.490876] Bluetooth: hci3: command tx timeout [ 379.809218] Bluetooth: hci7: command tx timeout [ 380.834388] Bluetooth: hci0: command tx timeout [ 381.217029] Bluetooth: hci1: command tx timeout [ 381.282062] Bluetooth: hci2: command tx timeout [ 381.473165] Bluetooth: hci5: command tx timeout [ 381.537051] Bluetooth: hci3: command tx timeout [ 381.537140] Bluetooth: hci4: command tx timeout [ 381.538042] Bluetooth: hci6: command tx timeout [ 381.857541] Bluetooth: hci7: command tx timeout VM DIAGNOSIS: 00:46:23 Registers: info registers vcpu 0 RAX=ffffffff867bec5f RBX=0000000000000001 RCX=ffffffff867bec5a RDX=0000000000000000 RSI=1ffffffff0cf7d8b RDI=ffffffff8647527c RBP=ffff88800960f940 RSP=ffff88800960f878 R8 =ffffffff867bec5a R9 =0000000000000000 R10=000000000003b53d R11=0000000000008641 R12=ffff88800960f948 R13=ffff88800960f930 R14=ffff88800960f929 R15=ffff88800960f8e8 RIP=ffffffff81354085 RFL=00000217 [----APC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e5630000 00000000 00000000 LDT=0000 fffffe5000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ffd401d9ff8 CR3=000000002f721000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=6461657268747062696c2f756e672d78 XMM02=00302e6f732e6461657268747062696c XMM03=2f756e672d78756e696c2d34365f3638 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000001 RBX=0000000000000000 RCX=0000000000000002 RDX=0000000000000000 RSI=ffffffff81353d2d RDI=fffffbfff0b83988 RBP=ffffffff85c1cc40 RSP=ffff88802639f7e0 R8 =0000000000000000 R9 =0000000000000000 R10=000000000003b53d R11=00000000000083e3 R12=0000000000000001 R13=ffffffff81353d2d R14=0000000000000000 R15=ffff88802639f8e8 RIP=ffffffff81aedae7 RFL=00000297 [--S-APC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e5730000 00000000 00000000 LDT=0000 fffffe3300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f4416473310 CR3=000000002833d000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=6461657268747062696c2f756e672d78 XMM02=00302e6f732e6461657268747062696c XMM03=2f756e672d78756e696c2d34365f3638 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000