Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:21647' (ECDSA) to the list of known hosts. 2022/10/04 12:28:39 fuzzer started 2022/10/04 12:28:39 dialing manager at localhost:35095 syzkaller login: [ 36.616038] cgroup: Unknown subsys name 'net' [ 36.718792] cgroup: Unknown subsys name 'rlimit' 2022/10/04 12:28:53 syscalls: 201 2022/10/04 12:28:53 code coverage: enabled 2022/10/04 12:28:53 comparison tracing: enabled 2022/10/04 12:28:53 extra coverage: enabled 2022/10/04 12:28:53 setuid sandbox: enabled 2022/10/04 12:28:53 namespace sandbox: enabled 2022/10/04 12:28:53 Android sandbox: enabled 2022/10/04 12:28:53 fault injection: enabled 2022/10/04 12:28:53 leak checking: enabled 2022/10/04 12:28:53 net packet injection: enabled 2022/10/04 12:28:53 net device setup: enabled 2022/10/04 12:28:53 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/10/04 12:28:53 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/10/04 12:28:53 USB emulation: enabled 2022/10/04 12:28:53 hci packet injection: enabled 2022/10/04 12:28:53 wifi device emulation: failed to parse kernel version (6.0.0-rc7-next-20220930) 2022/10/04 12:28:53 802.15.4 emulation: enabled 2022/10/04 12:28:53 fetching corpus: 0, signal 0/0 (executing program) 2022/10/04 12:28:54 starting 8 fuzzer processes 12:28:54 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_POWER_SAVE(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0x100, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2880}, 0x15) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r0) sendmsg$BATADV_CMD_GET_VLAN(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r1, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4044010) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_GET_POWER_SAVE(r0, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x28, 0x0, 0x204, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x40}}}}, [""]}, 0x28}, 0x1, 0x0, 0x0, 0x8001}, 0x800) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x78, 0x0, 0x20, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x7, 0xe}}}}, [@NL80211_ATTR_CRIT_PROT_ID={0x6}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x54d}, @NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0x2}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x48c}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x3f1}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0xcd5}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0xf07}, @NL80211_ATTR_CRIT_PROT_ID={0x6}, @NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0x3}, @NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0x2}]}, 0x78}, 0x1, 0x0, 0x0, 0x4008010}, 0xc000) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_GET_SEC_DEVKEY(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x58, 0x0, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}]}, 0x58}}, 0x20000000) r5 = openat$null(0xffffffffffffff9c, &(0x7f0000000680), 0x8000, 0x0) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000700), r0) sendmsg$BATADV_CMD_GET_MESH(r5, &(0x7f00000007c0)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x24, r6, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x8}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000840)={'batadv0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000880)={'batadv_slave_0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r5, 0x89f7, &(0x7f0000000940)={'syztnl2\x00', &(0x7f00000008c0)={'syztnl2\x00', 0x0, 0x4, 0x4, 0x2, 0x3, 0x3, @private1={0xfc, 0x1, '\x00', 0x1}, @rand_addr=' \x01\x00', 0x20, 0x1, 0x100, 0x80}}) sendmsg$BATADV_CMD_GET_VLAN(r0, &(0x7f0000000a40)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000a00)={&(0x7f0000000980)={0x5c, r1, 0x400, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x4}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r8}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r9}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r5, &(0x7f0000000b40)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000b00)={&(0x7f0000000ac0)={0x1c, r6, 0x100, 0x70bd27, 0x25dfdbfd, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x20000000) r10 = syz_genetlink_get_family_id$batadv(&(0x7f0000000bc0), r5) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000c80)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000c40)={&(0x7f0000000c00)={0x1c, r10, 0x200, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0xc2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x10) 12:28:54 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000000), r0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_ASSOCIATE_RESP(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x0, 0x400, 0x70bd2d, 0x25dfdbff, {}, [@IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x8004) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADD(r2, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x28, 0x0, 0x400, 0x70bd28, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'hsr0\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x20064001}, 0x240080c1) sendmsg$NLBL_UNLABEL_C_STATICADD(r1, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x14, 0x0, 0x10, 0x70bd29, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x20040040}, 0x0) sendmsg$NBD_CMD_STATUS(r2, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x60, 0x0, 0x400, 0x70bd28, 0x25dfdbfc, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0xd99}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x5}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x597}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x7}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0xb5c}]}, 0x60}, 0x1, 0x0, 0x0, 0x20040084}, 0x0) r3 = semget(0x0, 0x1, 0x0) r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000004c0), r0) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000500)={'wpan4\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wpan0\x00', 0x0}) sendmsg$IEEE802154_LLSEC_GETPARAMS(r1, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x50, r4, 0xc, 0x70bd2d, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r5}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r6}]}, 0x50}, 0x1, 0x0, 0x0, 0x4048000}, 0xc080) semctl$SEM_STAT_ANY(r3, 0x1, 0x14, &(0x7f0000000680)=""/29) r7 = syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), r2) ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000740)={'wpan4\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000780)={'wpan3\x00', 0x0}) sendmsg$NL802154_CMD_SET_MAX_CSMA_BACKOFFS(r0, &(0x7f0000000880)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000840)={&(0x7f00000007c0)={0x44, 0x0, 0x2, 0x70bd26, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r6}, @NL802154_ATTR_MAX_CSMA_BACKOFFS={0x5, 0x12, 0x4}, @NL802154_ATTR_MAX_CSMA_BACKOFFS={0x5, 0x12, 0x80}, @NL802154_ATTR_MAX_CSMA_BACKOFFS={0x5}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r9}]}, 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x4000080) sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r0, &(0x7f00000009c0)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000980)={&(0x7f0000000900)={0x50, 0x0, 0x100, 0x70bd28, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0x2}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5, 0x36, 0x1}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5, 0x36, 0x1}, @IEEE802154_ATTR_LLSEC_SECLEVELS={0x5, 0x35, 0x21}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}, @IEEE802154_ATTR_LLSEC_SECLEVELS={0x5, 0x35, 0xe7}]}, 0x50}, 0x1, 0x0, 0x0, 0x20040880}, 0x0) sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r2, &(0x7f0000000b00)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a40)={0x4c, r7, 0x200, 0x70bd2d, 0x25dfdbfc, {}, [@NL802154_ATTR_SEC_LEVEL={0x24, 0x22, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x7}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5, 0x4, 0x1}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r9}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}]}, 0x4c}}, 0xc0) 12:28:54 executing program 1: setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f0000000040)=0xe096, &(0x7f0000000080)=0x2) r0 = perf_event_open$cgroup(&(0x7f0000000140)={0x1, 0x80, 0x8, 0x8, 0xb1, 0x5, 0x0, 0x5, 0x80, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x101, 0x0, @perf_config_ext={0x9, 0xa666}, 0x40905, 0xfff, 0x0, 0x3, 0x4, 0x4, 0x5, 0x0, 0x10000, 0x0, 0x7fff000000000000}, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0x8) perf_event_open$cgroup(&(0x7f00000000c0)={0x1, 0x80, 0x2, 0x0, 0x3, 0xb6, 0x0, 0x80, 0x0, 0xa, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x3, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8, 0x4, @perf_config_ext={0x1}, 0x8000, 0x773c, 0x2, 0x5, 0xffffffffffffff66, 0x4, 0x8001, 0x0, 0x6, 0x0, 0x2}, 0xffffffffffffffff, 0xffffffffffffffff, r0, 0x8) r1 = syz_io_uring_complete(0x0) getsockopt$bt_BT_FLUSHABLE(r1, 0x112, 0x8, &(0x7f00000001c0)=0x4, &(0x7f0000000200)=0x4) pipe2(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) getsockopt$bt_BT_FLUSHABLE(r2, 0x112, 0x8, &(0x7f0000000280)=0x4, &(0x7f00000002c0)=0x4) r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000300), 0x40080, 0x0) getsockopt$bt_BT_FLUSHABLE(r3, 0x112, 0x8, &(0x7f0000000340), &(0x7f0000000380)=0x4) ioctl$TIOCGPTPEER(r2, 0x5441, 0x4) r5 = syz_io_uring_complete(0x0) getsockopt$bt_BT_FLUSHABLE(r5, 0x112, 0x8, &(0x7f00000003c0)=0x3, &(0x7f0000000400)=0x4) setsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000440)=0xff23, 0x4) r6 = openat$cgroup_ro(r5, &(0x7f0000000480)='memory.swap.current\x00', 0x0, 0x0) getsockopt$bt_BT_FLUSHABLE(r6, 0x112, 0x8, &(0x7f00000004c0)=0x3, &(0x7f0000000500)=0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000540)={'batadv0\x00', 0x0}) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000840)=@IORING_OP_SENDMSG={0x9, 0x4, 0x0, r2, 0x0, &(0x7f0000000800)={&(0x7f0000000580)=@ll={0x11, 0x16, r7, 0x1, 0x7, 0x6, @local}, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000600)="9cf33bbb174d299cdcf8ed14564881a56458d67d8342f241b231ab37459a8b43315f6182f2717ad746454806f7f58fa211b7cae58bf6b8d505126e38875ebeaf38529293d4ca3a99e1e93f5ca4d2", 0x4e}, {&(0x7f0000000680)="0ddf6b6f401a5a998e827bbdfa00f2c881dfd02eb2ec01c77818a7ea8809736dae57f6843388f2a2440458edb40e4025bb3f543cbf57354e08c1e8c9d63db9c961e3716540e714d4d103c1", 0x4b}, {&(0x7f0000000700)="e07c6347da9280189ff0562e5bb138d7851138eeb15c227aa8cfe8fbf48a3b71cfc801ca20513c37ae9131ab9ee7d0abb35e57669eac3b90f46bb01b6bec549e0e9faf89be80fa3d99aa639c770754e3482e327608d4f8be3e3e118f4c1001aec35130534e9bdfe85031d3acf28ee2f86a4f4f5b6ae10adb97654011d21923184e815613990323e9fdf5ff8e2a36994779926769a69838d704b22d857c58c59e1c0a486f7b9556736c32bac5f06e7569ed5584f18d5aeb29", 0xb8}], 0x3}, 0x0, 0x0, 0x1}, 0xbc8d) r8 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$PIO_FONT(r8, 0x4b61, &(0x7f0000000880)="296e2e62524c5e7b7992bda445f6ce6036c1686d2544d772b274d9140feec0cbd5fe1eef2e4d9771bf04542021e1c7953160ecc9950319918c2ee094c3c61a5bce100143af812ae46aff8e70b5fcca7b4c13af5e56b7b670e95ec82020f2b5ba16f0613f79c3d2e5fafd8af7ad4f8d54868fe8f2c170b74f4dd542b048ba4b18a48651694da5490cceb2ef3a9817594fa74dc7cee93d0ea23fc53c939b1b8d1e310a0990170d642fc1a6d6b0feda7be8f493958728704e94bbcd480293f46195a21cced3ffd02d010ac2fc064a3ba015df97205be9af42fa7e5cac9bcd631b6cbb7eabc405e191") 12:28:54 executing program 3: r0 = getegid() r1 = getgid() getresuid(&(0x7f0000000980)=0x0, &(0x7f00000009c0)=0x0, &(0x7f0000000a00)) r4 = fork() msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000a40)={{0x3, 0x0, r1, r3, r0, 0x20, 0x5}, 0x0, 0x0, 0x7fffffff, 0x9, 0x2, 0x3ff, 0xffffffff, 0x7, 0xba38, 0x419, r4}) syz_io_uring_setup(0x129a, &(0x7f0000000ac0)={0x0, 0x74dc, 0x1, 0x0, 0x1}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000b40)=0x0, &(0x7f0000000b80)) syz_io_uring_setup(0x596f, &(0x7f0000000bc0)={0x0, 0xc334, 0x20, 0x1, 0x34b}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000c40), &(0x7f0000000c80)=0x0) r7 = syz_io_uring_complete(0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000d80)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r7, &(0x7f0000000cc0)=0x80, &(0x7f0000000d00)=@phonet, 0x0, 0x80000}, 0x5e) getresuid(&(0x7f0000000e00), &(0x7f0000000e40), &(0x7f0000000e80)=0x0) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r7, 0x89f7, &(0x7f0000000f40)={'ip6_vti0\x00', &(0x7f0000000ec0)={'syztnl1\x00', 0x0, 0x29, 0x0, 0xfe, 0x3f, 0x10, @empty, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1, 0x7800, 0x8}}) getresuid(&(0x7f0000001c00), &(0x7f0000001c40)=0x0, &(0x7f0000001c80)) sendmsg$nl_xfrm(r7, &(0x7f0000002140)={&(0x7f0000000dc0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000002100)={&(0x7f0000001cc0)=@delpolicy={0x420, 0x14, 0x20, 0x70bd29, 0x25dfdbfb, {{@in=@multicast1, @in=@dev={0xac, 0x14, 0x14, 0x15}, 0x4e21, 0x400, 0x4e23, 0x8, 0x2, 0x20, 0x80, 0x3c, 0x0, r8}}, [@replay_val={0x10, 0xa, {0x70bd2a, 0x70bd2b, 0xbb}}, @replay_val={0x10, 0xa, {0x70bd29, 0x70bd2c, 0xff}}, @sa={0xe4, 0x6, {{@in6=@private2, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4e21, 0x3, 0x4e21, 0x9, 0x2, 0x20, 0xa0, 0x84, r9, r10}, {@in=@dev={0xac, 0x14, 0x14, 0x44}, 0x4d2, 0x3c}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, {0xfff, 0x100000000, 0x9, 0x1, 0xfffffffffffffffc, 0x7, 0x2, 0x10001}, {0x6, 0x400, 0x1, 0x4}, {0x4, 0x4, 0x26}, 0x70bd2c, 0x0, 0xa, 0x1, 0x8}}, @srcaddr={0x14, 0xd, @in6=@empty}, @XFRMA_SET_MARK={0x8, 0x1d, 0x400}, @mark={0xc, 0x15, {0x35075c, 0x3767}}, @algo_auth_trunc={0x144, 0x14, {{'sha1-neon\x00'}, 0x7c0, 0x100, "fae476367a320fda068fd42e7f6746384850f7b01a17056da3f8a2e00f1ef2b0e8af6a70c0f7dba259b5613372864be6cba24505842446cc90cb62906372f5198b72b90bf04a3b6eb725d2334ba5ce0858ec530a01454b93b85d228256fb3ae85ff86071564476d3f0fce5a10831e06d317bef55752cf8709c0aaab1b6e228941321c950d705eaf05d6d65d4ee661035938134bc4f7c3caf91cc3b93abc7b560707797291e4221721355c6e2c498ccdbb766531c720a59180d25b10003d086402a35db30bb4b0ec11a98964dcb1b46e02a7a101b120df48c21abff125a5725c915209c82a2d0b0ab99841187b30f85494eb8b18cd63d4625"}}, @policy={0xac, 0x7, {{@in6=@dev={0xfe, 0x80, '\x00', 0x39}, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4e22, 0x24, 0x4e23, 0x0, 0xa, 0x80, 0x10, 0x5e, 0x0, 0xee01}, {0xff, 0xfa64, 0x8000, 0xfffffffffffff87c, 0x100, 0x0, 0x1, 0x100}, {0x5, 0x8, 0xf8, 0x7fffffff}, 0x9, 0x6e6bbf, 0x0, 0x1, 0x1, 0x1}}, @policy={0xac, 0x7, {{@in6=@mcast2, @in6=@dev={0xfe, 0x80, '\x00', 0x29}, 0x4e21, 0x2584, 0x4e24, 0x0, 0xa, 0xa0, 0x0, 0x33, 0x0, r2}, {0x32, 0x80000001, 0x0, 0xedd, 0x0, 0x7fff, 0x80, 0xffff}, {0x6, 0x4846, 0x6, 0x1}, 0x2, 0x6e6bb0, 0x2, 0x1, 0x3, 0x3}}, @proto={0x5, 0x19, 0x6c}]}, 0x420}, 0x1, 0x0, 0x0, 0x8000}, 0x801) r11 = socket(0x1d, 0x80000, 0x1) getsockopt$bt_BT_CHANNEL_POLICY(r11, 0x112, 0xa, &(0x7f0000002180)=0x8, &(0x7f00000021c0)=0x4) r12 = openat$null(0xffffffffffffff9c, &(0x7f0000002200), 0x10800, 0x0) mq_notify(r12, &(0x7f0000002400)={0x0, 0x3e, 0x1, @thr={&(0x7f0000002240)="1184f0f7fbc6b22d42f3e131c3374bccb2d852803c33725329aac3a06984dc7450ad8a541a40f48c823cc0b8e85ae863914dac7964d12241cd15035f47c592262ef69dd8bf6957ed5950871a46cae80413d306fda1ecb8773ccb760d76e81ca7e22b4843cd1a4f1ffd7ecb85125869d333ccdc97fcf6ea7b440cfc11e6f6ad695a69f705642226013828e65a8a81bba8", &(0x7f0000002300)="99b98c6e479fbeb110fd3348bf39065fc7108f432f0327abdd1433a008ebf8beb69768801831b6d8d7711bdd8d9c9e43020cc52eadd53962b95184fd71eaebd5886b9559c1b6858523a52954c9b6007fc5f41c16f948b830beff0f47c2e0324bb6e9820fe3fd549a37a5999e3d71c573acbda165d8b91d8d19aafae0a96bc2f6c7f407e5cd5bc20113fe26f806a237c8cca08c2a3be6805760cdb6b6d0e53b3d4fa544ba6bea229ade6b1962bfbf1c601b9fd5d618f891c4986cd2ed26bab88c8f9c869c153b0ade"}}) mq_getsetattr(r12, &(0x7f0000002440)={0x4e7c456a, 0x4, 0x1}, &(0x7f0000002480)) pipe2(&(0x7f00000024c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) sendmsg$nl_xfrm(r13, &(0x7f00000025c0)={&(0x7f0000002500)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000002580)={&(0x7f0000002540)=@flushsa={0x14, 0x1c, 0x100, 0x70bd2b, 0x25dfdbff, {0x12a}}, 0x14}, 0x1, 0x0, 0x0, 0x4004044}, 0x20000000) [ 51.439572] audit: type=1400 audit(1664886534.963:6): avc: denied { execmem } for pid=283 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 12:28:54 executing program 7: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x400c0) ioctl$SNDRV_TIMER_IOCTL_PVERSION(r0, 0x80045400, &(0x7f0000000040)) ioctl$FIONREAD(0xffffffffffffffff, 0x541b, &(0x7f0000000080)) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84000) getsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000100)=0x4, &(0x7f0000000140)=0x4) ioctl$SNDRV_TIMER_IOCTL_TREAD(r1, 0x40045402, &(0x7f0000000180)=0x1) r3 = socket(0x2c, 0x1, 0xc3) getsockopt$bt_BT_VOICE(r3, 0x112, 0xb, &(0x7f00000001c0), &(0x7f0000000200)=0x2) r4 = syz_io_uring_complete(0x0) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r4, 0x89f7, &(0x7f00000002c0)={'syztnl2\x00', &(0x7f0000000240)={'ip6_vti0\x00', 0x0, 0x2, 0x0, 0x3, 0x1, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x40, 0x10, 0x9, 0x6}}) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r2, 0x89f7, &(0x7f0000000380)={'syztnl2\x00', &(0x7f0000000300)={'ip6_vti0\x00', r5, 0x2f, 0x24, 0x6, 0x80, 0x2, @loopback, @mcast1, 0x7, 0x80, 0x0, 0x80000001}}) sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x3c, 0x0, 0x10, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x1ff}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) sendmsg$BATADV_CMD_TP_METER(r2, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x48, 0x0, 0x2, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x8000}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x6}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x13}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20048000}, 0x0) r6 = syz_io_uring_complete(0x0) sendmsg$NL80211_CMD_GET_WIPHY(r6, &(0x7f00000006c0)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x1c, 0x0, 0x10, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x7d}, @void, @void}}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x90) sendmsg$BATADV_CMD_GET_DAT_CACHE(r2, &(0x7f00000007c0)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x34, 0x0, 0x8, 0x70bd28, 0x25dfdbfc, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x3}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000010}, 0xc0) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$IEEE802154_LLSEC_DEL_KEY(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x82000}, 0xc, &(0x7f0000000900)={&(0x7f0000000880)={0x64, 0x0, 0x800, 0x70bd2c, 0x25dfdbfb, {}, [@IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_SHORT_ADDR={0x6}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_SHORT_ADDR={0x6}]}, 0x64}, 0x1, 0x0, 0x0, 0x24008001}, 0x40) r7 = socket(0x25, 0xa, 0x7) sendmsg$NL80211_CMD_PROBE_MESH_LINK(r7, &(0x7f0000000e40)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000e00)={&(0x7f00000009c0)={0x40c, 0x0, 0x200, 0x70bd2a, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x3, 0x4}}}}, [@NL80211_ATTR_FRAME={0x18, 0x33, @ctrl_frame=@bar={{}, {0x7f80}, @device_a, @device_b, @compressed={{0x1, 0x0, 0x1, 0x0, 0xb}, {0x5, 0x7f}}}}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_FRAME={0x1c0, 0x33, @data_frame={@qos_ht={{{@type00={{0x0, 0x2, 0xe, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x20}, @broadcast, @device_a, @random="c8a8dcb3acad", {0x2, 0x7}}, {0x9, 0x1, 0x2, 0x0, 0x8}}, {@type01={{0x0, 0x2, 0x9, 0x0, 0x1, 0x0, 0x1}, {0x4}, @device_b, @from_mac, @random="40e1beeb4e13", {0x6, 0x7f}}, {0x5, 0x1, 0x0, 0x1, 0x3c}}}, @ver_80211n={0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, @a_msdu=[{@device_a, @device_b, 0xa4, "971c98536b12caea382264f20bd03f3bc174d988da7a1731f333da54f461e7ec7ac99516b7c4d8e31de8a97c9ee9fc5c30ed162daa701ced08e9892d94ca3f7dd5e3cbc19d3a39850e4ba4e2d9f21e258d09aff9921ad1182e79d215caadf99c75fc1af9aa7e451cd57785ce3afdc78d281c5a54cffe6795e51d4c47ecd4efcbd24f42f99992f8d6a45feac4da622f3d33c24c64e57b928960782b7da5073ae21881ad19"}, {@broadcast, @broadcast, 0xa4, "207fa7506eb941ea28e0830857340e313d3980f2399b757ea5c716489de2a652b9377732dd745e4f1eee3797bcdfe1345bc86177be27e62d6a5460c39304a819efb4919b75643f8fcdc035b7fcd0c76cc6820c948e8d1503b70afd16aae7993a1135bc404c2d4517952e256e764faa459a822ab5f098473d8bb503382a9b7eef2ce4bde24c410fd6060c0c8e26a48fcce718f5792d667f3f0eb91b038e5a887786ecd834"}, {@device_b, @device_a, 0xe, "1776792264fde3a2b401ea0576b5"}]}}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_FRAME={0x1e9, 0x33, @mgmt_frame=@assoc_resp={@with_ht={{{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, {0x5ec4}, @device_a, @broadcast, @initial, {0x2, 0x100}}, @ver_80211n={0x0, 0x7, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1}}, 0x54, 0x5a, @random=0x9, @void, @val={0x2d, 0x1a, {0x2000, 0x2, 0x4, 0x0, {0x0, 0x40, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x800, 0xf1c, 0x80}}, [{0xdd, 0x6f, "8f1944068ff8ec044f5306bce15cbc7e7a417005ebb25e5da66be9a4f86512bbedf0e50ee2d0a9fee3403da5a476c4413c34d98707e8618389430d9c204895bfd12940382abf3e0f5993185041754c2b7d0777ac71eecf17aacfd1661aa2ff57fe9442a45b2fb5f8f445e771469b89"}, {0xdd, 0x8a, "72c7117184319df748a793d8f16dc87f5d3a1ad944ca3308db23d414ecc9002230fdd67fced3255782adc34c8f267b66fe2167c74267ea19bae124b227401ce299178661b23f7aa2d8c83f2eb10f628aa358c27faad83c3a6652536c79fa645b808e72834d8829d12f141ddddf7d31443ef32b3904fa5022fffcc628ca1986514c4beef0c868136ba723"}, {0xdd, 0xa8, "64df0d1e3687a4a9fb9e282119cfabfa235e4d402b34fa4c4dc8e357aed5d1114e19f0a6b094b9739414a23bb111bee71e507b7dfb119adba7148d28d6dfb5ab808189621e9f9d1687f10092b8e2bbcabf75c1c28776b5744147842e96406d590a0dc948878378fbdca5d074613201baf5d12cfac1e469e8d0fc829f6fe8cc88611196d4c2d629e8fe5401f52c4a47d9dc723e3443f04eb8c0b09016761a0b300b5332ca89b73564"}]}}, @NL80211_ATTR_FRAME={0xe, 0x33, @ctrl_frame=@cts={{}, {}, @broadcast}}]}, 0x40c}, 0x1, 0x0, 0x0, 0x8000040}, 0x8000) 12:28:54 executing program 4: sendmsg$NL80211_CMD_SET_WDS_PEER(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, 0x0, 0x100, 0x70bd25, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x3ff, 0x49}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@device_b}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x40000084) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_MPP(r0, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x88, r1, 0x10, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x88}, 0x1, 0x0, 0x0, 0x10004}, 0x20000000) r2 = openat$null(0xffffffffffffff9c, &(0x7f00000002c0), 0x800, 0x0) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r2, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x48, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0xe843}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x7}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x48}}, 0x40) clock_gettime(0x0, &(0x7f0000000540)={0x0, 0x0}) mq_timedsend(r2, &(0x7f0000000440)="f9457e6f497216410e4a9484d446eba9c72a3c72a08e863e903cbc1a758944387e3fb9c550fe5450966cf745b16acb0a9d146ed4dd8089161baa5cbff1df5d28bf3b9cf3b4635278fbcf8d0b0b5e006c20d4a83dd7b1c0fefc8b19dc283f5b6cdad42df4e1b9a399ff54128a307802cef89c1883bb1704a9945b53014ff12d2413b8acadc0527e5fd29b03ce8390e307f272bf13003eb7260f45a6bd835b33b9394e91cfd65f2365467869280f3b05d2cbd76b78ca0cc8e74859e995eec1ea50c0acc389d941", 0xc6, 0x5e, &(0x7f0000000580)={r3, r4+10000000}) semtimedop(0x0, &(0x7f00000005c0)=[{0x1, 0x2}, {0x2, 0x3, 0x1000}, {0x3, 0x0, 0x1000}, {0x1, 0x3aad, 0xd1435c1b9315724}], 0x4, &(0x7f0000000600)) r5 = semget$private(0x0, 0x4, 0x1) semctl$SEM_STAT_ANY(r5, 0x631fef95f34fcb16, 0x14, &(0x7f0000000640)=""/184) sendmsg$BATADV_CMD_GET_NEIGHBORS(r2, &(0x7f0000000800)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000740)={0x44, 0x0, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x3}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x9}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x80000000}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x1000}]}, 0x44}, 0x1, 0x0, 0x0, 0x45044}, 0x40000) r6 = semget$private(0x0, 0x1, 0x200) semctl$SEM_INFO(r6, 0x3, 0x13, &(0x7f0000000840)=""/172) r7 = fork() r8 = clone3(&(0x7f0000000b00)={0x502000100, &(0x7f0000000900), &(0x7f0000000940)=0x0, &(0x7f0000000980), {0x29}, &(0x7f00000009c0)=""/126, 0x7e, &(0x7f0000000a40)=""/84, &(0x7f0000000ac0)=[0xffffffffffffffff, 0x0, r7], 0x3, {r2}}, 0x58) r10 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000bc0), 0xffffffffffffffff) sendmsg$IEEE802154_LLSEC_DEL_KEY(0xffffffffffffffff, &(0x7f0000000c80)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000c40)={&(0x7f0000000c00)={0x2c, r10, 0x930, 0x70bd26, 0x25dfdbfd, {}, [@IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0102}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10008010}, 0x8004) mq_timedreceive(r2, &(0x7f0000000cc0)=""/84, 0x54, 0xfffffffffffff078, 0x0) clone3(&(0x7f0000000f00)={0x180, &(0x7f0000000d40), &(0x7f0000000d80), &(0x7f0000000dc0), {0x24}, &(0x7f0000000e00)=""/109, 0x6d, &(0x7f0000000e80)=""/8, &(0x7f0000000ec0)=[r8, r9, 0x0, r9], 0x4}, 0x58) 12:28:54 executing program 5: ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, &(0x7f0000000000)={{0x0, 0x2, 0x4, 0x2, 0x200}, 0x7fff, 0x401, 0x8}) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000080), 0x10402, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000000c0)={{0xffffffffffffffff, 0x3, 0x4, 0x3, 0x3}}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(r0, 0x80045400, &(0x7f0000000100)) ioctl$SNDRV_TIMER_IOCTL_GINFO(r0, 0xc0f85403, &(0x7f0000000140)={{0x2, 0x2, 0x2, 0x3}, 0x400, 0xf283, 'id0\x00', 'timer1\x00', 0x0, 0x401, 0x10001, 0x7, 0x80}) syz_io_uring_setup(0x3bc6, &(0x7f0000000240)={0x0, 0x89cb, 0x4, 0x0, 0x11}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000300)) r2 = syz_io_uring_complete(r1) r3 = syz_io_uring_complete(r1) ioctl$SNDRV_TIMER_IOCTL_PVERSION(r3, 0x80045400, &(0x7f0000000340)) sendmsg$NL802154_CMD_GET_SEC_DEVKEY(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x20, 0x0, 0x800, 0x70bd26, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}]}, 0x20}, 0x1, 0x0, 0x0, 0x40088c4}, 0x800) ioctl$HIDIOCGREPORT(r3, 0x400c4807, &(0x7f0000000480)={0x2, 0xffffffff}) r4 = openat$cgroup_ro(r0, &(0x7f00000004c0)='blkio.bfq.io_wait_time\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r4, 0x40505412, &(0x7f0000000500)={0x3, 0x7, 0x778e, 0x0, 0x2}) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='cpuset.memory_pressure_enabled\x00', 0x0, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000600), r2) sendmsg$NL80211_CMD_STOP_SCHED_SCAN(r5, &(0x7f00000006c0)={&(0x7f00000005c0), 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x20, r6, 0x200, 0x70bd26, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x61}]}, 0x20}, 0x1, 0x0, 0x0, 0x81}, 0x4000000) r7 = syz_io_uring_complete(r1) getsockopt$bt_BT_DEFER_SETUP(r7, 0x112, 0x7, &(0x7f0000000700)=0x1, &(0x7f0000000740)=0x4) ioctl$SNDRV_TIMER_IOCTL_GINFO(r4, 0xc0f85403, &(0x7f0000000780)={{0x1, 0x2, 0x3, 0x3, 0x1}, 0x4, 0x8e28, 'id1\x00', 'timer1\x00', 0x0, 0x8, 0x6, 0x9, 0x8}) syz_io_uring_setup(0x37d1, &(0x7f0000000880)={0x0, 0x4bc1, 0x2, 0x3, 0x113, 0x0, r4}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000900), &(0x7f0000000940)) 12:28:54 executing program 6: ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, &(0x7f0000000000)={{0xffffffffffffffff, 0x2, 0x5, 0x2, 0x3f80}, 0x2, 0x284000000, 0x100000001}) r0 = syz_open_dev$ptys(0xc, 0x3, 0x1) ioctl$PIO_FONT(r0, 0x4b61, &(0x7f0000000080)="151bbff2c094df918f3893a8392f706568b3b955d9c4f5662d3eb01594cf3f10b8252354c85e02cc271474dee62074338b9b56f052e48e76247d378471ff99afda6008ecb63655d5221fb63623eaaf578dc4e3d1794820cbef1913a5028214737b96b4e03c4468166f76970bcff071a2af9449eef106c7b68602e7b005f4cdffa99a2d7fa75fd90e4e75d8a58547df0ccc522cd529e4c3804d826c99d2885222defd") pipe2(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) ioctl$SNDRV_TIMER_IOCTL_START(r2, 0x54a0) syz_open_dev$hiddev(&(0x7f0000000180), 0x8, 0x20000) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000001c0), 0x20a000) ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000200)={{0x2, 0x2, 0x7, 0x3, 0x7}}) sendmsg$BATADV_CMD_GET_ORIGINATORS(r1, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x2c, 0x0, 0x0, 0x70bd26, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x4}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_GW_SEL_CLASS={0x8}]}, 0x2c}}, 0x40) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000340)) sendmsg$NL802154_CMD_GET_SEC_KEY(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x2c, 0x0, 0x2, 0x70bd27, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}]}, 0x2c}, 0x1, 0x0, 0x0, 0xc900}, 0x0) r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$IEEE802154_ASSOCIATE_RESP(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x34, r4, 0x800, 0x70bd26, 0x25dfdbfe, {}, [@IEEE802154_ATTR_COORD_SHORT_ADDR={0x6}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6}, @IEEE802154_ATTR_STATUS={0x5, 0x3, 0xfa}, @IEEE802154_ATTR_STATUS={0x5, 0x3, 0xd4}]}, 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x4) sendmsg$NL802154_CMD_SET_MAX_FRAME_RETRIES(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x3c, 0x0, 0x400, 0x70bd2a, 0x25dfdbfd, {}, [@NL802154_ATTR_MAX_FRAME_RETRIES={0x5, 0xf, 0xcb}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_MAX_FRAME_RETRIES={0x5, 0xf, 0x2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24000880}, 0x40) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_VLAN(r5, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x14, 0x0, 0x200, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x31) sendmsg$NL802154_CMD_SET_SHORT_ADDR(0xffffffffffffffff, &(0x7f0000000880)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)={0x30, 0x0, 0x700, 0x70bd2a, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x810) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000008c0), 0x10001, 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r2, 0x40485404, &(0x7f0000000900)={{0x3, 0x3, 0x6, 0x1, 0x7fffffff}, 0x3f, 0x7fff}) [ 52.831799] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 52.833645] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 52.835511] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 52.836600] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 52.838109] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 52.838166] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 52.839692] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 52.842413] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 52.844512] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 52.846241] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 52.847710] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 52.848595] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 52.848689] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 52.850722] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 52.851605] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 52.853058] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 52.853893] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 52.854029] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 52.855646] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 52.855756] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 52.870016] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 52.871245] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 52.872280] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 52.876581] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 52.877444] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 52.879357] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 52.880376] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 52.881026] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 52.882803] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 52.883422] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 52.884464] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 52.886430] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 52.891298] Bluetooth: hci1: HCI_REQ-0x0c1a [ 52.892490] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 52.893537] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 52.894282] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 52.895773] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 52.899117] Bluetooth: hci2: HCI_REQ-0x0c1a [ 52.900328] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 52.901816] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 52.902891] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 52.904314] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 52.905484] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 52.906590] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 52.907524] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 52.908676] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 52.909576] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 52.910418] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 52.912552] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 52.914359] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 52.915208] Bluetooth: hci0: HCI_REQ-0x0c1a [ 52.920172] Bluetooth: hci6: HCI_REQ-0x0c1a [ 52.925433] Bluetooth: hci7: HCI_REQ-0x0c1a [ 52.927376] Bluetooth: hci5: HCI_REQ-0x0c1a [ 52.930522] Bluetooth: hci3: HCI_REQ-0x0c1a [ 52.947947] Bluetooth: hci4: HCI_REQ-0x0c1a [ 54.923898] Bluetooth: hci1: command 0x0409 tx timeout [ 54.987241] Bluetooth: hci4: command 0x0409 tx timeout [ 54.987354] Bluetooth: hci2: command 0x0409 tx timeout [ 54.988316] Bluetooth: hci5: command 0x0409 tx timeout [ 54.988956] Bluetooth: hci6: command 0x0409 tx timeout [ 54.989636] Bluetooth: hci0: command 0x0409 tx timeout [ 54.990203] Bluetooth: hci3: command 0x0409 tx timeout [ 54.990947] Bluetooth: hci7: command 0x0409 tx timeout [ 56.971732] Bluetooth: hci1: command 0x041b tx timeout [ 57.035016] Bluetooth: hci7: command 0x041b tx timeout [ 57.036282] Bluetooth: hci3: command 0x041b tx timeout [ 57.036811] Bluetooth: hci0: command 0x041b tx timeout [ 57.037367] Bluetooth: hci6: command 0x041b tx timeout [ 57.037879] Bluetooth: hci5: command 0x041b tx timeout [ 57.038422] Bluetooth: hci2: command 0x041b tx timeout [ 57.039004] Bluetooth: hci4: command 0x041b tx timeout [ 59.019020] Bluetooth: hci1: command 0x040f tx timeout [ 59.083151] Bluetooth: hci4: command 0x040f tx timeout [ 59.083746] Bluetooth: hci2: command 0x040f tx timeout [ 59.084291] Bluetooth: hci5: command 0x040f tx timeout [ 59.084811] Bluetooth: hci6: command 0x040f tx timeout [ 59.085280] Bluetooth: hci0: command 0x040f tx timeout [ 59.085769] Bluetooth: hci3: command 0x040f tx timeout [ 59.086282] Bluetooth: hci7: command 0x040f tx timeout [ 61.067048] Bluetooth: hci1: command 0x0419 tx timeout [ 61.131169] Bluetooth: hci7: command 0x0419 tx timeout [ 61.131717] Bluetooth: hci3: command 0x0419 tx timeout [ 61.132265] Bluetooth: hci0: command 0x0419 tx timeout [ 61.132725] Bluetooth: hci6: command 0x0419 tx timeout [ 61.133202] Bluetooth: hci5: command 0x0419 tx timeout [ 61.133688] Bluetooth: hci2: command 0x0419 tx timeout [ 61.134175] Bluetooth: hci4: command 0x0419 tx timeout [ 115.043972] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 115.046191] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 115.047315] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 115.050015] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 115.051571] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 115.052824] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 115.056710] Bluetooth: hci0: HCI_REQ-0x0c1a [ 115.089064] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 115.090564] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 115.091740] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 115.100165] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 115.102060] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 115.103035] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 115.106777] Bluetooth: hci1: HCI_REQ-0x0c1a [ 115.165771] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 115.168763] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 115.175816] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 115.180186] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 115.183492] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 115.184750] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 115.191977] Bluetooth: hci2: HCI_REQ-0x0c1a [ 115.234710] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 115.242553] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 115.245153] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 115.245857] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 115.247237] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 115.248020] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 115.255147] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 115.260321] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 115.261450] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 115.267288] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 115.276021] Bluetooth: hci4: HCI_REQ-0x0c1a [ 115.292652] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 115.293623] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 115.299123] Bluetooth: hci5: HCI_REQ-0x0c1a [ 115.313250] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 115.313303] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 115.316154] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 115.316980] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 115.318748] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 115.318773] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 115.324022] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 115.325870] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 115.326012] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 115.328204] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 115.329990] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 115.333044] Bluetooth: hci7: HCI_REQ-0x0c1a [ 115.336164] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 115.345254] Bluetooth: hci6: HCI_REQ-0x0c1a [ 117.067048] Bluetooth: hci0: command 0x0409 tx timeout [ 117.131149] Bluetooth: hci1: command 0x0409 tx timeout [ 117.195051] Bluetooth: hci2: command 0x0409 tx timeout [ 117.259034] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 117.323082] Bluetooth: hci4: command 0x0409 tx timeout [ 117.324074] Bluetooth: hci5: command 0x0409 tx timeout [ 117.388043] Bluetooth: hci6: command 0x0409 tx timeout [ 117.388335] Bluetooth: hci7: command 0x0409 tx timeout [ 119.116088] Bluetooth: hci0: command 0x041b tx timeout [ 119.179070] Bluetooth: hci1: command 0x041b tx timeout [ 119.244023] Bluetooth: hci2: command 0x041b tx timeout [ 119.371036] Bluetooth: hci5: command 0x041b tx timeout [ 119.373643] Bluetooth: hci4: command 0x041b tx timeout [ 119.435012] Bluetooth: hci6: command 0x041b tx timeout [ 119.437064] Bluetooth: hci7: command 0x041b tx timeout [ 121.164252] Bluetooth: hci0: command 0x040f tx timeout [ 121.228001] Bluetooth: hci1: command 0x040f tx timeout [ 121.291054] Bluetooth: hci2: command 0x040f tx timeout [ 121.419985] Bluetooth: hci4: command 0x040f tx timeout [ 121.420030] Bluetooth: hci5: command 0x040f tx timeout [ 121.483001] Bluetooth: hci7: command 0x040f tx timeout [ 121.483563] Bluetooth: hci6: command 0x040f tx timeout [ 121.868047] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 123.211690] Bluetooth: hci0: command 0x0419 tx timeout [ 123.275044] Bluetooth: hci1: command 0x0419 tx timeout [ 123.338982] Bluetooth: hci2: command 0x0419 tx timeout [ 123.467007] Bluetooth: hci5: command 0x0419 tx timeout [ 123.468025] Bluetooth: hci4: command 0x0419 tx timeout [ 123.531029] Bluetooth: hci6: command 0x0419 tx timeout [ 123.531203] Bluetooth: hci7: command 0x0419 tx timeout [ 124.464302] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 124.477265] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 124.480678] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 124.487448] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 124.496424] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 124.500814] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 124.529993] Bluetooth: hci3: HCI_REQ-0x0c1a [ 126.603054] Bluetooth: hci3: command 0x0409 tx timeout [ 128.651597] Bluetooth: hci3: command 0x041b tx timeout [ 130.698988] Bluetooth: hci3: command 0x040f tx timeout [ 132.746996] Bluetooth: hci3: command 0x0419 tx timeout [ 177.248710] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 177.251729] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 177.263101] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 177.266455] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 177.267592] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 177.269928] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 177.274519] Bluetooth: hci1: HCI_REQ-0x0c1a [ 177.560009] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 177.563956] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 177.565146] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 177.566238] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 177.569404] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 177.570211] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 177.570958] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 177.581230] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 177.582298] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 177.592231] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 177.593743] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 177.605223] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 177.609414] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 177.611548] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 177.612390] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 177.613298] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 177.615169] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 177.616734] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 177.617750] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 177.620935] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 177.623499] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 177.627313] Bluetooth: hci6: HCI_REQ-0x0c1a [ 177.627898] Bluetooth: hci5: HCI_REQ-0x0c1a [ 177.629620] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 177.630685] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 177.640229] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 177.646480] Bluetooth: hci4: HCI_REQ-0x0c1a [ 177.653860] Bluetooth: hci7: HCI_REQ-0x0c1a [ 179.147085] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 179.275161] Bluetooth: hci1: command 0x0409 tx timeout [ 179.467089] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 179.530975] INFO: task rcu_gp:3 blocked for more than 142 seconds. [ 179.531699] Not tainted 6.0.0-rc7-next-20220930 #1 [ 179.532353] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 179.533080] task:rcu_gp state:I stack:30328 pid:3 ppid:2 flags:0x00004000 [ 179.534229] Call Trace: [ 179.534638] [ 179.534838] __schedule+0x893/0x2470 [ 179.535467] ? io_schedule_timeout+0x150/0x150 [ 179.535938] ? do_raw_spin_lock+0x121/0x260 [ 179.536363] ? rwlock_bug.part.0+0x90/0x90 [ 179.536863] schedule+0xda/0x1b0 [ 179.537247] rescuer_thread+0x851/0xdb0 [ 179.537685] ? _raw_spin_unlock_irqrestore+0x28/0x60 [ 179.538212] ? _raw_spin_unlock_irqrestore+0x28/0x60 [ 179.538707] ? lockdep_hardirqs_on+0x79/0x100 [ 179.539175] ? worker_thread+0x1260/0x1260 [ 179.539603] kthread+0x2ed/0x3a0 [ 179.539989] ? kthread_complete_and_exit+0x40/0x40 [ 179.540483] ret_from_fork+0x22/0x30 [ 179.540941] [ 179.541182] INFO: task rcu_par_gp:4 blocked for more than 142 seconds. [ 179.541801] Not tainted 6.0.0-rc7-next-20220930 #1 [ 179.542341] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 179.543056] task:rcu_par_gp state:I stack:30944 pid:4 ppid:2 flags:0x00004000 [ 179.543985] Call Trace: [ 179.544237] [ 179.544457] __schedule+0x893/0x2470 [ 179.544873] ? io_schedule_timeout+0x150/0x150 [ 179.545356] ? do_raw_spin_lock+0x121/0x260 [ 179.545804] ? rwlock_bug.part.0+0x90/0x90 [ 179.546275] schedule+0xda/0x1b0 [ 179.546634] rescuer_thread+0x851/0xdb0 [ 179.547098] ? _raw_spin_unlock_irqrestore+0x28/0x60 [ 179.547598] ? _raw_spin_unlock_irqrestore+0x28/0x60 [ 179.548146] ? lockdep_hardirqs_on+0x79/0x100 [ 179.548578] ? worker_thread+0x1260/0x1260 [ 179.549029] kthread+0x2ed/0x3a0 [ 179.549369] ? kthread_complete_and_exit+0x40/0x40 [ 179.549863] ret_from_fork+0x22/0x30 [ 179.550300] [ 179.550541] INFO: task slub_flushwq:5 blocked for more than 142 seconds. [ 179.551205] Not tainted 6.0.0-rc7-next-20220930 #1 [ 179.551717] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 179.552522] task:slub_flushwq state:I stack:30944 pid:5 ppid:2 flags:0x00004000 [ 179.553399] Call Trace: [ 179.553635] [ 179.553860] __schedule+0x893/0x2470 [ 179.554269] ? io_schedule_timeout+0x150/0x150 [ 179.554741] ? do_raw_spin_lock+0x121/0x260 [ 179.555273] ? rwlock_bug.part.0+0x90/0x90 [ 179.555703] schedule+0xda/0x1b0 [ 179.556051] rescuer_thread+0x851/0xdb0 [ 179.556431] ? _raw_spin_unlock_irqrestore+0x28/0x60 [ 179.556948] ? _raw_spin_unlock_irqrestore+0x28/0x60 [ 179.557410] ? lockdep_hardirqs_on+0x79/0x100 [ 179.557833] ? worker_thread+0x1260/0x1260 [ 179.558252] kthread+0x2ed/0x3a0 [ 179.558587] ? kthread_complete_and_exit+0x40/0x40 [ 179.559085] ret_from_fork+0x22/0x30 [ 179.559454] [ 179.559679] INFO: task netns:6 blocked for more than 143 seconds. [ 179.560249] Not tainted 6.0.0-rc7-next-20220930 #1 [ 179.560728] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 179.561463] task:netns state:I stack:30944 pid:6 ppid:2 flags:0x00004000 [ 179.562225] Call Trace: [ 179.562474] [ 179.562696] __schedule+0x893/0x2470 [ 179.563131] ? io_schedule_timeout+0x150/0x150 [ 179.563578] ? do_raw_spin_lock+0x121/0x260 [ 179.564046] ? rwlock_bug.part.0+0x90/0x90 [ 179.564456] schedule+0xda/0x1b0 [ 179.564806] rescuer_thread+0x851/0xdb0 [ 179.565245] ? _raw_spin_unlock_irqrestore+0x28/0x60 [ 179.565725] ? _raw_spin_unlock_irqrestore+0x28/0x60 [ 179.566292] ? lockdep_hardirqs_on+0x79/0x100 [ 179.566775] ? worker_thread+0x1260/0x1260 [ 179.567226] kthread+0x2ed/0x3a0 [ 179.567556] ? kthread_complete_and_exit+0x40/0x40 [ 179.568108] ret_from_fork+0x22/0x30 [ 179.568507] [ 179.568742] INFO: task kworker/0:0H:8 blocked for more than 143 seconds. [ 179.569418] Not tainted 6.0.0-rc7-next-20220930 #1 [ 179.569973] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 179.570665] task:kworker/0:0H state:I stack:28952 pid:8 ppid:2 flags:0x00004000 [ 179.571475] Workqueue: 0x0 (kblockd) [ 179.571868] Call Trace: [ 179.572158] [ 179.572385] __schedule+0x893/0x2470 [ 179.572811] ? io_schedule_timeout+0x150/0x150 [ 179.573305] schedule+0xda/0x1b0 [ 179.573633] worker_thread+0x15f/0x1260 [ 179.574035] ? process_one_work+0x16a0/0x16a0 [ 179.574452] kthread+0x2ed/0x3a0 [ 179.574790] ? kthread_complete_and_exit+0x40/0x40 [ 179.575301] ret_from_fork+0x22/0x30 [ 179.575689] [ 179.575993] INFO: task mm_percpu_wq:10 blocked for more than 143 seconds. [ 179.576631] Not tainted 6.0.0-rc7-next-20220930 #1 [ 179.577210] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 179.578022] task:mm_percpu_wq state:I stack:30944 pid:10 ppid:2 flags:0x00004000 [ 179.578807] Call Trace: [ 179.579084] [ 179.579326] __schedule+0x893/0x2470 [ 179.579740] ? io_schedule_timeout+0x150/0x150 [ 179.580249] ? do_raw_spin_lock+0x121/0x260 [ 179.580692] ? rwlock_bug.part.0+0x90/0x90 [ 179.581173] schedule+0xda/0x1b0 [ 179.581515] rescuer_thread+0x851/0xdb0 [ 179.581940] ? _raw_spin_unlock_irqrestore+0x28/0x60 [ 179.582447] ? _raw_spin_unlock_irqrestore+0x28/0x60 [ 179.583129] ? lockdep_hardirqs_on+0x79/0x100 [ 179.583562] ? worker_thread+0x1260/0x1260 [ 179.584090] kthread+0x2ed/0x3a0 [ 179.584445] ? kthread_complete_and_exit+0x40/0x40 [ 179.584987] ret_from_fork+0x22/0x30 [ 179.585349] [ 179.585572] INFO: task rcu_tasks_kthre:11 blocked for more than 143 seconds. [ 179.586294] Not tainted 6.0.0-rc7-next-20220930 #1 [ 179.586757] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 179.587450] task:rcu_tasks_kthre state:I stack:29272 pid:11 ppid:2 flags:0x00004000 [ 179.588265] Call Trace: [ 179.588522] [ 179.588753] __schedule+0x893/0x2470 [ 179.589234] ? io_schedule_timeout+0x150/0x150 [ 179.589655] ? mark_held_locks+0x9e/0xe0 [ 179.590081] ? _raw_spin_unlock_irqrestore+0x28/0x60 [ 179.590563] schedule+0xda/0x1b0 [ 179.590946] rcu_tasks_one_gp+0x3db/0xc10 [ 179.591383] rcu_tasks_kthread+0x80/0xa0 [ 179.591783] ? rcu_tasks_postscan+0x10/0x10 [ 179.592232] kthread+0x2ed/0x3a0 [ 179.592567] ? kthread_complete_and_exit+0x40/0x40 [ 179.593102] ret_from_fork+0x22/0x30 [ 179.593464] [ 179.593681] INFO: task kworker/1:0H:21 blocked for more than 143 seconds. [ 179.594368] Not tainted 6.0.0-rc7-next-20220930 #1 [ 179.594877] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 179.595631] task:kworker/1:0H state:I stack:29760 pid:21 ppid:2 flags:0x00004000 [ 179.596432] Workqueue: 0x0 (events_highpri) [ 179.596924] Call Trace: [ 179.597181] [ 179.597409] __schedule+0x893/0x2470 [ 179.597815] ? io_schedule_timeout+0x150/0x150 [ 179.598292] schedule+0xda/0x1b0 [ 179.598624] worker_thread+0x15f/0x1260 [ 179.599119] ? process_one_work+0x16a0/0x16a0 [ 179.599550] kthread+0x2ed/0x3a0 [ 179.599880] ? kthread_complete_and_exit+0x40/0x40 [ 179.600387] ret_from_fork+0x22/0x30 [ 179.600837] [ 179.601113] INFO: task inet_frag_wq:23 blocked for more than 143 seconds. [ 179.601769] Not tainted 6.0.0-rc7-next-20220930 #1 [ 179.602350] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 179.603128] task:inet_frag_wq state:I stack:30704 pid:23 ppid:2 flags:0x00004000 [ 179.603982] Call Trace: [ 179.604233] [ 179.604465] __schedule+0x893/0x2470 [ 179.604889] ? io_schedule_timeout+0x150/0x150 [ 179.605393] ? do_raw_spin_lock+0x121/0x260 [ 179.605872] ? rwlock_bug.part.0+0x90/0x90 [ 179.606343] schedule+0xda/0x1b0 [ 179.606691] rescuer_thread+0x851/0xdb0 [ 179.607133] ? _raw_spin_unlock_irqrestore+0x28/0x60 [ 179.607617] ? _raw_spin_unlock_irqrestore+0x28/0x60 [ 179.608200] ? lockdep_hardirqs_on+0x79/0x100 [ 179.608647] ? worker_thread+0x1260/0x1260 [ 179.609146] kthread+0x2ed/0x3a0 [ 179.609502] ? kthread_complete_and_exit+0x40/0x40 [ 179.610051] ret_from_fork+0x22/0x30 [ 179.610430] [ 179.610662] INFO: task writeback:28 blocked for more than 143 seconds. [ 179.611348] Not tainted 6.0.0-rc7-next-20220930 #1 [ 179.611849] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 179.612598] task:writeback state:I stack:30176 pid:28 ppid:2 flags:0x00004000 [ 179.613461] Call Trace: [ 179.613714] [ 179.614010] __schedule+0x893/0x2470 [ 179.614403] ? io_schedule_timeout+0x150/0x150 [ 179.614882] ? do_raw_spin_lock+0x121/0x260 [ 179.615361] ? rwlock_bug.part.0+0x90/0x90 [ 179.615796] schedule+0xda/0x1b0 [ 179.616241] rescuer_thread+0x851/0xdb0 [ 179.616622] ? _raw_spin_unlock_irqrestore+0x28/0x60 [ 179.617201] ? _raw_spin_unlock_irqrestore+0x28/0x60 [ 179.617687] ? lockdep_hardirqs_on+0x79/0x100 [ 179.618189] ? worker_thread+0x1260/0x1260 [ 179.618593] kthread+0x2ed/0x3a0 [ 179.618948] ? kthread_complete_and_exit+0x40/0x40 [ 179.619414] ret_from_fork+0x22/0x30 [ 179.619770] [ 179.620097] [ 179.620097] Showing all locks held in the system: [ 179.620643] 2 locks held by kworker/u4:0/9: [ 179.621100] #0: ffff888007c61138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x915/0x16a0 [ 179.622152] #1: ffff88800861fdb0 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x949/0x16a0 [ 179.623263] 1 lock held by rcu_tasks_kthre/11: [ 179.623702] #0: ffffffff85406850 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc10 [ 179.624683] 1 lock held by khungtaskd/25: [ 179.625131] #0: ffffffff85407320 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 [ 179.626034] 2 locks held by kworker/u4:2/33: [ 179.626432] #0: ffff888007c61138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x915/0x16a0 [ 179.627446] #1: ffff8880092dfdb0 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x949/0x16a0 [ 179.628533] 1 lock held by kmemleak/54: [ 179.628995] 1 lock held by in:imklog/190: [ 179.629402] 2 locks held by kworker/u4:4/332: [ 179.629838] #0: ffff888007c61138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x915/0x16a0 [ 179.630860] #1: ffff88803699fdb0 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x949/0x16a0 [ 179.631993] 2 locks held by kworker/u4:5/335: [ 179.632421] #0: ffff888007c61138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x915/0x16a0 [ 179.633481] #1: ffff888036a47db0 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x949/0x16a0 [ 179.634566] 2 locks held by kworker/u4:7/340: [ 179.635049] #0: ffff888007c61138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x915/0x16a0 [ 179.636103] #1: ffff888036adfdb0 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x949/0x16a0 [ 179.637200] 2 locks held by kworker/u4:9/388: [ 179.637628] #0: ffff888007c61138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x915/0x16a0 [ 179.638593] #1: ffff888036857db0 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x949/0x16a0 [ 179.639587] 1 lock held by syz-executor.1/6372: [ 179.640020] 1 lock held by modprobe/6511: [ 179.640384] 1 lock held by modprobe/6513: [ 179.640814] 1 lock held by modprobe/6514: [ 179.641223] [ 179.641397] ============================================= [ 179.641397] [ 179.659138] Bluetooth: hci5: command 0x0409 tx timeout [ 179.660082] Bluetooth: hci6: command 0x0409 tx timeout [ 179.723082] Bluetooth: hci4: command 0x0409 tx timeout [ 179.724021] Bluetooth: hci7: command 0x0409 tx timeout [ 181.324200] Bluetooth: hci1: command 0x041b tx timeout [ 181.708133] Bluetooth: hci6: command 0x041b tx timeout [ 181.709193] Bluetooth: hci5: command 0x041b tx timeout [ 181.731054] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 181.745462] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 181.752823] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 181.771052] Bluetooth: hci7: command 0x041b tx timeout [ 181.771071] Bluetooth: hci4: command 0x041b tx timeout [ 181.790141] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 181.803220] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 181.808573] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 181.824050] Bluetooth: hci0: HCI_REQ-0x0c1a [ 182.255069] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 182.262146] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 182.268610] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 182.285542] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 182.287786] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 182.290505] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 182.299638] Bluetooth: hci2: HCI_REQ-0x0c1a [ 183.372243] Bluetooth: hci1: command 0x040f tx timeout [ 183.755024] Bluetooth: hci5: command 0x040f tx timeout [ 183.755989] Bluetooth: hci6: command 0x040f tx timeout [ 183.819051] Bluetooth: hci7: command 0x040f tx timeout [ 183.819091] Bluetooth: hci4: command 0x040f tx timeout [ 183.884010] Bluetooth: hci0: command 0x0409 tx timeout [ 184.332083] Bluetooth: hci2: command 0x0409 tx timeout [ 185.419305] Bluetooth: hci1: command 0x0419 tx timeout [ 185.804093] Bluetooth: hci6: command 0x0419 tx timeout [ 185.804126] Bluetooth: hci5: command 0x0419 tx timeout [ 185.867119] Bluetooth: hci7: command 0x0419 tx timeout [ 185.867736] Bluetooth: hci4: command 0x0419 tx timeout [ 185.931093] Bluetooth: hci0: command 0x041b tx timeout [ 185.936427] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 185.938863] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 185.940838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 186.031232] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 186.056211] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 186.057445] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 186.086987] Bluetooth: hci3: HCI_REQ-0x0c1a [ 186.378978] Bluetooth: hci2: command 0x041b tx timeout [ 187.979022] Bluetooth: hci0: command 0x040f tx timeout [ 188.107020] Bluetooth: hci3: command 0x0409 tx timeout [ 188.427033] Bluetooth: hci2: command 0x040f tx timeout VM DIAGNOSIS: 12:31:03 Registers: info registers vcpu 0 RAX=1ffff11003a373c2 RBX=ffff88801d1b9df8 RCX=0000000000000000 RDX=ffff88800e969ac0 RSI=ffffffff8166dbff RDI=ffff88801d1b9e10 RBP=dffffc0000000000 RSP=ffff88803051fa38 R8 =0000000000000006 R9 =0000000000000029 R10=0000000000000029 R11=0000000000000001 R12=0000000000000029 R13=0000000000000029 R14=ffff8880369319c0 R15=ffff8880378d6780 RIP=ffffffff8166dc0e RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fe41399f540 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fe413b8a620 CR3=000000002b7d0000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 ff00ffffffffffff 0000000000000000 YMM01=0000000000000000 0000000000000000 0100010001000000 ffffffffffffffff YMM02=0000000000000000 0000000000000000 0500050005000000 455441564952505f YMM03=0000000000000000 0000000000000000 0000000000000000 000000564952505f YMM04=0000000000000000 0000000000000000 0003000500050005 0005000000455441 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=dffffc0000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9 RSI=ffffffff823bb06c RDI=ffffffff8765a9a0 RBP=ffffffff8765a960 RSP=ffff88800902f8a0 R8 =0000000000000001 R9 =ffff88800902f82b R10=ffffed1001205f05 R11=0000000000000001 R12=0000000000000028 R13=ffffffff8765a960 R14=ffffffff8765a9b0 R15=ffffffff8765ac10 RIP=ffffffff823bb0c1 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f8d53169bd8 CR3=000000002c698000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00362e6f732e6362 696c2f756e672d78 YMM02=0000000000000000 0000000000000000 ffff0000000000ff ffffffffffffffff YMM03=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000