Warning: Permanently added '[localhost]:32261' (ECDSA) to the list of known hosts. 2024/11/26 12:44:35 fuzzer started 2024/11/26 12:44:35 dialing manager at localhost:39251 syzkaller login: [ 110.177848] cgroup: Unknown subsys name 'net' [ 110.260914] cgroup: Unknown subsys name 'cpuset' [ 110.322347] cgroup: Unknown subsys name 'rlimit' 2024/11/26 12:44:52 syscalls: 224 2024/11/26 12:44:52 code coverage: enabled 2024/11/26 12:44:52 comparison tracing: enabled 2024/11/26 12:44:52 extra coverage: enabled 2024/11/26 12:44:52 setuid sandbox: enabled 2024/11/26 12:44:52 namespace sandbox: enabled 2024/11/26 12:44:52 Android sandbox: enabled 2024/11/26 12:44:52 fault injection: enabled 2024/11/26 12:44:52 leak checking: enabled 2024/11/26 12:44:52 net packet injection: enabled 2024/11/26 12:44:52 net device setup: enabled 2024/11/26 12:44:52 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2024/11/26 12:44:52 devlink PCI setup: PCI device 0000:00:10.0 is not available 2024/11/26 12:44:52 USB emulation: enabled 2024/11/26 12:44:52 hci packet injection: enabled 2024/11/26 12:44:52 wifi device emulation: enabled 2024/11/26 12:44:52 802.15.4 emulation: enabled 2024/11/26 12:44:52 fetching corpus: 0, signal 0/0 (executing program) 2024/11/26 12:44:54 starting 8 fuzzer processes 12:44:54 executing program 0: ioctl$SNAPSHOT_CREATE_IMAGE(0xffffffffffffffff, 0x40043311, &(0x7f0000000000)) ioctl$SNAPSHOT_UNFREEZE(0xffffffffffffffff, 0x3302) r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x1c9802, 0x0) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f0000000080)={'broute\x00', 0x0, 0x0, 0x0, [0x6, 0x3f, 0x6, 0x8, 0x7, 0x6]}, &(0x7f0000000100)=0x78) ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0xba84) r1 = syz_open_dev$vcsa(&(0x7f0000000140), 0x7fff, 0x202000) ioctl$SNAPSHOT_ATOMIC_RESTORE(r1, 0x3304) r2 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs2/binder-control\x00', 0x0, 0x0) ioctl$BINDER_CTL_ADD(r2, 0xc1086201, &(0x7f00000001c0)={'binder1\x00'}) socket$inet6_udp(0xa, 0x2, 0x0) r3 = getpid() sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f0000000480)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000340)={0xf0, 0x0, 0x200, 0x70bd25, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x3}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_ID={0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r1}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r3}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, 0xffffffffffffffff}}]}, 0xf0}, 0x1, 0x0, 0x0, 0x400c084}, 0x4) getsockopt$EBT_SO_GET_INIT_INFO(r1, 0x0, 0x82, &(0x7f00000004c0)={'nat\x00', 0x0, 0x0, 0x0, [0x8, 0xeb87, 0x5, 0x8, 0x9, 0x5]}, &(0x7f0000000540)=0x78) ioctl$SNAPSHOT_UNFREEZE(r1, 0x3302) setsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f0000000580)=0x3, 0x2) getsockopt$EBT_SO_GET_INIT_INFO(r1, 0x0, 0x82, &(0x7f00000005c0)={'broute\x00', 0x0, 0x0, 0x0, [0x9, 0x9, 0x4f3dd80, 0x8001, 0x7b7d]}, &(0x7f0000000640)=0x78) setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000680)={{0xff, @broadcast, 0x4e20, 0x0, 'rr\x00', 0x2, 0x6, 0x5f}, {@broadcast, 0x4e23, 0x4, 0x20, 0xa8, 0x200}}, 0x44) select(0x40, &(0x7f0000000700)={0xfe6, 0xfcaa, 0x1ff, 0x10000, 0x10001, 0x7fff, 0x0, 0x4}, &(0x7f0000000740)={0x157, 0x1, 0x10000, 0x8, 0x6, 0x81, 0x9}, &(0x7f0000000780)={0x3, 0x101, 0xe36d, 0x8, 0x6, 0x1, 0x0, 0x9}, &(0x7f00000007c0)) r4 = socket(0x29, 0x1, 0x9) getsockopt$bt_BT_SECURITY(r4, 0x112, 0x4, &(0x7f0000000800), 0x2) 12:44:54 executing program 3: write$snapshot(0xffffffffffffffff, &(0x7f0000000000)="9319c768c4f7253aae40fc4fa61fee0ef0e1775ccaa48cfea7fe77c90b", 0x1d) read$snapshot(0xffffffffffffffff, &(0x7f0000000040)=""/24, 0x18) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x105000, 0x0) write$vga_arbiter(r0, &(0x7f00000000c0), 0xf) ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000100), 0x1, 0x40) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x581000, 0x0) socketpair(0x6, 0x80000, 0x80000001, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) write$vga_arbiter(r1, &(0x7f00000001c0)=@unlock_all, 0xb) r4 = syz_genetlink_get_family_id$gtp(&(0x7f0000000240), r1) sendmsg$GTP_CMD_NEWPDP(r3, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x24, r4, 0x100, 0x70bd2b, 0x25dfdbfb, {}, [@GTPA_LINK={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x24}, 0x1, 0x0, 0x0, 0x804}, 0x4000) r5 = msgget(0x1, 0x260) ioctl$NS_GET_OWNER_UID(r1, 0xb704, &(0x7f0000000340)=0x0) msgctl$IPC_SET(r5, 0x1, &(0x7f0000000380)={{0x1, 0xffffffffffffffff, 0x0, r6, 0xffffffffffffffff, 0x10, 0x81}, 0x0, 0x0, 0x290ceeae, 0x10001, 0x100000001, 0xd31, 0x8, 0x2000, 0x7fff, 0x9, 0x0, 0xffffffffffffffff}) r7 = socket(0x1a, 0x5, 0x20) setsockopt$bt_BT_VOICE(r7, 0x112, 0xb, &(0x7f0000000400)=0x63, 0x2) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000440)) setsockopt$inet_group_source_req(r2, 0x0, 0x2e, &(0x7f0000000480)={0x0, {{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x44}}}, {{0x2, 0x4e22, @remote}}}, 0x108) setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2e, &(0x7f00000005c0)={0x9, {{0x2, 0x4e22, @rand_addr=0x64010102}}, {{0x2, 0x4e23, @broadcast}}}, 0x108) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000740)=0x1, 0x4) 12:44:54 executing program 4: r0 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x30, 0x0, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@GTPA_NET_NS_FD={0x8, 0x7, r0}, @GTPA_VERSION={0x8}, @GTPA_TID={0xc, 0x3, 0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x8804}, 0x40804) sendmsg$IPVS_CMD_NEW_DEST(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x44, 0x0, 0x300, 0x70bd2d, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x7}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}]}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x440) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x40, 0x0, 0x100, 0x70bd2d, 0x25dfdbfe, {}, [@GTPA_O_TEI={0x8, 0x9, 0x3}, @GTPA_NET_NS_FD={0x8, 0x7, r0}, @GTPA_O_TEI={0x8, 0x9, 0x3}, @GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_TID={0xc, 0x3, 0x2}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x80) r1 = syz_open_dev$vcsa(&(0x7f0000000340), 0xc0000000000000, 0x4c200) sendmsg$GTP_CMD_DELPDP(r1, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x604280}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x24, 0x0, 0x102, 0x70bd27, 0x25dfdbff, {}, [@GTPA_FLOW={0x6}, @GTPA_FLOW={0x6, 0x6, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x8010}, 0x20000040) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r1, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x1c, r2, 0x0, 0x70bd27, 0x25dfdbfd, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x8010) r3 = ioctl$NS_GET_PARENT(r1, 0xb702, 0x0) getsockopt$ARPT_SO_GET_ENTRIES(r1, 0x0, 0x61, &(0x7f00000005c0)={'filter\x00', 0x21, "3c63caed5f922694db8a5e3a3054294855daed461399cb5905e498efc3d1c4e5e4"}, &(0x7f0000000640)=0x45) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, &(0x7f0000000680), 0x4) r4 = socket$inet(0x2, 0x5, 0xe3f6) r5 = syz_open_dev$vcsa(&(0x7f00000006c0), 0xc5b6, 0x94800) sendmsg$TIPC_CMD_SET_NODE_ADDR(r5, &(0x7f00000007c0)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x24, r2, 0x800, 0x70bd2c, 0x25dfdbfe, {{}, {}, {0x8, 0x11, 0x8}}, ["", "", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x8825}, 0x20040880) syz_open_dev$vcsa(&(0x7f0000000800), 0x1000, 0x200200) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000840)) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) r6 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) r7 = fork() sendmsg$DEVLINK_CMD_RELOAD(r4, &(0x7f0000000a80)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x40000060}, 0xc, &(0x7f0000000a40)={&(0x7f0000000900)={0x120, 0x0, 0x400, 0x70bd27, 0x25dfdbfe, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r3}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r6}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x4}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r7}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x4}}]}, 0x120}, 0x1, 0x0, 0x0, 0x40080}, 0x40) 12:44:54 executing program 1: sendmsg$TIPC_CMD_GET_MEDIA_NAMES(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0x200, 0x70bd25, 0x25dfdbfc, {}, ["", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004800}, 0x4000000) r0 = socket(0x10, 0x5, 0x80000000) sendmsg$TIPC_CMD_SET_LINK_WINDOW(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x68, 0x0, 0x20, 0x70bd2c, 0x25dfdbfb, {{}, {}, {0x4c, 0x18, {0x4, @link='syz1\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x10}, 0x8080) sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, 0x0, 0x400, 0x70bd29, 0x25dfdbfc, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004}, 0x20000091) r1 = syz_open_dev$vcsa(&(0x7f0000000380), 0x401, 0x80) syz_genetlink_get_family_id$gtp(&(0x7f0000000340), r1) socketpair(0x3, 0x3, 0x7fffffff, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), r0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r3, &(0x7f0000000580)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x44, r4, 0x100, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8, 0x1, 0x25}, @val={0x8}, @void}}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x45}, @NL80211_ATTR_NETNS_FD={0x8, 0xdb, r1}, @NL80211_ATTR_NETNS_FD={0x8, 0xdb, r1}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r5}]}, 0x44}, 0x1, 0x0, 0x0, 0x4044004}, 0x40040c0) ioctl$RFKILL_IOCTL_NOINPUT(r1, 0x5201) socketpair(0x0, 0x80000, 0x401, &(0x7f00000005c0)={0xffffffffffffffff}) getsockopt$bt_BT_SECURITY(r6, 0x112, 0x4, &(0x7f0000000600), 0x2) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000640), 0x2000, 0x0) ioctl$NS_GET_OWNER_UID(r1, 0xb704, &(0x7f0000000680)) sendmsg$DEVLINK_CMD_RELOAD(r2, &(0x7f0000000800)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000700)={0x84, 0x0, 0x300, 0x70bd25, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x3}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x3}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x2}}]}, 0x84}}, 0x40) sendmsg$IPVS_CMD_NEW_SERVICE(r6, &(0x7f0000000980)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000940)={&(0x7f0000000880)={0xac, 0x0, 0x8, 0x70bd29, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x20}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xfff}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x6}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x400}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e24}]}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e22}]}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}, @IPVS_CMD_ATTR_SERVICE={0x3c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'sed\x00'}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x3}}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e23}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x1a}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x2e, 0x10}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xb4e}]}, 0xac}, 0x1, 0x0, 0x0, 0x20048880}, 0x20000841) r7 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000a00), 0xffffffffffffffff) sendmsg$NLBL_MGMT_C_REMOVE(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a40)={0x80, r7, 0x100, 0x70bd26, 0x25dfdbff, {}, [@NLBL_MGMT_A_DOMAIN={0x9, 0x1, 'syz1\x00'}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @loopback}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @local}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @rand_addr=0x64010102}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x1f}, @NLBL_MGMT_A_DOMAIN={0x9, 0x1, 'syz1\x00'}]}, 0x80}, 0x1, 0x0, 0x0, 0x1}, 0x40) setns(r1, 0x2000000) 12:44:54 executing program 2: getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000000)=""/180, &(0x7f00000000c0)=0xb4) r0 = fsopen(&(0x7f0000000100)='ext3\x00', 0x0) r1 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f0000000140)='(!-},(%),{*\x00', 0x0, r1) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000180)='ns/mnt\x00') getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f00000001c0)={'raw\x00', 0x79, "41dbf19658172d218030c20549f877569d5fa3c8c4af0c7766434295bbe4e7f7e84234a04d48b618a69a4c89e10b69931d4128871c9e7cf8e35f9d00bfff69c6d938409b4186896d87dfa0bdcbb85fd96ad7058b32b44c8805fb163bb1ba32bbe76da5dbaa4571e903bfec10aac08092b0759bf98a8d362889"}, &(0x7f0000000280)=0x9d) r2 = fork() write$snapshot(0xffffffffffffffff, &(0x7f00000002c0)="391b515484cf6ae6ed2985c18fcaf2fde6bbc4ad1603424c24dc8ebefc48ff98d7d5b7ff2bd5e18fc829cd42fc43000b22bbd18a90b8acc03b8583c1ecbbff540ef4fd38b0f8143afb628b3c56f154f7e719ebee1c9c0776d4657a3bc1c227a11d5e94cdc2f05bccca9a86b1024ecc09e202c352444611f8d4c0e95982cee6378a2f7f8212a8ad76de10e95b27822898f4e641b2f70ef28fb26cf569cfef4f251a086e622cd28a9d1e53e6d84e20af077ca2dce8296ad27997cabb60e0", 0xbd) setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000380)={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x8) r3 = fork() syz_open_procfs$namespace(r3, &(0x7f00000003c0)='ns/user\x00') r4 = syz_open_procfs$userns(r2, &(0x7f0000000400)) ioctl$NS_GET_USERNS(r4, 0xb701, 0x0) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f0000000440)={'nat\x00', 0x0, 0x0, 0x0, [0x0, 0x4, 0x81, 0x0, 0xfffffffffffffff9, 0x2]}, &(0x7f00000004c0)=0x78) syz_open_procfs$namespace(r3, &(0x7f0000000500)='ns/ipc\x00') fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000540)='nolazytime\x00', 0x0, 0x0) getsockopt$IPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000580)={'security\x00', 0x0, [0xffffff01, 0x17, 0x80000001, 0x3f00, 0x7f]}, &(0x7f0000000600)=0x54) r5 = socket(0x25, 0x3, 0xcc) setsockopt$IP_VS_SO_SET_FLUSH(r5, 0x0, 0x485, 0x0, 0x0) ioctl$SNAPSHOT_ATOMIC_RESTORE(0xffffffffffffffff, 0x3304) 12:44:54 executing program 5: ioctl$SNAPSHOT_ATOMIC_RESTORE(0xffffffffffffffff, 0x3304) ioctl$SNAPSHOT_ATOMIC_RESTORE(0xffffffffffffffff, 0x3304) ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(0xffffffffffffffff, 0x80083314, &(0x7f0000000000)) socketpair(0x26, 0x800, 0x3, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, r2, 0x300, 0x70bd28, 0x25dfdbfd, {{}, {}, {0x10, 0x13, @udp='udp:syz1\x00'}}, [""]}, 0x2c}, 0x1, 0x0, 0x0, 0x14}, 0x20040000) ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(0xffffffffffffffff, 0x80083314, &(0x7f00000001c0)) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), r0) setsockopt$IP_VS_SO_SET_EDITDEST(r1, 0x0, 0x489, &(0x7f0000000240)={{0x32, @multicast1, 0x4e22, 0x1, 'lblc\x00', 0x5, 0xffff8001, 0x3e}, {@private=0xa010101, 0x4e24, 0x2000, 0x40, 0x1ff, 0x3}}, 0x44) r4 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x7, 0x40) ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r4, 0x80083314, &(0x7f0000000300)) socketpair(0x21, 0xa, 0x4, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$TIPC_CMD_SET_NETID(r5, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x24, r3, 0x20, 0x70bd27, 0x25dfdbfb, {{}, {}, {0x8, 0x2, 0x3}}, ["", "", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x4) getpeername$inet(r4, &(0x7f0000000480)={0x2, 0x0, @multicast2}, &(0x7f00000004c0)=0x10) r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000500), 0x181a81, 0x0) ioctl$SNAPSHOT_S2RAM(r6, 0x330b) ioctl$SNAPSHOT_CREATE_IMAGE(r4, 0x40043311, &(0x7f0000000540)) ioctl$PTP_PIN_SETFUNC2(r4, 0x40603d10, &(0x7f0000000580)={'\x00', 0x2000, 0x0, 0x3}) sendmsg$GTP_CMD_NEWPDP(r1, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)={0x5c, 0x0, 0x100, 0x70bd2c, 0x25dfdbfd, {}, [@GTPA_TID={0xc}, @GTPA_MS_ADDRESS={0x8, 0x5, @local}, @GTPA_MS_ADDRESS={0x8, 0x5, @private=0xa010100}, @GTPA_I_TEI={0x8, 0x8, 0x3}, @GTPA_I_TEI={0x8, 0x8, 0x4}, @GTPA_O_TEI={0x8, 0x9, 0x3}, @GTPA_TID={0xc}, @GTPA_O_TEI={0x8, 0x9, 0x2}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20000000}, 0xc044081) ioctl$SNAPSHOT_SET_SWAP_AREA(r6, 0x400c330d, &(0x7f0000000740)={0x1000, 0x5}) [ 128.222513] audit: type=1400 audit(1732625094.301:7): avc: denied { execmem } for pid=273 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 12:44:54 executing program 6: r0 = syz_open_dev$vcsa(&(0x7f0000000000), 0x1000, 0x181b02) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000040)={{0x2, 0x4e21, @loopback}, {0x6, @link_local}, 0x56, {0x2, 0x4e24, @remote}, 'lo\x00'}) getsockopt$EBT_SO_GET_INFO(r0, 0x0, 0x80, &(0x7f00000000c0)={'filter\x00', 0x0, 0x0, 0x0, [0xffff, 0x24, 0x6, 0x7, 0x9, 0x1]}, &(0x7f0000000140)=0x78) write$rfkill(r0, &(0x7f0000000180)={0x4b36, 0x1, 0x3, 0x1, 0x1}, 0x8) syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f00000001c0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$IPVS_CMD_NEW_SERVICE(r0, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, r1, 0x8, 0x70bd28, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x40}]}, 0x1c}, 0x1, 0x0, 0x0, 0x801}, 0x4000) r2 = syz_open_dev$vcsa(&(0x7f0000000380), 0x1, 0x1) read$rfkill(r0, &(0x7f00000003c0), 0x8) getsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f0000000400)=0x401, &(0x7f0000000440)=0x2) read$rfkill(r0, &(0x7f0000000480), 0x8) r3 = syz_open_dev$vcsa(&(0x7f00000004c0), 0x7, 0x541980) write$rfkill(r3, &(0x7f0000000500)={0x1c5, 0x5, 0x2}, 0x8) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000580), r2) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x30, r4, 0x200, 0x70bd2a, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0x1c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8f8}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x810) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f00000006c0), r3) sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000840)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000800)={&(0x7f0000000700)={0xf4, r5, 0x400, 0x70bd25, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_DAEMON={0x50, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'syzkaller1\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @local}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'tunl0\x00'}]}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0xffffffff}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x4}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x8}]}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e22}]}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x6}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x5}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, @IPVS_CMD_ATTR_DAEMON={0x28, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth0_to_bridge\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @remote}]}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x26}]}]}, 0xf4}, 0x1, 0x0, 0x0, 0x2000000}, 0x4040) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = fsopen(&(0x7f0000000880)='efivarfs\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r6, 0x5, &(0x7f00000008c0)='tunl0\x00', 0x0, r3) 12:44:54 executing program 7: socket$inet6_icmp(0xa, 0x2, 0x3a) r0 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$IPVS_CMD_ZERO(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x30000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, r0, 0x200, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x44}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xa21}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000016}, 0x4080) sendmsg$TIPC_CMD_DISABLE_BEARER(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, 0x0, 0x100, 0x70bd28, 0x25dfdbfc, {{}, {}, {0x10, 0x13, @udp='udp:syz0\x00'}}, ["", "", "", "", "", "", "", ""]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x1) read$snapshot(0xffffffffffffffff, &(0x7f0000000240)=""/168, 0xa8) ioctl$SNAPSHOT_PLATFORM_SUPPORT(0xffffffffffffffff, 0x330f, 0x7) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$TIPC_CMD_DISABLE_BEARER(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x2c, r1, 0x10, 0x70bd2c, 0x25dfdbfe, {{}, {}, {0x10, 0x13, @udp='udp:syz0\x00'}}, [""]}, 0x2c}, 0x1, 0x0, 0x0, 0x20048084}, 0x81) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000480), 0xffffffffffffffff) sendmsg$IPVS_CMD_NEW_SERVICE(r2, &(0x7f0000000640)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000600)={&(0x7f00000004c0)={0x120, r3, 0x2, 0x70bd25, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3f}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@empty}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x5b}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x49}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x3}, @IPVS_CMD_ATTR_DAEMON={0x34, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'xfrm0\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14}]}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x5}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x80000000}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e23}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x4}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @private=0xa010102}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x401}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x47d37623}, @IPVS_CMD_ATTR_DEST={0x38, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x1}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x81}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x1}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@local}]}]}, 0x120}}, 0x85) r4 = socket(0x3, 0x80000, 0xfff) syz_genetlink_get_family_id$gtp(&(0x7f0000000680), r4) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x30, r1, 0x200, 0x70bd2d, 0x25dfdbfe, {{}, {}, {0x14, 0x18, {0x0, @bearer=@udp='udp:syz0\x00'}}}, ["", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x4048810}, 0x4000800) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f00000008c0)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000880)={&(0x7f0000000800)={0x68, r3, 0x800, 0x70bd26, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x4}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x10000}, @IPVS_CMD_ATTR_SERVICE={0x4}, @IPVS_CMD_ATTR_DAEMON={0x24, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @local}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x3}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xff6}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7fffffff}]}, 0x68}, 0x1, 0x0, 0x0, 0x80}, 0x4024004) r5 = accept4$inet(r4, &(0x7f0000000900)={0x2, 0x0, @remote}, &(0x7f0000000940)=0x10, 0x80800) recvfrom$inet(r5, &(0x7f0000000980)=""/142, 0x8e, 0x2110, &(0x7f0000000a40)={0x2, 0x4e22, @empty}, 0x10) r6 = syz_open_dev$vcsa(&(0x7f0000000a80), 0x0, 0xb11000) ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r6, 0x80083314, &(0x7f0000000ac0)) setsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f0000000b00)={{{@in6=@dev={0xfe, 0x80, '\x00', 0xf}, @in=@private=0xa010101, 0x4e20, 0x80, 0x4e20, 0x0, 0x2, 0x60, 0x80, 0x33, 0x0, 0xffffffffffffffff}, {0x4, 0x9, 0x3, 0x6, 0x5eb, 0x6, 0x5, 0x3}, {0x4, 0x2, 0x0, 0x7}, 0x7fffffff, 0x6e6bb7, 0x1, 0x1, 0x3, 0x2}, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4d5, 0x32}, 0x2, @in6=@dev={0xfe, 0x80, '\x00', 0x31}, 0x3507, 0x3, 0x3, 0x7, 0x2, 0x8, 0x6}}, 0xe8) [ 129.637616] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 129.640924] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 129.647151] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 129.652300] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 129.655147] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 129.656370] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 129.659659] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 129.678906] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 129.691790] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 129.692951] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 129.711166] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 129.712174] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 129.716726] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 129.725070] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 129.742964] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 129.743218] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 129.744112] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 129.749376] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 129.751125] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 129.752254] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 129.753324] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 129.755082] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 129.756289] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 129.756770] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 129.757105] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 129.761541] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 129.762635] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 129.776467] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 129.777598] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 129.780163] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 129.783130] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 129.787768] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 129.789097] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 129.801983] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 129.802837] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 129.804623] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 129.810683] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 129.836257] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 129.838344] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 129.839307] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 129.841625] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 129.842629] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 129.846974] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 129.859016] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 129.864249] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 129.867827] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 129.875484] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 129.895354] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 131.727142] Bluetooth: hci1: command tx timeout [ 131.854322] Bluetooth: hci2: command tx timeout [ 131.854343] Bluetooth: hci6: command tx timeout [ 131.918375] Bluetooth: hci5: command tx timeout [ 131.918802] Bluetooth: hci4: command tx timeout [ 131.919101] Bluetooth: hci3: command tx timeout [ 131.919595] Bluetooth: hci0: command tx timeout [ 131.981985] Bluetooth: hci7: command tx timeout [ 133.775051] Bluetooth: hci1: command tx timeout [ 133.902053] Bluetooth: hci6: command tx timeout [ 133.902607] Bluetooth: hci2: command tx timeout [ 133.965980] Bluetooth: hci0: command tx timeout [ 133.966496] Bluetooth: hci5: command tx timeout [ 133.967169] Bluetooth: hci3: command tx timeout [ 133.967729] Bluetooth: hci4: command tx timeout [ 134.030919] Bluetooth: hci7: command tx timeout [ 135.822942] Bluetooth: hci1: command tx timeout [ 135.951091] Bluetooth: hci2: command tx timeout [ 135.951610] Bluetooth: hci6: command tx timeout [ 136.013946] Bluetooth: hci3: command tx timeout [ 136.014458] Bluetooth: hci5: command tx timeout [ 136.014501] Bluetooth: hci4: command tx timeout [ 136.014999] Bluetooth: hci0: command tx timeout [ 136.079888] Bluetooth: hci7: command tx timeout [ 137.869945] Bluetooth: hci1: command tx timeout [ 138.000110] Bluetooth: hci6: command tx timeout [ 138.000631] Bluetooth: hci2: command tx timeout [ 138.061986] Bluetooth: hci4: command tx timeout [ 138.062493] Bluetooth: hci5: command tx timeout [ 138.064457] Bluetooth: hci0: command tx timeout [ 138.065322] Bluetooth: hci3: command tx timeout [ 138.126954] Bluetooth: hci7: command tx timeout [ 189.558043] syz-executor.5 (285) used greatest stack depth: 23600 bytes left [ 192.234276] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 192.235654] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 192.236660] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 192.240427] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 192.242392] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 192.243704] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 192.246744] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 192.248302] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 192.249397] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 192.250561] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 192.255372] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 192.257112] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 192.285691] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 192.315196] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 192.315988] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 192.317061] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 192.320094] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 192.321159] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 192.348184] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 192.348352] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 192.349338] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 192.351796] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 192.355827] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 192.359078] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 192.360553] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 192.360816] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 192.361612] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 192.365464] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 192.366799] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 192.368041] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 192.368390] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 192.369784] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 192.371652] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 192.371960] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 192.374950] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 192.376356] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 192.377266] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 192.378012] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 192.378477] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 192.379674] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 192.382054] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 192.397256] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 192.399168] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 192.400249] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 192.408118] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 192.410642] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 192.412458] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 192.414797] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 194.318068] Bluetooth: hci0: command tx timeout [ 194.383923] Bluetooth: hci1: command tx timeout [ 194.446015] Bluetooth: hci3: command tx timeout [ 194.446056] Bluetooth: hci5: command tx timeout [ 194.448196] Bluetooth: hci2: command tx timeout [ 194.449679] Bluetooth: hci6: command tx timeout [ 194.510928] Bluetooth: hci7: command tx timeout [ 194.512557] Bluetooth: hci4: command tx timeout [ 196.367009] Bluetooth: hci0: command tx timeout [ 196.446901] Bluetooth: hci1: command tx timeout [ 196.494048] Bluetooth: hci2: command tx timeout [ 196.494549] Bluetooth: hci3: command tx timeout [ 196.495240] Bluetooth: hci5: command tx timeout [ 196.495716] Bluetooth: hci6: command tx timeout [ 196.558122] Bluetooth: hci7: command tx timeout [ 196.559923] Bluetooth: hci4: command tx timeout [ 198.415108] Bluetooth: hci0: command tx timeout [ 198.478040] Bluetooth: hci1: command tx timeout [ 198.543901] Bluetooth: hci6: command tx timeout [ 198.544472] Bluetooth: hci5: command tx timeout [ 198.545331] Bluetooth: hci3: command tx timeout [ 198.545908] Bluetooth: hci2: command tx timeout [ 198.606966] Bluetooth: hci7: command tx timeout [ 198.607500] Bluetooth: hci4: command tx timeout [ 200.463086] Bluetooth: hci0: command tx timeout [ 200.526174] Bluetooth: hci1: command tx timeout [ 200.591003] Bluetooth: hci3: command tx timeout [ 200.591562] Bluetooth: hci2: command tx timeout [ 200.592146] Bluetooth: hci5: command tx timeout [ 200.592632] Bluetooth: hci6: command tx timeout [ 200.656985] Bluetooth: hci7: command tx timeout [ 200.657548] Bluetooth: hci4: command tx timeout [ 254.627786] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 254.632305] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 254.633580] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 254.635173] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 254.636779] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 254.641270] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 254.642616] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 254.651450] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 254.653046] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 254.653996] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 254.659872] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 254.675656] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 254.751257] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 254.752636] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 254.758792] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 254.769042] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 254.773056] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 254.774409] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 254.807943] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 254.810384] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 254.811593] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 254.815067] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 254.816842] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 254.818144] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 254.887529] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 254.894648] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 254.899450] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 254.900740] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 254.909226] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 254.914201] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 254.914358] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 254.916135] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 254.916199] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 254.953152] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 254.958206] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 254.960192] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 254.961705] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 254.962807] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 254.968063] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 254.975321] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 254.977051] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 254.979488] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 254.983504] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 254.985120] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 254.993119] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 254.995357] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 255.001102] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 255.026130] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 256.718050] Bluetooth: hci1: command tx timeout [ 256.719526] Bluetooth: hci0: command tx timeout [ 256.845932] Bluetooth: hci3: command tx timeout [ 256.846706] Bluetooth: hci2: command tx timeout [ 257.037949] Bluetooth: hci4: command tx timeout [ 257.105086] Bluetooth: hci6: command tx timeout [ 257.105796] Bluetooth: hci5: command tx timeout [ 257.165898] Bluetooth: hci7: command tx timeout [ 258.767015] Bluetooth: hci0: command tx timeout [ 258.768910] Bluetooth: hci1: command tx timeout [ 258.894958] Bluetooth: hci2: command tx timeout [ 258.896337] Bluetooth: hci3: command tx timeout [ 259.086864] Bluetooth: hci4: command tx timeout [ 259.150407] Bluetooth: hci5: command tx timeout [ 259.151902] Bluetooth: hci6: command tx timeout [ 259.215004] Bluetooth: hci7: command tx timeout [ 260.814939] Bluetooth: hci0: command tx timeout [ 260.816488] Bluetooth: hci1: command tx timeout [ 260.942872] Bluetooth: hci2: command tx timeout [ 260.944233] Bluetooth: hci3: command tx timeout [ 261.136949] Bluetooth: hci4: command tx timeout [ 261.198987] Bluetooth: hci6: command tx timeout [ 261.200358] Bluetooth: hci5: command tx timeout [ 261.263048] Bluetooth: hci7: command tx timeout [ 262.862900] Bluetooth: hci0: command tx timeout [ 262.864550] Bluetooth: hci1: command tx timeout [ 262.989955] Bluetooth: hci2: command tx timeout [ 262.991972] Bluetooth: hci3: command tx timeout [ 263.183291] Bluetooth: hci4: command tx timeout [ 263.247897] Bluetooth: hci5: command tx timeout [ 263.248396] Bluetooth: hci6: command tx timeout [ 263.311285] Bluetooth: hci7: command tx timeout [ 316.832616] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 316.837142] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 316.842596] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 316.847679] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 316.861114] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 316.862208] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 317.017511] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 317.021744] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 317.022941] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 317.030347] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 317.041020] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 317.042523] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 317.151525] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 317.154026] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 317.157318] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 317.159738] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 317.163498] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 317.164530] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 317.166439] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 317.168647] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 317.170191] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 317.175964] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 317.179230] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 317.180668] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 317.223245] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 317.247053] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 317.249710] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 317.263426] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 317.273723] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 317.278395] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 317.279449] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 317.296232] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 317.307077] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 317.334467] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 317.352433] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 317.356741] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 317.362170] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 317.367242] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 317.381059] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 317.382484] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 317.388315] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 317.389872] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 317.391455] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 317.393273] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 317.439571] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 317.443162] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 317.446548] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 317.447845] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 318.926032] Bluetooth: hci0: command tx timeout [ 319.055884] Bluetooth: hci1: command tx timeout [ 319.181942] Bluetooth: hci2: command tx timeout [ 319.245938] Bluetooth: hci3: command tx timeout [ 319.438126] Bluetooth: hci4: command tx timeout [ 319.503884] Bluetooth: hci5: command tx timeout [ 319.504595] Bluetooth: hci7: command tx timeout [ 319.566030] Bluetooth: hci6: command tx timeout [ 320.973894] Bluetooth: hci0: command tx timeout [ 321.105424] Bluetooth: hci1: command tx timeout [ 321.230039] Bluetooth: hci2: command tx timeout [ 321.293916] Bluetooth: hci3: command tx timeout [ 321.485990] Bluetooth: hci4: command tx timeout [ 321.550033] Bluetooth: hci7: command tx timeout [ 321.550536] Bluetooth: hci5: command tx timeout [ 321.614005] Bluetooth: hci6: command tx timeout [ 323.021908] Bluetooth: hci0: command tx timeout [ 323.149938] Bluetooth: hci1: command tx timeout [ 323.278459] Bluetooth: hci2: command tx timeout [ 323.342064] Bluetooth: hci3: command tx timeout [ 323.535858] Bluetooth: hci4: command tx timeout [ 323.598119] Bluetooth: hci5: command tx timeout [ 323.599995] Bluetooth: hci7: command tx timeout [ 323.664860] Bluetooth: hci6: command tx timeout [ 325.070013] Bluetooth: hci0: command tx timeout [ 325.198062] Bluetooth: hci1: command tx timeout [ 325.325936] Bluetooth: hci2: command tx timeout [ 325.390984] Bluetooth: hci3: command tx timeout [ 325.581889] Bluetooth: hci4: command tx timeout [ 325.646227] Bluetooth: hci5: command tx timeout [ 325.646762] Bluetooth: hci7: command tx timeout [ 325.709898] Bluetooth: hci6: command tx timeout [ 379.488586] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 379.492455] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 379.493596] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 379.497208] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 379.503198] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 379.506150] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 379.507514] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 379.522461] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 379.527380] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 379.537537] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 379.552640] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 379.556513] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 379.567723] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 379.569115] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 379.570110] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 379.572313] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 379.573763] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 379.574890] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 379.778154] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 379.784696] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 379.798651] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 379.799061] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 379.804732] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 379.808251] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 379.810770] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 379.812010] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 379.815074] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 379.816351] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 379.818077] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 379.820045] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 379.822042] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 379.834185] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 379.840004] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 379.843124] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 379.846998] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 379.850092] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 379.852662] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 379.854249] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 379.860410] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 379.863164] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 379.868164] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 379.871069] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 379.876593] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 379.878586] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 379.881044] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 379.896897] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 379.899206] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 379.901241] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 381.654889] Bluetooth: hci0: command tx timeout [ 381.710497] Bluetooth: hci1: command tx timeout [ 381.710511] Bluetooth: hci2: command tx timeout [ 381.902056] Bluetooth: hci3: command tx timeout [ 381.903041] Bluetooth: hci5: command tx timeout [ 381.903146] Bluetooth: hci7: command tx timeout [ 381.966248] Bluetooth: hci4: command tx timeout [ 381.967204] Bluetooth: hci6: command tx timeout [ 383.694912] Bluetooth: hci0: command tx timeout [ 383.757952] Bluetooth: hci1: command tx timeout [ 383.759347] Bluetooth: hci2: command tx timeout [ 383.950018] Bluetooth: hci7: command tx timeout [ 383.950624] Bluetooth: hci5: command tx timeout [ 383.951836] Bluetooth: hci3: command tx timeout [ 384.014005] Bluetooth: hci4: command tx timeout [ 384.014554] Bluetooth: hci6: command tx timeout [ 385.742978] Bluetooth: hci0: command tx timeout [ 385.805982] Bluetooth: hci1: command tx timeout [ 385.806506] Bluetooth: hci2: command tx timeout [ 385.997976] Bluetooth: hci3: command tx timeout [ 385.998726] Bluetooth: hci5: command tx timeout [ 385.999488] Bluetooth: hci7: command tx timeout [ 386.062127] Bluetooth: hci6: command tx timeout [ 386.062668] Bluetooth: hci4: command tx timeout [ 387.789883] Bluetooth: hci0: command tx timeout [ 387.853888] Bluetooth: hci1: command tx timeout [ 387.854425] Bluetooth: hci2: command tx timeout [ 388.045920] Bluetooth: hci3: command tx timeout [ 388.046433] Bluetooth: hci7: command tx timeout [ 388.046958] Bluetooth: hci5: command tx timeout [ 388.109930] Bluetooth: hci6: command tx timeout [ 388.110415] Bluetooth: hci4: command tx timeout VM DIAGNOSIS: 12:50:04 Registers: info registers vcpu 0 RAX=ffffea0000cb2040 RBX=ffff88802c10b6a8 RCX=ffffffff8179d0a5 RDX=dffffc0000000000 RSI=0000000000000008 RDI=ffffea0000cb2040 RBP=00007fbf45cd6000 RSP=ffff88802966f688 R8 =0000000000000000 R9 =fffff94000196408 R10=ffffea0000cb2047 R11=00000000000c39c9 R12=0000000000000000 R13=ffffea0000cb2040 R14=00007fbf45cd5000 R15=ffff88802966fad0 RIP=ffffffff8179d0b2 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fcf28ba0368 CR3=0000000034820000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=322e6f732e6c6462696c2f756e672d78 XMM02=00322e6f732e6c6462696c2f756e672d XMM03=78756e696c2d34365f3638782f62696c XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=ffff888030f0f780 RBX=0000000000000002 RCX=0000000000000002 RDX=ffff88806cf0a001 RSI=ffff88806cf09ff8 RDI=ffff88806cf09ff8 RBP=ffff88806cf09a90 RSP=ffff88806cf099c8 R8 =ffffffff86bf1942 R9 =ffff88806cf09a78 R10=000000000003c001 R11=00000000000c1d77 R12=ffff88806cf09a98 R13=ffff88806cf09a80 R14=ffff88806cf09ff8 R15=ffff88806cf09a38 RIP=ffffffff8114a8c1 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fc48c0fc170 CR3=0000000030f94000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000