Warning: Permanently added '[localhost]:48538' (ECDSA) to the list of known hosts. 2025/01/28 09:44:31 fuzzer started 2025/01/28 09:44:32 dialing manager at localhost:40883 syzkaller login: [ 70.311131] cgroup: Unknown subsys name 'net' [ 70.410188] cgroup: Unknown subsys name 'cpuset' [ 70.467814] cgroup: Unknown subsys name 'rlimit' [ 76.050433] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 2025/01/28 09:44:49 syscalls: 208 2025/01/28 09:44:49 code coverage: enabled 2025/01/28 09:44:49 comparison tracing: enabled 2025/01/28 09:44:49 extra coverage: enabled 2025/01/28 09:44:49 setuid sandbox: enabled 2025/01/28 09:44:49 namespace sandbox: enabled 2025/01/28 09:44:49 Android sandbox: enabled 2025/01/28 09:44:49 fault injection: enabled 2025/01/28 09:44:49 leak checking: enabled 2025/01/28 09:44:49 net packet injection: enabled 2025/01/28 09:44:49 net device setup: enabled 2025/01/28 09:44:49 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/01/28 09:44:49 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/01/28 09:44:49 USB emulation: enabled 2025/01/28 09:44:49 hci packet injection: enabled 2025/01/28 09:44:49 wifi device emulation: enabled 2025/01/28 09:44:49 802.15.4 emulation: enabled 2025/01/28 09:44:49 fetching corpus: 0, signal 0/0 (executing program) 2025/01/28 09:44:51 starting 8 fuzzer processes 09:44:51 executing program 0: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x220000, 0x0) ioctl$TIOCSPGRP(r0, 0x5410, &(0x7f0000000040)=0xffffffffffffffff) ioctl$GIO_SCRNMAP(r0, 0x4b40, &(0x7f0000000080)=""/231) ioctl$TIOCGETD(r0, 0x5424, &(0x7f0000000180)) r1 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, &(0x7f00000001c0)) ioctl$VT_RELDISP(r1, 0x5605) ioctl$TCSETS(r1, 0x5402, &(0x7f0000000200)={0x45e6, 0x0, 0x800, 0x2, 0x5, "59bb59f4bd8053e38e68b2071f6a00d7988a80"}) ioctl$KDENABIO(r1, 0x4b36) ioctl$KDGKBDIACR(r1, 0x4b4a, &(0x7f0000000240)=""/57) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TIOCGETD(r1, 0x5424, &(0x7f00000002c0)) ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f0000000300)) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000340), 0x18000, 0x0) ioctl$FIONREAD(r3, 0x541b, &(0x7f0000000380)) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x6, 0x1010, r2, 0x3c3b000) getresuid(&(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)) r4 = syz_open_dev$sg(&(0x7f0000000480), 0x1000, 0x0) ioctl$SG_SET_RESERVED_SIZE(r4, 0x2275, &(0x7f00000004c0)=0x81) ioctl$PIO_UNISCRNMAP(r2, 0x4b6a, &(0x7f0000000500)="1e701a8334906cdf5def9ce13c949d5bf7969b34606c49b155036381713ac85460534c3158408f3463632d1117e46f7a82dc8494825bf85d3f6ff522a18fca11f52e93e867165e304e888ea612a085236b539e6b084dfef88ade8de4c26a82324d220891243d8db5faf5d3e391cd38ee6acad8a99a8ac7be6aff0e27d1be") 09:44:51 executing program 1: madvise(&(0x7f0000fee000/0xf000)=nil, 0xf000, 0xd) mmap$usbmon(&(0x7f0000ff6000/0x2000)=nil, 0x2000, 0x0, 0x4000010, 0xffffffffffffffff, 0x443a) r0 = shmget$private(0x0, 0x4000, 0x4, &(0x7f0000ff6000/0x4000)=nil) mmap$usbmon(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2, 0x10, 0xffffffffffffffff, 0x2b25) ioctl$KDFONTOP_COPY(0xffffffffffffffff, 0x4b72, &(0x7f0000000400)={0x3, 0x1, 0x7, 0x1a, 0xaf}) mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000440), 0x8000, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000640)={&(0x7f0000fef000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, &(0x7f0000000480)=""/138, 0x8a, 0x1, &(0x7f0000000540)=""/196, 0xc4}, &(0x7f0000000680)=0x40) shmat(r0, &(0x7f0000ffb000/0x4000)=nil, 0x6000) shmat(r0, &(0x7f0000ff8000/0x3000)=nil, 0x3000) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f00000006c0)=0x2, 0x4) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000700), 0xcc80, 0x0) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000740)=0xb0) mmap(&(0x7f0000ff6000/0x3000)=nil, 0x3000, 0x2000000, 0x11, r2, 0x146de000) mprotect(&(0x7f0000ff2000/0xe000)=nil, 0xe000, 0x3000001) munlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000) madvise(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x9) r3 = syz_open_dev$sg(&(0x7f0000000780), 0xa8, 0x8000) ioctl$SCSI_IOCTL_PROBE_HOST(r3, 0x5385, &(0x7f00000007c0)={0x64, ""/100}) ioctl$SG_GET_TIMEOUT(0xffffffffffffffff, 0x2202, 0x0) 09:44:51 executing program 2: ioctl$SG_SET_TIMEOUT(0xffffffffffffffff, 0x2201, &(0x7f0000000000)=0x7f) r0 = syz_open_dev$sg(&(0x7f0000000040), 0x7f, 0x10000) ioctl$SG_GET_COMMAND_Q(r0, 0x2270, &(0x7f0000000080)) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0) recvmsg(r1, &(0x7f0000001300)={&(0x7f0000000100)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000001240)=[{&(0x7f0000000180)=""/175, 0xaf}, {&(0x7f0000000240)=""/4096, 0x1000}], 0x2, &(0x7f0000001280)=""/111, 0x6f}, 0x2000) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000001340)={0x0, 0x7fffffff, 0xae, 0x1}, 0x14) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000001380)=0x401) ioctl$KDDISABIO(r1, 0x4b37) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSBRKP(r2, 0x5425, 0x4) r3 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000013c0)='ns/pid\x00') mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2, 0x16878e8373980d7f, r3, 0xb8dc5000) ioctl$TCSETS(r1, 0x5402, &(0x7f0000001400)={0x6, 0x400, 0x2000, 0x10000, 0xc, "a3ab09e7f88837b8dd160d0a82529f35ed09bd"}) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000001440), 0x22402, 0x0) ioctl$SG_SET_RESERVED_SIZE(r4, 0x2275, &(0x7f0000001480)=0xfffffffd) sendmsg$BATADV_CMD_SET_HARDIF(r1, &(0x7f0000001580)={&(0x7f00000014c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000001540)={&(0x7f0000001500)={0x3c, 0x0, 0x4, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x240008d0}, 0x4040801) syz_open_dev$mouse(&(0x7f00000015c0), 0x1, 0x2) ioctl$TIOCSBRK(r2, 0x5427) r5 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$TIOCGWINSZ(r5, 0x5413, &(0x7f0000001600)) 09:44:51 executing program 3: prctl$PR_SET_MM(0x23, 0x3, &(0x7f0000ffa000/0x4000)=nil) shmget(0x0, 0x2000, 0x2, &(0x7f0000ffb000/0x2000)=nil) madvise(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x64) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x800, 0x0) mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x7) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$gtp(&(0x7f0000000040), r1) r2 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80a0}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x3c, r2, 0x800, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x4}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x7f}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0xffffffff}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x40}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040095}, 0x4004040) shmget(0x0, 0x1000, 0x200, &(0x7f0000ffb000/0x1000)=nil) msgctl$MSG_INFO(0xffffffffffffffff, 0xc, &(0x7f00000001c0)=""/106) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x1) mmap$binder(&(0x7f0000ff2000/0xe000)=nil, 0xe000, 0x1, 0x11, r0, 0x6) sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000580)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000280)={0x284, 0x0, 0x900, 0x70bd26, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_HANDLE_DFS={0x4}, @NL80211_ATTR_HT_CAPABILITY={0x1e, 0x1f, {0x8000, 0x3, 0x6, 0x0, {0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x800, 0x7eefb4f5, 0x8}}, @NL80211_ATTR_MESH_CONFIG={0x24, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL={0x6, 0x12, 0x4}, @NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL={0x6, 0xc, 0xacd}, @NL80211_MESHCONF_PATH_REFRESH_TIME={0x8}, @NL80211_MESHCONF_HT_OPMODE={0x6, 0x16, 0x7}]}, @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0x1b26}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@device_b}, @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}], @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@device_b}, @NL80211_ATTR_KEYS={0x1fc, 0x51, 0x0, 0x1, [{0x50, 0x0, 0x0, 0x1, [@NL80211_KEY_TYPE={0x8}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "f2c8b74ea3d6dc22be3dfe099a"}, @NL80211_KEY_SEQ={0x13, 0x4, "460a4b01d713ec1d964317916c057a"}, @NL80211_KEY_CIPHER={0x8}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}, @NL80211_KEY_DEFAULT_MGMT={0x4}, @NL80211_KEY_TYPE={0x8, 0x7, 0x2}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_KEY_MODE={0x5, 0x9, 0x2}]}, {0x34, 0x0, 0x0, 0x1, [@NL80211_KEY_IDX={0x5, 0x2, 0x3f}, @NL80211_KEY_IDX={0x5, 0x2, 0x4}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "d50e9faf06"}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "3d789d27d1abd46c18cbba2fba"}]}, {0x28, 0x0, 0x0, 0x1, [@NL80211_KEY_CIPHER={0x8, 0x3, 0xfac05}, @NL80211_KEY_TYPE={0x8, 0x7, 0x1}, @NL80211_KEY_SEQ={0xf, 0x4, "b66f7e651bbfe65272a451"}, @NL80211_KEY_DEFAULT_MGMT={0x4}]}, {0x20, 0x0, 0x0, 0x1, [@NL80211_KEY_DATA_WEP40={0x9, 0x1, "aa3329df1b"}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac05}]}, {0x48, 0x0, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "268b80f806cbc4a571905b3504"}, @NL80211_KEY_DEFAULT={0x4}, @NL80211_KEY_SEQ={0x11, 0x4, "8dca53448b5859ea87db242dd3"}, @NL80211_KEY_TYPE={0x8, 0x7, 0x2}, @NL80211_KEY_DEFAULT_MGMT={0x4}, @NL80211_KEY_DEFAULT_MGMT={0x4}, @NL80211_KEY_TYPE={0x8}]}, {0x2c, 0x0, 0x0, 0x1, [@NL80211_KEY_IDX={0x5}, @NL80211_KEY_TYPE={0x8, 0x7, 0x2}, @NL80211_KEY_TYPE={0x8}, @NL80211_KEY_DEFAULT_TYPES={0x10, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}]}, {0x28, 0x0, 0x0, 0x1, [@NL80211_KEY_MODE={0x5, 0x9, 0x1}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_IDX={0x5, 0x2, 0x3}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac01}, @NL80211_KEY_DEFAULT_MGMT={0x4}]}, {0x84, 0x0, 0x0, 0x1, [@NL80211_KEY_IDX={0x5, 0x2, 0x2}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac05}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "89b70b59db160c49d2d3e427f1"}, @NL80211_KEY_DEFAULT_TYPES={0x10, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_KEY_CIPHER={0x8, 0x3, 0x4}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "ea4bdc3e90"}, @NL80211_KEY_CIPHER={0x8}, @NL80211_KEY_DEFAULT_TYPES={0x28, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_KEY_MODE={0x5}]}]}]}, 0x284}, 0x1, 0x0, 0x0, 0x40}, 0x4040000) r3 = syz_open_dev$mouse(&(0x7f00000005c0), 0xffffffffffffffad, 0x0) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000640), r1) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000680)={'batadv_slave_0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCADD6RD(0xffffffffffffffff, 0x89f9, &(0x7f0000000740)={'sit0\x00', &(0x7f00000006c0)={'ip6tnl0\x00', 0x0, 0x4, 0xb, 0x5, 0x1, 0x10, @empty, @private1={0xfc, 0x1, '\x00', 0x1}, 0x8000, 0x7800, 0x3, 0xffffffff}}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000840)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_MESH(r3, &(0x7f0000000940)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000900)={&(0x7f0000000880)={0x5c, r4, 0x4, 0xc63, 0x25dfdbfb, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r6}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0xfff}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10}, 0x404c000) [ 88.616973] audit: type=1400 audit(1738057491.302:7): avc: denied { execmem } for pid=273 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 09:44:51 executing program 5: ioctl$KDSKBLED(0xffffffffffffffff, 0x4b65, 0x0) ioctl$TIOCGPTLCK(0xffffffffffffffff, 0x80045439, &(0x7f0000000000)) ioctl$TIOCGISO7816(0xffffffffffffffff, 0x80285442, &(0x7f0000000040)) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x5c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}, @WGDEVICE_A_FLAGS={0x8}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg2\x00'}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e22}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}, @WGDEVICE_A_IFINDEX={0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4804}, 0x81) ioctl$TIOCL_SETVESABLANK(0xffffffffffffffff, 0x541c, &(0x7f00000001c0)) ioctl$KDDISABIO(0xffffffffffffffff, 0x4b37) ioctl$KDENABIO(0xffffffffffffffff, 0x4b36) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000000200)={'wg2\x00'}) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) socket$nl_generic(0x10, 0x3, 0x10) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000240), &(0x7f0000000280)=0x14) r3 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TIOCOUTQ(r3, 0x5411, &(0x7f00000002c0)) ioctl$KDENABIO(r2, 0x4b36) ioctl$TIOCSPTLCK(r3, 0x40045431, &(0x7f0000000300)=0x1) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x80, 0x0) accept4(r1, &(0x7f0000000380)=@alg, &(0x7f0000000400)=0x80, 0x80000) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000440), &(0x7f0000000480)=0x14) 09:44:51 executing program 4: r0 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x9) ioctl$TIOCL_SCROLLCONSOLE(r0, 0x541c, &(0x7f0000000000)={0xd, 0x2}) ioctl$TIOCGWINSZ(r0, 0x5413, &(0x7f0000000040)) ioctl$TIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) ioctl$TIOCGISO7816(r0, 0x80285442, &(0x7f00000000c0)) r1 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_CMAP(r1, 0x4b71, &(0x7f0000000100)={0x10000, 0x0, 0x7, 0x1, 0x6, 0xffff}) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000140), 0x48000, 0x0) ioctl$TIOCSPTLCK(r2, 0x40045431, &(0x7f0000000180)) ioctl$PIO_SCRNMAP(r1, 0x4b41, &(0x7f00000001c0)="19e63e87d89c30bee88581483533dde0f06ba719ee259380bb492bca485b4210e21a2fbf67d0459525230f6c30871ab1b233") syz_open_dev$ttys(0xc, 0x2, 0x1) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$PIO_SCRNMAP(r3, 0x4b41, &(0x7f0000000240)="65d28ee382c0913f62cbc1dd887af27cba6594ae2bdb96dfbb2cf9cfcc85c668d9bd1efd1ab9ef37bb928d3ca818699653a983eb734bc7a67de6d623") ioctl$TIOCL_SETVESABLANK(r2, 0x541c, &(0x7f0000000280)) setsockopt$inet6_tcp_buf(r2, 0x6, 0x1a, &(0x7f00000002c0)="b66b551005dcf2e07098dd7448e5d455d708102761d741cfce83d9352c1c07dea230dfef45ce187471f2843094405dc15287240f47981201780b9df7153d7bd0e38a7351654f325039df8f5d078d0f58359094113cfada7e5ecb", 0x5a) getuid() ioctl$SG_SCSI_RESET(r2, 0x2284, 0x0) ioctl$TIOCGRS485(0xffffffffffffffff, 0x542e, &(0x7f0000000340)) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000380), 0x200000, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(r4, 0x5385, &(0x7f00000003c0)={0x15, ""/21}) 09:44:51 executing program 6: sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000140)={&(0x7f0000000040)={0xf8, 0x0, 0x404, 0x70bd2c, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_SSID={0xe, 0x34, @random="f77061a29edfc25377a9"}, @NL80211_ATTR_KEYS={0x54, 0x51, 0x0, 0x1, [{0x50, 0x0, 0x0, 0x1, [@NL80211_KEY_TYPE={0x8, 0x7, 0x1}, @NL80211_KEY_TYPE={0x8, 0x7, 0x1}, @NL80211_KEY_SEQ={0x6, 0x4, "9af5"}, @NL80211_KEY_IDX={0x5, 0x2, 0x1}, @NL80211_KEY_TYPE={0x8, 0x7, 0x2}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac01}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "97a88ef2541650d9d1108dda1f"}, @NL80211_KEY_DEFAULT_TYPES={0x8, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}]}]}, @NL80211_ATTR_FREQ_FIXED={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x231}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x2c}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0xe}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x4}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x100}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0xa7}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}, @NL80211_ATTR_CHANNEL_WIDTH={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16e4}], @NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0x4000, 0x1, 0x5, 0x0, {0xc18, 0x6, 0x0, 0xc2, 0x0, 0x1, 0x0, 0x1, 0x1}, 0x8, 0x800, 0x2}}]}, 0xf8}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x44, 0x0, 0x200, 0x70bd2b, 0x25dfdbff, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @local}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x7}]}, 0x44}}, 0x0) socketpair(0x2d, 0x800, 0x8, &(0x7f0000000300)={0xffffffffffffffff}) sendmsg$FOU_CMD_DEL(r0, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x48, 0x0, 0x300, 0x70bd27, 0x25dfdbfb, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @multicast2}, @FOU_ATTR_TYPE={0x5, 0x4, 0x2}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @multicast2}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e22}, @FOU_ATTR_PEER_V6={0x14, 0x9, @private0={0xfc, 0x0, '\x00', 0x1}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000040}, 0x4) sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x34, 0x0, 0x2, 0x70bd26, 0x25dfdbfc, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x2}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x4000000) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000640)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x3c, 0x0, 0x400, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xfffffffc}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x40000000) socketpair(0x2c, 0x800, 0x9, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f00000006c0), 0x2, 0x0) r4 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000ac0)={0x124, 0x0, &(0x7f0000000940)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000700)={@flat=@weak_handle={0x77682a85, 0x1b9079bf80a71bd9, 0x1}, @fd={0x66642a85, 0x0, r3}, @fd={0x66642a85, 0x0, r1}}, &(0x7f0000000780)={0x0, 0x18, 0x30}}}, @increfs_done={0x40106308, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x58, 0x18, &(0x7f00000007c0)={@fda={0x66646185, 0xa, 0x2, 0x1a}, @fda={0x66646185, 0x6, 0x2, 0x1}, @fd={0x66642a85, 0x0, r4}}, &(0x7f0000000840)={0x0, 0x20, 0x40}}, 0x40}, @transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000880)={@fd={0x66642a85, 0x0, r2}, @fda={0x66646185, 0x3, 0x0, 0x5}, @flat=@handle={0x73682a85, 0x1101, 0x1}}, &(0x7f0000000900)={0x0, 0x18, 0x38}}}, @clear_death={0x400c630f, 0x2}, @free_buffer, @dead_binder_done, @acquire_done={0x40106309, 0x1}], 0x3e, 0x0, &(0x7f0000000a80)="62a59b0b4c883781648f208bde3f02c55a3ac2318928fe0d87c7a8c194b25493d0471cb628a6bb375a97096bad60b84731922e158308eaa23089b4c028b5"}) sendmsg$NL80211_CMD_DEAUTHENTICATE(r0, &(0x7f0000000c40)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000c00)={&(0x7f0000000b40)={0xa8, 0x0, 0x20, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x7ff}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x2}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x7}, @NL80211_ATTR_MAC={0xa, 0x6, @random="d98966d4e757"}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@broadcast}, @NL80211_ATTR_IE={0x2c, 0x2a, [@mesh_config={0x71, 0x7, {0x0, 0x1, 0x1, 0x0, 0xffffffffffffffff, 0x1, 0x60}}, @rann={0x7e, 0x15, {{0x1}, 0x3f, 0x8, @device_b, 0x5, 0x9, 0x6c}}, @cf={0x4, 0x6, {0x9, 0xff, 0x8000, 0x5}}]}, @NL80211_ATTR_SSID={0x24, 0x34, @random="7c97bae33f4f077f58b066f4e33d6ffc04b57550dfdc3bd429fd2324993e5ea6"}, @NL80211_ATTR_MAC={0xa, 0x6, @random="40dfdaa33236"}]}, 0xa8}, 0x1, 0x0, 0x0, 0x4040008}, 0x8008041) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r2, &(0x7f0000000d40)={&(0x7f0000000c80)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000d00)={&(0x7f0000000cc0)={0x24, 0x0, 0x10, 0x70bd2a, 0x25dfdbfd, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x24004000}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r5, &(0x7f0000000e40)={&(0x7f0000000d80)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000e00)={&(0x7f0000000dc0)={0x2c, 0x0, 0x800, 0x70bd27, 0x25dfdbfc, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x400}, 0x4000) ioctl$TIOCSBRK(r4, 0x5427) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$GTP_CMD_NEWPDP(r6, &(0x7f0000000f40)={&(0x7f0000000e80)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000f00)={&(0x7f0000000ec0)={0x2c, 0x0, 0x100, 0x70bd2b, 0x25dfdbfb, {}, [@GTPA_PEER_ADDRESS={0x8, 0x4, @remote}, @GTPA_LINK={0x8}, @GTPA_I_TEI={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x90}, 0x40821) r7 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000fc0), 0x80000, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), r7) openat$cgroup_freezer_state(r7, &(0x7f0000001000), 0x2, 0x0) 09:44:51 executing program 7: ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4a, &(0x7f0000000000)) r0 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0xffffffffffff3b2e) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x1) ioctl$VT_SETMODE(r0, 0x5602, &(0x7f0000000080)={0x6d, 0x1, 0x1, 0x3, 0x2}) ioctl$KDSKBSENT(0xffffffffffffffff, 0x4b49, &(0x7f00000000c0)={0x7, "f44a9e0cd45b71da9f01e22aa124142a2ae5f4c3ca9e652a49242b7572352199e1fa1a90cb7806e1cdd648f1c3c9e4635237da890c90b23644fcb737dccfcb5b87f31a009b055581bc6961292bf2d6269f993196ccfa031ce527f26970f53a2679c64de704f28a7b65b4b96860ec2e4a1971c6bd89a6d495adeacdc8888560435e5bda698cf4a5cce543dcf5078d78e737e398b0d0365c561d076d2429b5a7ccc6381705709b43fdb96bb58015cb8d541da53ad613e1258ba668a7687790e0f8ca5988daa000e4313b6ffebefc76442dd2925a5f3168ddf125783d4fa6faea576bf6182eb6b88be800cdefe92cc973b5bdd4817b3f61b2eb50de15df5be98448d64f31ba1d82e8f1c53c1882488b69a039649635e9ae791e61651057199a3a4a026d5b5d00bfb45c248f59d28922672fff07cc052065b40a2caf9c981bf1e32ea93e00017956a67af1c3d5620b932b4efe7d8f833f68768b9e9236b4b00ea299d45c14ed8494b6478bf791fcdfe59c45cc27bac42f4d2ca5ab2bd19d75f8d57eb31c105066257b53370ff5166c0b91d04cda804dd1b7f0403665e05d6911ecf4ba8f4841f117cda23e1e597e62617d788ab9ae6b93ec0e450c2995800062b37fb1991f3950f27c9a443fcd6c1befbe4b756c54d981ada69338c374519e2b20bfb6cafbf6edf1f9e4c2ebc4288e8f6561dd1c96511e479cedb0c6eb80c08f52b0"}) ioctl$VT_SETMODE(r0, 0x5602, &(0x7f0000000300)={0xff, 0xcf, 0x4bc, 0x6000, 0x401}) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCGETA(r1, 0x5405, &(0x7f0000000340)) ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f0000000380)) ioctl$TIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f00000003c0)) ioctl$KDSKBSENT(r1, 0x4b49, &(0x7f0000000400)={0x8, "35131ad543c9b68108058983d5f2a71f989d8a63dfb143168c80bdd7d9c438cc7ec920df8ceabeff6bb66c0432007f7e40e7b8853d362ff97cf31d9566595b27b68ea51de1195bc050ef47d2e5386719c367db1c522638aca9988e0c5040378b8eeb26143cf434b3ca3088c9739d87f63fd8a1b35e1e6774f9c692f66c2faccdf07757a9e025882985110755f27b331da650d6e0ce277a8cd615b87cde171358a34e7bcc2d494816ec300fedde365c2b99f52206ec614556586647014b4ee3705675c6994126137c4d0380dd9d0d85a9523017328de2febb6c533a7380183f474038fc10476717e23848eb8e98ff7638e311b95e6bab7fa10aa055935b04611887a1c0036ff1f85255e1f95b062cd71d1c66ce37572cba7bbd2188d10e3e92e0842fd3741258cfa57c9dd8d772130e3b39da26209f4047e28ec489f6279a2f7e850decd8ebf1405ba9188b388649880465b68f1e7387934d84255252651086669653ea1b85c8b2d73fe04d3e1af2da0be8a3d9aba8f23cc0aa5b2d67af10e3541ef99dd0008ac413a0cb6307ee42ad60e901c8bdcf5b78bf387a287461834b7ff8279da898be67b1f2b773228dcb0ccde8eb906ce4faec863545af724f5caee7e44861b5f3fba75280eee64763ffcd950975ae178cbdc157bb1a709bcc5c58fb15a60999df3475377ee1a4d99ea0d8f6123c2eea02404bdacdfc71791efd6053"}) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000640), 0x80, 0x0) ioctl$SG_SET_KEEP_ORPHAN(r2, 0x2287, &(0x7f0000000680)=0x5) ioctl$SG_GET_RESERVED_SIZE(r2, 0x2272, &(0x7f00000006c0)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000740), r2) sendmsg$NL80211_CMD_JOIN_IBSS(r3, &(0x7f0000000840)={&(0x7f0000000700), 0xc, &(0x7f0000000800)={&(0x7f0000000780)={0x58, r4, 0x200, 0x70bd2c, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x3f, 0x65}}}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x800}, @NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0x1f}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x15e0}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1bd}]]}, 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x80) ioctl$KDSKBLED(r1, 0x4b65, 0x9) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000008c0), r2) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r2, &(0x7f00000009c0)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000980)={&(0x7f0000000900)={0x70, r5, 0x8, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0xd}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x28}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x7}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x13}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x10}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x28}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0xe}]}, 0x70}, 0x1, 0x0, 0x0, 0x20004050}, 0x800) [ 90.037496] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 90.041763] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.042766] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 90.045107] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 90.048450] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.050973] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.051198] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 90.054158] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 90.055389] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.056550] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 90.061542] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 90.064140] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 90.137739] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 90.143819] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 90.144999] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 90.148416] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 90.154583] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 90.155945] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 90.157092] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 90.160582] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 90.161999] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 90.163179] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 90.165410] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 90.166836] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 90.167846] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 90.169040] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 90.170241] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 90.173118] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 90.174937] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 90.176149] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 90.210135] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 90.215194] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 90.222602] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 90.223705] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 90.230624] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 90.242522] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 90.243216] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 90.243974] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 90.255425] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 90.256124] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 90.265567] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 90.267654] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 90.268517] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 90.269180] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 90.280041] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 90.281029] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 90.284877] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 90.288183] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 92.116988] Bluetooth: hci1: command tx timeout [ 92.178665] Bluetooth: hci0: command tx timeout [ 92.242542] Bluetooth: hci2: command tx timeout [ 92.242598] Bluetooth: hci4: command tx timeout [ 92.243589] Bluetooth: hci3: command tx timeout [ 92.306383] Bluetooth: hci7: command tx timeout [ 92.370817] Bluetooth: hci6: command tx timeout [ 92.370835] Bluetooth: hci5: command tx timeout [ 94.163026] Bluetooth: hci1: command tx timeout [ 94.226575] Bluetooth: hci0: command tx timeout [ 94.290444] Bluetooth: hci4: command tx timeout [ 94.290528] Bluetooth: hci3: command tx timeout [ 94.292892] Bluetooth: hci2: command tx timeout [ 94.355700] Bluetooth: hci7: command tx timeout [ 94.418754] Bluetooth: hci6: command tx timeout [ 94.420220] Bluetooth: hci5: command tx timeout [ 96.210355] Bluetooth: hci1: command tx timeout [ 96.274363] Bluetooth: hci0: command tx timeout [ 96.339342] Bluetooth: hci3: command tx timeout [ 96.339357] Bluetooth: hci4: command tx timeout [ 96.339405] Bluetooth: hci2: command tx timeout [ 96.403432] Bluetooth: hci7: command tx timeout [ 96.466621] Bluetooth: hci6: command tx timeout [ 96.467950] Bluetooth: hci5: command tx timeout [ 98.258486] Bluetooth: hci1: command tx timeout [ 98.322370] Bluetooth: hci0: command tx timeout [ 98.387465] Bluetooth: hci2: command tx timeout [ 98.388039] Bluetooth: hci3: command tx timeout [ 98.388071] Bluetooth: hci4: command tx timeout [ 98.450370] Bluetooth: hci7: command tx timeout [ 98.515352] Bluetooth: hci5: command tx timeout [ 98.515962] Bluetooth: hci6: command tx timeout [ 150.004087] syz-executor.5 (284) used greatest stack depth: 24640 bytes left [ 152.876184] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 152.879928] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 152.885804] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 152.886544] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 152.890506] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 152.893093] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 152.898452] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 152.900351] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 152.900564] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 152.902539] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 152.903609] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 152.905825] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 152.907084] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 152.915885] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 152.917069] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 152.918291] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 152.919676] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 152.920674] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 152.937684] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 152.945070] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 152.947477] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 152.954947] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 152.957891] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 152.959072] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 153.009941] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 153.017615] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 153.018652] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 153.023478] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 153.030437] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 153.033571] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 153.035746] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 153.036563] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 153.041727] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 153.042559] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 153.049962] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 153.051755] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 153.052666] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 153.054675] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 153.055466] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 153.057183] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 153.058834] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 153.060027] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 153.078716] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 153.082497] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 153.093877] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 153.127616] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 153.129682] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 153.131022] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 154.963415] Bluetooth: hci0: command tx timeout [ 154.963934] Bluetooth: hci2: command tx timeout [ 155.026784] Bluetooth: hci3: command tx timeout [ 155.026795] Bluetooth: hci1: command tx timeout [ 155.090586] Bluetooth: hci5: command tx timeout [ 155.154546] Bluetooth: hci6: command tx timeout [ 155.155508] Bluetooth: hci4: command tx timeout [ 155.156045] Bluetooth: hci7: command tx timeout [ 157.010502] Bluetooth: hci0: command tx timeout [ 157.011094] Bluetooth: hci2: command tx timeout [ 157.074365] Bluetooth: hci1: command tx timeout [ 157.075362] Bluetooth: hci3: command tx timeout [ 157.142147] Bluetooth: hci5: command tx timeout [ 157.202408] Bluetooth: hci4: command tx timeout [ 157.205382] Bluetooth: hci7: command tx timeout [ 157.205980] Bluetooth: hci6: command tx timeout [ 159.058383] Bluetooth: hci2: command tx timeout [ 159.058938] Bluetooth: hci0: command tx timeout [ 159.122362] Bluetooth: hci3: command tx timeout [ 159.122929] Bluetooth: hci1: command tx timeout [ 159.186377] Bluetooth: hci5: command tx timeout [ 159.250379] Bluetooth: hci6: command tx timeout [ 159.250965] Bluetooth: hci7: command tx timeout [ 159.250990] Bluetooth: hci4: command tx timeout [ 161.106372] Bluetooth: hci0: command tx timeout [ 161.106418] Bluetooth: hci2: command tx timeout [ 161.170703] Bluetooth: hci1: command tx timeout [ 161.170730] Bluetooth: hci3: command tx timeout [ 161.234418] Bluetooth: hci5: command tx timeout [ 161.298370] Bluetooth: hci4: command tx timeout [ 161.298494] Bluetooth: hci6: command tx timeout [ 161.298884] Bluetooth: hci7: command tx timeout [ 172.802815] modprobe (4436) used greatest stack depth: 24216 bytes left [ 215.012944] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 215.014870] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 215.016024] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 215.018630] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 215.020552] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 215.021700] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 215.072616] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 215.084434] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 215.087529] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 215.092624] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 215.100061] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 215.105872] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 215.267771] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 215.270985] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 215.273147] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 215.277664] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 215.281055] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 215.282686] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 215.342062] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 215.350568] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 215.352350] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 215.361039] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 215.366525] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 215.368124] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 215.396185] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 215.398730] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 215.403744] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 215.405354] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 215.410601] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 215.414996] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 215.420521] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 215.423072] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 215.430771] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 215.467610] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 215.471042] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 215.472284] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 215.546902] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 215.558616] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 215.560826] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 215.563371] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 215.569225] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 215.574712] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 215.598519] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 215.624767] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 215.633769] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 215.635643] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 215.639733] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 215.645887] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 217.043449] Bluetooth: hci0: command tx timeout [ 217.170534] Bluetooth: hci1: command tx timeout [ 217.363347] Bluetooth: hci2: command tx timeout [ 217.426353] Bluetooth: hci3: command tx timeout [ 217.490407] Bluetooth: hci5: command tx timeout [ 217.490431] Bluetooth: hci4: command tx timeout [ 217.683007] Bluetooth: hci7: command tx timeout [ 217.747560] Bluetooth: hci6: command tx timeout [ 219.090390] Bluetooth: hci0: command tx timeout [ 219.218345] Bluetooth: hci1: command tx timeout [ 219.411446] Bluetooth: hci2: command tx timeout [ 219.477280] Bluetooth: hci3: command tx timeout [ 219.538372] Bluetooth: hci4: command tx timeout [ 219.538390] Bluetooth: hci5: command tx timeout [ 219.732627] Bluetooth: hci7: command tx timeout [ 219.795402] Bluetooth: hci6: command tx timeout [ 221.138380] Bluetooth: hci0: command tx timeout [ 221.268303] Bluetooth: hci1: command tx timeout [ 221.459469] Bluetooth: hci2: command tx timeout [ 221.523373] Bluetooth: hci3: command tx timeout [ 221.586329] Bluetooth: hci4: command tx timeout [ 221.586858] Bluetooth: hci5: command tx timeout [ 221.778363] Bluetooth: hci7: command tx timeout [ 221.843412] Bluetooth: hci6: command tx timeout [ 223.187336] Bluetooth: hci0: command tx timeout [ 223.314466] Bluetooth: hci1: command tx timeout [ 223.507569] Bluetooth: hci2: command tx timeout [ 223.571337] Bluetooth: hci3: command tx timeout [ 223.635351] Bluetooth: hci5: command tx timeout [ 223.635370] Bluetooth: hci4: command tx timeout [ 223.826388] Bluetooth: hci7: command tx timeout [ 223.890356] Bluetooth: hci6: command tx timeout [ 277.621050] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 277.625196] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 277.626816] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 277.630465] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 277.633328] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 277.634640] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 277.636926] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 277.638634] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 277.639625] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 277.644748] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 277.665370] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 277.694795] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 277.763174] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 277.772023] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 277.775810] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 277.801675] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 277.803308] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 277.809762] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 277.809991] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 277.811635] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 277.812521] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 277.815405] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 277.816506] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 277.826356] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 277.826659] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 277.834282] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 277.856648] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 277.860874] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 277.863630] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 277.864740] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 277.866959] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 277.868188] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 277.877283] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 277.878353] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 277.881454] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 277.883085] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 277.885801] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 277.886887] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 277.895707] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 277.896664] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 277.908492] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 277.910133] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 277.917507] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 277.929523] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 277.933525] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 277.934405] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 277.953532] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 277.954866] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 279.698347] Bluetooth: hci1: command tx timeout [ 279.762394] Bluetooth: hci0: command tx timeout [ 279.891472] Bluetooth: hci3: command tx timeout [ 279.956314] Bluetooth: hci2: command tx timeout [ 279.957336] Bluetooth: hci5: command tx timeout [ 280.018449] Bluetooth: hci6: command tx timeout [ 280.018465] Bluetooth: hci4: command tx timeout [ 280.018855] Bluetooth: hci7: command tx timeout [ 281.746467] Bluetooth: hci1: command tx timeout [ 281.811304] Bluetooth: hci0: command tx timeout [ 281.938438] Bluetooth: hci3: command tx timeout [ 282.002761] Bluetooth: hci5: command tx timeout [ 282.003513] Bluetooth: hci2: command tx timeout [ 282.066445] Bluetooth: hci4: command tx timeout [ 282.067006] Bluetooth: hci7: command tx timeout [ 282.067039] Bluetooth: hci6: command tx timeout [ 283.795301] Bluetooth: hci1: command tx timeout [ 283.858352] Bluetooth: hci0: command tx timeout [ 283.986406] Bluetooth: hci3: command tx timeout [ 284.050464] Bluetooth: hci5: command tx timeout [ 284.050593] Bluetooth: hci2: command tx timeout [ 284.114848] Bluetooth: hci6: command tx timeout [ 284.114998] Bluetooth: hci4: command tx timeout [ 284.115441] Bluetooth: hci7: command tx timeout [ 285.845289] Bluetooth: hci1: command tx timeout [ 285.906614] Bluetooth: hci0: command tx timeout [ 286.035553] Bluetooth: hci3: command tx timeout [ 286.098367] Bluetooth: hci5: command tx timeout [ 286.098938] Bluetooth: hci2: command tx timeout [ 286.162421] Bluetooth: hci6: command tx timeout [ 286.162976] Bluetooth: hci4: command tx timeout [ 286.163951] Bluetooth: hci7: command tx timeout [ 340.064839] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 340.072658] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 340.096942] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 340.261788] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 340.264859] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 340.266295] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 340.267064] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 340.276685] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 340.278661] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 340.291707] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 340.294330] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 340.295525] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 340.303568] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 340.305788] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 340.315479] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 340.318791] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 340.320516] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 340.323819] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 340.326635] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 340.333480] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 340.408005] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 340.411318] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 340.414532] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 340.415874] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 340.418565] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 340.420548] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 340.426799] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 340.428998] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 340.440934] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 340.453628] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 340.457772] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 340.460802] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 340.464756] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 340.508699] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 340.514374] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 340.561486] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 340.567081] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 340.571659] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 340.574200] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 340.576598] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 340.608827] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 340.640480] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 340.642960] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 340.646164] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 340.654573] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 340.658522] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 340.661587] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 340.663465] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 342.354659] Bluetooth: hci2: command tx timeout [ 342.355614] Bluetooth: hci0: command tx timeout [ 342.418366] Bluetooth: hci1: command tx timeout [ 342.610421] Bluetooth: hci6: command tx timeout [ 342.611458] Bluetooth: hci3: command tx timeout [ 342.612065] Bluetooth: hci5: command tx timeout [ 342.738975] Bluetooth: hci4: command tx timeout [ 342.803510] Bluetooth: hci7: command tx timeout [ 344.402390] Bluetooth: hci0: command tx timeout [ 344.402939] Bluetooth: hci2: command tx timeout [ 344.467579] Bluetooth: hci1: command tx timeout [ 344.661265] Bluetooth: hci5: command tx timeout [ 344.661827] Bluetooth: hci3: command tx timeout [ 344.662871] Bluetooth: hci6: command tx timeout [ 344.787319] Bluetooth: hci4: command tx timeout [ 344.850988] Bluetooth: hci7: command tx timeout [ 346.450788] Bluetooth: hci0: command tx timeout [ 346.452472] Bluetooth: hci2: command tx timeout [ 346.514301] Bluetooth: hci1: command tx timeout [ 346.707008] Bluetooth: hci6: command tx timeout [ 346.708708] Bluetooth: hci3: command tx timeout [ 346.710411] Bluetooth: hci5: command tx timeout [ 346.834462] Bluetooth: hci4: command tx timeout [ 346.898475] Bluetooth: hci7: command tx timeout [ 348.500379] Bluetooth: hci0: command tx timeout [ 348.502020] Bluetooth: hci2: command tx timeout [ 348.562443] Bluetooth: hci1: command tx timeout [ 348.755759] Bluetooth: hci6: command tx timeout [ 348.756415] Bluetooth: hci5: command tx timeout [ 348.757373] Bluetooth: hci3: command tx timeout [ 348.882443] Bluetooth: hci4: command tx timeout [ 348.947264] Bluetooth: hci7: command tx timeout VM DIAGNOSIS: 09:50:01 Registers: info registers vcpu 0 RAX=dffffc0000000000 RBX=0000000000000001 RCX=0000000000000001 RDX=1ffff1100479bebf RSI=ffff888023cdfee0 RDI=ffff888023cdf5f8 RBP=ffff888023cdff48 RSP=ffff888023cdf538 R8 =0000000000000001 R9 =ffff888023cdf5e8 R10=000000000003ab7c R11=0000000000021356 R12=ffff888023cdf608 R13=ffff888023cdf5f0 R14=ffff888023cdfee0 R15=ffff888023cdf5a8 RIP=ffffffff81349ad6 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f52e80f6540 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f52e85d0000 CR3=0000000026df6000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00ff0000000000000000000000ff0000 XMM01=ff00ffffffffffffffffffffff0000ff XMM02=00666e6f6373797300657a696c616e69 XMM03=00000000000000000000000000616e69 XMM04=68637300666e6f6373797300657a696c XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=dffffc0000000000 RBX=0000000000092cc0 RCX=0000000000000000 RDX=0000000000000000 RSI=ffffffff81a4b1cd RDI=ffffffff85cef120 RBP=ffff888023cf7bc0 RSP=ffff888023cf7a98 R8 =0000000000000001 R9 =ffff88803127dd88 R10=ffffffff864043d7 R11=0000000000000001 R12=ffffffff85cef120 R13=ffffffff81a4b1cd R14=00000000000000e8 R15=ffffffff81aef37f RIP=ffffffff8150241e RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fdd03c1c540 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe7f00000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055c4844d6008 CR3=0000000029136000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ffffffffffffffffffffffffffffffff XMM01=2f7273752f3a6e6962732f3d48544150 XMM02=000000000000000000ff000000000000 XMM03=00000000000000000000ff00000000ff XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=5f45424f5250444f4d0068563a623a6b XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000