Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:42305' (ECDSA) to the list of known hosts. 2025/04/28 13:20:30 fuzzer started 2025/04/28 13:20:31 dialing manager at localhost:46629 syzkaller login: [ 93.374036] cgroup: Unknown subsys name 'net' [ 93.508097] cgroup: Unknown subsys name 'cpuset' [ 93.551681] cgroup: Unknown subsys name 'rlimit' 2025/04/28 13:20:47 syscalls: 213 2025/04/28 13:20:47 code coverage: enabled 2025/04/28 13:20:47 comparison tracing: enabled 2025/04/28 13:20:47 extra coverage: enabled 2025/04/28 13:20:47 setuid sandbox: enabled 2025/04/28 13:20:47 namespace sandbox: enabled 2025/04/28 13:20:47 Android sandbox: enabled 2025/04/28 13:20:47 fault injection: enabled 2025/04/28 13:20:47 leak checking: enabled 2025/04/28 13:20:47 net packet injection: enabled 2025/04/28 13:20:47 net device setup: enabled 2025/04/28 13:20:47 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/04/28 13:20:47 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/04/28 13:20:47 USB emulation: enabled 2025/04/28 13:20:47 hci packet injection: enabled 2025/04/28 13:20:47 wifi device emulation: enabled 2025/04/28 13:20:47 802.15.4 emulation: enabled 2025/04/28 13:20:47 fetching corpus: 0, signal 0/0 (executing program) 2025/04/28 13:20:49 starting 8 fuzzer processes 13:20:49 executing program 0: ioctl$RTC_ALM_SET(0xffffffffffffffff, 0x40247007, &(0x7f0000000000)={0x1d, 0x14, 0x3, 0x6, 0x2, 0x8, 0x1, 0x13d, 0xffffffffffffffff}) ioctl$RTC_AIE_ON(0xffffffffffffffff, 0x7001) mlockall(0x1) ioctl$RTC_VL_READ(0xffffffffffffffff, 0x80047013, &(0x7f0000000040)) r0 = io_uring_setup(0x6091, &(0x7f0000000080)={0x0, 0xfdba, 0x1, 0x1, 0x372}) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000002340)=[{&(0x7f0000000100)=""/56, 0x38}, {&(0x7f0000000140)=""/165, 0xa5}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/226, 0xe2}, {&(0x7f0000001300)=""/4096, 0x1000}, {&(0x7f0000002300)=""/59, 0x3b}], 0x6) io_uring_register$IORING_UNREGISTER_BUFFERS(r0, 0x1, 0x0, 0x0) r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000023c0), 0x2004, 0x0) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000002400), 0x2, 0x0) io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000002440)=[r2, r0, r0, r0, r0, r0, r0], 0x7) mlockall(0x2) read$rfkill(r1, &(0x7f0000002480), 0x8) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r1, 0x6, 0x15, &(0x7f00000024c0)=0x2, 0x4) mlockall(0x3) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000002500), 0x4) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000002540), 0x4) r3 = syz_open_dev$rtc(&(0x7f0000002580), 0x52, 0x244180) ioctl$RTC_VL_READ(r3, 0x80047013, &(0x7f00000025c0)) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000002600), 0x4) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000003840)=[{&(0x7f0000002640)=""/177, 0xb1}, {&(0x7f0000002700)=""/154, 0x9a}, {&(0x7f00000027c0)=""/101, 0x65}, {&(0x7f0000002840)=""/4096, 0x1000}], 0x4) 13:20:49 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000000)=@ccm_128={{}, "6a6d5aa4bcf346ef", "638356b0821a92cae64ee21fb1268730", "2d68d065", "ee3bf8738a1f2022"}, 0x28) getsockopt$inet6_tcp_int(r0, 0x6, 0x24, &(0x7f0000000040), &(0x7f0000000080)=0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14) r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000200), 0x4400, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x11, &(0x7f0000000240)=0x1, 0x4) bind$bt_sco(r2, &(0x7f0000000280), 0x8) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000300)={0x5, &(0x7f00000002c0)=[{0x8000, 0x45, 0x81, 0x4}, {0x20, 0x4, 0xfc, 0x8000}, {0x5, 0x2, 0x2, 0x1ff}, {0x2, 0xdc, 0x8, 0x3f5}, {0x3, 0x3, 0x40, 0x8}]}) fstat(r3, &(0x7f0000000340)) setsockopt$inet6_tcp_int(r0, 0x6, 0xa, &(0x7f00000003c0)=0x1, 0x4) ioctl$sock_inet6_tcp_SIOCOUTQ(r2, 0x5411, &(0x7f0000000400)) write$tun(r2, &(0x7f0000000440)={@void, @val={0x1, 0x1, 0x2e, 0x7, 0x4, 0x4}, @llc={@llc={0xd4, 0x42, "fa0b", "cf796d14cefaf21a675cd0fbb791236d136596437eb81d0ad15ec4be91b137df7159edb812e618871d47f0a3b6708743ecab874d93b5966c2fe51b51cd86c23b5b7254b1b60bcd122d89ea5eeb1e00091497dfe903bed3a0121ebccaad200ecf2c5d45cf21117de6d81d922f88dd09095bdb3de43a1b426615b5c574a33ffad9a832eaa564e371fe456fedf0dbd3e8badb5693b740d3b4a410277c76e23c0e2d8afe776ce04e9fe1480ebefb155b5b31c8a83676f202ef62007b4d5ae1680cbfb62417e387e7f4f488d6483dfcb00f6811795fa3830db40eda500344d471"}}}, 0xec) syz_extract_tcp_res$synack(&(0x7f0000000540), 0x1, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r5 = accept4$packet(r2, &(0x7f00000007c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000800)=0x14, 0x800) ioctl$sock_SIOCADDRT(r4, 0x890b, &(0x7f0000000880)={0x0, @can={0x1d, r6}, @rc={0x1f, @any, 0x20}, @l2tp={0x2, 0x0, @broadcast}, 0x20, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)='erspan0\x00', 0x8, 0x100000001}) ioctl$sock_inet6_tcp_SIOCATMARK(r2, 0x8905, &(0x7f0000000900)) accept4$packet(r5, 0x0, &(0x7f0000000940), 0x800) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000001a00)={&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f0000000980)=""/4096, 0x1000, 0x1, &(0x7f0000001980)=""/114, 0x72}, &(0x7f0000001a40)=0x40) 13:20:49 executing program 2: ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(0xffffffffffffffff, 0xc0bc5310, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f00000000c0)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x4000, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000140)=[0xffffffffffffffff, 0xffffffffffffffff, r0, 0xffffffffffffffff, r1, 0xffffffffffffffff, r2], 0x7) r3 = io_uring_setup(0x5171, &(0x7f0000000180)={0x0, 0x1b9a, 0x1, 0x2, 0x376}) r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000200), 0x240040, 0x0) getsockname$packet(r4, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000280)=0x14) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x50, r3, 0x8000000) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x2000) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r5, 0x40a85323, &(0x7f0000000300)={{0x22, 0x7f}, 'port1\x00', 0x42, 0x10022, 0x1f, 0x1, 0x1ff, 0x9, 0x3f, 0x0, 0x1, 0x6f}) ioctl$TUNGETFEATURES(r4, 0x800454cf, &(0x7f00000003c0)) getpriority(0x0, 0x0) setsockopt$inet6_icmp_ICMP_FILTER(r4, 0x1, 0x1, &(0x7f0000000400)={0x8}, 0x4) socket$packet(0x11, 0x2, 0x300) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r5, 0xc05c5340, &(0x7f0000000440)={0x101, 0x0, 0x40, {0x1ff, 0x2}, 0x8000, 0x6}) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x64, 0x0, 0x10, 0x70bd28, 0x25dfdbfc, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xfffffffffffffe01}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x3}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x8}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x20}]}, 0x64}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000004) read$rfkill(r4, &(0x7f0000000600), 0x8) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000640)=0x1, 0x4) [ 111.000341] audit: type=1400 audit(1745846449.230:7): avc: denied { execmem } for pid=272 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 13:20:49 executing program 3: ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, &(0x7f0000000000)) r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000040), 0x400000, 0x0) ioctl$RNDGETENTCNT(r0, 0x80045200, &(0x7f0000000080)) r1 = openat$random(0xffffffffffffff9c, &(0x7f00000000c0), 0xdb2ec4ac5e083036, 0x0) ioctl$RNDADDTOENTCNT(r1, 0x40045201, &(0x7f0000000100)=0x57680000) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000140)={'veth1_to_team\x00'}) ioctl$RNDZAPENTCNT(r1, 0x5204, &(0x7f0000000180)=0x7) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000200)={0x7, &(0x7f00000001c0)=[{0xfffa, 0x9, 0x8, 0x1}, {0x0, 0x5, 0x3, 0x5}, {0x2fc7, 0x3, 0x4, 0x8}, {0x4, 0x8, 0x20, 0x9e7}, {0x40, 0x2, 0x7, 0x2}, {0xf000, 0x1, 0xff, 0xfff}, {0x7, 0x2, 0x3}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000240)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0x40182103, &(0x7f00000002c0)={r3, 0x2, r1, 0x0, 0x80000}) r4 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000300), 0x200, 0x0) ioctl$RNDCLEARPOOL(r4, 0x5206, &(0x7f0000000340)=0x7) r5 = openat$random(0xffffffffffffff9c, &(0x7f0000000380), 0x101000, 0x0) ioctl$RNDGETENTCNT(r5, 0x80045200, &(0x7f00000003c0)) r6 = accept(0xffffffffffffffff, &(0x7f0000000400)=@hci, &(0x7f0000000480)=0x80) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r6, 0x6, 0x21, &(0x7f00000004c0)="e6258b1de84960a9738838e840e18ea4", 0x10) r7 = openat$random(0xffffffffffffff9c, &(0x7f0000000500), 0x200400, 0x0) ioctl$RNDZAPENTCNT(r7, 0x5204, &(0x7f0000000540)=0x20) ioctl$RNDZAPENTCNT(r5, 0x5204, &(0x7f0000000580)=0x5) io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x6, &(0x7f0000000600)={0x6, 0x0, &(0x7f00000005c0)=[0xffffffffffffffff]}, 0x1) 13:20:49 executing program 4: r0 = shmget$private(0x0, 0x1000, 0x1000, &(0x7f0000ffc000/0x1000)=nil) shmctl$IPC_INFO(r0, 0x3, &(0x7f0000000000)=""/56) ioctl$RNDADDTOENTCNT(0xffffffffffffffff, 0x40045201, &(0x7f0000000040)=0xffffff67) r1 = syz_io_uring_setup(0x66fa, &(0x7f0000000080)={0x0, 0xf3dc, 0x1, 0x1, 0x190}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)) syz_usb_connect$cdc_ecm(0x1, 0x5d, &(0x7f0000000180)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x4b, 0x1, 0x1, 0x8, 0xd0, 0x5, [{{0x9, 0x4, 0x0, 0xfb, 0x3, 0x2, 0x6, 0x0, 0x20, {{0xb, 0x24, 0x6, 0x0, 0x0, "425e1128624a"}, {0x5, 0x24, 0x0, 0x34da}, {0xd, 0x24, 0xf, 0x1, 0x7fffffff, 0x8, 0x7}, [@call_mgmt={0x5, 0x24, 0x1, 0x2, 0x6}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x5}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x20, 0x0, 0x7f}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0x2, 0x3}}}}}]}}]}}, &(0x7f0000000600)={0xa, &(0x7f0000000200)={0xa, 0x6, 0x250, 0x3, 0x1, 0x2f, 0x40, 0x1}, 0x66, &(0x7f0000000240)={0x5, 0xf, 0x66, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x3, 0x2, 0x7}, @wireless={0xb, 0x10, 0x1, 0x8, 0x24, 0x40, 0x1, 0x3, 0x9}, @wireless={0xb, 0x10, 0x1, 0xc, 0x5, 0x81, 0x3f, 0x8, 0x8}, @ssp_cap={0x18, 0x10, 0xa, 0x63, 0x3, 0x6, 0xf00, 0x2, [0x30, 0x30, 0x3f00]}, @ssp_cap={0x20, 0x10, 0xa, 0x1f, 0x5, 0x36, 0xf0f, 0x4, [0xff00, 0xff0000, 0xff0000, 0xffc0c0, 0x3f00]}, @ssp_cap={0xc, 0x10, 0xa, 0x6, 0x0, 0x200, 0xf0f, 0x3e1f}]}, 0x9, [{0xb1, &(0x7f00000002c0)=@string={0xb1, 0x3, "a7c7254934beae615787d004ec507e7a85d7391622dc06a20e47394c434a5f3c43f7642cd196f3bde356b0f5cda75909b9f8b0713b1a90676852cc3bc03cb02c9ed20c6d88cf8cc865fdc55b8408af2f2c759c49ab6f57ce6d39c4bd09cce35a14acbace06c096669d6f896ee8706cab8986aef1e958ce43189ab64e1f24c4c60fa9bd3572f02e54be2c0185559e3f8e008fb0030280c9ee44ecbc278a20d93aaac757e5089c48d133ebfde749f352"}}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x406}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x44e}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x412}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x340a}}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x448}}, {0x4, &(0x7f00000004c0)=@lang_id={0x4, 0x3, 0x3401}}, {0x8e, &(0x7f0000000500)=@string={0x8e, 0x3, "67baf6ba64357c143c0458f88c141f2732cb4025a58ce3ff309ddf417ac15126de1814c7f6dd3a5302410b739d57eb0e143a731767137a8d622fd6249dc6382ba542b019d9ef47b287c61e60e1029d87ebba7ed6a649264ba0f41f27d1c084f3f0f691aacfc370d5f1fb15f9514d416c5c6eac21fe34b76b74b00e04f13a8a0bbcaa2af0de55fcd46475699c"}}, {0x1b, &(0x7f00000005c0)=@string={0x1b, 0x3, "8a63f27f495b34ac36f45b040757d807ef5f9e2c51f6227abb"}}]}) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x5, 0x100010, r1, 0x8000000) prctl$PR_SET_UNALIGN(0x6, 0x0) r2 = shmget$private(0x0, 0x4000, 0x400, &(0x7f0000ffc000/0x4000)=nil) shmctl$SHM_STAT_ANY(r2, 0xf, &(0x7f00000006c0)=""/116) getpriority(0x2, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, &(0x7f0000000740)={{0x3, 0x3f}, 0x1, 0x9, 0x62, {0x1, 0x4}, 0x8, 0xed1}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000007c0)={'batadv_slave_0\x00'}) getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000800)=""/30, &(0x7f0000000840)=0x1e) io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000880)=[r1, r1, r1, r1, r1, r1, r1], 0x7) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000008c0)=0x1, 0x4) sched_getparam(0x0, &(0x7f0000000900)) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, &(0x7f0000000940)=0x2, 0x4) ioctl$RNDZAPENTCNT(0xffffffffffffffff, 0x5204, &(0x7f0000000980)=0x5) shmctl$IPC_STAT(r2, 0x2, &(0x7f00000009c0)=""/76) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) 13:20:49 executing program 5: syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) r0 = socket(0x1a, 0x6, 0x5) setsockopt$inet6_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000080)={0x7fffffff}, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r1, 0x6, 0x15, &(0x7f00000000c0)=0x9, 0x4) ioctl$RNDADDTOENTCNT(0xffffffffffffffff, 0x40045201, &(0x7f0000000100)=0x4) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x3, &(0x7f0000000140)=0xffffff80, 0x4) r2 = syz_open_dev$vcsa(&(0x7f0000000180), 0x8, 0x101000) ioctl$TUNSETCARRIER(r2, 0x400454e2, &(0x7f00000001c0)=0x1) r3 = openat$random(0xffffffffffffff9c, &(0x7f0000000200), 0x404400, 0x0) ioctl$RNDCLEARPOOL(r3, 0x5206, &(0x7f0000000240)=0x4) ioctl$RNDCLEARPOOL(r2, 0x5206, &(0x7f0000000280)=0x4) openat$rfkill(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000340), r0) sendmsg$BATADV_CMD_TP_METER_CANCEL(r2, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x24, r4, 0x300, 0x70bd29, 0x25dfdbff, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x40000) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x50, 0x0, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x100}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x6}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x24}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x20}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8000}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000010}, 0x10) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r2, 0xc058534b, &(0x7f0000000580)={0x7fff, 0x4, 0x50cc, 0x6, 0x6, 0x4}) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000600), &(0x7f0000000640)=0x14) ioctl$sock_SIOCADDRT(r2, 0x890b, &(0x7f00000006c0)={0x0, @sco, @l2tp={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x41}, 0x3}, @generic={0x1a, "5a29704e0cb85f6d8a9786327bac"}, 0x0, 0x0, 0x0, 0x0, 0x40, &(0x7f0000000680)='erspan0\x00', 0x7, 0x101, 0x800}) accept4$packet(0xffffffffffffffff, &(0x7f0000000780)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000007c0)=0x14, 0x80000) 13:20:49 executing program 6: ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000000)={{0xae, 0x9}, 'port1\x00', 0x5, 0x12220, 0xe062, 0x99, 0x0, 0x4, 0x8001}) r0 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x2, 0x40000) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r0, 0xc0a85322, &(0x7f0000000100)) r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000001c0), 0x40101, 0x0) ioctl$TUNSETCARRIER(r1, 0x400454e2, &(0x7f0000000200)=0x1) syz_usb_ep_write$ath9k_ep2(0xffffffffffffffff, 0x83, 0xe0, &(0x7f0000000240)=@generic={0x6, 0x0, 0xd8, "810d395b", "58c2a201168bc7c0be5803c5670cfc0633acb7e22770930d5e12c48703eace254896a7dfc150518165b8215255362bfb72f66dbd9660f896378d6c82a0b60523eb3d3881b6a121c9a8718fc649137eb6b6fe85d248f4feb3608b5365dface7d5a316cfbccfe147c5eec8deda15c51cc85ca5061d2a9b2950b108b0fe7909e2094d5e8ea8c27b7433fa2ea11ac01fb32713c653532ba70e15a6b3feca3762e3807267e060db9cff129bf405b8a8cc1fe5ff3ac7f430875987e1d48c4124e5f4b34b3c73905a3accae2674246f7c5093b477349083190abfc6"}) r2 = openat$cgroup_procs(r0, &(0x7f0000000340)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r2, &(0x7f0000000380), 0x12) ioctl$TUNSETPERSIST(r2, 0x400454cb, 0x1) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f00000003c0)={0x0, 0x2, r2, 0x6, 0x80000}) ioctl$TUNSETNOCSUM(r0, 0x400454c8, 0x1) r3 = io_uring_setup(0x37eb, &(0x7f0000000400)={0x0, 0x1c1e, 0x1, 0x1, 0xee, 0x0, r0}) io_uring_register$IORING_UNREGISTER_FILES(r3, 0x3, 0x0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xb, 0x100010, r0, 0x8000000) r4 = syz_genetlink_get_family_id$batadv(&(0x7f00000004c0), r0) sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x58, r4, 0x8, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x4027d861}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @random="f55128f3651e"}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x1ff}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xfc}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x8b}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}]}, 0x58}, 0x1, 0x0, 0x0, 0x40000}, 0x40) r5 = openat$cgroup_procs(r0, &(0x7f0000000600)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r5, &(0x7f0000000640), 0x12) syz_usb_ep_write$ath9k_ep2(0xffffffffffffffff, 0x83, 0x12, &(0x7f0000000680)=@conn_svc_rsp={0x0, 0x0, 0xa, "522bde99", {0x3, 0x101, 0x0, 0x20, 0x3ff, 0xf4}}) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000700)=0xffffffffffffffff, 0x12) 13:20:49 executing program 7: prctl$PR_SET_FPEMU(0xa, 0x1) rt_sigreturn() r0 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000000)='tasks\x00', 0x2, 0x0) rt_sigreturn() r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x24b408a}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x4011) ioctl$TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000140)=0x1) rt_sigreturn() fstat(r0, &(0x7f0000000180)) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000240), r1) sendmsg$NBD_CMD_RECONFIGURE(r1, &(0x7f0000000300)={&(0x7f0000000200), 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x20, r2, 0x10, 0x70bd25, 0x25dfdbfd, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x3}]}, 0x20}, 0x1, 0x0, 0x0, 0x8800}, 0x1) sendmsg$NBD_CMD_RECONFIGURE(r1, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x24, 0x0, 0x20, 0x70bd28, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x24}, 0x1, 0x0, 0x0, 0x24000c05}, 0x8084) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000440), 0x109000) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r3, 0xc08c5336, &(0x7f0000000480)={0x8, 0xc7, 0x0, 'queue0\x00', 0x7fffffff}) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000540)={{{@in=@local, @in=@dev}}, {{@in=@remote}, 0x0, @in=@broadcast}}, &(0x7f0000000640)=0xe8) prctl$PR_GET_TID_ADDRESS(0x28, &(0x7f0000000680)) rt_sigreturn() ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(0xffffffffffffffff, 0x408c5333, &(0x7f00000006c0)={0x4, 0x5, 0x1, 'queue0\x00', 0x5}) prctl$PR_GET_IO_FLUSHER(0x3a) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r3, 0xc02c5341, &(0x7f0000000780)) [ 112.747132] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 112.750819] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 112.755109] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 112.764428] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 112.767330] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 112.770786] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 112.775125] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 112.784547] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 112.791049] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 112.793732] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 112.823372] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 112.834874] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 112.844194] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 112.848025] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 112.850322] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 112.854298] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 112.860369] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 112.864701] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 112.870005] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 112.910965] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 112.919230] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 112.929011] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 112.950013] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 112.976958] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 112.983184] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 112.989923] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 112.999360] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 113.005224] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 113.008621] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 113.021025] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 113.027903] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 113.035569] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 113.042648] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 113.045062] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 113.051067] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 113.051865] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 113.055968] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 113.074394] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 113.077331] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 113.096978] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 114.880295] Bluetooth: hci1: command tx timeout [ 114.943754] Bluetooth: hci2: command tx timeout [ 114.944002] Bluetooth: hci0: command tx timeout [ 115.008490] Bluetooth: hci3: command tx timeout [ 115.135562] Bluetooth: hci5: command tx timeout [ 115.135777] Bluetooth: hci6: command tx timeout [ 115.136350] Bluetooth: hci4: command tx timeout [ 115.199614] Bluetooth: hci7: command tx timeout [ 116.927949] Bluetooth: hci1: command tx timeout [ 116.991581] Bluetooth: hci2: command tx timeout [ 116.992046] Bluetooth: hci0: command tx timeout [ 117.055708] Bluetooth: hci3: command tx timeout [ 117.183718] Bluetooth: hci6: command tx timeout [ 117.184230] Bluetooth: hci5: command tx timeout [ 117.184799] Bluetooth: hci4: command tx timeout [ 117.247909] Bluetooth: hci7: command tx timeout [ 118.975631] Bluetooth: hci1: command tx timeout [ 119.040897] Bluetooth: hci2: command tx timeout [ 119.041495] Bluetooth: hci0: command tx timeout [ 119.128510] Bluetooth: hci3: command tx timeout [ 119.231575] Bluetooth: hci6: command tx timeout [ 119.233810] Bluetooth: hci4: command tx timeout [ 119.235794] Bluetooth: hci5: command tx timeout [ 119.304341] Bluetooth: hci7: command tx timeout [ 121.024376] Bluetooth: hci1: command tx timeout [ 121.087522] Bluetooth: hci0: command tx timeout [ 121.087557] Bluetooth: hci2: command tx timeout [ 121.152549] Bluetooth: hci3: command tx timeout [ 121.280860] Bluetooth: hci5: command tx timeout [ 121.281025] Bluetooth: hci6: command tx timeout [ 121.281531] Bluetooth: hci4: command tx timeout [ 121.343839] Bluetooth: hci7: command tx timeout [ 172.649395] syz-executor.4 (283) used greatest stack depth: 23800 bytes left [ 174.989578] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 174.995287] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 174.998317] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 175.007006] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 175.013165] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 175.131608] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 175.135590] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 175.137766] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 175.147905] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 175.150941] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 175.155008] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 175.157745] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 175.162589] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 175.178965] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 175.199646] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 175.207715] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 175.216144] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 175.234151] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 175.264849] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 175.280000] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 175.303766] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 175.307180] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 175.309748] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 175.314927] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 175.322566] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 175.349497] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 175.359100] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 175.380358] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 175.383611] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 175.388078] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 175.394009] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 175.402844] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 175.413956] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 175.419326] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 175.424720] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 175.426890] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 175.442745] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 175.446209] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 175.471352] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 175.481474] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 177.087581] Bluetooth: hci0: command tx timeout [ 177.215633] Bluetooth: hci1: command tx timeout [ 177.279756] Bluetooth: hci2: command tx timeout [ 177.343528] Bluetooth: hci3: command tx timeout [ 177.407525] Bluetooth: hci4: command tx timeout [ 177.535520] Bluetooth: hci6: command tx timeout [ 177.536543] Bluetooth: hci5: command tx timeout [ 177.599543] Bluetooth: hci7: command tx timeout [ 179.135875] Bluetooth: hci0: command tx timeout [ 179.263836] Bluetooth: hci1: command tx timeout [ 179.329472] Bluetooth: hci2: command tx timeout [ 179.392521] Bluetooth: hci3: command tx timeout [ 179.456755] Bluetooth: hci4: command tx timeout [ 179.586605] Bluetooth: hci5: command tx timeout [ 179.586640] Bluetooth: hci6: command tx timeout [ 179.647795] Bluetooth: hci7: command tx timeout [ 181.184633] Bluetooth: hci0: command tx timeout [ 181.311694] Bluetooth: hci1: command tx timeout [ 181.376785] Bluetooth: hci2: command tx timeout [ 181.443491] Bluetooth: hci3: command tx timeout [ 181.503522] Bluetooth: hci4: command tx timeout [ 181.631720] Bluetooth: hci6: command tx timeout [ 181.632554] Bluetooth: hci5: command tx timeout [ 181.695580] Bluetooth: hci7: command tx timeout [ 183.231761] Bluetooth: hci0: command tx timeout [ 183.360221] Bluetooth: hci1: command tx timeout [ 183.423503] Bluetooth: hci2: command tx timeout [ 183.487677] Bluetooth: hci3: command tx timeout [ 183.551744] Bluetooth: hci4: command tx timeout [ 183.679935] Bluetooth: hci5: command tx timeout [ 183.679984] Bluetooth: hci6: command tx timeout [ 183.743510] Bluetooth: hci7: command tx timeout [ 237.200636] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 237.203826] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 237.206257] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 237.211900] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 237.215920] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 237.260378] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 237.264984] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 237.268465] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 237.275788] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 237.286631] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 237.389891] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 237.398687] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 237.406883] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 237.416842] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 237.422143] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 237.452990] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 237.460252] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 237.464080] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 237.468262] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 237.482374] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 237.484870] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 237.488520] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 237.522199] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 237.547398] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 237.550239] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 237.554732] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 237.565912] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 237.574747] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 237.577338] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 237.578781] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 237.585846] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 237.589276] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 237.591248] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 237.593860] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 237.600178] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 237.608288] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 237.640390] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 237.650567] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 237.668093] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 237.707927] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 239.295563] Bluetooth: hci0: command tx timeout [ 239.359919] Bluetooth: hci1: command tx timeout [ 239.487617] Bluetooth: hci2: command tx timeout [ 239.551585] Bluetooth: hci3: command tx timeout [ 239.679949] Bluetooth: hci4: command tx timeout [ 239.743575] Bluetooth: hci5: command tx timeout [ 239.807615] Bluetooth: hci6: command tx timeout [ 239.808849] Bluetooth: hci7: command tx timeout [ 241.344003] Bluetooth: hci0: command tx timeout [ 241.407580] Bluetooth: hci1: command tx timeout [ 241.535899] Bluetooth: hci2: command tx timeout [ 241.599613] Bluetooth: hci3: command tx timeout [ 241.729329] Bluetooth: hci4: command tx timeout [ 241.791644] Bluetooth: hci5: command tx timeout [ 241.856103] Bluetooth: hci6: command tx timeout [ 241.857405] Bluetooth: hci7: command tx timeout [ 243.393249] Bluetooth: hci0: command tx timeout [ 243.455723] Bluetooth: hci1: command tx timeout [ 243.583506] Bluetooth: hci2: command tx timeout [ 243.649672] Bluetooth: hci3: command tx timeout [ 243.775515] Bluetooth: hci4: command tx timeout [ 243.839487] Bluetooth: hci5: command tx timeout [ 243.903711] Bluetooth: hci7: command tx timeout [ 243.904166] Bluetooth: hci6: command tx timeout [ 245.440530] Bluetooth: hci0: command tx timeout [ 245.503532] Bluetooth: hci1: command tx timeout [ 245.631488] Bluetooth: hci2: command tx timeout [ 245.696622] Bluetooth: hci3: command tx timeout [ 245.823915] Bluetooth: hci4: command tx timeout [ 245.887657] Bluetooth: hci5: command tx timeout [ 245.952871] Bluetooth: hci6: command tx timeout [ 245.953311] Bluetooth: hci7: command tx timeout [ 299.606974] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 299.610811] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 299.616558] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 299.632322] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 299.651234] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 299.862826] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 299.869392] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 299.873079] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 299.892073] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 299.900340] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 299.940550] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 299.957587] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 299.968225] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 299.986639] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 299.995020] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 300.002135] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 300.015080] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 300.020871] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 300.041811] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 300.065087] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 300.090597] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 300.104857] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 300.108784] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 300.129892] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 300.136950] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 300.227735] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 300.231081] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 300.233656] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 300.238908] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 300.242982] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 300.261948] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 300.271196] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 300.274316] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 300.282822] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 300.287768] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 300.542310] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 300.547051] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 300.549405] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 300.631966] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 300.641404] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 301.696394] Bluetooth: hci0: command tx timeout [ 301.952835] Bluetooth: hci1: command tx timeout [ 302.143793] Bluetooth: hci2: command tx timeout [ 302.144730] Bluetooth: hci3: command tx timeout [ 302.271554] Bluetooth: hci5: command tx timeout [ 302.335744] Bluetooth: hci4: command tx timeout [ 302.975554] Bluetooth: hci6: command tx timeout [ 303.551536] Bluetooth: hci7: command tx timeout [ 303.743725] Bluetooth: hci0: command tx timeout [ 303.999900] Bluetooth: hci1: command tx timeout [ 304.191571] Bluetooth: hci2: command tx timeout [ 304.192667] Bluetooth: hci3: command tx timeout [ 304.320739] Bluetooth: hci5: command tx timeout [ 304.383527] Bluetooth: hci4: command tx timeout [ 305.023513] Bluetooth: hci6: command tx timeout [ 305.600503] Bluetooth: hci7: command tx timeout [ 305.791553] Bluetooth: hci0: command tx timeout [ 306.048035] Bluetooth: hci1: command tx timeout [ 306.239613] Bluetooth: hci3: command tx timeout [ 306.239645] Bluetooth: hci2: command tx timeout [ 306.367529] Bluetooth: hci5: command tx timeout [ 306.431607] Bluetooth: hci4: command tx timeout [ 307.072371] Bluetooth: hci6: command tx timeout [ 307.647630] Bluetooth: hci7: command tx timeout [ 307.839545] Bluetooth: hci0: command tx timeout [ 308.096190] Bluetooth: hci1: command tx timeout [ 308.287592] Bluetooth: hci2: command tx timeout [ 308.287617] Bluetooth: hci3: command tx timeout [ 308.417021] Bluetooth: hci5: command tx timeout [ 308.479550] Bluetooth: hci4: command tx timeout [ 309.122531] Bluetooth: hci6: command tx timeout [ 309.695520] Bluetooth: hci7: command tx timeout [ 362.322921] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 362.330070] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 362.334708] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 362.345299] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 362.349889] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 362.458897] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 362.473889] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 362.475167] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 362.478021] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 362.479931] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 362.481606] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 362.499612] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 362.503480] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 362.528809] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 362.530158] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 362.537866] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 362.541135] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 362.543068] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 362.561132] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 362.563277] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 362.630788] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 362.649127] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 362.660617] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 362.665934] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 362.672608] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 362.692891] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 362.695191] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 362.698842] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 362.714717] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 362.743337] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 362.744779] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 362.796163] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 362.798336] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 362.814283] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 362.825568] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 362.828838] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 362.832636] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 362.842108] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 362.843958] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 362.863343] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 364.415535] Bluetooth: hci0: command tx timeout [ 364.607873] Bluetooth: hci2: command tx timeout [ 364.609061] Bluetooth: hci1: command tx timeout [ 364.609966] Bluetooth: hci3: command tx timeout [ 364.799626] Bluetooth: hci4: command tx timeout [ 364.802053] Bluetooth: hci5: command tx timeout [ 364.927875] Bluetooth: hci6: command tx timeout [ 364.993811] Bluetooth: hci7: command tx timeout [ 366.464829] Bluetooth: hci0: command tx timeout [ 366.656542] Bluetooth: hci2: command tx timeout [ 366.657081] Bluetooth: hci1: command tx timeout [ 366.657787] Bluetooth: hci3: command tx timeout [ 366.847886] Bluetooth: hci4: command tx timeout [ 366.848416] Bluetooth: hci5: command tx timeout [ 366.977677] Bluetooth: hci6: command tx timeout [ 367.039562] Bluetooth: hci7: command tx timeout [ 368.511939] Bluetooth: hci0: command tx timeout [ 368.705020] Bluetooth: hci2: command tx timeout [ 368.705130] Bluetooth: hci3: command tx timeout [ 368.706645] Bluetooth: hci1: command tx timeout [ 368.895786] Bluetooth: hci5: command tx timeout [ 368.897401] Bluetooth: hci4: command tx timeout [ 369.024101] Bluetooth: hci6: command tx timeout [ 369.088619] Bluetooth: hci7: command tx timeout [ 370.560675] Bluetooth: hci0: command tx timeout [ 370.751608] Bluetooth: hci3: command tx timeout [ 370.753015] Bluetooth: hci1: command tx timeout [ 370.753528] Bluetooth: hci2: command tx timeout [ 370.943684] Bluetooth: hci4: command tx timeout [ 370.945192] Bluetooth: hci5: command tx timeout [ 371.071554] Bluetooth: hci6: command tx timeout [ 371.135877] Bluetooth: hci7: command tx timeout VM DIAGNOSIS: 13:25:59 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=ffff888030bbfe08 RCX=ffffffff84a608c0 RDX=ffff8880156dd340 RSI=ffffffff84a608cf RDI=ffff888030bbfe08 RBP=dffffc0000000000 RSP=ffff888030bbfd08 R8 =0000000000000001 R9 =0000000000000001 R10=00000000fffffffe R11=0000000000000000 R12=00000000fffffffe R13=0000000000000000 R14=ffff888030bbfe45 R15=0000000000000002 RIP=ffffffff84a5f886 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e564b000 00000000 00000000 LDT=0000 fffffe4300000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fbbbb356b70 CR3=00000000155aa000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=2e6f747079726362696c2f756e672d78 XMM02=00312e312e6f732e6f74707972636269 XMM03=6c2f756e672d78756e696c2d34365f36 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=ffffffff87a2ec90 RBX=ffff888015703780 RCX=0000000000000200 RDX=08e8ec013c717217 RSI=ffff8880157042c8 RDI=ffff8880157042c8 RBP=0000000000000000 RSP=ffff88806cf088f0 R8 =0000000000000006 R9 =0000000000000000 R10=0000000000000000 R11=000000000001d902 R12=ffff8880157042c8 R13=0000000000000000 R14=0000000000000006 R15=ffff8880157041d8 RIP=ffffffff81511bc0 RFL=00000082 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f5d47f1a540 00000000 00000000 GS =0000 ffff8880e574b000 00000000 00000000 LDT=0000 fffffe5300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f5d48345ec3 CR3=000000002cc84000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=2d0065626f7270646f6d2f6e6962732f XMM02=00ff0000000000000000000000000000 XMM03=00000000000000000000ff00000000ff XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000