Warning: Permanently added '[localhost]:34900' (ECDSA) to the list of known hosts. 2025/06/04 18:34:55 fuzzer started 2025/06/04 18:34:55 dialing manager at localhost:42669 syzkaller login: [ 102.337819] cgroup: Unknown subsys name 'net' [ 102.475654] cgroup: Unknown subsys name 'cpuset' [ 102.518087] cgroup: Unknown subsys name 'rlimit' 2025/06/04 18:35:19 syscalls: 2214 2025/06/04 18:35:19 code coverage: enabled 2025/06/04 18:35:19 comparison tracing: enabled 2025/06/04 18:35:19 extra coverage: enabled 2025/06/04 18:35:19 setuid sandbox: enabled 2025/06/04 18:35:19 namespace sandbox: enabled 2025/06/04 18:35:19 Android sandbox: enabled 2025/06/04 18:35:19 fault injection: enabled 2025/06/04 18:35:19 leak checking: enabled 2025/06/04 18:35:19 net packet injection: enabled 2025/06/04 18:35:19 net device setup: enabled 2025/06/04 18:35:19 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/06/04 18:35:19 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/06/04 18:35:19 USB emulation: enabled 2025/06/04 18:35:19 hci packet injection: enabled 2025/06/04 18:35:19 wifi device emulation: enabled 2025/06/04 18:35:19 802.15.4 emulation: enabled 2025/06/04 18:35:19 fetching corpus: 0, signal 0/0 (executing program) 2025/06/04 18:35:19 fetching corpus: 0, signal 0/0 (executing program) 2025/06/04 18:35:22 starting 8 fuzzer processes 18:35:22 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={@wo_ht={{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={@wo_ht={{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 18:35:22 executing program 1: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) mmap$binder(&(0x7f00000c0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0xa}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, &(0x7f00000002c0)}) 18:35:22 executing program 2: execveat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', &(0x7f0000000080)=[0x0], &(0x7f00000000c0)=[0x0], 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) close(r0) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', &(0x7f0000000180)=[0x0], &(0x7f00000001c0)=[0x0], 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) write(r1, &(0x7f0000000240)="01010101", 0x4) close(r1) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)=[0x0], &(0x7f0000000300)=[0x0], 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x42, 0x0) close(r2) execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', &(0x7f00000003c0)=[0x0], &(0x7f0000000400)=[0x0], 0x0) fchmodat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x1ff) execveat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', &(0x7f00000004c0)=[0x0], &(0x7f0000000500)=[0x0], 0x0) [ 128.483297] audit: type=1400 audit(1749062122.237:7): avc: denied { execmem } for pid=272 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 18:35:22 executing program 3: ptrace(0x10, 0x1) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x6, 0x0, 0x0, 0x0, 0x8000000009917, 0x400000000000fffd}, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x0, 0xffffffffffffffff}, 0x0) sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x0, 0x0, 0x1}, 0x0) 18:35:22 executing program 4: r0 = getpid() r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0) read(r1, &(0x7f0000000080)=""/1, 0x1) write$cgroup_pid(r1, &(0x7f00000000c0)=r0, 0x12) close(r1) openat(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/pids.max\x00', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.cpu/cpuset.cpus\x00', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.net/cgroup.procs\x00', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.net/devices.allow\x00', 0x1, 0x0) 18:35:22 executing program 5: getpid() exit_group(0x0) getpid() 18:35:22 executing program 6: getpid() exit_group(0x1) getpid() 18:35:22 executing program 7: close(0x3) close(0x4) close(0x5) pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) close(0x3) close(0x4) close(0x5) [ 129.863170] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 129.866763] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 129.873083] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 129.875949] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 129.880900] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 129.882882] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 129.887018] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 129.887956] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 129.896181] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 129.907982] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 129.967627] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 129.976490] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 129.985567] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 129.999725] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 130.015009] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 130.017350] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 130.022800] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 130.028148] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 130.039616] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 130.048122] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 130.076662] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 130.082159] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 130.086761] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 130.099245] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 130.152328] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 130.156347] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 130.172976] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 130.189080] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 130.191579] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 130.199754] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 130.205368] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 130.221493] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 130.270909] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 130.292886] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 130.296389] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 130.296463] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 130.306250] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 130.313875] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 130.362077] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 130.378126] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 131.937471] Bluetooth: hci0: command tx timeout [ 132.000975] Bluetooth: hci1: command tx timeout [ 132.129697] Bluetooth: hci2: command tx timeout [ 132.193153] Bluetooth: hci3: command tx timeout [ 132.256638] Bluetooth: hci4: command tx timeout [ 132.321640] Bluetooth: hci6: command tx timeout [ 132.386137] Bluetooth: hci5: command tx timeout [ 132.512953] Bluetooth: hci7: command tx timeout [ 133.984963] Bluetooth: hci0: command tx timeout [ 134.049701] Bluetooth: hci1: command tx timeout [ 134.176788] Bluetooth: hci2: command tx timeout [ 134.240698] Bluetooth: hci3: command tx timeout [ 134.305640] Bluetooth: hci4: command tx timeout [ 134.370145] Bluetooth: hci6: command tx timeout [ 134.432590] Bluetooth: hci5: command tx timeout [ 134.560507] Bluetooth: hci7: command tx timeout [ 136.033305] Bluetooth: hci0: command tx timeout [ 136.099450] Bluetooth: hci1: command tx timeout [ 136.224930] Bluetooth: hci2: command tx timeout [ 136.291867] Bluetooth: hci3: command tx timeout [ 136.353489] Bluetooth: hci4: command tx timeout [ 136.417709] Bluetooth: hci6: command tx timeout [ 136.481456] Bluetooth: hci5: command tx timeout [ 136.609720] Bluetooth: hci7: command tx timeout [ 138.081493] Bluetooth: hci0: command tx timeout [ 138.145482] Bluetooth: hci1: command tx timeout [ 138.273515] Bluetooth: hci2: command tx timeout [ 138.337462] Bluetooth: hci3: command tx timeout [ 138.401457] Bluetooth: hci4: command tx timeout [ 138.464472] Bluetooth: hci6: command tx timeout [ 138.528593] Bluetooth: hci5: command tx timeout [ 138.657466] Bluetooth: hci7: command tx timeout [ 190.213813] syz-executor.7 (285) used greatest stack depth: 25008 bytes left [ 192.583050] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 192.587190] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 192.590673] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 192.596743] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 192.601558] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 192.606812] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 192.613272] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 192.621640] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 192.629304] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 192.637935] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 192.666172] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 192.683198] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 192.686575] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 192.702256] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 192.711671] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 192.839575] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 192.844122] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 192.846594] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 192.855451] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 192.862896] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 192.946443] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 192.951330] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 192.956780] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 192.968653] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 192.972228] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 193.272391] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 193.285001] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 193.293943] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 193.333135] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 193.341128] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 193.448198] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 193.452382] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 193.456746] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 193.464209] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 193.468911] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 193.554544] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 193.601765] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 193.672946] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 193.705165] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 193.711831] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 194.720802] Bluetooth: hci0: command tx timeout [ 194.722235] Bluetooth: hci1: command tx timeout [ 194.785641] Bluetooth: hci2: command tx timeout [ 194.976508] Bluetooth: hci3: command tx timeout [ 195.104507] Bluetooth: hci4: command tx timeout [ 195.552856] Bluetooth: hci5: command tx timeout [ 195.744640] Bluetooth: hci6: command tx timeout [ 196.384743] Bluetooth: hci7: command tx timeout [ 196.769548] Bluetooth: hci1: command tx timeout [ 196.770022] Bluetooth: hci0: command tx timeout [ 196.833889] Bluetooth: hci2: command tx timeout [ 197.025756] Bluetooth: hci3: command tx timeout [ 197.153465] Bluetooth: hci4: command tx timeout [ 197.600713] Bluetooth: hci5: command tx timeout [ 197.794570] Bluetooth: hci6: command tx timeout [ 198.433465] Bluetooth: hci7: command tx timeout [ 198.817760] Bluetooth: hci1: command tx timeout [ 198.818231] Bluetooth: hci0: command tx timeout [ 198.880561] Bluetooth: hci2: command tx timeout [ 199.073876] Bluetooth: hci3: command tx timeout [ 199.200471] Bluetooth: hci4: command tx timeout [ 199.649616] Bluetooth: hci5: command tx timeout [ 199.840461] Bluetooth: hci6: command tx timeout [ 200.482587] Bluetooth: hci7: command tx timeout [ 200.864492] Bluetooth: hci1: command tx timeout [ 200.864954] Bluetooth: hci0: command tx timeout [ 200.928481] Bluetooth: hci2: command tx timeout [ 201.121483] Bluetooth: hci3: command tx timeout [ 201.249633] Bluetooth: hci4: command tx timeout [ 201.697593] Bluetooth: hci5: command tx timeout [ 201.888474] Bluetooth: hci6: command tx timeout [ 202.529470] Bluetooth: hci7: command tx timeout [ 254.645258] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 254.648114] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 254.652222] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 254.661155] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 254.666334] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 254.992913] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 254.999901] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 255.002781] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 255.004964] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 255.007991] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 255.014843] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 255.023038] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 255.031706] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 255.037998] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 255.052153] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 255.059736] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 255.106789] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 255.123106] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 255.145724] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 255.182071] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 255.186388] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 255.194019] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 255.196813] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 255.201348] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 255.207688] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 255.207993] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 255.225876] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 255.229727] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 255.238946] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 255.250874] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 255.255383] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 255.257739] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 255.271800] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 255.283101] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 255.285467] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 255.291780] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 255.315681] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 255.321940] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 255.407035] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 255.444166] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 256.737492] Bluetooth: hci0: command tx timeout [ 257.120688] Bluetooth: hci1: command tx timeout [ 257.121662] Bluetooth: hci2: command tx timeout [ 257.248946] Bluetooth: hci4: command tx timeout [ 257.312699] Bluetooth: hci3: command tx timeout [ 257.313706] Bluetooth: hci6: command tx timeout [ 257.441111] Bluetooth: hci5: command tx timeout [ 257.504550] Bluetooth: hci7: command tx timeout [ 258.785470] Bluetooth: hci0: command tx timeout [ 259.169526] Bluetooth: hci1: command tx timeout [ 259.169995] Bluetooth: hci2: command tx timeout [ 259.297608] Bluetooth: hci4: command tx timeout [ 259.362326] Bluetooth: hci3: command tx timeout [ 259.362790] Bluetooth: hci6: command tx timeout [ 259.489598] Bluetooth: hci5: command tx timeout [ 259.552928] Bluetooth: hci7: command tx timeout [ 260.832947] Bluetooth: hci0: command tx timeout [ 261.216500] Bluetooth: hci1: command tx timeout [ 261.216965] Bluetooth: hci2: command tx timeout [ 261.344752] Bluetooth: hci4: command tx timeout [ 261.408513] Bluetooth: hci3: command tx timeout [ 261.409021] Bluetooth: hci6: command tx timeout [ 261.537558] Bluetooth: hci5: command tx timeout [ 261.600680] Bluetooth: hci7: command tx timeout [ 262.883432] Bluetooth: hci0: command tx timeout [ 263.265501] Bluetooth: hci2: command tx timeout [ 263.265992] Bluetooth: hci1: command tx timeout [ 263.393477] Bluetooth: hci4: command tx timeout [ 263.457699] Bluetooth: hci3: command tx timeout [ 263.458145] Bluetooth: hci6: command tx timeout [ 263.584728] Bluetooth: hci5: command tx timeout [ 263.652694] Bluetooth: hci7: command tx timeout [ 317.621158] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 317.625292] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 317.629955] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 317.644264] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 317.648887] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 317.703175] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 317.706306] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 317.708763] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 317.720364] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 317.730253] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 317.754801] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 317.759231] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 317.779988] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 317.787844] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 317.793677] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 317.886228] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 317.905949] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 317.912067] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 317.936237] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 317.954109] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 317.975788] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 317.981185] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 318.003694] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 318.068078] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 318.101911] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 318.163896] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 318.166686] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 318.174524] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 318.187126] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 318.189267] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 318.192000] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 318.203069] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 318.214621] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 318.233474] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 318.240899] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 318.242466] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 318.276970] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 318.277660] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 318.278697] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 318.301833] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 319.712506] Bluetooth: hci0: command tx timeout [ 319.777626] Bluetooth: hci1: command tx timeout [ 319.840497] Bluetooth: hci2: command tx timeout [ 320.032533] Bluetooth: hci3: command tx timeout [ 320.161845] Bluetooth: hci4: command tx timeout [ 320.352696] Bluetooth: hci7: command tx timeout [ 320.417104] Bluetooth: hci6: command tx timeout [ 320.419631] Bluetooth: hci5: command tx timeout [ 321.761630] Bluetooth: hci0: command tx timeout [ 321.824731] Bluetooth: hci1: command tx timeout [ 321.888465] Bluetooth: hci2: command tx timeout [ 322.081502] Bluetooth: hci3: command tx timeout [ 322.209492] Bluetooth: hci4: command tx timeout [ 322.400503] Bluetooth: hci7: command tx timeout [ 322.464504] Bluetooth: hci6: command tx timeout [ 322.464950] Bluetooth: hci5: command tx timeout [ 323.809627] Bluetooth: hci0: command tx timeout [ 323.875023] Bluetooth: hci1: command tx timeout [ 323.937444] Bluetooth: hci2: command tx timeout [ 324.129734] Bluetooth: hci3: command tx timeout [ 324.257481] Bluetooth: hci4: command tx timeout [ 324.449549] Bluetooth: hci7: command tx timeout [ 324.513623] Bluetooth: hci6: command tx timeout [ 324.514070] Bluetooth: hci5: command tx timeout [ 325.857482] Bluetooth: hci0: command tx timeout [ 325.921533] Bluetooth: hci1: command tx timeout [ 325.986437] Bluetooth: hci2: command tx timeout [ 326.177623] Bluetooth: hci3: command tx timeout [ 326.305476] Bluetooth: hci4: command tx timeout [ 326.497545] Bluetooth: hci7: command tx timeout [ 326.560750] Bluetooth: hci5: command tx timeout [ 326.561202] Bluetooth: hci6: command tx timeout [ 377.737684] syz-executor.6 (7962) used greatest stack depth: 24912 bytes left [ 379.709318] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 379.715689] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 379.719533] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 379.734000] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 379.741367] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 379.784808] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 379.790988] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 379.796468] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 379.804986] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 379.812017] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 380.099906] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 380.106880] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 380.110981] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 380.119893] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 380.123133] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 380.140862] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 380.143177] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 380.153356] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 380.154853] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 380.164951] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 380.191233] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 380.196884] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 380.200791] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 380.203949] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 380.212634] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 380.249963] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 380.254294] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 380.255983] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 380.263925] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 380.268148] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 380.287318] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 380.292663] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 380.296250] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 380.302081] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 380.305760] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 380.559785] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 380.576028] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 380.585272] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 380.604672] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 380.614740] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 381.792832] Bluetooth: hci0: command tx timeout [ 381.858284] Bluetooth: hci1: command tx timeout [ 382.176474] Bluetooth: hci3: command tx timeout [ 382.304486] Bluetooth: hci2: command tx timeout [ 382.305852] Bluetooth: hci4: command tx timeout [ 382.625505] Bluetooth: hci5: command tx timeout [ 382.816626] Bluetooth: hci6: command tx timeout [ 383.201677] Bluetooth: hci7: command tx timeout [ 383.841493] Bluetooth: hci0: command tx timeout [ 383.907426] Bluetooth: hci1: command tx timeout [ 384.224486] Bluetooth: hci3: command tx timeout [ 384.354425] Bluetooth: hci4: command tx timeout [ 384.354881] Bluetooth: hci2: command tx timeout [ 384.672504] Bluetooth: hci5: command tx timeout [ 384.865515] Bluetooth: hci6: command tx timeout [ 385.248464] Bluetooth: hci7: command tx timeout [ 385.888468] Bluetooth: hci0: command tx timeout [ 385.953754] Bluetooth: hci1: command tx timeout [ 386.272999] Bluetooth: hci3: command tx timeout [ 386.400495] Bluetooth: hci2: command tx timeout [ 386.400995] Bluetooth: hci4: command tx timeout [ 386.720565] Bluetooth: hci5: command tx timeout [ 386.912507] Bluetooth: hci6: command tx timeout [ 387.296463] Bluetooth: hci7: command tx timeout [ 387.937471] Bluetooth: hci0: command tx timeout [ 388.002536] Bluetooth: hci1: command tx timeout [ 388.320751] Bluetooth: hci3: command tx timeout [ 388.449486] Bluetooth: hci4: command tx timeout [ 388.449928] Bluetooth: hci2: command tx timeout [ 388.770734] Bluetooth: hci5: command tx timeout [ 388.960710] Bluetooth: hci6: command tx timeout [ 389.344468] Bluetooth: hci7: command tx timeout VM DIAGNOSIS: 18:40:24 Registers: info registers vcpu 0 RAX=0000000000000001 RBX=ffff8880e561b000 RCX=ffffffff8680969c RDX=ffff888009618001 RSI=0000000000000000 RDI=ffff888009617888 RBP=ffff888009610000 RSP=ffff8880096177f8 R8 =ffffffff868096a0 R9 =ffff8880096178b8 R10=000000000003b6bd R11=0000000000012b3d R12=ffff888009617801 R13=ffff8880096178c0 R14=ffff8880096179b0 R15=ffff888009617878 RIP=ffffffff815ab8f4 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e561b000 00000000 00000000 LDT=0000 fffffe4500000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fc5ba43e260 CR3=000000000a16a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=2e6f747079726362696c2f756e672d78 XMM02=00312e312e6f732e6f74707972636269 XMM03=6c2f756e672d78756e696c2d34365f36 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000001 RBX=0000000000000000 RCX=0000000000000002 RDX=0000000000000000 RSI=0000000000000000 RDI=ffff88806cf31850 RBP=ffffffff85c1cbc0 RSP=ffff8880378170e0 R8 =0000000000000000 R9 =0000000000000000 R10=000000000003b6bd R11=0000000000024a42 R12=0000000000000002 R13=0000000000000000 R14=0000000000000000 R15=ffff8880378171c8 RIP=ffffffff8151b26e RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e571b000 00000000 00000000 LDT=0000 fffffe5300000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f74f1ad4368 CR3=000000000cccb000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=322e6f732e6c6462696c2f756e672d78 XMM02=00322e6f732e6c6462696c2f756e672d XMM03=78756e696c2d34365f3638782f62696c XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000