Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:34314' (ECDSA) to the list of known hosts. 2025/06/08 21:24:17 fuzzer started 2025/06/08 21:24:17 dialing manager at localhost:40003 syzkaller login: [ 100.342622] cgroup: Unknown subsys name 'net' [ 100.416311] cgroup: Unknown subsys name 'cpuset' [ 100.440611] cgroup: Unknown subsys name 'rlimit' 2025/06/08 21:24:40 syscalls: 211 2025/06/08 21:24:40 code coverage: enabled 2025/06/08 21:24:40 comparison tracing: enabled 2025/06/08 21:24:40 extra coverage: enabled 2025/06/08 21:24:40 setuid sandbox: enabled 2025/06/08 21:24:40 namespace sandbox: enabled 2025/06/08 21:24:40 Android sandbox: enabled 2025/06/08 21:24:40 fault injection: enabled 2025/06/08 21:24:40 leak checking: enabled 2025/06/08 21:24:40 net packet injection: enabled 2025/06/08 21:24:40 net device setup: enabled 2025/06/08 21:24:40 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2025/06/08 21:24:40 devlink PCI setup: PCI device 0000:00:10.0 is not available 2025/06/08 21:24:40 USB emulation: enabled 2025/06/08 21:24:40 hci packet injection: enabled 2025/06/08 21:24:40 wifi device emulation: enabled 2025/06/08 21:24:40 802.15.4 emulation: enabled 2025/06/08 21:24:40 fetching corpus: 0, signal 0/0 (executing program) 2025/06/08 21:24:41 starting 8 fuzzer processes 21:24:41 executing program 0: sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0x20, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x4) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100), 0x2000, 0x0) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x4c, 0x0, 0x2, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x2}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}]}, 0x4c}}, 0x4000855) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000300)={'syztnl0\x00', &(0x7f0000000280)={'syztnl2\x00', 0x0, 0x29, 0x9, 0x8, 0x0, 0x18, @private0={0xfc, 0x0, '\x00', 0x1}, @empty, 0x20, 0x40, 0x6, 0x1ff}}) prctl$PR_GET_FP_MODE(0x2e) socketpair(0x1e, 0x4, 0x4d4, &(0x7f0000000340)={0xffffffffffffffff}) sendmsg$GTP_CMD_GETPDP(r1, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x40, 0x0, 0x400, 0x70bd28, 0x25dfdbfb, {}, [@GTPA_TID={0xc, 0x3, 0x4}, @GTPA_I_TEI={0x8, 0x8, 0x3}, @GTPA_O_TEI={0x8, 0x9, 0x1}, @GTPA_O_TEI={0x8, 0x9, 0x1}, @GTPA_NET_NS_FD={0x8, 0x7, r0}]}, 0x40}, 0x1, 0x0, 0x0, 0x48804}, 0x8050) sendmsg$BATADV_CMD_GET_ORIGINATORS(r0, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x34, 0x0, 0x200, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x1}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x4}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x8}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x4040040}, 0x4) socket$nl_generic(0x10, 0x3, 0x10) socketpair(0x1, 0x2, 0x5, &(0x7f0000000580)={0xffffffffffffffff}) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_HARDIF(r2, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x34, r3, 0x8, 0x70bd2d, 0x25dfdbfc, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x8}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x5}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x80) prctl$PR_GET_FP_MODE(0x2e) r4 = epoll_create(0x8) r5 = syz_open_procfs$namespace(0x0, &(0x7f0000000700)='ns/time_for_children\x00') epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r5, &(0x7f0000000740)={0x2}) sendmsg$BATADV_CMD_SET_VLAN(r2, &(0x7f0000000880)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000840)={&(0x7f00000007c0)={0x5c, r3, 0x400, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x81}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x5}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8000840}, 0x4) r6 = syz_io_uring_complete(0x0) epoll_ctl$EPOLL_CTL_MOD(r6, 0x3, 0xffffffffffffffff, &(0x7f00000008c0)={0x40000000}) 21:24:41 executing program 1: msgctl$IPC_STAT(0x0, 0x2, &(0x7f0000000000)=""/207) msgrcv(0xffffffffffffffff, &(0x7f0000000100)={0x0, ""/94}, 0x66, 0x1, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000340)={{{@in, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in=@dev}}, &(0x7f0000000440)=0xe8) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000480)={0x0, 0x0}) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000500)={{0x1, 0xee01, 0x0, r0, 0x0, 0x1, 0x40}, 0x0, 0x0, 0x1ff, 0x7fff, 0x0, 0x532, 0x10001, 0x9, 0x9, 0x6, r1, 0xffffffffffffffff}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000580)={0x0, 0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(0xffffffffffffffff, 0xc0182101, &(0x7f0000000600)={r2, 0x3, 0x200}) msgrcv(0xffffffffffffffff, &(0x7f0000000640)={0x0, ""/7}, 0xf, 0x3, 0x2000) r4 = msgget(0x2, 0x445) msgctl$IPC_STAT(r4, 0x2, &(0x7f0000000680)=""/96) ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, &(0x7f0000000700)=""/98) sched_yield() ioctl$EVIOCSREP(0xffffffffffffffff, 0x40084503, &(0x7f0000000780)=[0x0, 0x8]) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000880)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)={0x2c, 0x0, 0x200, 0x70bd2c, 0x25dfdbfc, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x5}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xf8}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x810}, 0x0) syz_genetlink_get_family_id$smc(&(0x7f00000008c0), 0xffffffffffffffff) getresuid(&(0x7f0000000940), &(0x7f0000000980)=0x0, &(0x7f00000009c0)) r6 = gettid() msgctl$IPC_SET(r4, 0x1, &(0x7f0000000a00)={{0x0, r5, 0xffffffffffffffff, r0, 0xee00, 0x9, 0x3ff}, 0x0, 0x0, 0x1, 0x2000000, 0x400, 0x0, 0x2, 0x0, 0x200, 0x3, r1, r6}) syz_open_procfs$namespace(r3, &(0x7f0000000a80)='ns/uts\x00') msgrcv(0x0, &(0x7f0000000ac0)={0x0, ""/227}, 0xeb, 0x2, 0x0) 21:24:41 executing program 2: r0 = accept$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000080)={0x9}) socketpair(0xb, 0x1, 0x6f, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$BTRFS_IOC_START_SYNC(r1, 0x80089418, &(0x7f0000000100)) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000140)={0x0, 0x0}) sched_rr_get_interval(r3, &(0x7f00000001c0)) r4 = syz_open_dev$sg(&(0x7f0000000200), 0x4ea2, 0x155040) write$P9_RWSTAT(0xffffffffffffffff, &(0x7f0000000240)={0x7, 0x7f, 0x2}, 0x7) socketpair(0x3, 0x5, 0x3, &(0x7f0000000280)={0xffffffffffffffff}) ioctl$SG_EMULATED_HOST(r4, 0x2203, &(0x7f00000002c0)) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000300)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10) sendmsg$BATADV_CMD_TP_METER(r5, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x20c0050}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x20, 0x70bd25, 0x25dfdbff, {}, [@BATADV_ATTR_VLANID={0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4c841}, 0x40000) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r2, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x10000800}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x24, 0x0, 0x0, 0x70bd2b, 0x25dfdbff, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x101}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x400c000}, 0x800) pipe2$9p(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) write$P9_RMKDIR(r7, &(0x7f0000000580)={0x14, 0x49, 0x2, {0x2, 0x0, 0x1}}, 0x14) write$P9_RSTATFS(r7, &(0x7f00000005c0)={0x43, 0x9, 0x1, {0x3, 0x81, 0x6, 0x8e, 0x100000000, 0x0, 0x9, 0x0, 0x6}}, 0x43) r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000640), r1) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r0, &(0x7f0000000680)={0xd0000004}) sendmsg$BATADV_CMD_SET_VLAN(r2, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x2c, r8, 0x400, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x3}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000810}, 0x20008000) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000800)=""/212) 21:24:41 executing program 3: r0 = io_uring_setup(0x62d5, &(0x7f0000000000)={0x0, 0x9b0d, 0x10, 0x3, 0x9}) r1 = io_uring_setup(0x13df, &(0x7f0000000080)={0x0, 0x7f18, 0x4, 0x1, 0x10b, 0x0, r0}) ioctl$EVIOCGPROP(0xffffffffffffffff, 0x80404509, &(0x7f0000000100)=""/4096) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000001100), 0x220000, 0x0) ioctl$SG_GET_COMMAND_Q(r2, 0x2270, &(0x7f0000001140)) r3 = gettid() ioprio_get$pid(0x1, r3) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000000, 0x10010, r1, 0x8000000) r4 = syz_open_dev$evdev(&(0x7f0000001180), 0x80000001, 0x20000) ioctl$EVIOCGABS0(r4, 0x80184540, &(0x7f00000011c0)=""/210) ioctl$SG_GET_RESERVED_SIZE(r2, 0x2272, &(0x7f00000012c0)) syz_open_procfs$namespace(r3, &(0x7f0000001300)='ns/pid_for_children\x00') ioctl$SG_GET_RESERVED_SIZE(0xffffffffffffffff, 0x2272, &(0x7f0000001340)) ioctl$EVIOCRMFF(r2, 0x40044581, &(0x7f0000001380)=0x1f) ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) r5 = syz_genetlink_get_family_id$gtp(&(0x7f00000013c0), r2) getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000001440)={{{@in6=@private0, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@initdev}}, &(0x7f0000001540)=0xe8) sendmsg$GTP_CMD_GETPDP(0xffffffffffffffff, &(0x7f0000001640)={&(0x7f0000001400)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000001600)={&(0x7f0000001580)={0x50, r5, 0x828, 0x70bd2d, 0x25dfdbfc, {}, [@GTPA_MS_ADDRESS={0x8, 0x5, @empty}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_O_TEI={0x8, 0x9, 0x4}, @GTPA_MS_ADDRESS={0x8, 0x5, @multicast2}, @GTPA_LINK={0x8, 0x1, r6}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_TID={0xc, 0x3, 0x2}]}, 0x50}, 0x1, 0x0, 0x0, 0x8800}, 0x408b4) r7 = getpgid(r3) tkill(r7, 0xe) [ 123.819001] audit: type=1400 audit(1749417881.642:7): avc: denied { execmem } for pid=284 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 21:24:41 executing program 4: sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0x400, 0x70bd29, 0x3, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004000}, 0x4000080) r0 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100), 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x6c, r0, 0x4, 0x70bd2b, 0x25dfdbfe, {}, [@SEG6_ATTR_DST={0x14, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x7}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x1f}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x8}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x214}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x3}, @SEG6_ATTR_DST={0x14, 0x1, @dev={0xfe, 0x80, '\x00', 0x15}}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x7fffffff}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4040044}, 0x10) syz_genetlink_get_family_id$smc(&(0x7f0000000280), 0xffffffffffffffff) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_VLAN(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x24, r1, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_HARD_IFINDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40849}, 0x240400c0) sendmsg$SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x2c, 0x0, 0x300, 0x70bd2d, 0x25dfdbfe, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24004800}, 0x10) inotify_init1(0x80000) r2 = syz_io_uring_complete(0x0) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000540), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_HARDIF(r2, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x14, r3, 0x20, 0x70bd2d, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x48000}, 0x8000) syz_genetlink_get_family_id$batadv(&(0x7f0000000640), r2) r4 = syz_genetlink_get_family_id$batadv(&(0x7f00000006c0), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_VLAN(r2, &(0x7f00000007c0)={&(0x7f0000000680), 0xc, &(0x7f0000000780)={&(0x7f0000000700)={0x44, r4, 0x400, 0x70bd2b, 0x25dfdbfe, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x9a}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x525}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000010}, 0x0) ioctl$EVIOCGPROP(r2, 0x80404509, &(0x7f0000000800)=""/205) syz_genetlink_get_family_id$batadv(&(0x7f0000000900), r2) ioctl$BTRFS_IOC_START_SYNC(r2, 0x80089418, &(0x7f0000000940)) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$gtp(&(0x7f0000000980), r5) ioctl$BINDER_GET_FROZEN_INFO(r2, 0xc00c620f, &(0x7f00000009c0)) 21:24:41 executing program 6: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, &(0x7f0000000000)={0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}) ioctl$EVIOCGPROP(0xffffffffffffffff, 0x80404509, &(0x7f0000000040)=""/4096) ioctl$EVIOCGBITSND(0xffffffffffffffff, 0x80404532, &(0x7f0000001040)=""/4096) r0 = syz_io_uring_complete(0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000002040)=""/12) r1 = gettid() r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000002080)='./binderfs/custom0\x00', 0x800, 0x0) kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, r1, 0x7, r2, &(0x7f00000020c0)={r0, r0, 0x80000001}) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000002100)={0x4, 0x0, 0x3, 0x3fe0, 0x8, 0xf0}) ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f0000002140)={0x6, 0x14, 0x6, 0x5, "e074c363d2440c5d01022c7086dbca28a80dace3821c7f6f5043ecfa43cc33eb"}) r3 = syz_open_dev$evdev(&(0x7f0000002180), 0x5, 0xa00) ioctl$EVIOCSMASK(r3, 0x40104593, &(0x7f0000002200)={0x3, 0x33, &(0x7f00000021c0)="95372377a9e0113cb00361bdd47a86b7d5c0deff45a8836491ada79caaf98a1c2e1a74d1e4a62a450fb8209a360958c3a91589"}) r4 = syz_open_dev$evdev(&(0x7f0000002240), 0xc15, 0x100) ioctl$EVIOCREVOKE(r4, 0x40044591, &(0x7f0000002280)=0x1) ioctl$EVIOCSKEYCODE_V2(r4, 0x40284504, &(0x7f00000022c0)={0x2, 0x14, 0x8, 0x4, "676f13c6cc55c85a4362a8c13749d44b3a1b7a1cb783b2c4e92b59a4d43428b4"}) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000002300)=""/102) sendmsg$SMC_PNETID_FLUSH(r0, &(0x7f0000002480)={&(0x7f0000002380)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000002440)={&(0x7f00000023c0)={0x70, 0x0, 0x100, 0x70bd27, 0x25dfdbfc, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'caif0\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'bridge_slave_0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'erspan0\x00'}]}, 0x70}, 0x1, 0x0, 0x0, 0x4050}, 0x0) ioctl$EVIOCREVOKE(r3, 0x40044591, &(0x7f00000024c0)=0x7) r5 = syz_open_dev$evdev(&(0x7f0000002500), 0xffffffff, 0x48200) ioctl$EVIOCSABS20(r5, 0x401845e0, &(0x7f0000002540)={0x1ff, 0x9f4, 0x60f, 0x9, 0x5, 0x1000}) 21:24:41 executing program 5: ioctl$SG_EMULATED_HOST(0xffffffffffffffff, 0x2203, &(0x7f0000000000)) ioctl$SG_SET_COMMAND_Q(0xffffffffffffffff, 0x2271, &(0x7f0000000040)=0x1) sendmsg$SMC_PNETID_FLUSH(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x6c, 0x0, 0x100, 0x70bd2c, 0x25dfdbfd, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'veth0_to_hsr\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'dummy0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}]}, 0x6c}, 0x1, 0x0, 0x0, 0x2040090}, 0x20044) r0 = syz_io_uring_complete(0x0) ioctl$SG_GET_RESERVED_SIZE(r0, 0x2272, &(0x7f00000001c0)) ioctl$SG_SET_COMMAND_Q(r0, 0x2271, &(0x7f0000000200)=0x1) ioctl$EVIOCGSW(0xffffffffffffffff, 0x8040451b, &(0x7f0000000240)=""/50) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000280), 0x402, 0x0) ioctl$EVIOCGSW(r1, 0x8040451b, &(0x7f00000002c0)=""/115) inotify_add_watch(r0, &(0x7f0000000340)='./file0\x00', 0x4) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000380), 0x10000, 0x0) sendmsg$SMC_PNETID_DEL(r2, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x288001}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x1c, 0x0, 0x20, 0x70bd28, 0x25dfdbff, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4800}, 0x8004) write$P9_RUNLINKAT(r2, &(0x7f00000004c0)={0x7, 0x4d, 0x1}, 0x7) ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000600)={0x11, 0xda, &(0x7f0000000500)="ee94539aa5a9b79a6c9daf761607d5c9dc5445c3bc6a88cc2411a0721375d0d2065ce44f80bad4879519d33787df06ebc8edee560111c2f1f73c3b5f420993cbd1d0175ac2a2e076cf5c16594e9c8e8426012ec38f60cb399dc095f7113a29303a056ee322195294755de6328419b80ebf8744c15d897a48786358668dc5d0155a177b3b19e7a106be8775014d142ddcd9cab6c3f463d7d8f3bebe66ed776210cbebf82fe9e421ed35c18e4e3f51e1ed773defa1679e7dab6f9d0971026627594d5389bf23a08678bfb53b43eba32975112ee7e5f81ae06ae283"}) socket(0x1f, 0xa, 0x80) r3 = syz_open_dev$evdev(&(0x7f0000000640), 0x8000, 0x4c100) ioctl$EVIOCGABS20(r3, 0x80184560, &(0x7f0000000680)=""/251) ioctl$EVIOCGSND(r2, 0x8040451a, &(0x7f0000000780)=""/97) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x40010, r0, 0x8000000) syz_io_uring_complete(r4) 21:24:41 executing program 7: ioctl$INOTIFY_IOC_SETNEXTWD(0xffffffffffffffff, 0x40044900, 0x4) sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x34, 0x0, 0x10, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x3}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0xffffffff}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x4004040}, 0x8000) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100), 0x14d902, 0x0) ioctl$SG_GET_REQUEST_TABLE(r0, 0x2286, &(0x7f0000000140)) r1 = syz_io_uring_setup(0x4bab, &(0x7f00000002c0)={0x0, 0xf308, 0x20, 0x0, 0x1ac, 0x0, r0}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000340)=0x0, &(0x7f0000000380)=0x0) personality(0x40000) write$P9_RWSTAT(r0, &(0x7f00000003c0)={0x7, 0x7f, 0x2}, 0x7) r4 = syz_io_uring_complete(0x0) write$P9_RLOCK(r4, &(0x7f0000000400)={0x8, 0x35, 0x2, 0x2}, 0x8) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000440)='./binderfs2/custom1\x00', 0x2, 0x0) ioctl$EVIOCGABS2F(r1, 0x8018456f, &(0x7f0000000480)=""/59) r5 = openat$nvram(0xffffffffffffff9c, &(0x7f00000004c0), 0x302, 0x0) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000540), r0) sendmsg$BATADV_CMD_TP_METER_CANCEL(r5, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x4004010}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x34, r6, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x7}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xeb9c}]}, 0x34}, 0x1, 0x0, 0x0, 0x40050}, 0x4880) write$P9_RXATTRWALK(r5, &(0x7f0000000640)={0xf, 0x1f, 0x1}, 0xf) r7 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000680), 0x8000, 0x0) write$P9_RLERROR(r7, &(0x7f00000006c0)={0x14, 0x7, 0x2, {0xb, '/dev/nvram\x00'}}, 0x14) r8 = syz_io_uring_complete(r2) epoll_ctl$EPOLL_CTL_DEL(r4, 0x2, r8) syz_io_uring_submit(0x0, r3, &(0x7f0000000800)=@IORING_OP_SPLICE={0x1e, 0x5, 0x0, @fd, 0x1, {0x0, r8}, 0x2, 0x0, 0x0, {0x0, 0x0, r4}}, 0x8000) [ 125.200278] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 125.204834] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 125.216549] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 125.219507] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 125.224116] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 125.227898] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 125.233826] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 125.241785] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 125.245949] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 125.258973] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 125.323616] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 125.328724] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 125.331012] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 125.344996] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 125.354663] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 125.423190] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 125.430917] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 125.436790] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 125.440524] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 125.444384] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 125.450667] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 125.467463] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 125.469498] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 125.471615] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 125.475687] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 125.478072] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 125.482749] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 125.501058] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 125.506283] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 125.511286] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 125.516745] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 125.517601] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 125.533088] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 125.535578] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 125.543094] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 125.564724] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 125.566405] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 125.570904] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 125.620710] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 125.644439] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 127.281756] Bluetooth: hci1: command tx timeout [ 127.282540] Bluetooth: hci0: command tx timeout [ 127.411483] Bluetooth: hci2: command tx timeout [ 127.601437] Bluetooth: hci3: command tx timeout [ 127.665241] Bluetooth: hci6: command tx timeout [ 127.665260] Bluetooth: hci4: command tx timeout [ 127.729687] Bluetooth: hci7: command tx timeout [ 127.730332] Bluetooth: hci5: command tx timeout [ 129.330641] Bluetooth: hci1: command tx timeout [ 129.330740] Bluetooth: hci0: command tx timeout [ 129.457536] Bluetooth: hci2: command tx timeout [ 129.649635] Bluetooth: hci3: command tx timeout [ 129.713909] Bluetooth: hci6: command tx timeout [ 129.714956] Bluetooth: hci4: command tx timeout [ 129.779209] Bluetooth: hci5: command tx timeout [ 129.779256] Bluetooth: hci7: command tx timeout [ 131.377246] Bluetooth: hci1: command tx timeout [ 131.377284] Bluetooth: hci0: command tx timeout [ 131.506395] Bluetooth: hci2: command tx timeout [ 131.697506] Bluetooth: hci3: command tx timeout [ 131.762182] Bluetooth: hci4: command tx timeout [ 131.762214] Bluetooth: hci6: command tx timeout [ 131.825232] Bluetooth: hci7: command tx timeout [ 131.825652] Bluetooth: hci5: command tx timeout [ 133.426183] Bluetooth: hci0: command tx timeout [ 133.426668] Bluetooth: hci1: command tx timeout [ 133.553207] Bluetooth: hci2: command tx timeout [ 133.745227] Bluetooth: hci3: command tx timeout [ 133.809536] Bluetooth: hci4: command tx timeout [ 133.809567] Bluetooth: hci6: command tx timeout [ 133.873219] Bluetooth: hci7: command tx timeout [ 133.874232] Bluetooth: hci5: command tx timeout [ 187.858853] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 187.867910] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 187.871046] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 187.878791] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 187.886065] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 187.997556] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 188.002955] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 188.006624] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 188.015693] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 188.024668] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 188.052027] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 188.055596] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 188.058700] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 188.060788] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 188.070719] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 188.079919] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 188.095903] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 188.100965] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 188.106977] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 188.112728] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 188.117733] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 188.122313] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 188.125384] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 188.136553] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 188.146434] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 188.153109] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 188.156101] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 188.159294] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 188.161352] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 188.164541] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 188.164631] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 188.183755] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 188.186617] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 188.212759] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 188.217555] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 188.356573] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 188.360100] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 188.375773] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 188.389683] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 188.406849] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 189.937259] Bluetooth: hci0: command tx timeout [ 190.130243] Bluetooth: hci1: command tx timeout [ 190.193329] Bluetooth: hci2: command tx timeout [ 190.194233] Bluetooth: hci3: command tx timeout [ 190.257198] Bluetooth: hci4: command tx timeout [ 190.321273] Bluetooth: hci5: command tx timeout [ 190.386295] Bluetooth: hci6: command tx timeout [ 190.514203] Bluetooth: hci7: command tx timeout [ 191.985383] Bluetooth: hci0: command tx timeout [ 192.177489] Bluetooth: hci1: command tx timeout [ 192.242595] Bluetooth: hci3: command tx timeout [ 192.243037] Bluetooth: hci2: command tx timeout [ 192.305542] Bluetooth: hci4: command tx timeout [ 192.369234] Bluetooth: hci5: command tx timeout [ 192.433202] Bluetooth: hci6: command tx timeout [ 192.563187] Bluetooth: hci7: command tx timeout [ 194.033269] Bluetooth: hci0: command tx timeout [ 194.225958] Bluetooth: hci1: command tx timeout [ 194.289400] Bluetooth: hci3: command tx timeout [ 194.290407] Bluetooth: hci2: command tx timeout [ 194.354367] Bluetooth: hci4: command tx timeout [ 194.417398] Bluetooth: hci5: command tx timeout [ 194.481325] Bluetooth: hci6: command tx timeout [ 194.609248] Bluetooth: hci7: command tx timeout [ 196.081563] Bluetooth: hci0: command tx timeout [ 196.273514] Bluetooth: hci1: command tx timeout [ 196.338266] Bluetooth: hci2: command tx timeout [ 196.338762] Bluetooth: hci3: command tx timeout [ 196.401221] Bluetooth: hci4: command tx timeout [ 196.466339] Bluetooth: hci5: command tx timeout [ 196.530436] Bluetooth: hci6: command tx timeout [ 196.657234] Bluetooth: hci7: command tx timeout [ 249.938566] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 249.941280] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 249.945527] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 249.947480] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 249.947748] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 249.951431] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 249.960366] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 249.960683] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 249.969171] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 249.972855] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 250.186920] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 250.194926] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 250.201778] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 250.214859] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 250.237689] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 250.298258] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 250.301623] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 250.305047] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 250.314692] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 250.320282] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 250.408573] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 250.432079] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 250.450835] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 250.456509] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 250.459785] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 250.472539] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 250.476659] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 250.482573] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 250.486632] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 250.498584] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 250.510594] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 250.521486] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 250.523512] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 250.536716] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 250.545079] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 250.557460] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 250.626836] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 250.649386] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 250.713722] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 250.766361] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 252.018317] Bluetooth: hci1: command tx timeout [ 252.082252] Bluetooth: hci0: command tx timeout [ 252.402398] Bluetooth: hci3: command tx timeout [ 252.402420] Bluetooth: hci2: command tx timeout [ 252.595312] Bluetooth: hci4: command tx timeout [ 252.657384] Bluetooth: hci5: command tx timeout [ 252.721688] Bluetooth: hci6: command tx timeout [ 252.913306] Bluetooth: hci7: command tx timeout [ 254.065258] Bluetooth: hci1: command tx timeout [ 254.129278] Bluetooth: hci0: command tx timeout [ 254.449238] Bluetooth: hci3: command tx timeout [ 254.449355] Bluetooth: hci2: command tx timeout [ 254.641791] Bluetooth: hci4: command tx timeout [ 254.706608] Bluetooth: hci5: command tx timeout [ 254.770912] Bluetooth: hci6: command tx timeout [ 254.962174] Bluetooth: hci7: command tx timeout [ 256.115158] Bluetooth: hci1: command tx timeout [ 256.177286] Bluetooth: hci0: command tx timeout [ 256.497217] Bluetooth: hci2: command tx timeout [ 256.497254] Bluetooth: hci3: command tx timeout [ 256.689218] Bluetooth: hci4: command tx timeout [ 256.755183] Bluetooth: hci5: command tx timeout [ 256.817316] Bluetooth: hci6: command tx timeout [ 257.009204] Bluetooth: hci7: command tx timeout [ 258.161267] Bluetooth: hci1: command tx timeout [ 258.226726] Bluetooth: hci0: command tx timeout [ 258.545627] Bluetooth: hci3: command tx timeout [ 258.546460] Bluetooth: hci2: command tx timeout [ 258.739274] Bluetooth: hci4: command tx timeout [ 258.801506] Bluetooth: hci5: command tx timeout [ 258.866214] Bluetooth: hci6: command tx timeout [ 259.057857] Bluetooth: hci7: command tx timeout [ 312.088011] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 312.090963] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 312.096727] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 312.101681] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 312.106019] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 312.114268] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 312.122051] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 312.125111] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 312.129890] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 312.135972] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 312.259366] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 312.266773] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 312.274662] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 312.290034] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 312.296648] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 312.332388] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 312.342010] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 312.360667] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 312.374767] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 312.387447] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 312.416735] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 312.439013] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 312.463607] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 312.465513] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 312.483645] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 312.489188] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 312.494871] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 312.500535] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 312.536972] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 312.568850] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 312.576111] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 312.600782] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 312.604598] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 312.622705] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 312.624831] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 312.632818] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 312.641858] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 312.649040] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 312.669903] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 312.673357] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 314.162465] Bluetooth: hci0: command tx timeout [ 314.225347] Bluetooth: hci1: command tx timeout [ 314.353323] Bluetooth: hci2: command tx timeout [ 314.547300] Bluetooth: hci4: command tx timeout [ 314.548052] Bluetooth: hci3: command tx timeout [ 314.609433] Bluetooth: hci5: command tx timeout [ 314.737275] Bluetooth: hci7: command tx timeout [ 314.737883] Bluetooth: hci6: command tx timeout [ 316.210510] Bluetooth: hci0: command tx timeout [ 316.274917] Bluetooth: hci1: command tx timeout [ 316.401851] Bluetooth: hci2: command tx timeout [ 316.593377] Bluetooth: hci3: command tx timeout [ 316.594249] Bluetooth: hci4: command tx timeout [ 316.657355] Bluetooth: hci5: command tx timeout [ 316.785369] Bluetooth: hci6: command tx timeout [ 316.786871] Bluetooth: hci7: command tx timeout [ 318.258220] Bluetooth: hci0: command tx timeout [ 318.321940] Bluetooth: hci1: command tx timeout [ 318.449583] Bluetooth: hci2: command tx timeout [ 318.641291] Bluetooth: hci4: command tx timeout [ 318.642083] Bluetooth: hci3: command tx timeout [ 318.705240] Bluetooth: hci5: command tx timeout [ 318.833325] Bluetooth: hci7: command tx timeout [ 318.833978] Bluetooth: hci6: command tx timeout [ 320.307492] Bluetooth: hci0: command tx timeout [ 320.370223] Bluetooth: hci1: command tx timeout [ 320.498276] Bluetooth: hci2: command tx timeout [ 320.691329] Bluetooth: hci4: command tx timeout [ 320.691806] Bluetooth: hci3: command tx timeout [ 320.754499] Bluetooth: hci5: command tx timeout [ 320.882659] Bluetooth: hci6: command tx timeout [ 320.883169] Bluetooth: hci7: command tx timeout [ 374.398660] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 374.403784] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 374.405634] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 374.413508] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 374.420437] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 374.474012] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 374.476802] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 374.479494] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 374.486745] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 374.489391] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 374.658665] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 374.664449] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 374.670335] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 374.675054] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 374.677059] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 374.808221] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 374.823675] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 374.833692] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 374.835961] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 374.852472] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 374.859951] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 374.860952] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 374.862935] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 374.869989] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 374.873998] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 374.909757] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 374.920539] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 374.923579] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 374.933914] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 374.936909] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 374.938169] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 374.940242] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 374.944436] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 374.946424] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 374.954874] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 374.961011] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 374.967566] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 374.976211] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 374.993014] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 374.995237] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 376.497202] Bluetooth: hci0: command tx timeout [ 376.561515] Bluetooth: hci1: command tx timeout [ 376.753196] Bluetooth: hci2: command tx timeout [ 376.945237] Bluetooth: hci7: command tx timeout [ 377.009227] Bluetooth: hci4: command tx timeout [ 377.009849] Bluetooth: hci6: command tx timeout [ 377.075083] Bluetooth: hci5: command tx timeout [ 377.138458] Bluetooth: hci3: command tx timeout [ 378.546270] Bluetooth: hci0: command tx timeout [ 378.610307] Bluetooth: hci1: command tx timeout [ 378.802281] Bluetooth: hci2: command tx timeout [ 378.993179] Bluetooth: hci7: command tx timeout [ 379.058579] Bluetooth: hci4: command tx timeout [ 379.059016] Bluetooth: hci6: command tx timeout [ 379.122208] Bluetooth: hci5: command tx timeout [ 379.185526] Bluetooth: hci3: command tx timeout [ 380.593220] Bluetooth: hci0: command tx timeout [ 380.658558] Bluetooth: hci1: command tx timeout [ 380.849204] Bluetooth: hci2: command tx timeout [ 381.042890] Bluetooth: hci7: command tx timeout [ 381.105208] Bluetooth: hci6: command tx timeout [ 381.105655] Bluetooth: hci4: command tx timeout [ 381.170312] Bluetooth: hci5: command tx timeout [ 381.234662] Bluetooth: hci3: command tx timeout [ 382.642273] Bluetooth: hci0: command tx timeout [ 382.706575] Bluetooth: hci1: command tx timeout [ 382.897487] Bluetooth: hci2: command tx timeout [ 383.091307] Bluetooth: hci7: command tx timeout [ 383.153338] Bluetooth: hci6: command tx timeout [ 383.153843] Bluetooth: hci4: command tx timeout [ 383.217218] Bluetooth: hci5: command tx timeout [ 383.282417] Bluetooth: hci3: command tx timeout VM DIAGNOSIS: 21:29:46 Registers: info registers vcpu 0 RAX=0000000000000001 RBX=0000000000000000 RCX=0000000000000002 RDX=0000000000000000 RSI=0000000000000000 RDI=ffff88806ce31850 RBP=ffffffff85c1cbc0 RSP=ffff88803533f320 R8 =0000000000000000 R9 =0000000000000000 R10=000000000003b6cd R11=0000000000022717 R12=0000000000000002 R13=0000000000000000 R14=0000000000000000 R15=ffff88803533f408 RIP=ffffffff8151b26e RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e561b000 00000000 00000000 LDT=0000 fffffe4400000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055d0d5919080 CR3=0000000025804000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=000000001654f201 RBX=ffffffff81604870 RCX=ffff88801654f1dc RDX=0000000000000000 RSI=ffffffff85c1cbc0 RDI=ffff888015fad67c RBP=ffff88801654f320 RSP=ffff88801654f268 R8 =0000000000000001 R9 =ffff88801654f2c8 R10=000000000003b6cd R11=00000000000232f2 R12=ffff88801654f350 R13=ffff88801654f2d0 R14=ffff88801654f508 R15=ffff88801654f288 RIP=ffffffff81353d9b RFL=00000296 [--S-AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff8880e571b000 00000000 00000000 LDT=0000 fffffe4400000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f964fc24008 CR3=0000000027b84000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffff00ffffffffffffffffffffff00ff XMM02=4c4700362e322e325f4342494c470035 XMM03=00000000000000000000000000470035 XMM04=4342494c4700362e322e325f4342494c XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000