Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:3394' (ECDSA) to the list of known hosts. 2022/10/31 11:17:53 fuzzer started 2022/10/31 11:17:54 dialing manager at localhost:40945 syzkaller login: [ 36.311254] cgroup: Unknown subsys name 'net' [ 36.460839] cgroup: Unknown subsys name 'rlimit' 2022/10/31 11:18:09 syscalls: 2217 2022/10/31 11:18:09 code coverage: enabled 2022/10/31 11:18:09 comparison tracing: enabled 2022/10/31 11:18:09 extra coverage: enabled 2022/10/31 11:18:09 setuid sandbox: enabled 2022/10/31 11:18:09 namespace sandbox: enabled 2022/10/31 11:18:09 Android sandbox: enabled 2022/10/31 11:18:09 fault injection: enabled 2022/10/31 11:18:09 leak checking: enabled 2022/10/31 11:18:09 net packet injection: enabled 2022/10/31 11:18:09 net device setup: enabled 2022/10/31 11:18:09 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/10/31 11:18:09 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/10/31 11:18:09 USB emulation: enabled 2022/10/31 11:18:09 hci packet injection: enabled 2022/10/31 11:18:09 wifi device emulation: enabled 2022/10/31 11:18:09 802.15.4 emulation: enabled 2022/10/31 11:18:09 fetching corpus: 0, signal 0/2000 (executing program) 2022/10/31 11:18:09 fetching corpus: 31, signal 22959/26455 (executing program) 2022/10/31 11:18:09 fetching corpus: 80, signal 39867/44519 (executing program) 2022/10/31 11:18:09 fetching corpus: 130, signal 46800/52782 (executing program) 2022/10/31 11:18:09 fetching corpus: 180, signal 60249/66967 (executing program) 2022/10/31 11:18:09 fetching corpus: 226, signal 66967/74581 (executing program) 2022/10/31 11:18:09 fetching corpus: 276, signal 72730/81245 (executing program) 2022/10/31 11:18:10 fetching corpus: 326, signal 78223/87443 (executing program) 2022/10/31 11:18:10 fetching corpus: 376, signal 83474/93307 (executing program) 2022/10/31 11:18:10 fetching corpus: 426, signal 87842/98290 (executing program) 2022/10/31 11:18:10 fetching corpus: 476, signal 91005/102175 (executing program) 2022/10/31 11:18:10 fetching corpus: 526, signal 92905/104881 (executing program) 2022/10/31 11:18:10 fetching corpus: 576, signal 94874/107545 (executing program) 2022/10/31 11:18:10 fetching corpus: 625, signal 97297/110580 (executing program) 2022/10/31 11:18:10 fetching corpus: 675, signal 100263/114059 (executing program) 2022/10/31 11:18:11 fetching corpus: 724, signal 102722/117014 (executing program) 2022/10/31 11:18:11 fetching corpus: 774, signal 105183/119935 (executing program) 2022/10/31 11:18:11 fetching corpus: 824, signal 106975/122250 (executing program) 2022/10/31 11:18:11 fetching corpus: 873, signal 108987/124689 (executing program) 2022/10/31 11:18:11 fetching corpus: 923, signal 110483/126685 (executing program) 2022/10/31 11:18:11 fetching corpus: 973, signal 114169/130374 (executing program) 2022/10/31 11:18:11 fetching corpus: 1021, signal 116191/132679 (executing program) 2022/10/31 11:18:12 fetching corpus: 1069, signal 119342/135856 (executing program) 2022/10/31 11:18:12 fetching corpus: 1119, signal 121562/138244 (executing program) 2022/10/31 11:18:12 fetching corpus: 1169, signal 123310/140185 (executing program) 2022/10/31 11:18:12 fetching corpus: 1219, signal 125306/142258 (executing program) 2022/10/31 11:18:12 fetching corpus: 1269, signal 126787/143920 (executing program) 2022/10/31 11:18:12 fetching corpus: 1319, signal 127581/145101 (executing program) 2022/10/31 11:18:12 fetching corpus: 1369, signal 128907/146674 (executing program) 2022/10/31 11:18:12 fetching corpus: 1418, signal 129961/148021 (executing program) 2022/10/31 11:18:13 fetching corpus: 1468, signal 132080/150044 (executing program) 2022/10/31 11:18:13 fetching corpus: 1517, signal 134491/152260 (executing program) 2022/10/31 11:18:13 fetching corpus: 1567, signal 135611/153511 (executing program) 2022/10/31 11:18:13 fetching corpus: 1617, signal 136952/154912 (executing program) 2022/10/31 11:18:13 fetching corpus: 1666, signal 138275/156273 (executing program) 2022/10/31 11:18:13 fetching corpus: 1716, signal 139938/157790 (executing program) 2022/10/31 11:18:13 fetching corpus: 1766, signal 141081/158958 (executing program) 2022/10/31 11:18:14 fetching corpus: 1816, signal 141867/159924 (executing program) 2022/10/31 11:18:14 fetching corpus: 1866, signal 144731/162097 (executing program) 2022/10/31 11:18:14 fetching corpus: 1916, signal 145858/163151 (executing program) 2022/10/31 11:18:14 fetching corpus: 1966, signal 147380/164418 (executing program) 2022/10/31 11:18:14 fetching corpus: 2016, signal 148705/165629 (executing program) 2022/10/31 11:18:14 fetching corpus: 2066, signal 149495/166405 (executing program) 2022/10/31 11:18:14 fetching corpus: 2116, signal 150246/167173 (executing program) 2022/10/31 11:18:14 fetching corpus: 2166, signal 151443/168158 (executing program) 2022/10/31 11:18:15 fetching corpus: 2216, signal 152343/168977 (executing program) 2022/10/31 11:18:15 fetching corpus: 2266, signal 153812/169998 (executing program) 2022/10/31 11:18:15 fetching corpus: 2316, signal 155184/170983 (executing program) 2022/10/31 11:18:15 fetching corpus: 2366, signal 156788/172094 (executing program) 2022/10/31 11:18:15 fetching corpus: 2416, signal 157799/172971 (executing program) 2022/10/31 11:18:15 fetching corpus: 2465, signal 158574/173644 (executing program) 2022/10/31 11:18:15 fetching corpus: 2515, signal 159991/174627 (executing program) 2022/10/31 11:18:16 fetching corpus: 2565, signal 160813/175257 (executing program) 2022/10/31 11:18:16 fetching corpus: 2615, signal 161910/176025 (executing program) 2022/10/31 11:18:16 fetching corpus: 2664, signal 163025/176712 (executing program) 2022/10/31 11:18:16 fetching corpus: 2713, signal 164161/177451 (executing program) 2022/10/31 11:18:16 fetching corpus: 2763, signal 164771/177927 (executing program) 2022/10/31 11:18:16 fetching corpus: 2812, signal 165578/178468 (executing program) 2022/10/31 11:18:16 fetching corpus: 2862, signal 166403/178998 (executing program) 2022/10/31 11:18:16 fetching corpus: 2910, signal 167752/179715 (executing program) 2022/10/31 11:18:17 fetching corpus: 2960, signal 168391/180157 (executing program) 2022/10/31 11:18:17 fetching corpus: 3010, signal 169287/180659 (executing program) 2022/10/31 11:18:17 fetching corpus: 3060, signal 169819/181039 (executing program) 2022/10/31 11:18:17 fetching corpus: 3110, signal 170797/181508 (executing program) 2022/10/31 11:18:17 fetching corpus: 3160, signal 171989/182024 (executing program) 2022/10/31 11:18:17 fetching corpus: 3210, signal 172920/182448 (executing program) 2022/10/31 11:18:17 fetching corpus: 3257, signal 173575/182760 (executing program) 2022/10/31 11:18:17 fetching corpus: 3307, signal 174219/183139 (executing program) 2022/10/31 11:18:18 fetching corpus: 3357, signal 175018/183499 (executing program) 2022/10/31 11:18:18 fetching corpus: 3406, signal 175992/183871 (executing program) 2022/10/31 11:18:18 fetching corpus: 3456, signal 176436/184125 (executing program) 2022/10/31 11:18:18 fetching corpus: 3506, signal 177289/184416 (executing program) 2022/10/31 11:18:18 fetching corpus: 3556, signal 177967/184672 (executing program) 2022/10/31 11:18:18 fetching corpus: 3606, signal 178491/184854 (executing program) 2022/10/31 11:18:18 fetching corpus: 3656, signal 179029/185045 (executing program) 2022/10/31 11:18:18 fetching corpus: 3705, signal 180023/185299 (executing program) 2022/10/31 11:18:18 fetching corpus: 3754, signal 180576/185466 (executing program) 2022/10/31 11:18:19 fetching corpus: 3803, signal 181858/185717 (executing program) 2022/10/31 11:18:19 fetching corpus: 3853, signal 182877/185913 (executing program) 2022/10/31 11:18:19 fetching corpus: 3855, signal 182914/185948 (executing program) 2022/10/31 11:18:19 fetching corpus: 3855, signal 182914/185996 (executing program) 2022/10/31 11:18:19 fetching corpus: 3855, signal 182914/186037 (executing program) 2022/10/31 11:18:19 fetching corpus: 3856, signal 182916/186077 (executing program) 2022/10/31 11:18:19 fetching corpus: 3856, signal 182916/186106 (executing program) 2022/10/31 11:18:19 fetching corpus: 3856, signal 182916/186140 (executing program) 2022/10/31 11:18:19 fetching corpus: 3856, signal 182916/186177 (executing program) 2022/10/31 11:18:19 fetching corpus: 3856, signal 182916/186209 (executing program) 2022/10/31 11:18:19 fetching corpus: 3856, signal 182916/186252 (executing program) 2022/10/31 11:18:19 fetching corpus: 3856, signal 182916/186290 (executing program) 2022/10/31 11:18:19 fetching corpus: 3856, signal 182916/186336 (executing program) 2022/10/31 11:18:19 fetching corpus: 3856, signal 182916/186379 (executing program) 2022/10/31 11:18:19 fetching corpus: 3856, signal 182916/186416 (executing program) 2022/10/31 11:18:19 fetching corpus: 3856, signal 182916/186438 (executing program) 2022/10/31 11:18:19 fetching corpus: 3856, signal 182916/186438 (executing program) 2022/10/31 11:18:22 starting 8 fuzzer processes 11:18:22 executing program 0: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$SNAPSHOT_ATOMIC_RESTORE(0xffffffffffffffff, 0x3304) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_QOS_MAP(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_AUTHENTICATE(0xffffffffffffffff, 0x0, 0x0) ioctl$SNAPSHOT_FREE(r0, 0x3305) syz_genetlink_get_family_id$mptcp(&(0x7f00000006c0), 0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_TESTMODE(0xffffffffffffffff, &(0x7f00000018c0)={&(0x7f00000007c0), 0xc, &(0x7f0000001880)={0x0}}, 0x0) sendmsg$NL80211_CMD_DISASSOCIATE(0xffffffffffffffff, 0x0, 0x0) 11:18:22 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$netlink(r0, 0x10e, 0xb, &(0x7f0000000080)=""/140, &(0x7f0000000140)=0x8c) 11:18:22 executing program 2: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x5}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x20, 0x5, 0xdd, 0xda, 0x0, 0x1, 0x24, 0xd, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x40, 0x6, 0x9, 0x4, 0x8, 0x2, 0x120, 0x0, 0x401, 0x0, 0xd273}, 0x0, 0xe, r1, 0xc) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000005, 0x40010, 0xffffffffffffffff, 0xf871a000) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) socket$netlink(0x10, 0x3, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x9, 0x0, 0x7, 0x11, 0x0, 0x7fff, 0x8000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x2, 0x2, @perf_config_ext={0x6, 0xfff}, 0x40, 0x10001, 0x20, 0x8, 0x73e, 0xffffffff, 0x9, 0x0, 0x9, 0x0, 0x3}, 0x0, 0x9, r0, 0x1) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) 11:18:22 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xfffffffffffffffe}, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r0, 0x0, 0x100000) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x2000, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r2) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000380)=ANY=[@ANYBLOB="00aafe51654c6e5f881d40b15fb0e3ff81199e7f32847ab28fd00e7b8c72013423d8312b7b0e01d84931cc9f41a89b90b3a2b1e31a56b598abfb10406b0900615d4b0533be140f83fffb8d6c90b33eb14347cfca30f7dea4a1708fc8feec91adabca27a7b3d50514f841311fc55b059fdc71adf68cd18215b85bee635d7a62658d11391503"], 0xb) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(0xffffffffffffffff, 0x89fb, &(0x7f0000000240)={'ip6gre0\x00', &(0x7f0000000300)={'syztnl1\x00', 0x0, 0x4, 0xfe, 0x40, 0x5, 0x7f, @ipv4={'\x00', '\xff\xff', @local}, @initdev={0xfe, 0x88, '\x00', 0x2, 0x0}, 0x7, 0x7800, 0x10001}}) io_setup(0xd29, &(0x7f0000000780)=0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) io_submit(r3, 0x1, &(0x7f0000000040)=[&(0x7f0000000200)={0x0, 0x0, 0x8, 0x8, 0x0, r4, 0x0}]) close(r4) socket$nl_audit(0x10, 0x3, 0x9) r5 = gettid() setpriority(0x2, r5, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, @perf_config_ext={0x5, 0xfffffffffffffffe}, 0x26, 0x661, 0x0, 0x0, 0x0, 0xffffffff}, r5, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) [ 63.143182] audit: type=1400 audit(1667215102.301:6): avc: denied { execmem } for pid=283 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:18:22 executing program 4: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/tty/ldiscs\x00', 0x0, 0x0) preadv(r0, &(0x7f0000001380)=[{&(0x7f0000003280)=""/4122, 0x101a}], 0x1, 0x101, 0x0) 11:18:22 executing program 5: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/schedstat\x00', 0x0, 0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) sendfile(r1, r0, &(0x7f0000000000)=0xa7, 0x7) 11:18:22 executing program 6: r0 = fsopen(&(0x7f0000000000)='ramfs\x00', 0x0) r1 = fsopen(&(0x7f0000000000)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f0000000200)='+{[\xcd{w}[&\x00', 0x0, r2) 11:18:22 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0x3, &(0x7f0000000700)=0x4000000, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r0) [ 64.468782] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 64.472187] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 64.473824] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 64.477664] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 64.479978] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 64.481887] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 64.488576] Bluetooth: hci0: HCI_REQ-0x0c1a [ 64.528699] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 64.531480] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 64.533197] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 64.543110] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 64.545616] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 64.547090] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 64.548500] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 64.565084] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 64.586674] Bluetooth: hci2: HCI_REQ-0x0c1a [ 64.604130] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 64.606448] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 64.607981] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 64.609157] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 64.610680] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 64.613775] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 64.616687] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 64.620814] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 64.620926] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 64.623155] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 64.627685] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 64.629551] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 64.636468] Bluetooth: hci3: HCI_REQ-0x0c1a [ 64.641497] Bluetooth: hci7: HCI_REQ-0x0c1a [ 64.676839] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 64.708796] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 64.716677] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 64.722151] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 64.730425] Bluetooth: hci4: HCI_REQ-0x0c1a [ 66.549473] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 66.551224] Bluetooth: hci0: command 0x0409 tx timeout [ 66.614360] Bluetooth: hci2: command 0x0409 tx timeout [ 66.614946] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 66.615847] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 66.677371] Bluetooth: hci7: command 0x0409 tx timeout [ 66.677955] Bluetooth: hci3: command 0x0409 tx timeout [ 66.806417] Bluetooth: hci4: command 0x0409 tx timeout [ 68.597448] Bluetooth: hci0: command 0x041b tx timeout [ 68.661676] Bluetooth: hci2: command 0x041b tx timeout [ 68.725511] Bluetooth: hci3: command 0x041b tx timeout [ 68.726249] Bluetooth: hci7: command 0x041b tx timeout [ 68.853358] Bluetooth: hci4: command 0x041b tx timeout [ 69.315997] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 69.318995] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 69.323007] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 69.333449] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 69.336516] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 69.338066] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 69.342656] Bluetooth: hci1: HCI_REQ-0x0c1a [ 69.688503] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 69.689057] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 69.692263] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 69.693142] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 69.698799] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 69.699993] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 69.711521] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 69.712133] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 69.713502] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 69.714468] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 69.715152] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 69.719193] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 69.724017] Bluetooth: hci6: HCI_REQ-0x0c1a [ 69.815376] Bluetooth: hci5: HCI_REQ-0x0c1a [ 70.646382] Bluetooth: hci0: command 0x040f tx timeout [ 70.709334] Bluetooth: hci2: command 0x040f tx timeout [ 70.774408] Bluetooth: hci7: command 0x040f tx timeout [ 70.774834] Bluetooth: hci3: command 0x040f tx timeout [ 70.901331] Bluetooth: hci4: command 0x040f tx timeout [ 71.350351] Bluetooth: hci1: command 0x0409 tx timeout [ 71.733438] Bluetooth: hci6: command 0x0409 tx timeout [ 71.862364] Bluetooth: hci5: command 0x0409 tx timeout [ 72.694339] Bluetooth: hci0: command 0x0419 tx timeout [ 72.758350] Bluetooth: hci2: command 0x0419 tx timeout [ 72.822527] Bluetooth: hci3: command 0x0419 tx timeout [ 72.822949] Bluetooth: hci7: command 0x0419 tx timeout [ 72.950334] Bluetooth: hci4: command 0x0419 tx timeout [ 73.398356] Bluetooth: hci1: command 0x041b tx timeout [ 73.781388] Bluetooth: hci6: command 0x041b tx timeout [ 73.910390] Bluetooth: hci5: command 0x041b tx timeout [ 75.446348] Bluetooth: hci1: command 0x040f tx timeout [ 75.830437] Bluetooth: hci6: command 0x040f tx timeout [ 75.958360] Bluetooth: hci5: command 0x040f tx timeout [ 77.493401] Bluetooth: hci1: command 0x0419 tx timeout [ 77.877382] Bluetooth: hci6: command 0x0419 tx timeout [ 78.005349] Bluetooth: hci5: command 0x0419 tx timeout [ 119.495876] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.496814] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.497939] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 119.705469] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.706190] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.707917] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 120.694132] Restarting kernel threads ... done. [ 120.813132] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.814093] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.815547] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 120.937235] Restarting kernel threads ... done. [ 120.969045] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.970085] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.971495] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 121.173857] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.174694] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.176158] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 121.344915] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.345539] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.347032] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 121.984543] audit: type=1400 audit(1667215161.142:7): avc: denied { open } for pid=3823 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 121.985962] audit: type=1400 audit(1667215161.143:8): avc: denied { kernel } for pid=3823 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 122.009300] hrtimer: interrupt took 19958 ns [ 122.293225] BUG: unable to handle page fault for address: ffffed100fffc000 [ 122.293770] #PF: supervisor write access in kernel mode [ 122.294145] #PF: error_code(0x0002) - not-present page [ 122.294487] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 122.294933] Oops: 0002 [#1] PREEMPT SMP KASAN NOPTI [ 122.297828] CPU: 1 PID: 3825 Comm: syz-executor.2 Not tainted 6.1.0-rc3-next-20221031 #1 [ 122.298357] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.298888] RIP: 0010:__memset+0x24/0x50 [ 122.299186] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 122.300366] RSP: 0018:ffff88800df1fcc0 EFLAGS: 00010216 [ 122.300719] RAX: 0000000000000000 RBX: ffff88800c0760c0 RCX: 1ffffe21fe604a88 [ 122.301205] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 122.301770] RBP: ffff88800c094140 R08: 0000000000000005 R09: ffffed100180ec18 [ 122.302443] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c094140 [ 122.303114] R13: ffff88800c0760c0 R14: ffffffff815f27a0 R15: 1ffff1100112281f [ 122.303781] FS: 00007efebe60f700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 122.304540] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.305097] CR2: ffffed100fffc000 CR3: 0000000013bcc000 CR4: 0000000000350ee0 [ 122.305764] Call Trace: [ 122.306017] [ 122.306242] kasan_unpoison+0x23/0x60 [ 122.306627] mempool_exit+0x1c2/0x330 [ 122.307008] bioset_exit+0x2c9/0x630 [ 122.307382] disk_release+0x143/0x490 [ 122.307756] ? disk_release+0x0/0x490 [ 122.308141] ? device_release+0x0/0x250 [ 122.308533] device_release+0xa2/0x250 [ 122.308915] ? device_release+0x0/0x250 [ 122.309318] kobject_put+0x173/0x280 [ 122.309692] put_device+0x1b/0x40 [ 122.310046] put_disk+0x41/0x60 [ 122.310378] loop_control_ioctl+0x4d1/0x630 [ 122.310803] ? loop_control_ioctl+0x0/0x630 [ 122.311225] ? selinux_file_ioctl+0xb1/0x270 [ 122.311672] ? loop_control_ioctl+0x0/0x630 [ 122.312100] __x64_sys_ioctl+0x19a/0x220 [ 122.312516] do_syscall_64+0x3b/0xa0 [ 122.312889] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 122.313414] RIP: 0033:0x7efec1099b19 [ 122.313775] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 122.315121] RSP: 002b:00007efebe60f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 122.315649] RAX: ffffffffffffffda RBX: 00007efec11acf60 RCX: 00007efec1099b19 [ 122.316150] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000005 [ 122.316659] RBP: 00007efec10f3f6d R08: 0000000000000000 R09: 0000000000000000 [ 122.317182] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 122.317691] R13: 00007ffeb1f8f37f R14: 00007efebe60f300 R15: 0000000000022000 [ 122.318208] [ 122.318384] Modules linked in: [ 122.318623] CR2: ffffed100fffc000 [ 122.318874] ---[ end trace 0000000000000000 ]--- [ 122.319208] RIP: 0010:__memset+0x24/0x50 [ 122.319511] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 122.320780] RSP: 0018:ffff88800df1fcc0 EFLAGS: 00010216 [ 122.321169] RAX: 0000000000000000 RBX: ffff88800c0760c0 RCX: 1ffffe21fe604a88 [ 122.321674] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 122.322182] RBP: ffff88800c094140 R08: 0000000000000005 R09: ffffed100180ec18 [ 122.322687] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c094140 [ 122.323188] R13: ffff88800c0760c0 R14: ffffffff815f27a0 R15: 1ffff1100112281f [ 122.323702] FS: 00007efebe60f700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 122.324264] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.324684] CR2: ffffed100fffc000 CR3: 0000000013bcc000 CR4: 0000000000350ee0 [ 122.420143] ieee80211 phy8: Selected rate control algorithm 'minstrel_ht' [ 122.489847] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.490614] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.491270] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 122.507597] ieee80211 phy9: Selected rate control algorithm 'minstrel_ht' [ 122.556691] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.557589] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.558683] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 122.573158] ieee80211 phy10: Selected rate control algorithm 'minstrel_ht' [ 122.637658] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.638182] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.638970] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 122.661574] ieee80211 phy11: Selected rate control algorithm 'minstrel_ht' [ 122.750197] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.750955] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.752028] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 122.884041] BUG: unable to handle page fault for address: ffffed100fffc000 [ 122.884703] #PF: supervisor write access in kernel mode [ 122.885179] #PF: error_code(0x0002) - not-present page [ 122.885637] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 122.886229] Oops: 0002 [#2] PREEMPT SMP KASAN NOPTI [ 122.886677] CPU: 0 PID: 3868 Comm: syz-executor.2 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 122.887488] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 122.888193] RIP: 0010:__memset+0x24/0x50 [ 122.888578] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 122.890126] RSP: 0018:ffff88803e507cc0 EFLAGS: 00010216 [ 122.890686] RAX: 0000000000000000 RBX: ffff88800c076240 RCX: 1ffffe21fe604a8e [ 122.891469] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 122.892093] RBP: ffff88800c094140 R08: 0000000000000005 R09: ffffed100180ec48 [ 122.892712] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c094140 [ 122.893348] R13: ffff88800c076240 R14: ffffffff815f27a0 R15: 1ffff1100112241f [ 122.893965] FS: 00007efebe5ee700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 122.894659] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.895168] CR2: ffffed100fffc000 CR3: 0000000013bcc000 CR4: 0000000000350ef0 [ 122.895783] Call Trace: [ 122.896013] [ 122.896218] kasan_unpoison+0x23/0x60 [ 122.896563] mempool_exit+0x1c2/0x330 [ 122.896916] bioset_exit+0x2c9/0x630 [ 122.897264] ? _raw_spin_unlock+0x24/0x50 [ 122.897642] ? blkg_destroy_all.isra.0+0x157/0x230 [ 122.898095] disk_release+0x143/0x490 [ 122.898445] ? disk_release+0x0/0x490 [ 122.898794] ? device_release+0x0/0x250 [ 122.899148] device_release+0xa2/0x250 [ 122.899497] ? device_release+0x0/0x250 [ 122.899853] kobject_put+0x173/0x280 [ 122.900189] put_device+0x1b/0x40 [ 122.900505] put_disk+0x41/0x60 [ 122.900811] loop_control_ioctl+0x4d1/0x630 [ 122.901202] ? loop_control_ioctl+0x0/0x630 [ 122.901588] ? selinux_file_ioctl+0xb1/0x270 [ 122.901993] ? loop_control_ioctl+0x0/0x630 [ 122.902379] __x64_sys_ioctl+0x19a/0x220 [ 122.902748] do_syscall_64+0x3b/0xa0 [ 122.903090] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 122.903545] RIP: 0033:0x7efec1099b19 [ 122.903872] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 122.905425] RSP: 002b:00007efebe5ee188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 122.906075] RAX: ffffffffffffffda RBX: 00007efec11ad020 RCX: 00007efec1099b19 [ 122.906686] RDX: 0000000000000001 RSI: 0000000000004c81 RDI: 0000000000000005 [ 122.907296] RBP: 00007efec10f3f6d R08: 0000000000000000 R09: 0000000000000000 [ 122.907909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 122.908518] R13: 00007ffeb1f8f37f R14: 00007efebe5ee300 R15: 0000000000022000 [ 122.909148] [ 122.909358] Modules linked in: [ 122.909643] CR2: ffffed100fffc000 [ 122.909948] ---[ end trace 0000000000000000 ]--- [ 122.910354] RIP: 0010:__memset+0x24/0x50 [ 122.910728] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 122.912277] RSP: 0018:ffff88800df1fcc0 EFLAGS: 00010216 [ 122.912737] RAX: 0000000000000000 RBX: ffff88800c0760c0 RCX: 1ffffe21fe604a88 [ 122.913363] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 122.913979] RBP: ffff88800c094140 R08: 0000000000000005 R09: ffffed100180ec18 [ 122.914581] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800c094140 [ 122.915190] R13: ffff88800c0760c0 R14: ffffffff815f27a0 R15: 1ffff1100112281f [ 122.915797] FS: 00007efebe5ee700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 122.916482] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.916978] CR2: ffffed100fffc000 CR3: 0000000013bcc000 CR4: 0000000000350ef0 [ 123.002056] ieee80211 phy12: Selected rate control algorithm 'minstrel_ht' [ 123.044264] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.044907] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.046088] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 123.067721] ieee80211 phy13: Selected rate control algorithm 'minstrel_ht' [ 124.081722] ieee80211 phy14: Selected rate control algorithm 'minstrel_ht' [ 124.101719] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.102152] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.102737] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 124.109521] ieee80211 phy15: Selected rate control algorithm 'minstrel_ht' [ 124.124100] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.124551] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.125095] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 124.770635] ieee80211 phy16: Selected rate control algorithm 'minstrel_ht' [ 124.785842] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.786768] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.788053] ieee80211 phy17: Selected rate control algorithm 'minstrel_ht' [ 124.794624] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 124.811706] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.812185] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.812841] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 125.566833] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 125.568227] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 125.570518] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 125.572942] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 125.574839] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 125.576936] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 125.580822] Bluetooth: hci2: HCI_REQ-0x0c1a [ 127.605358] Bluetooth: hci2: command 0x0409 tx timeout [ 129.653394] Bluetooth: hci2: command 0x041b tx timeout [ 131.701353] Bluetooth: hci2: command 0x040f tx timeout VM DIAGNOSIS: 11:19:21 Registers: info registers vcpu 0 RAX=dffffc0000000000 RBX=0000000000000001 RCX=ffffffff8162185d RDX=1ffffd4000027db0 RSI=0000000000000001 RDI=0000000000000000 RBP=ffffea000013ed80 RSP=ffff88801e3bf8e0 R8 =0000000000000000 R9 =ffffea000013ed87 R10=fffff94000027db0 R11=0000000000000001 R12=ffff8880165c0160 R13=0000000000000000 R14=dffffc0000000000 R15=0000000000000000 RIP=ffffffff81482694 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806d000000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe40c2b9e000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe40c2b9c000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f869880c269 CR3=0000000013bcc000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000ff0000 XMM01=6a6e695f31313230385f7a7973006273 XMM02=00000000000000000000000000000000 XMM03=00007efec11807c800007efec11807c0 XMM04=ffffffffffffffffffffffff00000000 XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff82450ffc RDI=ffffffff879a19e0 RBP=ffffffff879a19a0 RSP=ffff88800df1f4b0 R8 =0000000000000004 R9 =0000000000000010 R10=0000000000000008 R11=0000000000000001 R12=0000000000002710 R13=0000000000000060 R14=fffffbfff0f3438c R15=dffffc0000000000 RIP=ffffffff82451051 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007efebe60f700 00000000 00000000 GS =0000 ffff88806d100000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe49e684f000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe49e684d000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=ffffed100fffc000 CR3=0000000013bcc000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ffffffffffffff00ffffffffffffffff XMM01=ffffffffffffffffffffffffffffffff XMM02=00524f52524500400000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000