Warning: Permanently added '[localhost]:1300' (ECDSA) to the list of known hosts.
2022/09/13 16:57:27 fuzzer started
2022/09/13 16:57:27 dialing manager at localhost:36597
syzkaller login: [   37.863021] cgroup: Unknown subsys name 'net'
[   37.960772] cgroup: Unknown subsys name 'rlimit'
2022/09/13 16:57:43 syscalls: 2215
2022/09/13 16:57:43 code coverage: enabled
2022/09/13 16:57:43 comparison tracing: enabled
2022/09/13 16:57:43 extra coverage: enabled
2022/09/13 16:57:43 setuid sandbox: enabled
2022/09/13 16:57:43 namespace sandbox: enabled
2022/09/13 16:57:43 Android sandbox: enabled
2022/09/13 16:57:43 fault injection: enabled
2022/09/13 16:57:43 leak checking: enabled
2022/09/13 16:57:43 net packet injection: enabled
2022/09/13 16:57:43 net device setup: enabled
2022/09/13 16:57:43 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2022/09/13 16:57:43 devlink PCI setup: PCI device 0000:00:10.0 is not available
2022/09/13 16:57:43 USB emulation: enabled
2022/09/13 16:57:43 hci packet injection: enabled
2022/09/13 16:57:43 wifi device emulation: failed to parse kernel version (6.0.0-rc5-next-20220913                                          )
2022/09/13 16:57:43 802.15.4 emulation: enabled
2022/09/13 16:57:43 fetching corpus: 0, signal 0/2000 (executing program)
2022/09/13 16:57:44 fetching corpus: 41, signal 33493/37003 (executing program)
2022/09/13 16:57:44 fetching corpus: 91, signal 46034/51005 (executing program)
2022/09/13 16:57:44 fetching corpus: 141, signal 55947/62292 (executing program)
2022/09/13 16:57:44 fetching corpus: 191, signal 66764/74254 (executing program)
2022/09/13 16:57:44 fetching corpus: 241, signal 71717/80450 (executing program)
2022/09/13 16:57:44 fetching corpus: 291, signal 75930/85880 (executing program)
2022/09/13 16:57:44 fetching corpus: 341, signal 80516/91592 (executing program)
2022/09/13 16:57:44 fetching corpus: 390, signal 88051/100002 (executing program)
2022/09/13 16:57:45 fetching corpus: 440, signal 92417/105403 (executing program)
2022/09/13 16:57:45 fetching corpus: 490, signal 95562/109599 (executing program)
2022/09/13 16:57:45 fetching corpus: 540, signal 100642/115456 (executing program)
2022/09/13 16:57:45 fetching corpus: 590, signal 104570/120238 (executing program)
2022/09/13 16:57:45 fetching corpus: 640, signal 110143/126412 (executing program)
2022/09/13 16:57:45 fetching corpus: 690, signal 113577/130648 (executing program)
2022/09/13 16:57:46 fetching corpus: 740, signal 118310/135940 (executing program)
2022/09/13 16:57:46 fetching corpus: 790, signal 121432/139771 (executing program)
2022/09/13 16:57:46 fetching corpus: 840, signal 124415/143436 (executing program)
2022/09/13 16:57:46 fetching corpus: 890, signal 126417/146165 (executing program)
2022/09/13 16:57:46 fetching corpus: 940, signal 128313/148798 (executing program)
2022/09/13 16:57:46 fetching corpus: 990, signal 130226/151470 (executing program)
2022/09/13 16:57:46 fetching corpus: 1040, signal 135187/156565 (executing program)
2022/09/13 16:57:47 fetching corpus: 1090, signal 138143/160003 (executing program)
2022/09/13 16:57:47 fetching corpus: 1140, signal 139752/162241 (executing program)
2022/09/13 16:57:47 fetching corpus: 1190, signal 142064/165021 (executing program)
2022/09/13 16:57:47 fetching corpus: 1240, signal 144216/167631 (executing program)
2022/09/13 16:57:47 fetching corpus: 1290, signal 145461/169506 (executing program)
2022/09/13 16:57:47 fetching corpus: 1340, signal 146709/171408 (executing program)
2022/09/13 16:57:47 fetching corpus: 1390, signal 149271/174239 (executing program)
2022/09/13 16:57:48 fetching corpus: 1440, signal 150655/176197 (executing program)
2022/09/13 16:57:48 fetching corpus: 1490, signal 152422/178375 (executing program)
2022/09/13 16:57:48 fetching corpus: 1540, signal 154731/180973 (executing program)
2022/09/13 16:57:48 fetching corpus: 1590, signal 155928/182682 (executing program)
2022/09/13 16:57:48 fetching corpus: 1640, signal 156979/184276 (executing program)
2022/09/13 16:57:48 fetching corpus: 1690, signal 158766/186365 (executing program)
2022/09/13 16:57:48 fetching corpus: 1740, signal 160064/188085 (executing program)
2022/09/13 16:57:49 fetching corpus: 1790, signal 161999/190272 (executing program)
2022/09/13 16:57:49 fetching corpus: 1840, signal 163147/191869 (executing program)
2022/09/13 16:57:49 fetching corpus: 1890, signal 164528/193558 (executing program)
2022/09/13 16:57:49 fetching corpus: 1939, signal 166117/195421 (executing program)
2022/09/13 16:57:49 fetching corpus: 1989, signal 167250/196931 (executing program)
2022/09/13 16:57:49 fetching corpus: 2039, signal 168702/198628 (executing program)
2022/09/13 16:57:50 fetching corpus: 2089, signal 169867/200133 (executing program)
2022/09/13 16:57:50 fetching corpus: 2139, signal 170863/201511 (executing program)
2022/09/13 16:57:50 fetching corpus: 2189, signal 172126/203049 (executing program)
2022/09/13 16:57:50 fetching corpus: 2239, signal 172745/204145 (executing program)
2022/09/13 16:57:50 fetching corpus: 2289, signal 174199/205709 (executing program)
2022/09/13 16:57:50 fetching corpus: 2339, signal 175585/207270 (executing program)
2022/09/13 16:57:50 fetching corpus: 2389, signal 176721/208663 (executing program)
2022/09/13 16:57:50 fetching corpus: 2439, signal 177900/210075 (executing program)
2022/09/13 16:57:51 fetching corpus: 2489, signal 179109/211531 (executing program)
2022/09/13 16:57:51 fetching corpus: 2539, signal 179834/212648 (executing program)
2022/09/13 16:57:51 fetching corpus: 2589, signal 180730/213822 (executing program)
2022/09/13 16:57:51 fetching corpus: 2639, signal 181838/215069 (executing program)
2022/09/13 16:57:51 fetching corpus: 2689, signal 183160/216460 (executing program)
2022/09/13 16:57:51 fetching corpus: 2739, signal 184371/217756 (executing program)
2022/09/13 16:57:51 fetching corpus: 2789, signal 185242/218858 (executing program)
2022/09/13 16:57:52 fetching corpus: 2839, signal 185974/219834 (executing program)
2022/09/13 16:57:52 fetching corpus: 2889, signal 187105/221027 (executing program)
2022/09/13 16:57:52 fetching corpus: 2939, signal 187825/222006 (executing program)
2022/09/13 16:57:52 fetching corpus: 2989, signal 188741/223100 (executing program)
2022/09/13 16:57:52 fetching corpus: 3039, signal 189495/224037 (executing program)
2022/09/13 16:57:52 fetching corpus: 3089, signal 190383/225093 (executing program)
2022/09/13 16:57:52 fetching corpus: 3139, signal 191330/226129 (executing program)
2022/09/13 16:57:53 fetching corpus: 3189, signal 192585/227292 (executing program)
2022/09/13 16:57:53 fetching corpus: 3239, signal 194431/228766 (executing program)
2022/09/13 16:57:53 fetching corpus: 3289, signal 195792/229976 (executing program)
2022/09/13 16:57:53 fetching corpus: 3338, signal 196961/231063 (executing program)
2022/09/13 16:57:53 fetching corpus: 3388, signal 198310/232206 (executing program)
2022/09/13 16:57:53 fetching corpus: 3438, signal 199079/233058 (executing program)
2022/09/13 16:57:53 fetching corpus: 3488, signal 200534/234213 (executing program)
2022/09/13 16:57:54 fetching corpus: 3538, signal 201561/235102 (executing program)
2022/09/13 16:57:54 fetching corpus: 3588, signal 202316/235905 (executing program)
2022/09/13 16:57:54 fetching corpus: 3638, signal 203054/236689 (executing program)
2022/09/13 16:57:54 fetching corpus: 3688, signal 204031/237530 (executing program)
2022/09/13 16:57:54 fetching corpus: 3738, signal 204825/238281 (executing program)
2022/09/13 16:57:54 fetching corpus: 3788, signal 206164/239309 (executing program)
2022/09/13 16:57:54 fetching corpus: 3838, signal 206735/239977 (executing program)
2022/09/13 16:57:55 fetching corpus: 3888, signal 207980/240928 (executing program)
2022/09/13 16:57:55 fetching corpus: 3938, signal 208898/241716 (executing program)
2022/09/13 16:57:55 fetching corpus: 3987, signal 209917/242591 (executing program)
2022/09/13 16:57:55 fetching corpus: 4037, signal 210538/243240 (executing program)
2022/09/13 16:57:55 fetching corpus: 4087, signal 211995/244208 (executing program)
2022/09/13 16:57:55 fetching corpus: 4137, signal 212678/244842 (executing program)
2022/09/13 16:57:55 fetching corpus: 4187, signal 214259/245760 (executing program)
2022/09/13 16:57:56 fetching corpus: 4236, signal 215062/246416 (executing program)
2022/09/13 16:57:56 fetching corpus: 4286, signal 215854/247012 (executing program)
2022/09/13 16:57:56 fetching corpus: 4336, signal 216625/247636 (executing program)
2022/09/13 16:57:56 fetching corpus: 4386, signal 217273/248172 (executing program)
2022/09/13 16:57:56 fetching corpus: 4436, signal 218091/248840 (executing program)
2022/09/13 16:57:56 fetching corpus: 4486, signal 219143/249537 (executing program)
2022/09/13 16:57:56 fetching corpus: 4536, signal 219692/250041 (executing program)
2022/09/13 16:57:57 fetching corpus: 4586, signal 220279/250559 (executing program)
2022/09/13 16:57:57 fetching corpus: 4636, signal 220812/251083 (executing program)
2022/09/13 16:57:57 fetching corpus: 4686, signal 221273/251585 (executing program)
2022/09/13 16:57:57 fetching corpus: 4736, signal 221924/252115 (executing program)
2022/09/13 16:57:57 fetching corpus: 4786, signal 222493/252609 (executing program)
2022/09/13 16:57:57 fetching corpus: 4836, signal 222946/253057 (executing program)
2022/09/13 16:57:57 fetching corpus: 4886, signal 223754/253608 (executing program)
2022/09/13 16:57:57 fetching corpus: 4936, signal 224098/253998 (executing program)
2022/09/13 16:57:58 fetching corpus: 4986, signal 224762/254425 (executing program)
2022/09/13 16:57:58 fetching corpus: 5036, signal 225229/254835 (executing program)
2022/09/13 16:57:58 fetching corpus: 5086, signal 225948/255260 (executing program)
2022/09/13 16:57:58 fetching corpus: 5135, signal 227107/255770 (executing program)
2022/09/13 16:57:58 fetching corpus: 5185, signal 227658/256166 (executing program)
2022/09/13 16:57:58 fetching corpus: 5235, signal 228236/256551 (executing program)
2022/09/13 16:57:58 fetching corpus: 5285, signal 228977/256935 (executing program)
2022/09/13 16:57:59 fetching corpus: 5335, signal 229581/257348 (executing program)
2022/09/13 16:57:59 fetching corpus: 5385, signal 230061/257689 (executing program)
2022/09/13 16:57:59 fetching corpus: 5435, signal 230694/258054 (executing program)
2022/09/13 16:57:59 fetching corpus: 5485, signal 231114/258391 (executing program)
2022/09/13 16:57:59 fetching corpus: 5535, signal 231506/258712 (executing program)
2022/09/13 16:57:59 fetching corpus: 5585, signal 231913/259012 (executing program)
2022/09/13 16:57:59 fetching corpus: 5635, signal 232593/259320 (executing program)
2022/09/13 16:57:59 fetching corpus: 5685, signal 233158/259643 (executing program)
2022/09/13 16:58:00 fetching corpus: 5735, signal 233698/259983 (executing program)
2022/09/13 16:58:00 fetching corpus: 5785, signal 234470/260268 (executing program)
2022/09/13 16:58:00 fetching corpus: 5835, signal 235166/260586 (executing program)
2022/09/13 16:58:00 fetching corpus: 5885, signal 235673/260912 (executing program)
2022/09/13 16:58:00 fetching corpus: 5935, signal 236171/261165 (executing program)
2022/09/13 16:58:00 fetching corpus: 5984, signal 236964/261426 (executing program)
2022/09/13 16:58:00 fetching corpus: 6034, signal 237431/261691 (executing program)
2022/09/13 16:58:00 fetching corpus: 6084, signal 238038/262012 (executing program)
2022/09/13 16:58:01 fetching corpus: 6134, signal 238783/262268 (executing program)
2022/09/13 16:58:01 fetching corpus: 6184, signal 239375/262475 (executing program)
2022/09/13 16:58:01 fetching corpus: 6234, signal 239906/262710 (executing program)
2022/09/13 16:58:01 fetching corpus: 6284, signal 240522/262887 (executing program)
2022/09/13 16:58:01 fetching corpus: 6334, signal 241004/263057 (executing program)
2022/09/13 16:58:01 fetching corpus: 6384, signal 241383/263113 (executing program)
2022/09/13 16:58:01 fetching corpus: 6434, signal 241644/263121 (executing program)
2022/09/13 16:58:02 fetching corpus: 6484, signal 242156/263122 (executing program)
2022/09/13 16:58:02 fetching corpus: 6534, signal 242787/263124 (executing program)
2022/09/13 16:58:02 fetching corpus: 6584, signal 243407/263132 (executing program)
2022/09/13 16:58:02 fetching corpus: 6634, signal 243966/263197 (executing program)
2022/09/13 16:58:02 fetching corpus: 6683, signal 244572/263210 (executing program)
2022/09/13 16:58:02 fetching corpus: 6733, signal 245269/263217 (executing program)
2022/09/13 16:58:02 fetching corpus: 6783, signal 245845/263218 (executing program)
2022/09/13 16:58:03 fetching corpus: 6833, signal 246551/263231 (executing program)
2022/09/13 16:58:03 fetching corpus: 6883, signal 247157/263244 (executing program)
2022/09/13 16:58:03 fetching corpus: 6933, signal 247651/263262 (executing program)
2022/09/13 16:58:03 fetching corpus: 6983, signal 248108/263283 (executing program)
2022/09/13 16:58:03 fetching corpus: 7033, signal 248507/263285 (executing program)
2022/09/13 16:58:03 fetching corpus: 7083, signal 249077/263324 (executing program)
2022/09/13 16:58:03 fetching corpus: 7133, signal 249828/263326 (executing program)
2022/09/13 16:58:04 fetching corpus: 7183, signal 250330/263345 (executing program)
2022/09/13 16:58:04 fetching corpus: 7233, signal 250930/263347 (executing program)
2022/09/13 16:58:04 fetching corpus: 7283, signal 251380/263420 (executing program)
2022/09/13 16:58:04 fetching corpus: 7333, signal 252067/263420 (executing program)
2022/09/13 16:58:04 fetching corpus: 7383, signal 252520/263421 (executing program)
2022/09/13 16:58:04 fetching corpus: 7433, signal 253603/263426 (executing program)
2022/09/13 16:58:04 fetching corpus: 7467, signal 254083/263452 (executing program)
2022/09/13 16:58:04 fetching corpus: 7467, signal 254083/263452 (executing program)
2022/09/13 16:58:07 starting 8 fuzzer processes
16:58:07 executing program 0:
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
vmsplice(r1, &(0x7f0000000100)=[{&(0x7f0000000140)="84", 0x20000141}], 0x1, 0x0)
read$hiddev(r0, &(0x7f0000000c00)=""/4082, 0xff2)

16:58:07 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f000000a940)=[{&(0x7f0000003fc0)={0x28, 0x28, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @u32=0x2}, @typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x8, 0x0, 0x0, 0x0, @pid}]}, 0x28}], 0x1}, 0x0)

16:58:07 executing program 2:
mlockall(0x2)
shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil)
shmat(0x0, &(0x7f0000ffa000/0x1000)=nil, 0x7000)
shmctl$SHM_LOCK(0x0, 0xb)
shmat(0x0, &(0x7f0000ffa000/0x1000)=nil, 0x7000)

16:58:07 executing program 3:
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, <r0=>0x0})
setresuid(0x0, r0, 0x0)
syslog(0x0, 0x0, 0x0)

16:58:07 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$read(0xb, r0, 0x0, 0x0)

[   75.469322] audit: type=1400 audit(1663088287.915:6): avc:  denied  { execmem } for  pid=283 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
16:58:07 executing program 5:
syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @local, @void, {@ipv4={0x800, @udp={{0xc, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0xa010101, @remote, {[@timestamp_addr={0x7, 0x12, 0xf, 0x3, 0x0, [{@dev}, {@local}, {@loopback}]}]}}, {0x0, 0x0, 0x8}}}}}, 0x0)

16:58:07 executing program 6:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x20, 0x2, 0x1, 0x801, 0x0, 0x0, {}, [@CTA_SEQ_ADJ_REPLY={0xc, 0x10, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_AFTER={0x8}]}]}, 0x20}}, 0x0)

16:58:08 executing program 7:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001880)=ANY=[@ANYBLOB="140000001a0001"], 0x28}}, 0x0)

[   76.749035] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   76.749897] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   76.750983] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   76.751863] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   76.753308] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   76.754183] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   76.754869] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   76.757345] Bluetooth: hci0: HCI_REQ-0x0c1a
[   76.766196] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   76.770041] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   76.773428] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   76.774531] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   76.775311] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   76.779266] Bluetooth: hci1: HCI_REQ-0x0c1a
[   76.871749] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   76.873477] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   76.875369] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   76.878062] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   76.880144] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   76.881431] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   76.885594] Bluetooth: hci5: HCI_REQ-0x0c1a
[   76.901026] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   76.902473] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   76.906171] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   76.910026] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   76.911030] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   76.912227] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   76.915337] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   76.916520] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   76.917494] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   76.935961] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   76.937952] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   76.938614] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   76.939515] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   76.940773] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[   76.941851] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[   76.942871] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   76.944279] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   76.946131] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   76.952805] Bluetooth: hci7: HCI_REQ-0x0c1a
[   76.959697] Bluetooth: hci6: HCI_REQ-0x0c1a
[   76.960700] Bluetooth: hci4: HCI_REQ-0x0c1a
[   78.774224] Bluetooth: hci0: command 0x0409 tx timeout
[   78.837696] Bluetooth: hci3: Opcode 0x c03 failed: -110
[   78.838561] Bluetooth: hci1: command 0x0409 tx timeout
[   78.839146] Bluetooth: hci2: Opcode 0x c03 failed: -110
[   78.901764] Bluetooth: hci5: command 0x0409 tx timeout
[   78.965717] Bluetooth: hci7: command 0x0409 tx timeout
[   78.965712] Bluetooth: hci6: command 0x0409 tx timeout
[   79.029804] Bluetooth: hci4: command 0x0409 tx timeout
[   80.822193] Bluetooth: hci0: command 0x041b tx timeout
[   80.885795] Bluetooth: hci1: command 0x041b tx timeout
[   80.949766] Bluetooth: hci5: command 0x041b tx timeout
[   81.013728] Bluetooth: hci6: command 0x041b tx timeout
[   81.014530] Bluetooth: hci7: command 0x041b tx timeout
[   81.077708] Bluetooth: hci4: command 0x041b tx timeout
[   82.870494] Bluetooth: hci0: command 0x040f tx timeout
[   82.933796] Bluetooth: hci1: command 0x040f tx timeout
[   82.998561] Bluetooth: hci5: command 0x040f tx timeout
[   83.061719] Bluetooth: hci7: command 0x040f tx timeout
[   83.062555] Bluetooth: hci6: command 0x040f tx timeout
[   83.125827] Bluetooth: hci4: command 0x040f tx timeout
[   83.845462] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   83.870420] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   83.877167] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   83.894959] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   83.901740] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   83.903240] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   83.912731] Bluetooth: hci3: HCI_REQ-0x0c1a
[   84.918230] Bluetooth: hci0: command 0x0419 tx timeout
[   84.981710] Bluetooth: hci1: command 0x0419 tx timeout
[   85.045793] Bluetooth: hci5: command 0x0419 tx timeout
[   85.109769] Bluetooth: hci6: command 0x0419 tx timeout
[   85.110573] Bluetooth: hci7: command 0x0419 tx timeout
[   85.173713] Bluetooth: hci4: command 0x0419 tx timeout
[   85.557752] Bluetooth: hci2: Opcode 0x c03 failed: -110
[   85.941808] Bluetooth: hci3: command 0x0409 tx timeout
[   87.989682] Bluetooth: hci3: command 0x041b tx timeout
[   90.037733] Bluetooth: hci3: command 0x040f tx timeout
[   90.294505] Bluetooth: hci2: Opcode 0x c03 failed: -110
[   92.085785] Bluetooth: hci3: command 0x0419 tx timeout
[   93.294175] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   93.302234] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   93.305138] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   93.309991] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   93.312866] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   93.314554] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   93.320567] Bluetooth: hci2: HCI_REQ-0x0c1a
[   95.349771] Bluetooth: hci2: command 0x0409 tx timeout
[   97.398137] Bluetooth: hci2: command 0x041b tx timeout
[   99.445820] Bluetooth: hci2: command 0x040f tx timeout
[  101.493726] Bluetooth: hci2: command 0x0419 tx timeout
[  133.264540] audit: type=1400 audit(1663088345.710:7): avc:  denied  { open } for  pid=3643 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  133.267439] audit: type=1400 audit(1663088345.710:8): avc:  denied  { kernel } for  pid=3643 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  133.283199] ------------[ cut here ]------------
[  133.283220] 
[  133.283224] ======================================================
[  133.283227] WARNING: possible circular locking dependency detected
[  133.283231] 6.0.0-rc5-next-20220913 #1 Not tainted
[  133.283238] ------------------------------------------------------
[  133.283241] syz-executor.4/3644 is trying to acquire lock:
[  133.283248] ffffffff853fa878 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70
[  133.283282] 
[  133.283282] but task is already holding lock:
[  133.283285] ffff88800d19f420 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  133.283312] 
[  133.283312] which lock already depends on the new lock.
[  133.283312] 
[  133.283314] 
[  133.283314] the existing dependency chain (in reverse order) is:
[  133.283318] 
[  133.283318] -> #3 (&ctx->lock){....}-{2:2}:
[  133.283331]        _raw_spin_lock+0x2a/0x40
[  133.283347]        __perf_event_task_sched_out+0x53b/0x18d0
[  133.283359]        __schedule+0xedd/0x2470
[  133.283369]        schedule+0xda/0x1b0
[  133.283378]        exit_to_user_mode_prepare+0x114/0x1a0
[  133.283397]        syscall_exit_to_user_mode+0x19/0x40
[  133.283414]        do_syscall_64+0x48/0x90
[  133.283427]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  133.283443] 
[  133.283443] -> #2 (&rq->__lock){-.-.}-{2:2}:
[  133.283457]        _raw_spin_lock_nested+0x30/0x40
[  133.283471]        raw_spin_rq_lock_nested+0x1e/0x30
[  133.283484]        task_fork_fair+0x63/0x4d0
[  133.283500]        sched_cgroup_fork+0x3d0/0x540
[  133.283513]        copy_process+0x3f9e/0x6df0
[  133.283524]        kernel_clone+0xe7/0x890
[  133.283533]        user_mode_thread+0xad/0xf0
[  133.283543]        rest_init+0x24/0x250
[  133.283558]        arch_call_rest_init+0xf/0x14
[  133.283577]        start_kernel+0x4c1/0x4e6
[  133.283593]        secondary_startup_64_no_verify+0xe0/0xeb
[  133.283606] 
[  133.283606] -> #1 (&p->pi_lock){-.-.}-{2:2}:
[  133.283623]        _raw_spin_lock_irqsave+0x39/0x60
[  133.283637]        try_to_wake_up+0xab/0x1920
[  133.283650]        up+0x75/0xb0
[  133.283664]        __up_console_sem+0x6e/0x80
[  133.283679]        console_unlock+0x46a/0x590
[  133.283694]        do_con_write+0xc05/0x1d50
[  133.283705]        con_write+0x21/0x40
[  133.283715]        n_tty_write+0x4d4/0xfe0
[  133.283727]        file_tty_write.constprop.0+0x49c/0x8f0
[  133.283739]        vfs_write+0x9c3/0xd90
[  133.283756]        ksys_write+0x127/0x250
[  133.283772]        do_syscall_64+0x3b/0x90
[  133.283785]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  133.283801] 
[  133.283801] -> #0 ((console_sem).lock){....}-{2:2}:
[  133.283815]        __lock_acquire+0x2a02/0x5e70
[  133.283830]        lock_acquire+0x1a2/0x530
[  133.283846]        _raw_spin_lock_irqsave+0x39/0x60
[  133.283860]        down_trylock+0xe/0x70
[  133.283872]        __down_trylock_console_sem+0x3b/0xd0
[  133.283888]        vprintk_emit+0x16b/0x560
[  133.283903]        vprintk+0x84/0xa0
[  133.283919]        _printk+0xba/0xf1
[  133.283936]        report_bug.cold+0x72/0xab
[  133.283947]        handle_bug+0x3c/0x70
[  133.283960]        exc_invalid_op+0x14/0x50
[  133.283972]        asm_exc_invalid_op+0x16/0x20
[  133.283988]        group_sched_out.part.0+0x2c7/0x460
[  133.283998]        ctx_sched_out+0x8f1/0xc10
[  133.284008]        __perf_event_task_sched_out+0x6d0/0x18d0
[  133.284020]        __schedule+0xedd/0x2470
[  133.284029]        schedule+0xda/0x1b0
[  133.284038]        exit_to_user_mode_prepare+0x114/0x1a0
[  133.284056]        syscall_exit_to_user_mode+0x19/0x40
[  133.284073]        do_syscall_64+0x48/0x90
[  133.284085]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  133.284101] 
[  133.284101] other info that might help us debug this:
[  133.284101] 
[  133.284104] Chain exists of:
[  133.284104]   (console_sem).lock --> &rq->__lock --> &ctx->lock
[  133.284104] 
[  133.284119]  Possible unsafe locking scenario:
[  133.284119] 
[  133.284121]        CPU0                    CPU1
[  133.284123]        ----                    ----
[  133.284125]   lock(&ctx->lock);
[  133.284131]                                lock(&rq->__lock);
[  133.284137]                                lock(&ctx->lock);
[  133.284143]   lock((console_sem).lock);
[  133.284149] 
[  133.284149]  *** DEADLOCK ***
[  133.284149] 
[  133.284151] 2 locks held by syz-executor.4/3644:
[  133.284157]  #0: ffff88806ce37cd8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470
[  133.284183]  #1: ffff88800d19f420 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  133.284210] 
[  133.284210] stack backtrace:
[  133.284213] CPU: 0 PID: 3644 Comm: syz-executor.4 Not tainted 6.0.0-rc5-next-20220913 #1
[  133.284225] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  133.284233] Call Trace:
[  133.284236]  <TASK>
[  133.284241]  dump_stack_lvl+0x8b/0xb3
[  133.284255]  check_noncircular+0x263/0x2e0
[  133.284272]  ? format_decode+0x26c/0xb50
[  133.284287]  ? print_circular_bug+0x450/0x450
[  133.284305]  ? enable_ptr_key_workfn+0x20/0x20
[  133.284320]  ? format_decode+0x26c/0xb50
[  133.284336]  ? alloc_chain_hlocks+0x1ec/0x5a0
[  133.284355]  __lock_acquire+0x2a02/0x5e70
[  133.284378]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  133.284397]  ? __mutex_add_waiter+0x120/0x120
[  133.284416]  lock_acquire+0x1a2/0x530
[  133.284433]  ? down_trylock+0xe/0x70
[  133.284448]  ? rcu_read_unlock+0x40/0x40
[  133.284470]  ? vprintk+0x84/0xa0
[  133.284489]  _raw_spin_lock_irqsave+0x39/0x60
[  133.284505]  ? down_trylock+0xe/0x70
[  133.284518]  down_trylock+0xe/0x70
[  133.284532]  ? vprintk+0x84/0xa0
[  133.284549]  __down_trylock_console_sem+0x3b/0xd0
[  133.284567]  vprintk_emit+0x16b/0x560
[  133.284587]  vprintk+0x84/0xa0
[  133.284605]  _printk+0xba/0xf1
[  133.284623]  ? record_print_text.cold+0x16/0x16
[  133.284646]  ? report_bug.cold+0x66/0xab
[  133.284661]  ? group_sched_out.part.0+0x2c7/0x460
[  133.284672]  report_bug.cold+0x72/0xab
[  133.284688]  handle_bug+0x3c/0x70
[  133.284702]  exc_invalid_op+0x14/0x50
[  133.284716]  asm_exc_invalid_op+0x16/0x20
[  133.284734] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  133.284747] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  133.284758] RSP: 0018:ffff88804278fc48 EFLAGS: 00010006
[  133.284767] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  133.284775] RDX: ffff88801b768000 RSI: ffffffff81566027 RDI: 0000000000000005
[  133.284782] RBP: ffff8880086605c8 R08: 0000000000000005 R09: 0000000000000001
[  133.284790] R10: 0000000000000000 R11: ffffffff865aa01b R12: ffff88800d19f400
[  133.284797] R13: ffff88806ce3d100 R14: ffffffff8547c660 R15: 0000000000000002
[  133.284809]  ? group_sched_out.part.0+0x2c7/0x460
[  133.284823]  ? group_sched_out.part.0+0x2c7/0x460
[  133.284836]  ctx_sched_out+0x8f1/0xc10
[  133.284849]  __perf_event_task_sched_out+0x6d0/0x18d0
[  133.284865]  ? lock_is_held_type+0xd7/0x130
[  133.284884]  ? __perf_cgroup_move+0x160/0x160
[  133.284896]  ? set_next_entity+0x304/0x550
[  133.284914]  ? update_curr+0x267/0x740
[  133.284933]  ? lock_is_held_type+0xd7/0x130
[  133.284953]  __schedule+0xedd/0x2470
[  133.284967]  ? io_schedule_timeout+0x150/0x150
[  133.284980]  ? __x64_sys_futex_time32+0x480/0x480
[  133.284994]  schedule+0xda/0x1b0
[  133.285005]  exit_to_user_mode_prepare+0x114/0x1a0
[  133.285026]  syscall_exit_to_user_mode+0x19/0x40
[  133.285044]  do_syscall_64+0x48/0x90
[  133.285059]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  133.285076] RIP: 0033:0x7fd3f3d0bb19
[  133.285085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  133.285096] RSP: 002b:00007fd3f1281218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  133.285106] RAX: 0000000000000001 RBX: 00007fd3f3e1ef68 RCX: 00007fd3f3d0bb19
[  133.285114] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fd3f3e1ef6c
[  133.285121] RBP: 00007fd3f3e1ef60 R08: 000000000000000e R09: 0000000000000000
[  133.285129] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fd3f3e1ef6c
[  133.285136] R13: 00007ffd78ef956f R14: 00007fd3f1281300 R15: 0000000000022000
[  133.285150]  </TASK>
[  133.342978] WARNING: CPU: 0 PID: 3644 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460
[  133.343672] Modules linked in:
[  133.343917] CPU: 0 PID: 3644 Comm: syz-executor.4 Not tainted 6.0.0-rc5-next-20220913 #1
[  133.344522] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  133.345363] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  133.345775] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  133.347126] RSP: 0018:ffff88804278fc48 EFLAGS: 00010006
[  133.347528] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  133.348064] RDX: ffff88801b768000 RSI: ffffffff81566027 RDI: 0000000000000005
[  133.348590] RBP: ffff8880086605c8 R08: 0000000000000005 R09: 0000000000000001
[  133.349113] R10: 0000000000000000 R11: ffffffff865aa01b R12: ffff88800d19f400
[  133.349669] R13: ffff88806ce3d100 R14: ffffffff8547c660 R15: 0000000000000002
[  133.350203] FS:  00007fd3f1281700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
[  133.350805] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  133.351244] CR2: 00007f5b75652310 CR3: 000000003c1f6000 CR4: 0000000000350ef0
[  133.351781] Call Trace:
[  133.351980]  <TASK>
[  133.352156]  ctx_sched_out+0x8f1/0xc10
[  133.352452]  __perf_event_task_sched_out+0x6d0/0x18d0
[  133.352849]  ? lock_is_held_type+0xd7/0x130
[  133.353185]  ? __perf_cgroup_move+0x160/0x160
[  133.353540]  ? set_next_entity+0x304/0x550
[  133.353866]  ? update_curr+0x267/0x740
[  133.354164]  ? lock_is_held_type+0xd7/0x130
[  133.354494]  __schedule+0xedd/0x2470
[  133.354778]  ? io_schedule_timeout+0x150/0x150
[  133.355130]  ? __x64_sys_futex_time32+0x480/0x480
[  133.355503]  schedule+0xda/0x1b0
[  133.355763]  exit_to_user_mode_prepare+0x114/0x1a0
[  133.356148]  syscall_exit_to_user_mode+0x19/0x40
[  133.356516]  do_syscall_64+0x48/0x90
[  133.356800]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  133.357192] RIP: 0033:0x7fd3f3d0bb19
[  133.357479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  133.358816] RSP: 002b:00007fd3f1281218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  133.359380] RAX: 0000000000000001 RBX: 00007fd3f3e1ef68 RCX: 00007fd3f3d0bb19
[  133.359918] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fd3f3e1ef6c
[  133.360452] RBP: 00007fd3f3e1ef60 R08: 000000000000000e R09: 0000000000000000
[  133.360976] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fd3f3e1ef6c
[  133.361520] R13: 00007ffd78ef956f R14: 00007fd3f1281300 R15: 0000000000022000
[  133.362058]  </TASK>
[  133.362236] irq event stamp: 590
[  133.362489] hardirqs last  enabled at (589): [<ffffffff8133ffc9>] exit_to_user_mode_prepare+0x109/0x1a0
[  133.363196] hardirqs last disabled at (590): [<ffffffff8424b1d5>] __schedule+0x1225/0x2470
[  133.363810] softirqs last  enabled at (0): [<ffffffff811500ce>] copy_process+0x1dfe/0x6df0
[  133.364427] softirqs last disabled at (0): [<0000000000000000>] 0x0
[  133.364897] ---[ end trace 0000000000000000 ]---
16:59:06 executing program 4:
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r0)
openat$bsg(0xffffffffffffff9c, 0x0, 0x208000, 0x0)

16:59:06 executing program 4:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
accept$unix(r0, 0x0, 0x0)

16:59:06 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
chmod(&(0x7f0000000140)='./file0\x00', 0x0)

16:59:06 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_netfilter(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000023c0)={0x24, 0x12, 0x0, 0x101, 0x0, 0x0, {0x7}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @nested={0x8, 0x0, 0x0, 0x1, [@typed={0x4, 0x21}]}]}, 0x24}}, 0x0)

16:59:06 executing program 6:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = dup(r0)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c)
setsockopt$inet_mreqn(r1, 0x0, 0x20, &(0x7f00000001c0)={@empty, @remote}, 0xc)

[  134.421223] netlink: 'syz-executor.4': attribute type 33 has an invalid length.
[  134.422206] netlink: 'syz-executor.4': attribute type 33 has an invalid length.
16:59:06 executing program 4:
syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0)
r0 = getpgid(0xffffffffffffffff)
syz_open_procfs$namespace(r0, 0x0)
inotify_init()
write$tcp_congestion(0xffffffffffffffff, 0x0, 0x0)
getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, 0x0, 0x0)

16:59:07 executing program 6:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = dup(r0)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c)
setsockopt$inet_mreqn(r1, 0x0, 0x20, &(0x7f00000001c0)={@empty, @remote}, 0xc)

16:59:07 executing program 4:
syz_mount_image$ext4(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
lstat(&(0x7f0000000280)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r0=>0x0})
lchown(&(0x7f0000000140)='./file0\x00', r0, 0x0)
lsetxattr$security_selinux(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100), &(0x7f0000000180)='system_u:object_r:mqueue_spool_t:s0\x00', 0x24, 0x0)

[  135.524561] syz-executor.0 (296) used greatest stack depth: 24288 bytes left
[  139.893777] Bluetooth: hci6: Opcode 0x c03 failed: -110
[  140.085724] Bluetooth: hci7: Opcode 0x c03 failed: -110
[  140.458050] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.

VM DIAGNOSIS:
16:59:06  Registers:
info registers vcpu 0
RAX=0000000000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9
RSI=ffffffff822b25c1 RDI=ffffffff8763fae0 RBP=ffffffff8763faa0 RSP=ffff88804278f698
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001
R12=0000000000000005 R13=ffffffff8763faa0 R14=0000000000000010 R15=ffffffff822b25b0
RIP=ffffffff822b2619 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fd3f1281700 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f5b75652310 CR3=000000003c1f6000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 00007fd3f3df27c0 00007fd3f3df27c8
YMM02=0000000000000000 0000000000000000 00007fd3f3df27e0 00007fd3f3df27c0
YMM03=0000000000000000 0000000000000000 00007fd3f3df27c8 00007fd3f3df27c0
YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1
RAX=0000000000000015 RBX=0000000000000001 RCX=0000000000000000 RDX=0000000000000000
RSI=0000000000000001 RDI=ffffffff85baf21c RBP=ffff88802068f780 RSP=ffff88802068f6a8
R8 =ffffffff85eccd28 R9 =ffffffff85eccd2c R10=ffffed10040d1ef2 R11=000000000003603d
R12=ffff88802068f769 R13=ffff88802068f788 R14=ffff88802068f728 R15=ffffffff85eccd2d
RIP=ffffffff8111b71d RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f0b165806f4 CR3=000000000d958000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 00007f0b1658f470 00007f0b1658ef20
YMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM03=0000000000000000 0000000000000000 756e20796d6d7564 20736e6f6974706f
YMM04=0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 73253d656d616e6c 6165722073253d73
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000