
Debian GNU/Linux 11 syzkaller ttyS0

Warning: Permanently added '[localhost]:32811' (ECDSA) to the list of known hosts.
2022/09/15 12:36:59 fuzzer started
2022/09/15 12:36:59 dialing manager at localhost:36559
syzkaller login: [   36.344833] cgroup: Unknown subsys name 'net'
[   36.439596] cgroup: Unknown subsys name 'rlimit'
2022/09/15 12:37:13 syscalls: 2215
2022/09/15 12:37:13 code coverage: enabled
2022/09/15 12:37:13 comparison tracing: enabled
2022/09/15 12:37:13 extra coverage: enabled
2022/09/15 12:37:13 setuid sandbox: enabled
2022/09/15 12:37:13 namespace sandbox: enabled
2022/09/15 12:37:13 Android sandbox: enabled
2022/09/15 12:37:13 fault injection: enabled
2022/09/15 12:37:13 leak checking: enabled
2022/09/15 12:37:13 net packet injection: enabled
2022/09/15 12:37:13 net device setup: enabled
2022/09/15 12:37:13 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2022/09/15 12:37:13 devlink PCI setup: PCI device 0000:00:10.0 is not available
2022/09/15 12:37:13 USB emulation: enabled
2022/09/15 12:37:13 hci packet injection: enabled
2022/09/15 12:37:13 wifi device emulation: failed to parse kernel version (6.0.0-rc5-next-20220915                                          )
2022/09/15 12:37:13 802.15.4 emulation: enabled
2022/09/15 12:37:13 fetching corpus: 0, signal 0/2000 (executing program)
2022/09/15 12:37:13 fetching corpus: 40, signal 26291/29778 (executing program)
2022/09/15 12:37:13 fetching corpus: 90, signal 43444/48169 (executing program)
2022/09/15 12:37:13 fetching corpus: 140, signal 49578/55645 (executing program)
2022/09/15 12:37:13 fetching corpus: 190, signal 56951/64165 (executing program)
2022/09/15 12:37:14 fetching corpus: 240, signal 61739/70122 (executing program)
2022/09/15 12:37:14 fetching corpus: 290, signal 67973/77313 (executing program)
2022/09/15 12:37:14 fetching corpus: 340, signal 74004/84180 (executing program)
2022/09/15 12:37:14 fetching corpus: 390, signal 78937/89980 (executing program)
2022/09/15 12:37:14 fetching corpus: 440, signal 84375/96080 (executing program)
2022/09/15 12:37:14 fetching corpus: 490, signal 89531/101844 (executing program)
2022/09/15 12:37:14 fetching corpus: 540, signal 93823/106880 (executing program)
2022/09/15 12:37:15 fetching corpus: 590, signal 96099/109950 (executing program)
2022/09/15 12:37:15 fetching corpus: 640, signal 99902/114443 (executing program)
2022/09/15 12:37:15 fetching corpus: 690, signal 103236/118333 (executing program)
2022/09/15 12:37:15 fetching corpus: 740, signal 105307/121114 (executing program)
2022/09/15 12:37:15 fetching corpus: 790, signal 109248/125368 (executing program)
2022/09/15 12:37:15 fetching corpus: 840, signal 111420/128144 (executing program)
2022/09/15 12:37:16 fetching corpus: 890, signal 114382/131517 (executing program)
2022/09/15 12:37:16 fetching corpus: 939, signal 116036/133828 (executing program)
2022/09/15 12:37:16 fetching corpus: 989, signal 118330/136498 (executing program)
2022/09/15 12:37:16 fetching corpus: 1039, signal 120471/139028 (executing program)
2022/09/15 12:37:16 fetching corpus: 1088, signal 122932/141842 (executing program)
2022/09/15 12:37:16 fetching corpus: 1137, signal 124783/144062 (executing program)
2022/09/15 12:37:16 fetching corpus: 1187, signal 127117/146606 (executing program)
2022/09/15 12:37:16 fetching corpus: 1237, signal 128568/148442 (executing program)
2022/09/15 12:37:17 fetching corpus: 1287, signal 130831/150930 (executing program)
2022/09/15 12:37:17 fetching corpus: 1335, signal 132069/152648 (executing program)
2022/09/15 12:37:17 fetching corpus: 1385, signal 134016/154870 (executing program)
2022/09/15 12:37:17 fetching corpus: 1435, signal 135689/156755 (executing program)
2022/09/15 12:37:17 fetching corpus: 1485, signal 137484/158812 (executing program)
2022/09/15 12:37:17 fetching corpus: 1535, signal 139168/160666 (executing program)
2022/09/15 12:37:17 fetching corpus: 1585, signal 140737/162461 (executing program)
2022/09/15 12:37:18 fetching corpus: 1635, signal 142662/164467 (executing program)
2022/09/15 12:37:18 fetching corpus: 1685, signal 143821/165890 (executing program)
2022/09/15 12:37:18 fetching corpus: 1735, signal 145351/167494 (executing program)
2022/09/15 12:37:18 fetching corpus: 1785, signal 147027/169215 (executing program)
2022/09/15 12:37:18 fetching corpus: 1835, signal 148818/171001 (executing program)
2022/09/15 12:37:18 fetching corpus: 1885, signal 150158/172385 (executing program)
2022/09/15 12:37:18 fetching corpus: 1935, signal 151196/173564 (executing program)
2022/09/15 12:37:19 fetching corpus: 1985, signal 152959/175177 (executing program)
2022/09/15 12:37:19 fetching corpus: 2035, signal 154414/176559 (executing program)
2022/09/15 12:37:19 fetching corpus: 2085, signal 155081/177483 (executing program)
2022/09/15 12:37:19 fetching corpus: 2135, signal 156214/178694 (executing program)
2022/09/15 12:37:19 fetching corpus: 2185, signal 157594/180015 (executing program)
2022/09/15 12:37:19 fetching corpus: 2235, signal 158591/181140 (executing program)
2022/09/15 12:37:19 fetching corpus: 2285, signal 159690/182239 (executing program)
2022/09/15 12:37:19 fetching corpus: 2335, signal 160414/183127 (executing program)
2022/09/15 12:37:20 fetching corpus: 2385, signal 162350/184574 (executing program)
2022/09/15 12:37:20 fetching corpus: 2435, signal 163138/185446 (executing program)
2022/09/15 12:37:20 fetching corpus: 2485, signal 164063/186391 (executing program)
2022/09/15 12:37:20 fetching corpus: 2535, signal 164859/187208 (executing program)
2022/09/15 12:37:20 fetching corpus: 2585, signal 166256/188305 (executing program)
2022/09/15 12:37:20 fetching corpus: 2635, signal 167163/189170 (executing program)
2022/09/15 12:37:20 fetching corpus: 2685, signal 168308/190108 (executing program)
2022/09/15 12:37:20 fetching corpus: 2735, signal 168880/190781 (executing program)
2022/09/15 12:37:21 fetching corpus: 2785, signal 170265/191850 (executing program)
2022/09/15 12:37:21 fetching corpus: 2835, signal 171059/192539 (executing program)
2022/09/15 12:37:21 fetching corpus: 2885, signal 172149/193476 (executing program)
2022/09/15 12:37:21 fetching corpus: 2935, signal 172957/194168 (executing program)
2022/09/15 12:37:21 fetching corpus: 2985, signal 173960/194966 (executing program)
2022/09/15 12:37:21 fetching corpus: 3035, signal 175158/195960 (executing program)
2022/09/15 12:37:21 fetching corpus: 3085, signal 176294/196766 (executing program)
2022/09/15 12:37:21 fetching corpus: 3135, signal 177174/197466 (executing program)
2022/09/15 12:37:22 fetching corpus: 3185, signal 178245/198193 (executing program)
2022/09/15 12:37:22 fetching corpus: 3235, signal 179234/198910 (executing program)
2022/09/15 12:37:22 fetching corpus: 3285, signal 180165/199555 (executing program)
2022/09/15 12:37:22 fetching corpus: 3335, signal 180746/200049 (executing program)
2022/09/15 12:37:22 fetching corpus: 3385, signal 182162/200769 (executing program)
2022/09/15 12:37:22 fetching corpus: 3435, signal 182955/201356 (executing program)
2022/09/15 12:37:22 fetching corpus: 3485, signal 183738/201837 (executing program)
2022/09/15 12:37:22 fetching corpus: 3535, signal 184437/202322 (executing program)
2022/09/15 12:37:23 fetching corpus: 3585, signal 185476/203117 (executing program)
2022/09/15 12:37:23 fetching corpus: 3635, signal 186020/203584 (executing program)
2022/09/15 12:37:23 fetching corpus: 3685, signal 186689/204006 (executing program)
2022/09/15 12:37:23 fetching corpus: 3735, signal 187176/204376 (executing program)
2022/09/15 12:37:23 fetching corpus: 3785, signal 187758/204783 (executing program)
2022/09/15 12:37:23 fetching corpus: 3835, signal 188420/205204 (executing program)
2022/09/15 12:37:23 fetching corpus: 3885, signal 189098/205620 (executing program)
2022/09/15 12:37:24 fetching corpus: 3935, signal 190068/206068 (executing program)
2022/09/15 12:37:24 fetching corpus: 3985, signal 190694/206382 (executing program)
2022/09/15 12:37:24 fetching corpus: 4035, signal 191464/206716 (executing program)
2022/09/15 12:37:24 fetching corpus: 4085, signal 192359/207178 (executing program)
2022/09/15 12:37:24 fetching corpus: 4135, signal 193410/207539 (executing program)
2022/09/15 12:37:24 fetching corpus: 4185, signal 194174/207867 (executing program)
2022/09/15 12:37:24 fetching corpus: 4235, signal 194713/208113 (executing program)
2022/09/15 12:37:25 fetching corpus: 4285, signal 195604/208413 (executing program)
2022/09/15 12:37:25 fetching corpus: 4335, signal 196174/208653 (executing program)
2022/09/15 12:37:25 fetching corpus: 4385, signal 196900/208861 (executing program)
2022/09/15 12:37:25 fetching corpus: 4435, signal 197981/209109 (executing program)
2022/09/15 12:37:25 fetching corpus: 4485, signal 199017/209336 (executing program)
2022/09/15 12:37:25 fetching corpus: 4535, signal 199990/209566 (executing program)
2022/09/15 12:37:26 fetching corpus: 4585, signal 200772/209743 (executing program)
2022/09/15 12:37:26 fetching corpus: 4635, signal 201424/210110 (executing program)
2022/09/15 12:37:26 fetching corpus: 4685, signal 202133/210261 (executing program)
2022/09/15 12:37:26 fetching corpus: 4735, signal 202668/210400 (executing program)
2022/09/15 12:37:26 fetching corpus: 4785, signal 203192/210510 (executing program)
2022/09/15 12:37:26 fetching corpus: 4835, signal 203987/210625 (executing program)
2022/09/15 12:37:26 fetching corpus: 4885, signal 204337/210714 (executing program)
2022/09/15 12:37:26 fetching corpus: 4886, signal 204478/210764 (executing program)
2022/09/15 12:37:26 fetching corpus: 4886, signal 204478/210824 (executing program)
2022/09/15 12:37:26 fetching corpus: 4886, signal 204478/210824 (executing program)
2022/09/15 12:37:29 starting 8 fuzzer processes
12:37:29 executing program 0:
syz_emit_vhci(&(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x7}, @hci_rp_read_class_of_dev={{}, {0x0, "92bb12"}}}}, 0xa)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x1011c2, 0x0)

12:37:29 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8917, &(0x7f0000000000)={'lo\x00'})
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8918, &(0x7f0000000000)={'lo\x00'})

12:37:29 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
preadv(r2, 0x0, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000540)=ANY=[@ANYBLOB="e5002571b970cf200cbc25cf34008400000000", @ANYRES16=0x0, @ANYBLOB="1f0a0000000000000000390000000c00280000290000001c005a801800019f42965f5f266f4d8014000300ffff000000000000030000001b000000bdb06bea4ccbd5a5381b0ce76777c61e966aa4ef701a14ec43e1580a61d04b8fa7d41ae54eafdf3d1826407045ca0a843f530700b52bd299cddaab52b70acb29a11c"], 0x3c}}, 0x4e1)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
preadv2(r2, &(0x7f0000000440)=[{&(0x7f0000000200)=""/49, 0x31}, {&(0x7f00000003c0)=""/77, 0x4d}], 0x2, 0x1, 0x6, 0x9)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="050000000000000000004400000008000300", @ANYRES32, @ANYBLOB="001405000000000500070000080000000600005f3b7d36eff900000000"], 0x38}}, 0x0)
sendmsg$NL80211_CMD_SET_KEY(r3, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x1)
ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, &(0x7f0000000300))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r2)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000004, 0x11, r1, 0x0)
syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

[   66.307906] audit: type=1400 audit(1663245449.636:6): avc:  denied  { execmem } for  pid=282 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
12:37:29 executing program 4:
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$WPAN_WANTACK(r0, 0x0, 0x0, &(0x7f0000003000), 0x4)

12:37:29 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000580))
sendmmsg$inet(r0, &(0x7f00000045c0)=[{{&(0x7f0000000000)={0x2, 0x4e23, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000300)=[@ip_retopts={{0x1c, 0x0, 0x7, {[@timestamp_addr={0x44, 0xc, 0x6, 0x2, 0x0, [{@remote}]}]}}}], 0x20}}], 0x1, 0x0)

12:37:29 executing program 6:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)={0x28, 0x28, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @u32=0x2}, @typed={0x8, 0x84, 0x0, 0x0, @pid}, @typed={0x8, 0x0, 0x0, 0x0, @pid}]}, 0x28}], 0x1}, 0x0)

12:37:29 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x220)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r2, r2, 0x0, 0x80000000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000002, 0x13, r1, 0x0)
madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x17)

12:37:29 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc042, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
copy_file_range(r0, 0x0, r1, 0x0, 0x0, 0x0)

[   67.631377] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   67.633510] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   67.636599] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   67.638453] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   67.641939] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   67.643187] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   67.658992] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   67.661720] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   67.663841] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   67.673102] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   67.674176] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   67.675758] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   67.680673] Bluetooth: hci0: HCI_REQ-0x0c1a
[   67.685809] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   67.687780] Bluetooth: hci1: HCI_REQ-0x0c1a
[   67.692261] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   67.693514] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   67.694858] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   67.696041] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   67.699575] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   67.700987] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   67.713974] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   67.714978] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   67.719652] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   67.720934] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   67.722416] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   67.726288] Bluetooth: hci3: HCI_REQ-0x0c1a
[   67.745197] Bluetooth: hci2: HCI_REQ-0x0c1a
[   67.799717] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   67.800295] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   67.803125] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   67.804903] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   67.806999] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   67.809876] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   67.812442] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   67.815807] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   67.817017] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   67.819666] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   67.822268] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   67.826037] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   67.832926] Bluetooth: hci5: HCI_REQ-0x0c1a
[   67.838412] Bluetooth: hci4: HCI_REQ-0x0c1a
[   69.712927] Bluetooth: hci1: command 0x0409 tx timeout
[   69.713857] Bluetooth: hci0: command 0x0409 tx timeout
[   69.776518] Bluetooth: hci3: command 0x0409 tx timeout
[   69.776941] Bluetooth: hci2: command 0x0409 tx timeout
[   69.777412] Bluetooth: hci7: Opcode 0x c03 failed: -110
[   69.778203] Bluetooth: hci6: Opcode 0x c03 failed: -110
[   69.840405] Bluetooth: hci5: command 0x0409 tx timeout
[   69.904376] Bluetooth: hci4: command 0x0409 tx timeout
[   71.761411] Bluetooth: hci0: command 0x041b tx timeout
[   71.761890] Bluetooth: hci1: command 0x041b tx timeout
[   71.825408] Bluetooth: hci2: command 0x041b tx timeout
[   71.825860] Bluetooth: hci3: command 0x041b tx timeout
[   71.888519] Bluetooth: hci5: command 0x041b tx timeout
[   71.952494] Bluetooth: hci4: command 0x041b tx timeout
[   73.236418] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   73.239730] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   73.242488] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   73.253559] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   73.256106] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[   73.258128] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   73.318490] Bluetooth: hci7: HCI_REQ-0x0c1a
[   73.808404] Bluetooth: hci1: command 0x040f tx timeout
[   73.808903] Bluetooth: hci0: command 0x040f tx timeout
[   73.872381] Bluetooth: hci3: command 0x040f tx timeout
[   73.872843] Bluetooth: hci2: command 0x040f tx timeout
[   73.936372] Bluetooth: hci5: command 0x040f tx timeout
[   74.000419] Bluetooth: hci4: command 0x040f tx timeout
[   75.216436] Bluetooth: hci6: Opcode 0x c03 failed: -110
[   75.344390] Bluetooth: hci7: command 0x0409 tx timeout
[   75.857536] Bluetooth: hci0: command 0x0419 tx timeout
[   75.858977] Bluetooth: hci1: command 0x0419 tx timeout
[   75.921384] Bluetooth: hci2: command 0x0419 tx timeout
[   75.921835] Bluetooth: hci3: command 0x0419 tx timeout
[   75.985401] Bluetooth: hci5: command 0x0419 tx timeout
[   76.049441] Bluetooth: hci4: command 0x0419 tx timeout
[   77.392389] Bluetooth: hci7: command 0x041b tx timeout
[   79.446358] Bluetooth: hci7: command 0x040f tx timeout
[   79.825473] Bluetooth: hci6: Opcode 0x c03 failed: -110
[   81.488397] Bluetooth: hci7: command 0x0419 tx timeout
[   82.758016] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   82.777008] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   82.784993] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   82.808630] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   82.813543] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[   82.817057] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   82.826519] Bluetooth: hci6: HCI_REQ-0x0c1a
[   84.881415] Bluetooth: hci6: command 0x0409 tx timeout
[   86.929716] Bluetooth: hci6: command 0x041b tx timeout
[   88.977598] Bluetooth: hci6: command 0x040f tx timeout
[   91.024739] Bluetooth: hci6: command 0x0419 tx timeout
12:38:27 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8917, &(0x7f0000000000)={'lo\x00'})
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8918, &(0x7f0000000000)={'lo\x00'})

12:38:27 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8917, &(0x7f0000000000)={'lo\x00'})
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8918, &(0x7f0000000000)={'lo\x00'})

12:38:27 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8917, &(0x7f0000000000)={'lo\x00'})
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8918, &(0x7f0000000000)={'lo\x00'})

12:38:27 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x220)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r2, r2, 0x0, 0x80000000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000002, 0x13, r1, 0x0)
madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x17)

12:38:27 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x220)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r2, r2, 0x0, 0x80000000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000002, 0x13, r1, 0x0)
madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x17)

12:38:27 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x220)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r2, r2, 0x0, 0x80000000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000002, 0x13, r1, 0x0)
madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x17)

12:38:28 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x220)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r2, r2, 0x0, 0x80000000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000002, 0x13, r1, 0x0)
madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x17)

12:38:28 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x220)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
sendfile(r2, r2, 0x0, 0x80000000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000002, 0x13, r1, 0x0)
madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x17)

[  126.255818] audit: type=1400 audit(1663245509.584:7): avc:  denied  { open } for  pid=3736 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  126.257408] audit: type=1400 audit(1663245509.584:8): avc:  denied  { kernel } for  pid=3736 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  126.270872] ------------[ cut here ]------------
[  126.270898] 
[  126.270903] ======================================================
[  126.270907] WARNING: possible circular locking dependency detected
[  126.270912] 6.0.0-rc5-next-20220915 #1 Not tainted
[  126.270920] ------------------------------------------------------
[  126.270924] syz-executor.7/3739 is trying to acquire lock:
[  126.270932] ffffffff853fa878 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70
[  126.270978] 
[  126.270978] but task is already holding lock:
[  126.270982] ffff88800dfafc20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  126.271017] 
[  126.271017] which lock already depends on the new lock.
[  126.271017] 
[  126.271021] 
[  126.271021] the existing dependency chain (in reverse order) is:
[  126.271025] 
[  126.271025] -> #3 (&ctx->lock){....}-{2:2}:
[  126.271042]        _raw_spin_lock+0x2a/0x40
[  126.271063]        __perf_event_task_sched_out+0x53b/0x18d0
[  126.271079]        __schedule+0xedd/0x2470
[  126.271092]        schedule+0xda/0x1b0
[  126.271104]        futex_wait_queue+0xf5/0x1e0
[  126.271119]        futex_wait+0x28e/0x690
[  126.271131]        do_futex+0x2ff/0x380
[  126.271146]        __x64_sys_futex+0x1c6/0x4d0
[  126.271158]        do_syscall_64+0x3b/0x90
[  126.271176]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  126.271199] 
[  126.271199] -> #2 (&rq->__lock){-.-.}-{2:2}:
[  126.271216]        _raw_spin_lock_nested+0x30/0x40
[  126.271235]        raw_spin_rq_lock_nested+0x1e/0x30
[  126.271251]        task_fork_fair+0x63/0x4d0
[  126.271273]        sched_cgroup_fork+0x3d0/0x540
[  126.271291]        copy_process+0x4183/0x6e20
[  126.271304]        kernel_clone+0xe7/0x890
[  126.271315]        user_mode_thread+0xad/0xf0
[  126.271331]        rest_init+0x24/0x250
[  126.271353]        arch_call_rest_init+0xf/0x14
[  126.271368]        start_kernel+0x4c1/0x4e6
[  126.271380]        secondary_startup_64_no_verify+0xe0/0xeb
[  126.271398] 
[  126.271398] -> #1 (&p->pi_lock){-.-.}-{2:2}:
[  126.271415]        _raw_spin_lock_irqsave+0x39/0x60
[  126.271435]        try_to_wake_up+0xab/0x1920
[  126.271451]        up+0x75/0xb0
[  126.271466]        __up_console_sem+0x6e/0x80
[  126.271486]        console_unlock+0x46a/0x590
[  126.271507]        vt_ioctl+0x2822/0x2ca0
[  126.271523]        tty_ioctl+0x7c4/0x1700
[  126.271537]        __x64_sys_ioctl+0x19a/0x210
[  126.271557]        do_syscall_64+0x3b/0x90
[  126.271574]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  126.271596] 
[  126.271596] -> #0 ((console_sem).lock){....}-{2:2}:
[  126.271613]        __lock_acquire+0x2a02/0x5e70
[  126.271634]        lock_acquire+0x1a2/0x530
[  126.271654]        _raw_spin_lock_irqsave+0x39/0x60
[  126.271673]        down_trylock+0xe/0x70
[  126.271689]        __down_trylock_console_sem+0x3b/0xd0
[  126.271709]        vprintk_emit+0x16b/0x560
[  126.271731]        vprintk+0x84/0xa0
[  126.271754]        _printk+0xba/0xf1
[  126.271780]        report_bug.cold+0x72/0xab
[  126.271796]        handle_bug+0x3c/0x70
[  126.271813]        exc_invalid_op+0x14/0x50
[  126.271830]        asm_exc_invalid_op+0x16/0x20
[  126.271851]        group_sched_out.part.0+0x2c7/0x460
[  126.271864]        ctx_sched_out+0x8f1/0xc10
[  126.271876]        __perf_event_task_sched_out+0x6d0/0x18d0
[  126.271892]        __schedule+0xedd/0x2470
[  126.271904]        schedule+0xda/0x1b0
[  126.271917]        futex_wait_queue+0xf5/0x1e0
[  126.271929]        futex_wait+0x28e/0x690
[  126.271942]        do_futex+0x2ff/0x380
[  126.271953]        __x64_sys_futex+0x1c6/0x4d0
[  126.271965]        do_syscall_64+0x3b/0x90
[  126.271981]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  126.272003] 
[  126.272003] other info that might help us debug this:
[  126.272003] 
[  126.272007] Chain exists of:
[  126.272007]   (console_sem).lock --> &rq->__lock --> &ctx->lock
[  126.272007] 
[  126.272026]  Possible unsafe locking scenario:
[  126.272026] 
[  126.272029]        CPU0                    CPU1
[  126.272031]        ----                    ----
[  126.272034]   lock(&ctx->lock);
[  126.272041]                                lock(&rq->__lock);
[  126.272049]                                lock(&ctx->lock);
[  126.272057]   lock((console_sem).lock);
[  126.272064] 
[  126.272064]  *** DEADLOCK ***
[  126.272064] 
[  126.272067] 2 locks held by syz-executor.7/3739:
[  126.272075]  #0: ffff88806ce37cd8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470
[  126.272108]  #1: ffff88800dfafc20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  126.272142] 
[  126.272142] stack backtrace:
[  126.272146] CPU: 0 PID: 3739 Comm: syz-executor.7 Not tainted 6.0.0-rc5-next-20220915 #1
[  126.272161] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  126.272172] Call Trace:
[  126.272176]  <TASK>
[  126.272181]  dump_stack_lvl+0x8b/0xb3
[  126.272201]  check_noncircular+0x263/0x2e0
[  126.272222]  ? format_decode+0x26c/0xb50
[  126.272241]  ? print_circular_bug+0x450/0x450
[  126.272263]  ? enable_ptr_key_workfn+0x20/0x20
[  126.272282]  ? format_decode+0x26c/0xb50
[  126.272302]  ? alloc_chain_hlocks+0x1ec/0x5a0
[  126.272325]  __lock_acquire+0x2a02/0x5e70
[  126.272352]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  126.272381]  lock_acquire+0x1a2/0x530
[  126.272402]  ? down_trylock+0xe/0x70
[  126.272421]  ? rcu_read_unlock+0x40/0x40
[  126.272447]  ? vprintk+0x84/0xa0
[  126.272470]  _raw_spin_lock_irqsave+0x39/0x60
[  126.272490]  ? down_trylock+0xe/0x70
[  126.272507]  down_trylock+0xe/0x70
[  126.272524]  ? vprintk+0x84/0xa0
[  126.272546]  __down_trylock_console_sem+0x3b/0xd0
[  126.272568]  vprintk_emit+0x16b/0x560
[  126.272592]  vprintk+0x84/0xa0
[  126.272615]  _printk+0xba/0xf1
[  126.272638]  ? record_print_text.cold+0x16/0x16
[  126.272666]  ? report_bug.cold+0x66/0xab
[  126.272685]  ? group_sched_out.part.0+0x2c7/0x460
[  126.272699]  report_bug.cold+0x72/0xab
[  126.272719]  handle_bug+0x3c/0x70
[  126.272737]  exc_invalid_op+0x14/0x50
[  126.272758]  asm_exc_invalid_op+0x16/0x20
[  126.272780] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  126.272796] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  126.272811] RSP: 0018:ffff888040cd78f8 EFLAGS: 00010006
[  126.272822] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  126.272831] RDX: ffff88801a683580 RSI: ffffffff81566027 RDI: 0000000000000005
[  126.272841] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001
[  126.272850] R10: 0000000000000000 R11: ffffffff865ac01b R12: ffff88800dfafc00
[  126.272860] R13: ffff88806ce3d100 R14: ffffffff8547c660 R15: 0000000000000002
[  126.272874]  ? group_sched_out.part.0+0x2c7/0x460
[  126.272890]  ? group_sched_out.part.0+0x2c7/0x460
[  126.272905]  ctx_sched_out+0x8f1/0xc10
[  126.272921]  __perf_event_task_sched_out+0x6d0/0x18d0
[  126.272940]  ? lock_is_held_type+0xd7/0x130
[  126.272964]  ? __perf_cgroup_move+0x160/0x160
[  126.272978]  ? set_next_entity+0x304/0x550
[  126.273003]  ? lock_is_held_type+0xd7/0x130
[  126.273027]  __schedule+0xedd/0x2470
[  126.273044]  ? io_schedule_timeout+0x150/0x150
[  126.273059]  ? futex_wait_setup+0x166/0x230
[  126.273076]  schedule+0xda/0x1b0
[  126.273090]  futex_wait_queue+0xf5/0x1e0
[  126.273105]  futex_wait+0x28e/0x690
[  126.273120]  ? futex_wait_setup+0x230/0x230
[  126.273136]  ? wake_up_q+0x8b/0xf0
[  126.273153]  ? do_raw_spin_unlock+0x4f/0x220
[  126.273178]  ? futex_wake+0x158/0x490
[  126.273197]  ? fd_install+0x1f9/0x640
[  126.273217]  do_futex+0x2ff/0x380
[  126.273231]  ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0
[  126.273250]  __x64_sys_futex+0x1c6/0x4d0
[  126.273266]  ? __x64_sys_futex_time32+0x480/0x480
[  126.273281]  ? syscall_enter_from_user_mode+0x1d/0x50
[  126.273305]  ? syscall_enter_from_user_mode+0x1d/0x50
[  126.273331]  do_syscall_64+0x3b/0x90
[  126.273349]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  126.273372] RIP: 0033:0x7f7b829abb19
[  126.273382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  126.273413] RSP: 002b:00007f7b7ff21218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  126.273427] RAX: ffffffffffffffda RBX: 00007f7b82abef68 RCX: 00007f7b829abb19
[  126.273437] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f7b82abef68
[  126.273446] RBP: 00007f7b82abef60 R08: 0000000000000000 R09: 0000000000000000
[  126.273454] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b82abef6c
[  126.273463] R13: 00007ffd5d81773f R14: 00007f7b7ff21300 R15: 0000000000022000
[  126.273479]  </TASK>
[  126.338224] WARNING: CPU: 0 PID: 3739 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460
[  126.338943] Modules linked in:
[  126.339203] CPU: 0 PID: 3739 Comm: syz-executor.7 Not tainted 6.0.0-rc5-next-20220915 #1
[  126.339831] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  126.340704] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  126.341131] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  126.342546] RSP: 0018:ffff888040cd78f8 EFLAGS: 00010006
[  126.342967] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  126.343523] RDX: ffff88801a683580 RSI: ffffffff81566027 RDI: 0000000000000005
[  126.344084] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001
[  126.344641] R10: 0000000000000000 R11: ffffffff865ac01b R12: ffff88800dfafc00
[  126.345202] R13: ffff88806ce3d100 R14: ffffffff8547c660 R15: 0000000000000002
[  126.345765] FS:  00007f7b7ff21700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
[  126.346393] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  126.346847] CR2: 000055dee454e2b0 CR3: 000000003931c000 CR4: 0000000000350ef0
[  126.347399] Call Trace:
[  126.347605]  <TASK>
[  126.347789]  ctx_sched_out+0x8f1/0xc10
[  126.348104]  __perf_event_task_sched_out+0x6d0/0x18d0
[  126.348512]  ? lock_is_held_type+0xd7/0x130
[  126.348860]  ? __perf_cgroup_move+0x160/0x160
[  126.349216]  ? set_next_entity+0x304/0x550
[  126.349575]  ? lock_is_held_type+0xd7/0x130
[  126.349930]  __schedule+0xedd/0x2470
[  126.350231]  ? io_schedule_timeout+0x150/0x150
[  126.350594]  ? futex_wait_setup+0x166/0x230
[  126.350936]  schedule+0xda/0x1b0
[  126.351211]  futex_wait_queue+0xf5/0x1e0
[  126.351533]  futex_wait+0x28e/0x690
[  126.351827]  ? futex_wait_setup+0x230/0x230
[  126.352169]  ? wake_up_q+0x8b/0xf0
[  126.352457]  ? do_raw_spin_unlock+0x4f/0x220
[  126.352818]  ? futex_wake+0x158/0x490
[  126.353129]  ? fd_install+0x1f9/0x640
[  126.353447]  do_futex+0x2ff/0x380
[  126.353728]  ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0
[  126.354184]  __x64_sys_futex+0x1c6/0x4d0
[  126.354507]  ? __x64_sys_futex_time32+0x480/0x480
[  126.354889]  ? syscall_enter_from_user_mode+0x1d/0x50
[  126.355300]  ? syscall_enter_from_user_mode+0x1d/0x50
[  126.355715]  do_syscall_64+0x3b/0x90
[  126.356017]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  126.356430] RIP: 0033:0x7f7b829abb19
[  126.356725] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  126.358125] RSP: 002b:00007f7b7ff21218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  126.358710] RAX: ffffffffffffffda RBX: 00007f7b82abef68 RCX: 00007f7b829abb19
[  126.359260] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f7b82abef68
[  126.359809] RBP: 00007f7b82abef60 R08: 0000000000000000 R09: 0000000000000000
[  126.360358] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7b82abef6c
[  126.360904] R13: 00007ffd5d81773f R14: 00007f7b7ff21300 R15: 0000000000022000
[  126.361464]  </TASK>
[  126.361653] irq event stamp: 986
[  126.361916] hardirqs last  enabled at (985): [<ffffffff8424384d>] syscall_enter_from_user_mode+0x1d/0x50
[  126.362644] hardirqs last disabled at (986): [<ffffffff8424cb25>] __schedule+0x1225/0x2470
[  126.363277] softirqs last  enabled at (972): [<ffffffff8117063b>] __irq_exit_rcu+0x11b/0x180
[  126.363936] softirqs last disabled at (877): [<ffffffff8117063b>] __irq_exit_rcu+0x11b/0x180
[  126.364591] ---[ end trace 0000000000000000 ]---
[  128.574688] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.2'.
[  130.948491] capability: warning: `syz-executor.3' uses 32-bit capabilities (legacy support in use)
[  130.961416] Bluetooth: hci0: Opcode 0x c03 failed: -110
[  131.088406] Bluetooth: hci3: Opcode 0x c03 failed: -110
[  131.152362] Bluetooth: hci4: Opcode 0x c03 failed: -110
[  133.140053] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  133.148114] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  133.151672] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  133.153729] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  133.155196] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  133.156403] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  133.159410] Bluetooth: hci0: HCI_REQ-0x0c1a
[  135.184441] Bluetooth: hci0: command 0x0409 tx timeout
[  135.312426] Bluetooth: hci3: Opcode 0x c03 failed: -110
[  135.376760] Bluetooth: hci4: Opcode 0x c03 failed: -110

VM DIAGNOSIS:
12:38:29  Registers:
info registers vcpu 0
RAX=000000000000006b RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff822b29f1 RDI=ffffffff87641ba0 RBP=ffffffff87641b60 RSP=ffff888040cd7348
R8 =0000000000000001 R9 =000000000000000a R10=000000000000006b R11=0000000000000001
R12=000000000000006b R13=ffffffff87641b60 R14=0000000000000010 R15=ffffffff822b29e0
RIP=ffffffff822b2a49 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f7b7ff21700 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055dee454e2b0 CR3=000000003931c000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 00007f7b82a927c0 00007f7b82a927c8
YMM02=0000000000000000 0000000000000000 00007f7b82a927e0 00007f7b82a927c0
YMM03=0000000000000000 0000000000000000 00007f7b82a927c8 00007f7b82a927c0
YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1
RAX=1ffffffff0b75c9e RBX=ffffffff85bae4f4 RCX=ffffffff816c508e RDX=0000000000000000
RSI=ffffffff85ecb680 RDI=ffffffff85bae4e4 RBP=ffffffff85bae4e4 RSP=ffff888040f6f498
R8 =ffffffff85ecb680 R9 =ffffffff85ecb51c R10=ffffed10081edeb9 R11=000000000003603d
R12=ffffffff85bae504 R13=ffffffff85bae4e4 R14=ffffffff85bae4e4 R15=dffffc0000000000
RIP=ffffffff8111ac7f RFL=00000213 [----A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffc4a51ef80 CR3=000000003cf7c000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 756e696c2d34365f 3638782f62696c2f
YMM01=0000000000000000 0000000000000000 00362e6f732e6362 696c2f756e672d78
YMM02=0000000000000000 0000000000000000 ffff0000000000ff ffffffffffffffff
YMM03=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff
YMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000