
Debian GNU/Linux 11 syzkaller ttyS0

Warning: Permanently added '[localhost]:1493' (ECDSA) to the list of known hosts.
2022/09/20 12:49:03 fuzzer started
2022/09/20 12:49:03 dialing manager at localhost:34957
syzkaller login: [   36.353892] cgroup: Unknown subsys name 'net'
[   36.436576] cgroup: Unknown subsys name 'rlimit'
2022/09/20 12:49:16 syscalls: 2215
2022/09/20 12:49:16 code coverage: enabled
2022/09/20 12:49:16 comparison tracing: enabled
2022/09/20 12:49:16 extra coverage: enabled
2022/09/20 12:49:16 setuid sandbox: enabled
2022/09/20 12:49:16 namespace sandbox: enabled
2022/09/20 12:49:16 Android sandbox: enabled
2022/09/20 12:49:16 fault injection: enabled
2022/09/20 12:49:16 leak checking: enabled
2022/09/20 12:49:16 net packet injection: enabled
2022/09/20 12:49:16 net device setup: enabled
2022/09/20 12:49:16 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2022/09/20 12:49:16 devlink PCI setup: PCI device 0000:00:10.0 is not available
2022/09/20 12:49:16 USB emulation: enabled
2022/09/20 12:49:16 hci packet injection: enabled
2022/09/20 12:49:16 wifi device emulation: failed to parse kernel version (6.0.0-rc6-next-20220920                                          )
2022/09/20 12:49:16 802.15.4 emulation: enabled
2022/09/20 12:49:16 fetching corpus: 0, signal 0/2000 (executing program)
2022/09/20 12:49:16 fetching corpus: 50, signal 24142/27692 (executing program)
2022/09/20 12:49:17 fetching corpus: 100, signal 38651/43554 (executing program)
2022/09/20 12:49:17 fetching corpus: 150, signal 49226/55380 (executing program)
2022/09/20 12:49:17 fetching corpus: 200, signal 61403/68518 (executing program)
2022/09/20 12:49:17 fetching corpus: 250, signal 67849/76057 (executing program)
2022/09/20 12:49:17 fetching corpus: 300, signal 71023/80390 (executing program)
2022/09/20 12:49:17 fetching corpus: 350, signal 75958/86261 (executing program)
2022/09/20 12:49:17 fetching corpus: 400, signal 80181/91446 (executing program)
2022/09/20 12:49:18 fetching corpus: 450, signal 83735/95903 (executing program)
2022/09/20 12:49:18 fetching corpus: 500, signal 87019/100124 (executing program)
2022/09/20 12:49:18 fetching corpus: 550, signal 89229/103235 (executing program)
2022/09/20 12:49:18 fetching corpus: 600, signal 91658/106558 (executing program)
2022/09/20 12:49:18 fetching corpus: 650, signal 96399/111790 (executing program)
2022/09/20 12:49:18 fetching corpus: 700, signal 98219/114469 (executing program)
2022/09/20 12:49:18 fetching corpus: 750, signal 101431/118268 (executing program)
2022/09/20 12:49:19 fetching corpus: 800, signal 103635/121176 (executing program)
2022/09/20 12:49:19 fetching corpus: 850, signal 106158/124307 (executing program)
2022/09/20 12:49:19 fetching corpus: 900, signal 108477/127195 (executing program)
2022/09/20 12:49:19 fetching corpus: 950, signal 110284/129638 (executing program)
2022/09/20 12:49:19 fetching corpus: 1000, signal 113189/132947 (executing program)
2022/09/20 12:49:19 fetching corpus: 1050, signal 116419/136450 (executing program)
2022/09/20 12:49:19 fetching corpus: 1100, signal 117928/138579 (executing program)
2022/09/20 12:49:20 fetching corpus: 1150, signal 120038/141122 (executing program)
2022/09/20 12:49:20 fetching corpus: 1200, signal 122447/143821 (executing program)
2022/09/20 12:49:20 fetching corpus: 1250, signal 124286/146114 (executing program)
2022/09/20 12:49:20 fetching corpus: 1300, signal 125755/148106 (executing program)
2022/09/20 12:49:20 fetching corpus: 1350, signal 127676/150317 (executing program)
2022/09/20 12:49:20 fetching corpus: 1400, signal 129847/152691 (executing program)
2022/09/20 12:49:20 fetching corpus: 1450, signal 132644/155520 (executing program)
2022/09/20 12:49:20 fetching corpus: 1500, signal 133780/157124 (executing program)
2022/09/20 12:49:21 fetching corpus: 1550, signal 135665/159178 (executing program)
2022/09/20 12:49:21 fetching corpus: 1600, signal 137164/160932 (executing program)
2022/09/20 12:49:21 fetching corpus: 1650, signal 138764/162685 (executing program)
2022/09/20 12:49:21 fetching corpus: 1700, signal 140432/164495 (executing program)
2022/09/20 12:49:21 fetching corpus: 1750, signal 142166/166327 (executing program)
2022/09/20 12:49:21 fetching corpus: 1800, signal 143004/167490 (executing program)
2022/09/20 12:49:21 fetching corpus: 1850, signal 144648/169209 (executing program)
2022/09/20 12:49:21 fetching corpus: 1900, signal 145819/170592 (executing program)
2022/09/20 12:49:22 fetching corpus: 1950, signal 147573/172286 (executing program)
2022/09/20 12:49:22 fetching corpus: 2000, signal 150031/174412 (executing program)
2022/09/20 12:49:22 fetching corpus: 2050, signal 151413/175893 (executing program)
2022/09/20 12:49:22 fetching corpus: 2100, signal 153082/177462 (executing program)
2022/09/20 12:49:22 fetching corpus: 2150, signal 154481/178758 (executing program)
2022/09/20 12:49:22 fetching corpus: 2200, signal 155398/179896 (executing program)
2022/09/20 12:49:22 fetching corpus: 2250, signal 156548/181097 (executing program)
2022/09/20 12:49:23 fetching corpus: 2300, signal 158356/182707 (executing program)
2022/09/20 12:49:23 fetching corpus: 2350, signal 159868/184043 (executing program)
2022/09/20 12:49:23 fetching corpus: 2400, signal 160631/184926 (executing program)
2022/09/20 12:49:23 fetching corpus: 2450, signal 161698/186011 (executing program)
2022/09/20 12:49:23 fetching corpus: 2500, signal 163120/187273 (executing program)
2022/09/20 12:49:23 fetching corpus: 2550, signal 163809/188093 (executing program)
2022/09/20 12:49:23 fetching corpus: 2600, signal 164400/188862 (executing program)
2022/09/20 12:49:23 fetching corpus: 2650, signal 165529/189878 (executing program)
2022/09/20 12:49:24 fetching corpus: 2700, signal 166609/190851 (executing program)
2022/09/20 12:49:24 fetching corpus: 2750, signal 167710/191843 (executing program)
2022/09/20 12:49:24 fetching corpus: 2800, signal 168741/192720 (executing program)
2022/09/20 12:49:24 fetching corpus: 2850, signal 169498/193486 (executing program)
2022/09/20 12:49:24 fetching corpus: 2900, signal 170901/194520 (executing program)
2022/09/20 12:49:24 fetching corpus: 2950, signal 172151/195469 (executing program)
2022/09/20 12:49:24 fetching corpus: 3000, signal 173657/196530 (executing program)
2022/09/20 12:49:24 fetching corpus: 3050, signal 174220/197123 (executing program)
2022/09/20 12:49:25 fetching corpus: 3100, signal 174837/197763 (executing program)
2022/09/20 12:49:25 fetching corpus: 3150, signal 176318/198695 (executing program)
2022/09/20 12:49:25 fetching corpus: 3200, signal 176982/199324 (executing program)
2022/09/20 12:49:25 fetching corpus: 3250, signal 177719/199962 (executing program)
2022/09/20 12:49:25 fetching corpus: 3300, signal 178807/200708 (executing program)
2022/09/20 12:49:25 fetching corpus: 3350, signal 179645/201353 (executing program)
2022/09/20 12:49:25 fetching corpus: 3400, signal 180314/201945 (executing program)
2022/09/20 12:49:26 fetching corpus: 3450, signal 180920/202466 (executing program)
2022/09/20 12:49:26 fetching corpus: 3500, signal 182120/203180 (executing program)
2022/09/20 12:49:26 fetching corpus: 3550, signal 183221/203832 (executing program)
2022/09/20 12:49:26 fetching corpus: 3600, signal 183851/204291 (executing program)
2022/09/20 12:49:26 fetching corpus: 3650, signal 185262/204979 (executing program)
2022/09/20 12:49:26 fetching corpus: 3700, signal 186065/205507 (executing program)
2022/09/20 12:49:26 fetching corpus: 3750, signal 187328/206146 (executing program)
2022/09/20 12:49:27 fetching corpus: 3800, signal 188181/206610 (executing program)
2022/09/20 12:49:27 fetching corpus: 3850, signal 189280/207226 (executing program)
2022/09/20 12:49:27 fetching corpus: 3900, signal 189987/207651 (executing program)
2022/09/20 12:49:27 fetching corpus: 3950, signal 190971/208163 (executing program)
2022/09/20 12:49:27 fetching corpus: 4000, signal 191839/208602 (executing program)
2022/09/20 12:49:27 fetching corpus: 4050, signal 192477/208961 (executing program)
2022/09/20 12:49:27 fetching corpus: 4100, signal 193500/209372 (executing program)
2022/09/20 12:49:28 fetching corpus: 4150, signal 194238/209733 (executing program)
2022/09/20 12:49:28 fetching corpus: 4200, signal 195197/210131 (executing program)
2022/09/20 12:49:28 fetching corpus: 4250, signal 195704/210389 (executing program)
2022/09/20 12:49:28 fetching corpus: 4300, signal 197012/210797 (executing program)
2022/09/20 12:49:28 fetching corpus: 4350, signal 198117/211136 (executing program)
2022/09/20 12:49:28 fetching corpus: 4400, signal 199040/211423 (executing program)
2022/09/20 12:49:28 fetching corpus: 4450, signal 199706/211649 (executing program)
2022/09/20 12:49:28 fetching corpus: 4500, signal 200747/211949 (executing program)
2022/09/20 12:49:29 fetching corpus: 4550, signal 201525/212176 (executing program)
2022/09/20 12:49:29 fetching corpus: 4600, signal 202223/212356 (executing program)
2022/09/20 12:49:29 fetching corpus: 4650, signal 203326/212583 (executing program)
2022/09/20 12:49:29 fetching corpus: 4700, signal 203640/212772 (executing program)
2022/09/20 12:49:29 fetching corpus: 4750, signal 204199/212934 (executing program)
2022/09/20 12:49:29 fetching corpus: 4800, signal 204730/213099 (executing program)
2022/09/20 12:49:29 fetching corpus: 4850, signal 205366/213213 (executing program)
2022/09/20 12:49:30 fetching corpus: 4900, signal 205911/213324 (executing program)
2022/09/20 12:49:30 fetching corpus: 4950, signal 206314/213428 (executing program)
2022/09/20 12:49:30 fetching corpus: 5000, signal 207113/213659 (executing program)
2022/09/20 12:49:30 fetching corpus: 5050, signal 207491/213723 (executing program)
2022/09/20 12:49:30 fetching corpus: 5085, signal 208605/213881 (executing program)
2022/09/20 12:49:30 fetching corpus: 5085, signal 208605/213933 (executing program)
2022/09/20 12:49:30 fetching corpus: 5085, signal 208605/213982 (executing program)
2022/09/20 12:49:30 fetching corpus: 5085, signal 208605/213984 (executing program)
2022/09/20 12:49:30 fetching corpus: 5085, signal 208605/213984 (executing program)
2022/09/20 12:49:33 starting 8 fuzzer processes
12:49:33 executing program 0:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x5}, 0x1200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001a00010212c91e1bbeb3f02a252000ff085e762ac65f7d91053f295d4ffc20d75892ef07d227fdbe18dbfb1af3e0dd6a380e71c4fcaceb3843a0a27d26a418e26c51db155af69e0000000000000000000000000000df63a36fd407eb99643bb3409a86448396cd1499fc9043822e14cf2dbe93dedf4e77766175ac5c31d7d34cf901e24917654cb8d3c73e60c6c12f77588b76a9611ccb029fc621b6cee1bcbc694d91f9967d149f4886d35a626a8dbf6b35022ae0469c89edd059d3b71950ce873078f7854516df53f35200ea7d65b2569bab6721d1f31e789b535d1917a35d28628a5faba1bb56e48d042cb3fe8afb8243841665a22b72a48d45814d483cf996f709de3f"], 0x28}}, 0x0)
recvmmsg(r0, &(0x7f0000003980)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
socket$inet6(0xa, 0x1, 0x0)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e24, 0xfff, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

12:49:33 executing program 1:
socketpair(0x11, 0x2, 0x3e8, &(0x7f0000000180))

12:49:33 executing program 2:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440), 0xa}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
io_setup(0xb, &(0x7f0000000140)=<r0=>0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0)
io_submit(r0, 0x1, &(0x7f0000000180)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f00000003c0)="1b7a1666851945cd80a5a2ac0000000000000000b2122fbfdce63a77a865f0778bd425e749feed51f1439746599f0422a9d32dcef6b20d00ce737d913518a188cb9ad737a3f10ee2333baed5899c00ab0d1cce9ff265d634b3b2996ff3a5a91a9283b3b8cbfac984eccdb937f1d200bf96b5b75d5da9e818e348b4", 0x7b, 0x8, 0x0, 0x2}])
r2 = eventfd2(0x7, 0x0)
sendfile(r1, r2, &(0x7f0000000340)=0x5, 0x400)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='net/dev\x00')
close(r1)
openat(r1, &(0x7f0000000480)='./file2\x00', 0x101042, 0x19b)
write(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$FICLONE(0xffffffffffffffff, 0x40049409, 0xffffffffffffffff)
openat(0xffffffffffffffff, &(0x7f0000000200)='./file1\x00', 0x82040, 0xa)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan0\x00'})
socket$packet(0x11, 0x3, 0x300)
ioctl$F2FS_IOC_FLUSH_DEVICE(0xffffffffffffffff, 0x4008f50a, &(0x7f0000000300)={0x7, 0x5})
read$hiddev(r3, &(0x7f0000000040)=""/169, 0x200000e9)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'veth1_to_team\x00'})

12:49:33 executing program 3:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x0, @empty}, 0x7)

12:49:33 executing program 4:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_DISALLOCATE(r0, 0x541c)

12:49:33 executing program 5:
openat$sr(0xffffffffffffff9c, &(0x7f0000000fc0), 0x0, 0x0)

[   65.981109] audit: type=1400 audit(1663678173.503:6): avc:  denied  { execmem } for  pid=285 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
12:49:33 executing program 6:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$bt_BT_VOICE(r0, 0x112, 0xb, &(0x7f0000000700)=0x60, 0x2)

12:49:33 executing program 7:
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000240), 0x1, 0x0)
write$P9_RWSTAT(r0, 0x0, 0x0)

[   67.292694] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   67.294955] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   67.297294] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   67.303249] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   67.305061] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   67.306718] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   67.312542] Bluetooth: hci0: HCI_REQ-0x0c1a
[   67.331029] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   67.346607] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   67.349486] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   67.350904] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   67.354061] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   67.357511] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   67.359665] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   67.360944] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   67.368049] Bluetooth: hci1: HCI_REQ-0x0c1a
[   67.387114] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   67.401684] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   67.402855] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   67.404386] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   67.406056] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   67.408766] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   67.409780] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   67.410764] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   67.412243] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   67.414442] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   67.416073] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   67.421486] Bluetooth: hci2: HCI_REQ-0x0c1a
[   67.424644] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   67.426317] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   67.428487] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   67.429667] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   67.430224] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   67.431509] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   67.433384] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   67.433704] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   67.436304] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   67.441565] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   67.445079] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   67.451372] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[   67.453855] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   67.455194] Bluetooth: hci3: HCI_REQ-0x0c1a
[   67.470177] Bluetooth: hci7: HCI_REQ-0x0c1a
[   67.484665] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   67.486216] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[   67.495436] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   67.497845] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   67.504159] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   67.508817] Bluetooth: hci6: HCI_REQ-0x0c1a
[   67.513638] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   67.527050] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   67.528573] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   67.529746] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   67.531266] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   67.538127] Bluetooth: hci4: HCI_REQ-0x0c1a
[   67.542733] Bluetooth: hci5: HCI_REQ-0x0c1a
[   69.365607] Bluetooth: hci0: command 0x0409 tx timeout
[   69.428086] Bluetooth: hci1: command 0x0409 tx timeout
[   69.492066] Bluetooth: hci3: command 0x0409 tx timeout
[   69.492828] Bluetooth: hci7: command 0x0409 tx timeout
[   69.493440] Bluetooth: hci2: command 0x0409 tx timeout
[   69.556075] Bluetooth: hci4: command 0x0409 tx timeout
[   69.556813] Bluetooth: hci6: command 0x0409 tx timeout
[   69.620140] Bluetooth: hci5: command 0x0409 tx timeout
[   71.413558] Bluetooth: hci0: command 0x041b tx timeout
[   71.476194] Bluetooth: hci1: command 0x041b tx timeout
[   71.540630] Bluetooth: hci2: command 0x041b tx timeout
[   71.541590] Bluetooth: hci7: command 0x041b tx timeout
[   71.542354] Bluetooth: hci3: command 0x041b tx timeout
[   71.604116] Bluetooth: hci6: command 0x041b tx timeout
[   71.604913] Bluetooth: hci4: command 0x041b tx timeout
[   71.668088] Bluetooth: hci5: command 0x041b tx timeout
[   73.460116] Bluetooth: hci0: command 0x040f tx timeout
[   73.524099] Bluetooth: hci1: command 0x040f tx timeout
[   73.589062] Bluetooth: hci3: command 0x040f tx timeout
[   73.589568] Bluetooth: hci7: command 0x040f tx timeout
[   73.590398] Bluetooth: hci2: command 0x040f tx timeout
[   73.652197] Bluetooth: hci4: command 0x040f tx timeout
[   73.652684] Bluetooth: hci6: command 0x040f tx timeout
[   73.716225] Bluetooth: hci5: command 0x040f tx timeout
[   75.509595] Bluetooth: hci0: command 0x0419 tx timeout
[   75.573032] Bluetooth: hci1: command 0x0419 tx timeout
[   75.636092] Bluetooth: hci2: command 0x0419 tx timeout
[   75.636552] Bluetooth: hci7: command 0x0419 tx timeout
[   75.636938] Bluetooth: hci3: command 0x0419 tx timeout
[   75.700077] Bluetooth: hci6: command 0x0419 tx timeout
[   75.700537] Bluetooth: hci4: command 0x0419 tx timeout
[   75.765024] Bluetooth: hci5: command 0x0419 tx timeout
[  123.603028] audit: type=1400 audit(1663678231.125:7): avc:  denied  { open } for  pid=3810 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  123.609112] audit: type=1400 audit(1663678231.125:8): avc:  denied  { kernel } for  pid=3810 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  123.703624] ------------[ cut here ]------------
[  123.703678] 
[  123.703683] ======================================================
[  123.703689] WARNING: possible circular locking dependency detected
[  123.703695] 6.0.0-rc6-next-20220920 #1 Not tainted
[  123.703706] ------------------------------------------------------
[  123.703711] syz-executor.4/3812 is trying to acquire lock:
[  123.703722] ffffffff853faab8 ((console_sem).lock){-...}-{2:2}, at: down_trylock+0xe/0x70
[  123.703780] 
[  123.703780] but task is already holding lock:
[  123.703784] ffff88803f33a020 (&ctx->lock){-...}-{2:2}, at: event_function+0x182/0x3d0
[  123.703834] 
[  123.703834] which lock already depends on the new lock.
[  123.703834] 
[  123.703838] 
[  123.703838] the existing dependency chain (in reverse order) is:
[  123.703844] 
[  123.703844] -> #3 (&ctx->lock){-...}-{2:2}:
[  123.703868]        _raw_spin_lock+0x2a/0x40
[  123.703898]        __perf_event_task_sched_out+0x53b/0x18d0
[  123.703920]        __schedule+0xedd/0x2470
[  123.703940]        schedule+0xda/0x1b0
[  123.703960]        futex_wait_queue+0xf5/0x1e0
[  123.703983]        futex_wait+0x28e/0x690
[  123.704000]        do_futex+0x2ff/0x380
[  123.704015]        __x64_sys_futex+0x1c6/0x4d0
[  123.704032]        do_syscall_64+0x3b/0x90
[  123.704057]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  123.704089] 
[  123.704089] -> #2 (&rq->__lock){-.-.}-{2:2}:
[  123.704112]        _raw_spin_lock_nested+0x30/0x40
[  123.704139]        raw_spin_rq_lock_nested+0x1e/0x30
[  123.704160]        task_fork_fair+0x63/0x4d0
[  123.704186]        sched_cgroup_fork+0x3d0/0x540
[  123.704209]        copy_process+0x4183/0x6e20
[  123.704226]        kernel_clone+0xe7/0x890
[  123.704241]        user_mode_thread+0xad/0xf0
[  123.704258]        rest_init+0x24/0x250
[  123.704275]        arch_call_rest_init+0xf/0x14
[  123.704298]        start_kernel+0x4c1/0x4e6
[  123.704318]        secondary_startup_64_no_verify+0xe0/0xeb
[  123.704340] 
[  123.704340] -> #1 (&p->pi_lock){-.-.}-{2:2}:
[  123.704363]        _raw_spin_lock_irqsave+0x39/0x60
[  123.704391]        try_to_wake_up+0xab/0x1930
[  123.704412]        up+0x75/0xb0
[  123.704431]        __up_console_sem+0x6e/0x80
[  123.704456]        console_unlock+0x46a/0x590
[  123.704482]        do_con_write+0xc05/0x1d50
[  123.704501]        con_write+0x21/0x40
[  123.704517]        n_tty_write+0x4d4/0xfe0
[  123.704538]        file_tty_write.constprop.0+0x49c/0x8f0
[  123.704559]        vfs_write+0x9c3/0xd90
[  123.704587]        ksys_write+0x127/0x250
[  123.704617]        do_syscall_64+0x3b/0x90
[  123.704644]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  123.704675] 
[  123.704675] -> #0 ((console_sem).lock){-...}-{2:2}:
[  123.704698]        __lock_acquire+0x2a02/0x5e70
[  123.704725]        lock_acquire+0x1a2/0x530
[  123.704751]        _raw_spin_lock_irqsave+0x39/0x60
[  123.704778]        down_trylock+0xe/0x70
[  123.704799]        __down_trylock_console_sem+0x3b/0xd0
[  123.704825]        vprintk_emit+0x16b/0x560
[  123.704851]        vprintk+0x84/0xa0
[  123.704877]        _printk+0xba/0xf1
[  123.704893]        report_bug.cold+0x72/0xab
[  123.704917]        handle_bug+0x3c/0x70
[  123.704942]        exc_invalid_op+0x14/0x50
[  123.704967]        asm_exc_invalid_op+0x16/0x20
[  123.704984]        perf_group_detach+0x99e/0x12f0
[  123.705003]        __perf_remove_from_context+0x71e/0xb20
[  123.705024]        event_function+0x297/0x3d0
[  123.705050]        remote_function+0x125/0x1b0
[  123.705074]        __flush_smp_call_function_queue+0x1df/0x5a0
[  123.705095]        __sysvec_call_function_single+0x92/0x3a0
[  123.705122]        sysvec_call_function_single+0x89/0xc0
[  123.705153]        asm_sysvec_call_function_single+0x16/0x20
[  123.705172]        filter_irq_stacks+0x26/0x90
[  123.705197]        __stack_depot_save+0x3a/0x4a0
[  123.705224]        kasan_save_stack+0x31/0x40
[  123.705249]        kasan_set_track+0x21/0x30
[  123.705273]        __kasan_slab_alloc+0x58/0x70
[  123.705298]        kmem_cache_alloc_node+0x1be/0x3e0
[  123.705322]        alloc_vmap_area+0x170/0x1c90
[  123.705341]        __get_vm_area_node+0x13c/0x350
[  123.705359]        __vmalloc_node_range+0x247/0x1400
[  123.705380]        __vmalloc_node+0xa8/0xf0
[  123.705399]        n_tty_open+0x16/0x170
[  123.705420]        tty_ldisc_open+0xa2/0x120
[  123.705443]        tty_ldisc_setup+0x43/0x100
[  123.705467]        tty_init_dev.part.0+0x1fa/0x610
[  123.705488]        tty_open+0xbc0/0x1370
[  123.705507]        chrdev_open+0x268/0x6e0
[  123.705527]        do_dentry_open+0x6ca/0x12b0
[  123.705549]        path_openat+0x19e1/0x2800
[  123.705567]        do_filp_open+0x1b6/0x410
[  123.705586]        do_sys_openat2+0x171/0x4c0
[  123.705610]        __x64_sys_openat+0x13f/0x1f0
[  123.705635]        do_syscall_64+0x3b/0x90
[  123.705660]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  123.705691] 
[  123.705691] other info that might help us debug this:
[  123.705691] 
[  123.705695] Chain exists of:
[  123.705695]   (console_sem).lock --> &rq->__lock --> &ctx->lock
[  123.705695] 
[  123.705720]  Possible unsafe locking scenario:
[  123.705720] 
[  123.705724]        CPU0                    CPU1
[  123.705728]        ----                    ----
[  123.705731]   lock(&ctx->lock);
[  123.705740]                                lock(&rq->__lock);
[  123.705751]                                lock(&ctx->lock);
[  123.705762]   lock((console_sem).lock);
[  123.705772] 
[  123.705772]  *** DEADLOCK ***
[  123.705772] 
[  123.705775] 5 locks held by syz-executor.4/3812:
[  123.705786]  #0: ffffffff8567c208 (tty_mutex){+.+.}-{3:3}, at: tty_open+0x550/0x1370
[  123.705832]  #1: ffff888018b841c0 (&tty->legacy_mutex){+.+.}-{3:3}, at: tty_lock+0xbd/0x120
[  123.705885]  #2: ffff888018b84098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_lock+0x61/0xb0
[  123.705959]  #3: ffff88806cf3d160 (&cpuctx_lock){-...}-{2:2}, at: event_function+0x16f/0x3d0
[  123.706011]  #4: ffff88803f33a020 (&ctx->lock){-...}-{2:2}, at: event_function+0x182/0x3d0
[  123.706064] 
[  123.706064] stack backtrace:
[  123.706068] CPU: 1 PID: 3812 Comm: syz-executor.4 Not tainted 6.0.0-rc6-next-20220920 #1
[  123.706090] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  123.706103] Call Trace:
[  123.706108]  <IRQ>
[  123.706115]  dump_stack_lvl+0x8b/0xb3
[  123.706144]  check_noncircular+0x263/0x2e0
[  123.706171]  ? format_decode+0x26c/0xb50
[  123.706196]  ? print_circular_bug+0x450/0x450
[  123.706224]  ? enable_ptr_key_workfn+0x20/0x20
[  123.706250]  ? format_decode+0x26c/0xb50
[  123.706277]  ? alloc_chain_hlocks+0x1ec/0x5a0
[  123.706307]  __lock_acquire+0x2a02/0x5e70
[  123.706343]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  123.706381]  lock_acquire+0x1a2/0x530
[  123.706409]  ? down_trylock+0xe/0x70
[  123.706434]  ? lock_release+0x750/0x750
[  123.706465]  ? mark_lock.part.0+0xef/0x2f70
[  123.706495]  ? vprintk+0x84/0xa0
[  123.706525]  _raw_spin_lock_irqsave+0x39/0x60
[  123.706554]  ? down_trylock+0xe/0x70
[  123.706581]  down_trylock+0xe/0x70
[  123.706608]  ? vprintk+0x84/0xa0
[  123.706641]  __down_trylock_console_sem+0x3b/0xd0
[  123.706675]  vprintk_emit+0x16b/0x560
[  123.706713]  vprintk+0x84/0xa0
[  123.706747]  _printk+0xba/0xf1
[  123.706768]  ? record_print_text.cold+0x16/0x16
[  123.706793]  ? __lock_acquire+0x164d/0x5e70
[  123.706828]  ? report_bug.cold+0x66/0xab
[  123.706855]  ? perf_group_detach+0x99e/0x12f0
[  123.706876]  report_bug.cold+0x72/0xab
[  123.706905]  handle_bug+0x3c/0x70
[  123.706931]  exc_invalid_op+0x14/0x50
[  123.706959]  asm_exc_invalid_op+0x16/0x20
[  123.706977] RIP: 0010:perf_group_detach+0x99e/0x12f0
[  123.707002] Code: 85 d5 f8 ff ff e8 a2 59 ee ff 65 44 8b 25 16 b3 aa 7e 31 ff 44 89 e6 e8 40 56 ee ff 45 85 e4 0f 84 0a 05 00 00 e8 82 59 ee ff <0f> 0b e9 a9 f8 ff ff e8 76 59 ee ff 65 8b 1d eb b2 aa 7e 31 ff 89
[  123.707021] RSP: 0018:ffff88806cf09e60 EFLAGS: 00010046
[  123.707036] RAX: 0000000080010002 RBX: ffff8880187885c8 RCX: 0000000000000000
[  123.707050] RDX: ffff88800d160000 RSI: ffffffff8157c2be RDI: 0000000000000005
[  123.707063] RBP: ffff8880187885c8 R08: 0000000000000005 R09: 0000000000000001
[  123.707075] R10: 0000000000000000 R11: ffffffff865ae05b R12: 0000000000000000
[  123.707088] R13: ffff888018788658 R14: ffff88803f33a000 R15: ffff8880187885c8
[  123.707107]  ? perf_group_detach+0x99e/0x12f0
[  123.707132]  ? event_sched_out+0xd8/0xcd0
[  123.707154]  __perf_remove_from_context+0x71e/0xb20
[  123.707181]  event_function+0x297/0x3d0
[  123.707208]  ? perf_output_read+0xf80/0xf80
[  123.707237]  remote_function+0x125/0x1b0
[  123.707265]  __flush_smp_call_function_queue+0x1df/0x5a0
[  123.707287]  ? perf_duration_warn+0x40/0x40
[  123.707316]  __sysvec_call_function_single+0x92/0x3a0
[  123.707345]  sysvec_call_function_single+0x89/0xc0
[  123.707377]  </IRQ>
[  123.707382]  <TASK>
[  123.707388]  asm_sysvec_call_function_single+0x16/0x20
[  123.707409] RIP: 0010:filter_irq_stacks+0x26/0x90
[  123.707436] Code: 51 ff ff ff 41 54 41 89 f4 55 53 48 83 ec 08 85 f6 74 30 48 bd 00 00 00 00 00 fc ff df 31 db 48 89 f8 48 c1 e8 03 80 3c 28 00 <75> 53 48 8b 07 48 3d f0 01 40 84 72 1c 48 3d d0 0e 40 84 73 14 44
[  123.707454] RSP: 0018:ffff88801d91f1e8 EFLAGS: 00000246
[  123.707468] RAX: 1ffff11003b23e61 RBX: 0000000000000013 RCX: 0000000000000cc0
[  123.707481] RDX: 0000000000000000 RSI: 0000000000000015 RDI: ffff88801d91f308
[  123.707494] RBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000000
[  123.707506] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000015
[  123.707518] R13: 0000000000000001 R14: 0000000000000cc0 R15: ffff88801d91f270
[  123.707542]  __stack_depot_save+0x3a/0x4a0
[  123.707574]  kasan_save_stack+0x31/0x40
[  123.707600]  ? kasan_save_stack+0x1e/0x40
[  123.707625]  ? kasan_set_track+0x21/0x30
[  123.707650]  ? __kasan_slab_alloc+0x58/0x70
[  123.707676]  ? kmem_cache_alloc_node+0x1be/0x3e0
[  123.707701]  ? alloc_vmap_area+0x170/0x1c90
[  123.707721]  ? __get_vm_area_node+0x13c/0x350
[  123.707740]  ? __vmalloc_node_range+0x247/0x1400
[  123.707762]  ? __vmalloc_node+0xa8/0xf0
[  123.707782]  ? n_tty_open+0x16/0x170
[  123.707804]  ? tty_ldisc_open+0xa2/0x120
[  123.707828]  ? tty_ldisc_setup+0x43/0x100
[  123.707853]  ? tty_init_dev.part.0+0x1fa/0x610
[  123.707875]  ? tty_open+0xbc0/0x1370
[  123.707895]  ? chrdev_open+0x268/0x6e0
[  123.707916]  ? do_dentry_open+0x6ca/0x12b0
[  123.707939]  ? path_openat+0x19e1/0x2800
[  123.707958]  ? do_filp_open+0x1b6/0x410
[  123.707979]  ? do_sys_openat2+0x171/0x4c0
[  123.708004]  ? __x64_sys_openat+0x13f/0x1f0
[  123.708029]  ? do_syscall_64+0x3b/0x90
[  123.708055]  ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  123.708095]  ? lock_is_held_type+0xd7/0x130
[  123.708114]  ? find_held_lock+0x2c/0x110
[  123.708141]  ? lock_release+0x3b2/0x750
[  123.708168]  ? kmem_cache_alloc_node+0x41/0x3e0
[  123.708197]  ? lock_is_held_type+0xd7/0x130
[  123.708217]  kasan_set_track+0x21/0x30
[  123.708243]  __kasan_slab_alloc+0x58/0x70
[  123.708272]  kmem_cache_alloc_node+0x1be/0x3e0
[  123.708300]  alloc_vmap_area+0x170/0x1c90
[  123.708321]  ? mark_held_locks+0x9e/0xe0
[  123.708349]  ? _raw_spin_unlock_irqrestore+0x28/0x60
[  123.708384]  ? purge_vmap_area_lazy+0x110/0x110
[  123.708411]  __get_vm_area_node+0x13c/0x350
[  123.708434]  __vmalloc_node_range+0x247/0x1400
[  123.708457]  ? n_tty_open+0x16/0x170
[  123.708479]  ? lock_acquire+0x1b2/0x530
[  123.708510]  ? lock_release+0x3b2/0x750
[  123.708537]  ? n_tty_open+0x16/0x170
[  123.708566]  ? __vmalloc_node+0xf0/0xf0
[  123.708588]  ? _raw_spin_unlock_irqrestore+0x33/0x60
[  123.708622]  ? n_tty_open+0x16/0x170
[  123.708644]  __vmalloc_node+0xa8/0xf0
[  123.708665]  ? n_tty_open+0x16/0x170
[  123.708690]  n_tty_open+0x16/0x170
[  123.708712]  ? n_tty_set_termios+0x1010/0x1010
[  123.708736]  tty_ldisc_open+0xa2/0x120
[  123.708762]  tty_ldisc_setup+0x43/0x100
[  123.708790]  tty_init_dev.part.0+0x1fa/0x610
[  123.708814]  tty_open+0xbc0/0x1370
[  123.708839]  ? tty_init_dev+0x80/0x80
[  123.708860]  ? rwlock_bug.part.0+0x90/0x90
[  123.708894]  ? tty_init_dev+0x80/0x80
[  123.708915]  chrdev_open+0x268/0x6e0
[  123.708938]  ? cdev_device_add+0x220/0x220
[  123.708961]  ? fsnotify_perm.part.0+0x221/0x610
[  123.708988]  do_dentry_open+0x6ca/0x12b0
[  123.709012]  ? cdev_device_add+0x220/0x220
[  123.709036]  ? may_open+0x1f3/0x420
[  123.709055]  path_openat+0x19e1/0x2800
[  123.709082]  ? path_lookupat+0x850/0x850
[  123.709107]  do_filp_open+0x1b6/0x410
[  123.709128]  ? may_open_dev+0xf0/0xf0
[  123.709149]  ? find_held_lock+0x2c/0x110
[  123.709181]  ? rwlock_bug.part.0+0x90/0x90
[  123.709212]  ? _find_next_bit+0x1e5/0x260
[  123.709243]  ? _raw_spin_unlock+0x24/0x40
[  123.709271]  ? alloc_fd+0x2f0/0x700
[  123.709301]  do_sys_openat2+0x171/0x4c0
[  123.709328]  ? build_open_flags+0x6f0/0x6f0
[  123.709357]  ? syscall_enter_from_user_mode+0x18/0x50
[  123.709377]  ? perf_trace_preemptirq_template+0xa2/0x420
[  123.709410]  __x64_sys_openat+0x13f/0x1f0
[  123.709437]  ? __ia32_compat_sys_open+0x1c0/0x1c0
[  123.709467]  ? syscall_enter_from_user_mode+0x1d/0x50
[  123.709488]  ? syscall_enter_from_user_mode+0x1d/0x50
[  123.709511]  do_syscall_64+0x3b/0x90
[  123.709538]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  123.709570] RIP: 0033:0x7fcb5541ca04
[  123.709587] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[  123.709605] RSP: 002b:00007fcb529decc0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  123.709623] RAX: ffffffffffffffda RBX: 00007fcb5557cf60 RCX: 00007fcb5541ca04
[  123.709636] RDX: 0000000000000002 RSI: 00007fcb529ded60 RDI: 00000000ffffff9c
[  123.709649] RBP: 00007fcb529ded60 R08: 0000000000000000 R09: 000000000000000e
[  123.709661] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  123.709673] R13: 00007ffd3bf45e2f R14: 00007fcb529df300 R15: 0000000000022000
[  123.709695]  </TASK>
[  123.898780] WARNING: CPU: 1 PID: 3812 at kernel/events/core.c:2047 perf_group_detach+0x99e/0x12f0
[  123.900110] Modules linked in:
[  123.900603] CPU: 1 PID: 3812 Comm: syz-executor.4 Not tainted 6.0.0-rc6-next-20220920 #1
[  123.901797] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  123.903475] RIP: 0010:perf_group_detach+0x99e/0x12f0
[  123.904236] Code: 85 d5 f8 ff ff e8 a2 59 ee ff 65 44 8b 25 16 b3 aa 7e 31 ff 44 89 e6 e8 40 56 ee ff 45 85 e4 0f 84 0a 05 00 00 e8 82 59 ee ff <0f> 0b e9 a9 f8 ff ff e8 76 59 ee ff 65 8b 1d eb b2 aa 7e 31 ff 89
[  123.906929] RSP: 0018:ffff88806cf09e60 EFLAGS: 00010046
[  123.907724] RAX: 0000000080010002 RBX: ffff8880187885c8 RCX: 0000000000000000
[  123.908784] RDX: ffff88800d160000 RSI: ffffffff8157c2be RDI: 0000000000000005
[  123.909846] RBP: ffff8880187885c8 R08: 0000000000000005 R09: 0000000000000001
[  123.910939] R10: 0000000000000000 R11: ffffffff865ae05b R12: 0000000000000000
[  123.912008] R13: ffff888018788658 R14: ffff88803f33a000 R15: ffff8880187885c8
[  123.913072] FS:  00007fcb529df700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
[  123.914284] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  123.915153] CR2: 00007fc825782260 CR3: 000000001ec4e000 CR4: 0000000000350ee0
[  123.916222] Call Trace:
[  123.916619]  <IRQ>
[  123.916960]  ? event_sched_out+0xd8/0xcd0
[  123.917588]  __perf_remove_from_context+0x71e/0xb20
[  123.918359]  event_function+0x297/0x3d0
[  123.918967]  ? perf_output_read+0xf80/0xf80
[  123.919637]  remote_function+0x125/0x1b0
[  123.920268]  __flush_smp_call_function_queue+0x1df/0x5a0
[  123.921083]  ? perf_duration_warn+0x40/0x40
[  123.921740]  __sysvec_call_function_single+0x92/0x3a0
[  123.922534]  sysvec_call_function_single+0x89/0xc0
[  123.923292]  </IRQ>
[  123.923637]  <TASK>
[  123.923986]  asm_sysvec_call_function_single+0x16/0x20
[  123.924774] RIP: 0010:filter_irq_stacks+0x26/0x90
[  123.925520] Code: 51 ff ff ff 41 54 41 89 f4 55 53 48 83 ec 08 85 f6 74 30 48 bd 00 00 00 00 00 fc ff df 31 db 48 89 f8 48 c1 e8 03 80 3c 28 00 <75> 53 48 8b 07 48 3d f0 01 40 84 72 1c 48 3d d0 0e 40 84 73 14 44
[  123.928224] RSP: 0018:ffff88801d91f1e8 EFLAGS: 00000246
[  123.929030] RAX: 1ffff11003b23e61 RBX: 0000000000000013 RCX: 0000000000000cc0
[  123.930120] RDX: 0000000000000000 RSI: 0000000000000015 RDI: ffff88801d91f308
[  123.931191] RBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000000
[  123.932267] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000015
[  123.933345] R13: 0000000000000001 R14: 0000000000000cc0 R15: ffff88801d91f270
[  123.934442]  __stack_depot_save+0x3a/0x4a0
[  123.935094]  kasan_save_stack+0x31/0x40
[  123.935704]  ? kasan_save_stack+0x1e/0x40
[  123.936338]  ? kasan_set_track+0x21/0x30
[  123.936959]  ? __kasan_slab_alloc+0x58/0x70
[  123.937613]  ? kmem_cache_alloc_node+0x1be/0x3e0
[  123.938357]  ? alloc_vmap_area+0x170/0x1c90
[  123.939011]  ? __get_vm_area_node+0x13c/0x350
[  123.939698]  ? __vmalloc_node_range+0x247/0x1400
[  123.940425]  ? __vmalloc_node+0xa8/0xf0
[  123.941029]  ? n_tty_open+0x16/0x170
[  123.941603]  ? tty_ldisc_open+0xa2/0x120
[  123.942239]  ? tty_ldisc_setup+0x43/0x100
[  123.942874]  ? tty_init_dev.part.0+0x1fa/0x610
[  123.943568]  ? tty_open+0xbc0/0x1370
[  123.944150]  ? chrdev_open+0x268/0x6e0
[  123.944745]  ? do_dentry_open+0x6ca/0x12b0
[  123.945400]  ? path_openat+0x19e1/0x2800
[  123.946031]  ? do_filp_open+0x1b6/0x410
[  123.946634]  ? do_sys_openat2+0x171/0x4c0
[  123.947270]  ? __x64_sys_openat+0x13f/0x1f0
[  123.947927]  ? do_syscall_64+0x3b/0x90
[  123.948532]  ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  123.949361]  ? lock_is_held_type+0xd7/0x130
[  123.950036]  ? find_held_lock+0x2c/0x110
[  123.950668]  ? lock_release+0x3b2/0x750
[  123.951289]  ? kmem_cache_alloc_node+0x41/0x3e0
[  123.952007]  ? lock_is_held_type+0xd7/0x130
[  123.952662]  kasan_set_track+0x21/0x30
[  123.953260]  __kasan_slab_alloc+0x58/0x70
[  123.953904]  kmem_cache_alloc_node+0x1be/0x3e0
[  123.954630]  alloc_vmap_area+0x170/0x1c90
[  123.955294]  ? mark_held_locks+0x9e/0xe0
[  123.955924]  ? _raw_spin_unlock_irqrestore+0x28/0x60
[  123.956709]  ? purge_vmap_area_lazy+0x110/0x110
[  123.957433]  __get_vm_area_node+0x13c/0x350
[  123.958100]  __vmalloc_node_range+0x247/0x1400
[  123.958797]  ? n_tty_open+0x16/0x170
[  123.959367]  ? lock_acquire+0x1b2/0x530
[  123.959985]  ? lock_release+0x3b2/0x750
[  123.960596]  ? n_tty_open+0x16/0x170
[  123.961172]  ? __vmalloc_node+0xf0/0xf0
[  123.961780]  ? _raw_spin_unlock_irqrestore+0x33/0x60
[  123.962567]  ? n_tty_open+0x16/0x170
[  123.963139]  __vmalloc_node+0xa8/0xf0
[  123.963720]  ? n_tty_open+0x16/0x170
[  123.964302]  n_tty_open+0x16/0x170
[  123.964851]  ? n_tty_set_termios+0x1010/0x1010
[  123.965548]  tty_ldisc_open+0xa2/0x120
[  123.966172]  tty_ldisc_setup+0x43/0x100
[  123.966780]  tty_init_dev.part.0+0x1fa/0x610
[  123.967465]  tty_open+0xbc0/0x1370
[  123.968019]  ? tty_init_dev+0x80/0x80
[  123.968605]  ? rwlock_bug.part.0+0x90/0x90
[  123.969264]  ? tty_init_dev+0x80/0x80
[  123.969848]  chrdev_open+0x268/0x6e0
[  123.970425]  ? cdev_device_add+0x220/0x220
[  123.971069]  ? fsnotify_perm.part.0+0x221/0x610
[  123.971787]  do_dentry_open+0x6ca/0x12b0
[  123.972411]  ? cdev_device_add+0x220/0x220
[  123.973059]  ? may_open+0x1f3/0x420
[  123.973620]  path_openat+0x19e1/0x2800
[  123.974238]  ? path_lookupat+0x850/0x850
[  123.974867]  do_filp_open+0x1b6/0x410
[  123.975452]  ? may_open_dev+0xf0/0xf0
[  123.976038]  ? find_held_lock+0x2c/0x110
[  123.976680]  ? rwlock_bug.part.0+0x90/0x90
[  123.977333]  ? _find_next_bit+0x1e5/0x260
[  123.978001]  ? _raw_spin_unlock+0x24/0x40
[  123.978651]  ? alloc_fd+0x2f0/0x700
[  123.979228]  do_sys_openat2+0x171/0x4c0
[  123.979851]  ? build_open_flags+0x6f0/0x6f0
[  123.980518]  ? syscall_enter_from_user_mode+0x18/0x50
[  123.981298]  ? perf_trace_preemptirq_template+0xa2/0x420
[  123.982140]  __x64_sys_openat+0x13f/0x1f0
[  123.982779]  ? __ia32_compat_sys_open+0x1c0/0x1c0
[  123.983526]  ? syscall_enter_from_user_mode+0x1d/0x50
[  123.984316]  ? syscall_enter_from_user_mode+0x1d/0x50
[  123.985098]  do_syscall_64+0x3b/0x90
[  123.985678]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  123.986495] RIP: 0033:0x7fcb5541ca04
[  123.987065] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[  123.989785] RSP: 002b:00007fcb529decc0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  123.990931] RAX: ffffffffffffffda RBX: 00007fcb5557cf60 RCX: 00007fcb5541ca04
[  123.991935] RDX: 0000000000000002 RSI: 00007fcb529ded60 RDI: 00000000ffffff9c
[  123.992895] RBP: 00007fcb529ded60 R08: 0000000000000000 R09: 000000000000000e
[  123.993864] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  123.994831] R13: 00007ffd3bf45e2f R14: 00007fcb529df300 R15: 0000000000022000
[  123.995804]  </TASK>
[  123.996132] irq event stamp: 2366
[  123.996606] hardirqs last  enabled at (2365): [<ffffffff842630f8>] _raw_spin_unlock_irqrestore+0x28/0x60
[  123.997882] hardirqs last disabled at (2366): [<ffffffff84241fcb>] sysvec_call_function_single+0xb/0xc0
[  123.999174] softirqs last  enabled at (2024): [<ffffffff811709ab>] __irq_exit_rcu+0x11b/0x180
[  124.000328] softirqs last disabled at (1913): [<ffffffff811709ab>] __irq_exit_rcu+0x11b/0x180
[  124.001497] ---[ end trace 0000000000000000 ]---
12:50:32 executing program 7:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500))

12:50:32 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000280), 0x0, 0x0)
ioctl$SG_SET_DEBUG(r0, 0x227e, 0x0)

12:50:32 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000140)=0x2, 0x4)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000200)=0x6, 0x4)

12:50:32 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000140)=0x2, 0x4)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000200)=0x6, 0x4)

12:50:32 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000140)=0x2, 0x4)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000200)=0x6, 0x4)

12:50:32 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000140)=0x2, 0x4)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000200)=0x6, 0x4)

12:50:32 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000140)=0x2, 0x4)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000200)=0x6, 0x4)

12:50:32 executing program 7:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000140)=0x2, 0x4)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000200)=0x6, 0x4)

[  125.743942] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
[  125.744803] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] 
[  125.745319] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present
[  125.745798] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 08 00
[  125.746369] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 4 prio class 2
[  125.747685] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  125.748120] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  125.748723] Buffer I/O error on dev sr0, logical block 0, async page read
[  125.749413] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  125.749816] I/O error, dev sr0, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  125.750440] Buffer I/O error on dev sr0, logical block 1, async page read
[  125.751235] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  125.751664] I/O error, dev sr0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  125.752305] Buffer I/O error on dev sr0, logical block 2, async page read
[  125.753108] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  125.753525] I/O error, dev sr0, sector 3 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  125.754192] Buffer I/O error on dev sr0, logical block 3, async page read
[  125.754885] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  125.755327] I/O error, dev sr0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  125.755961] Buffer I/O error on dev sr0, logical block 4, async page read
[  125.756657] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  125.757101] I/O error, dev sr0, sector 5 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  125.757721] Buffer I/O error on dev sr0, logical block 5, async page read
[  125.758447] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  125.758859] I/O error, dev sr0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  125.759503] Buffer I/O error on dev sr0, logical block 6, async page read
[  125.760233] sr 1:0:0:0: [sr0] tag#0 unaligned transfer
[  125.760648] I/O error, dev sr0, sector 7 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  125.761285] Buffer I/O error on dev sr0, logical block 7, async page read
[  128.445165] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  128.462157] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  128.463558] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  128.466065] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  128.468072] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  128.469933] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  128.473813] Bluetooth: hci2: HCI_REQ-0x0c1a
[  130.484071] Bluetooth: hci2: command 0x0409 tx timeout
[  130.484579] Bluetooth: hci0: Opcode 0x c03 failed: -110
[  130.548000] Bluetooth: hci4: Opcode 0x c03 failed: -110
[  130.548000] Bluetooth: hci6: Opcode 0x c03 failed: -110
[  132.532055] Bluetooth: hci2: command 0x041b tx timeout

VM DIAGNOSIS:
12:50:31  Registers:
info registers vcpu 0
RAX=0000000000000000 RBX=1ffff11002fdff44 RCX=0000000000000000 RDX=ffff88800d165040
RSI=ffffffff813bc3e3 RDI=0000000000000005 RBP=ffff888017effad8 RSP=ffff888017effa00
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001
R12=0000000000000001 R13=0000000000000000 R14=0000000000000000 R15=0000000000000200
RIP=ffffffff813bc3e5 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000555556838400 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fcb529be718 CR3=000000001ec4e000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 00007fcb555507c0 00007fcb555507c8
YMM02=0000000000000000 0000000000000000 00007fcb555507e0 00007fcb555507c0
YMM03=0000000000000000 0000000000000000 00007fcb555507c8 00007fcb555507c0
YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1
RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=ffffffff822b14cc RDI=ffffffff87643ba0 RBP=ffffffff87643b60 RSP=ffff88806cf09820
R8 =0000000000000004 R9 =0000000000000010 R10=000000000000000f R11=0000000000000001
R12=0000000000002710 R13=0000000000000060 R14=fffffbfff0ec87c3 R15=dffffc0000000000
RIP=ffffffff822b1521 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fcb529df700 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fc825782260 CR3=000000001ec4e000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 00000000000000ff
YMM01=0000000000000000 0000000000000000 2525252525252525 2525252525252525
YMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM04=0000000000000000 0000000000000000 0000000000000000 00000000000000ff
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000