Warning: Permanently added '[localhost]:61241' (ECDSA) to the list of known hosts. 2023/02/14 10:48:34 fuzzer started 2023/02/14 10:48:34 dialing manager at localhost:38491 2023/02/14 10:48:34 checking machine... 2023/02/14 10:48:34 checking revisions... syzkaller login: [ 39.863763] kmemleak: Automatic memory scanning thread ended 2023/02/14 10:48:34 testing simple program... [ 39.937334] cgroup: Unknown subsys name 'net' [ 40.028865] cgroup: Unknown subsys name 'rlimit' executing program executing program executing program executing program [ 52.649634] audit: type=1400 audit(1676371727.448:6): avc: denied { execmem } for pid=260 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 53.748334] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 53.750009] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 53.752394] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 53.755773] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 53.757999] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 53.759495] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 executing program [ 55.819922] Bluetooth: hci0: command 0x0409 tx timeout executing program [ 57.867232] Bluetooth: hci0: command 0x041b tx timeout [ 59.915232] Bluetooth: hci0: command 0x040f tx timeout executing program [ 61.963252] Bluetooth: hci0: command 0x0419 tx timeout executing program executing program [ 67.222886] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.223878] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.226497] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 67.266653] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.267927] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.269971] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2023/02/14 10:49:02 building call list... executing program [ 70.220266] audit: type=1400 audit(1676371745.018:7): avc: denied { create } for pid=239 comm="syz-fuzzer" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1 executing program 2023/02/14 10:49:08 syscalls: 2217 2023/02/14 10:49:08 code coverage: enabled 2023/02/14 10:49:08 comparison tracing: enabled 2023/02/14 10:49:08 extra coverage: enabled 2023/02/14 10:49:08 setuid sandbox: enabled 2023/02/14 10:49:08 namespace sandbox: enabled 2023/02/14 10:49:08 Android sandbox: enabled 2023/02/14 10:49:08 fault injection: enabled 2023/02/14 10:49:08 leak checking: enabled 2023/02/14 10:49:08 net packet injection: enabled 2023/02/14 10:49:08 net device setup: enabled 2023/02/14 10:49:08 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2023/02/14 10:49:08 devlink PCI setup: PCI device 0000:00:10.0 is not available 2023/02/14 10:49:08 USB emulation: enabled 2023/02/14 10:49:08 hci packet injection: enabled 2023/02/14 10:49:08 wifi device emulation: enabled 2023/02/14 10:49:08 802.15.4 emulation: enabled 2023/02/14 10:49:08 fetching corpus: 0, signal 0/0 (executing program) 2023/02/14 10:49:08 fetching corpus: 0, signal 0/0 (executing program) 2023/02/14 10:49:09 starting 8 fuzzer processes 10:49:09 executing program 0: syz_io_uring_setup(0x2376, &(0x7f0000000080), &(0x7f0000ff4000/0x1000)=nil, &(0x7f0000ff8000/0x3000)=nil, 0x0, 0x0) move_pages(0x0, 0x1, &(0x7f0000000000)=[&(0x7f0000ff4000/0x1000)=nil], 0x0, &(0x7f0000000100), 0x0) 10:49:10 executing program 1: capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000580)) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000280)={@private0}, 0x14) 10:49:10 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='environ\x00') openat$vcsa(0xffffffffffffff9c, &(0x7f00000002c0), 0x80000, 0x0) dup(0xffffffffffffffff) r0 = clone3(&(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r1 = clone3(&(0x7f0000000640)={0x123363500, &(0x7f00000000c0), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) kcmp(r0, r1, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) 10:49:10 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) ioctl$SG_GET_SG_TABLESIZE(r0, 0x227b, &(0x7f0000000000)) 10:49:10 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)) 10:49:10 executing program 5: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000000)='devpts\x00', 0x0, 0x0) syz_mount_image$tmpfs(&(0x7f0000000240), &(0x7f0000000280)='./file1\x00', 0x0, 0x0, 0x0, 0x460, &(0x7f00000005c0)={[{@mode}]}) 10:49:10 executing program 6: r0 = timerfd_create(0x1, 0x0) timerfd_settime(r0, 0x1, &(0x7f0000000280)={{0x77359400}, {0x0, 0x3938700}}, 0x0) timerfd_gettime(r0, &(0x7f0000000000)) 10:49:10 executing program 7: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open$cgroup(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x4, 0x5, 0x81, 0x0, 0x20, 0xa620, 0xe, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x9, 0x3}, 0xc104c70d77f15d40, 0x1, 0x6, 0x0, 0x40, 0xc0000000, 0xfff7, 0x0, 0x0, 0x0, 0x2}, 0xffffffffffffffff, 0x2, r0, 0x4) syz_mount_image$tmpfs(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x30]}}}}]}) syz_mount_image$tmpfs(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="6d706f6c1e7072656665723a302c666d736e65723d", @ANYRESDEC=0xee01, @ANYBLOB=',\x00']) [ 76.578421] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.579819] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.582950] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.587926] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.590639] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 76.593476] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.655565] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 76.656944] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 76.658474] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 76.663766] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 76.666732] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 76.668351] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 76.669986] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 76.671236] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 76.672305] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 76.673292] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 76.675313] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 76.676237] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 76.677113] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 76.678040] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 76.680479] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 76.681658] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 76.684492] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 76.685049] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 76.687630] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 76.688794] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 76.689897] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 76.693935] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 76.696851] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 76.700119] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 76.700293] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 76.701014] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 76.704535] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 76.705714] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 76.706617] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 76.707592] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 76.709597] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 76.712406] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 76.713661] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 76.715022] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 76.716387] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 76.716675] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 76.717502] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 76.718991] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 76.719735] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 76.720696] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 76.721041] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 76.721867] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 78.667293] Bluetooth: hci0: command 0x0409 tx timeout [ 78.795306] Bluetooth: hci5: command 0x0409 tx timeout [ 78.795326] Bluetooth: hci3: command 0x0409 tx timeout [ 78.797769] Bluetooth: hci2: command 0x0409 tx timeout [ 78.797785] Bluetooth: hci1: command 0x0409 tx timeout [ 78.798392] Bluetooth: hci6: command 0x0409 tx timeout [ 78.798871] Bluetooth: hci4: command 0x0409 tx timeout [ 78.799410] Bluetooth: hci7: command 0x0409 tx timeout [ 80.715297] Bluetooth: hci0: command 0x041b tx timeout [ 80.843317] Bluetooth: hci4: command 0x041b tx timeout [ 80.843399] Bluetooth: hci6: command 0x041b tx timeout [ 80.843736] Bluetooth: hci1: command 0x041b tx timeout [ 80.844506] Bluetooth: hci2: command 0x041b tx timeout [ 80.844880] Bluetooth: hci5: command 0x041b tx timeout [ 80.845663] Bluetooth: hci7: command 0x041b tx timeout [ 80.845955] Bluetooth: hci3: command 0x041b tx timeout [ 82.763245] Bluetooth: hci0: command 0x040f tx timeout [ 82.891348] Bluetooth: hci7: command 0x040f tx timeout [ 82.891462] Bluetooth: hci3: command 0x040f tx timeout [ 82.891803] Bluetooth: hci5: command 0x040f tx timeout [ 82.892577] Bluetooth: hci6: command 0x040f tx timeout [ 82.892905] Bluetooth: hci2: command 0x040f tx timeout [ 82.893585] Bluetooth: hci1: command 0x040f tx timeout [ 82.893909] Bluetooth: hci4: command 0x040f tx timeout [ 84.811267] Bluetooth: hci0: command 0x0419 tx timeout [ 84.939281] Bluetooth: hci1: command 0x0419 tx timeout [ 84.939303] Bluetooth: hci2: command 0x0419 tx timeout [ 84.939723] Bluetooth: hci6: command 0x0419 tx timeout [ 84.940139] Bluetooth: hci5: command 0x0419 tx timeout [ 84.940556] Bluetooth: hci4: command 0x0419 tx timeout [ 84.940866] Bluetooth: hci3: command 0x0419 tx timeout [ 84.941231] Bluetooth: hci7: command 0x0419 tx timeout [ 95.162202] WARNING: stack going in the wrong direction? at do_syscall_64+0x3f/0x90 VM DIAGNOSIS: 10:49:30 Registers: info registers vcpu 0 RAX=00000000000017a0 RBX=00007f905bc169c0 RCX=00007f905bba8738 RDX=0000000000000012 RSI=0000000000000002 RDI=00007f905b9b0000 RBP=00007ffdad4dd330 RSP=00007ffdad4dd230 R8 =0000000000000000 R9 =00007f905bbbd090 R10=00007f905bd26d60 R11=00007f905bebb510 R12=0000000000000007 R13=000007e000000007 R14=00007f905bbb4438 R15=00007f905bebb510 RIP=00007f905becd780 RFL=00000202 [-------] CPL=3 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0033 0000000000000000 ffffffff 00a0fb00 DPL=3 CS64 [-RA] SS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f905b9b1540 00000000 00000000 GS =0000 0000000000000000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe6677351000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe667734f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f905bbaf504 CR3=000000000ee66000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00ff00000000000000000000000000ff XMM01=ff00ffffffffffffffffffffffffff00 XMM02=ff00ffffffffffffffffffffff000000 XMM03=000000000000000042494c4700352e32 XMM04=312e325f4342494c470035312e325f43 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000001 RBX=1ffff11002ca7ef2 RCX=0000000000000001 RDX=1ffff110040067db RSI=a86c9cabb782eb4d RDI=000000008e6ba823 RBP=0000000000000200 RSP=ffff88801653f778 R8 =0000000000000000 R9 =ffffffff87774947 R10=fffffbfff0eee928 R11=0000000000000001 R12=ffffffff8560a940 R13=0000000000000000 R14=ffff888020033580 R15=ffff888018702000 RIP=ffffffff812d5dbf RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe14e0d92000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe14e0d90000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f4c59edd1f0 CR3=000000001a4a0000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=322e6f732e6c6462696c2f756e672d78 XMM02=00322e6f732e6c6462696c2f756e672d XMM03=78756e696c2d34365f3638782f62696c XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000