Warning: Permanently added '[localhost]:25985' (ECDSA) to the list of known hosts. 2023/02/17 10:49:46 fuzzer started 2023/02/17 10:49:46 dialing manager at localhost:38367 2023/02/17 10:49:46 checking machine... 2023/02/17 10:49:46 checking revisions... syzkaller login: [ 35.416768] kmemleak: Automatic memory scanning thread ended 2023/02/17 10:49:46 testing simple program... [ 35.487768] cgroup: Unknown subsys name 'net' [ 35.568647] cgroup: Unknown subsys name 'rlimit' executing program executing program executing program executing program [ 49.277037] audit: type=1400 audit(1676631000.805:6): avc: denied { execmem } for pid=258 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 executing program [ 50.422778] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 50.426577] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 50.429262] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 50.434129] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 50.436795] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 50.438447] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 52.500552] Bluetooth: hci0: command 0x0409 tx timeout executing program [ 54.547921] Bluetooth: hci0: command 0x041b tx timeout executing program [ 56.595944] Bluetooth: hci0: command 0x040f tx timeout [ 58.644061] Bluetooth: hci0: command 0x0419 tx timeout executing program executing program executing program [ 66.745796] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.746904] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.749041] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 66.795033] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.796420] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.798505] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2023/02/17 10:50:18 building call list... executing program [ 69.646244] audit: type=1400 audit(1676631021.175:7): avc: denied { create } for pid=237 comm="syz-fuzzer" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1 executing program 2023/02/17 10:50:24 syscalls: 2217 2023/02/17 10:50:24 code coverage: enabled 2023/02/17 10:50:24 comparison tracing: enabled 2023/02/17 10:50:24 extra coverage: enabled 2023/02/17 10:50:24 setuid sandbox: enabled 2023/02/17 10:50:24 namespace sandbox: enabled 2023/02/17 10:50:24 Android sandbox: enabled 2023/02/17 10:50:24 fault injection: enabled 2023/02/17 10:50:24 leak checking: enabled 2023/02/17 10:50:24 net packet injection: enabled 2023/02/17 10:50:24 net device setup: enabled 2023/02/17 10:50:24 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2023/02/17 10:50:24 devlink PCI setup: PCI device 0000:00:10.0 is not available 2023/02/17 10:50:24 USB emulation: enabled 2023/02/17 10:50:24 hci packet injection: enabled 2023/02/17 10:50:24 wifi device emulation: enabled 2023/02/17 10:50:24 802.15.4 emulation: enabled 2023/02/17 10:50:24 fetching corpus: 0, signal 0/0 (executing program) 2023/02/17 10:50:24 fetching corpus: 0, signal 0/0 (executing program) 2023/02/17 10:50:25 starting 8 fuzzer processes 10:50:25 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSTI(r0, 0x560d, &(0x7f0000000080)) 10:50:25 executing program 1: ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, 0x0) mq_open(&(0x7f0000000000)='@\x00', 0xc1, 0xb2, 0x0) mq_open(&(0x7f0000000000)='@\x00', 0xc1, 0xb2, &(0x7f0000000040)={0xa554, 0x7, 0x8001, 0x8}) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)={0x200017e}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x9, &(0x7f0000000140)=0x0) r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) io_submit(r0, 0x1, &(0x7f00000005c0)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f00000001c0)=')', 0x1}]) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) lsetxattr(&(0x7f00000000c0)='.\x00', &(0x7f0000000140)=@known='security.selinux\x00', &(0x7f0000000180)='\x00', 0x1, 0x0) 10:50:25 executing program 2: r0 = socket$unix(0x1, 0x5, 0x0) io_setup(0x4e, &(0x7f0000000000)=0x0) io_submit(r1, 0x2, &(0x7f00000001c0)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0}, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0, 0x0, 0x80}]) 10:50:25 executing program 3: munmap(&(0x7f0000000000/0x2000)=nil, 0x2000) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000000)="e65acea2ec742de264970a5968d4eef0", 0x10) 10:50:25 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000002380), 0x0, 0x0) ioctl$EVIOCSCLOCKID(r0, 0x400445a0, &(0x7f0000000000)=0x1) 10:50:25 executing program 7: futex(0x0, 0x85, 0x0, 0x0, 0x0, 0xff600000) 10:50:25 executing program 5: r0 = syz_io_uring_setup(0x52d2, &(0x7f0000000080)={0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)) syz_io_uring_setup(0x2b2, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000000)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x1, 0x0, 0x0, 0x0, 0x0) 10:50:25 executing program 6: r0 = getpid() r1 = pidfd_open(r0, 0x0) pidfd_send_signal(r1, 0x0, &(0x7f0000000200)={0x11, 0x0, 0x2}, 0x0) [ 75.304829] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 75.306729] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 75.308935] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 75.309903] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 75.311200] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 75.312143] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 75.317210] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 75.318254] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 75.321715] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 75.322398] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 75.324821] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 75.330808] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 75.376940] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 75.393059] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 75.394569] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 75.397961] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 75.399060] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 75.401659] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 75.402758] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 75.404575] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 75.405555] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 75.406793] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 75.408601] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 75.410915] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 75.413009] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 75.414089] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 75.419308] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 75.422595] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 75.424325] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 75.425529] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 75.443671] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 75.446107] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 75.447334] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 75.451517] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 75.452843] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 75.457739] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 75.459688] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 75.473578] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 75.474722] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 75.477194] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 75.478503] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 75.479641] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 75.483397] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 75.484561] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 75.486255] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 75.487426] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 75.488364] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 75.489737] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 77.397064] Bluetooth: hci1: command 0x0409 tx timeout [ 77.460123] Bluetooth: hci0: command 0x0409 tx timeout [ 77.461114] Bluetooth: hci2: command 0x0409 tx timeout [ 77.462060] Bluetooth: hci7: command 0x0409 tx timeout [ 77.462956] Bluetooth: hci6: command 0x0409 tx timeout [ 77.524008] Bluetooth: hci4: command 0x0409 tx timeout [ 77.525023] Bluetooth: hci5: command 0x0409 tx timeout [ 77.526005] Bluetooth: hci3: command 0x0409 tx timeout [ 79.443959] Bluetooth: hci1: command 0x041b tx timeout [ 79.508188] Bluetooth: hci6: command 0x041b tx timeout [ 79.508598] Bluetooth: hci7: command 0x041b tx timeout [ 79.509041] Bluetooth: hci2: command 0x041b tx timeout [ 79.509417] Bluetooth: hci0: command 0x041b tx timeout [ 79.571970] Bluetooth: hci3: command 0x041b tx timeout [ 79.572382] Bluetooth: hci5: command 0x041b tx timeout [ 79.572758] Bluetooth: hci4: command 0x041b tx timeout [ 79.984885] WARNING: stack going in the wrong direction? at do_syscall_64+0x3f/0x90 [ 81.491937] Bluetooth: hci1: command 0x040f tx timeout [ 81.555985] Bluetooth: hci0: command 0x040f tx timeout [ 81.556393] Bluetooth: hci2: command 0x040f tx timeout [ 81.556750] Bluetooth: hci7: command 0x040f tx timeout [ 81.557159] Bluetooth: hci6: command 0x040f tx timeout [ 81.619964] Bluetooth: hci4: command 0x040f tx timeout [ 81.620393] Bluetooth: hci5: command 0x040f tx timeout [ 81.620747] Bluetooth: hci3: command 0x040f tx timeout [ 83.539937] Bluetooth: hci1: command 0x0419 tx timeout [ 83.603932] Bluetooth: hci6: command 0x0419 tx timeout [ 83.604349] Bluetooth: hci7: command 0x0419 tx timeout [ 83.604722] Bluetooth: hci2: command 0x0419 tx timeout [ 83.605262] Bluetooth: hci0: command 0x0419 tx timeout [ 83.667915] Bluetooth: hci3: command 0x0419 tx timeout [ 83.668333] Bluetooth: hci5: command 0x0419 tx timeout [ 83.668702] Bluetooth: hci4: command 0x0419 tx timeout VM DIAGNOSIS: 10:50:31 Registers: info registers vcpu 0 RAX=dffffc0000000000 RBX=0000000000000215 RCX=0000000000000000 RDX=1ffff11002b64170 RSI=0000000000000020 RDI=0000000000000000 RBP=ffff888015b20b60 RSP=ffff8880370e7a70 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=00005562e4f3c080 R13=0000000000100073 R14=ffff888015b20b80 R15=0000000000000020 RIP=ffffffff814b77c4 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe46fa66e000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe46fa66c000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00005562e4f3c080 CR3=000000000d500000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00362e6f732e6362696c2f756e672d78 XMM02=ffff0000000000ffffffffffffffffff XMM03=ffffffffffffffffffffffffffffffff XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=1ffffffff0bbac62 RBX=ffffffff85dd6310 RCX=ffffffff8173ebf7 RDX=0000000000000000 RSI=ffffffff86109364 RDI=ffffffff85dd62fc RBP=ffffffff85dd630c RSP=ffff88801e447518 R8 =ffffffff86109364 R9 =ffff88801e447610 R10=0000000000038001 R11=0000000000000001 R12=ffffffff85dd6314 R13=ffffffff85dd62fc R14=ffffffff85dd6308 R15=dffffc0000000000 RIP=ffffffff81131ebf RFL=00000212 [----A--] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f3779b65540 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe71316e3000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe71316e1000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fd909a90610 CR3=0000000020412000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=0000ff0000000000000000000000ff00 XMM01=ffff00ffffffffffffffffffffff00ff XMM02=4c4700362e322e325f4342494c470035 XMM03=00000000000000000000000000470035 XMM04=4342494c4700362e322e325f4342494c XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000