Warning: Permanently added '[localhost]:24606' (ECDSA) to the list of known hosts.
2022/09/23 12:41:55 fuzzer started
2022/09/23 12:41:56 dialing manager at localhost:38881
syzkaller login: [ 43.629793] cgroup: Unknown subsys name 'net'
[ 43.822841] cgroup: Unknown subsys name 'rlimit'
2022/09/23 12:42:11 syscalls: 2215
2022/09/23 12:42:11 code coverage: enabled
2022/09/23 12:42:11 comparison tracing: enabled
2022/09/23 12:42:11 extra coverage: enabled
2022/09/23 12:42:11 setuid sandbox: enabled
2022/09/23 12:42:11 namespace sandbox: enabled
2022/09/23 12:42:11 Android sandbox: enabled
2022/09/23 12:42:11 fault injection: enabled
2022/09/23 12:42:11 leak checking: enabled
2022/09/23 12:42:11 net packet injection: enabled
2022/09/23 12:42:11 net device setup: enabled
2022/09/23 12:42:11 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2022/09/23 12:42:11 devlink PCI setup: PCI device 0000:00:10.0 is not available
2022/09/23 12:42:11 USB emulation: enabled
2022/09/23 12:42:11 hci packet injection: enabled
2022/09/23 12:42:11 wifi device emulation: failed to parse kernel version (6.0.0-rc6-next-20220923������������������������������������������)
2022/09/23 12:42:11 802.15.4 emulation: enabled
2022/09/23 12:42:11 fetching corpus: 0, signal 0/2000 (executing program)
2022/09/23 12:42:11 fetching corpus: 42, signal 19036/22628 (executing program)
2022/09/23 12:42:11 fetching corpus: 92, signal 33038/37988 (executing program)
2022/09/23 12:42:11 fetching corpus: 142, signal 43479/49604 (executing program)
2022/09/23 12:42:11 fetching corpus: 192, signal 48528/55889 (executing program)
2022/09/23 12:42:11 fetching corpus: 242, signal 61336/69278 (executing program)
2022/09/23 12:42:11 fetching corpus: 292, signal 65638/74564 (executing program)
2022/09/23 12:42:12 fetching corpus: 342, signal 72083/81725 (executing program)
2022/09/23 12:42:12 fetching corpus: 392, signal 76947/87357 (executing program)
2022/09/23 12:42:12 fetching corpus: 442, signal 79793/91011 (executing program)
2022/09/23 12:42:12 fetching corpus: 492, signal 82166/94244 (executing program)
2022/09/23 12:42:12 fetching corpus: 542, signal 87751/100216 (executing program)
2022/09/23 12:42:12 fetching corpus: 592, signal 90307/103449 (executing program)
2022/09/23 12:42:12 fetching corpus: 642, signal 91685/105620 (executing program)
2022/09/23 12:42:13 fetching corpus: 692, signal 94357/108859 (executing program)
2022/09/23 12:42:13 fetching corpus: 742, signal 96174/111307 (executing program)
2022/09/23 12:42:13 fetching corpus: 792, signal 97790/113544 (executing program)
2022/09/23 12:42:13 fetching corpus: 842, signal 101167/117183 (executing program)
2022/09/23 12:42:13 fetching corpus: 892, signal 103079/119561 (executing program)
2022/09/23 12:42:13 fetching corpus: 942, signal 106435/123031 (executing program)
2022/09/23 12:42:13 fetching corpus: 992, signal 108316/125351 (executing program)
2022/09/23 12:42:13 fetching corpus: 1042, signal 110170/127590 (executing program)
2022/09/23 12:42:13 fetching corpus: 1092, signal 111670/129520 (executing program)
2022/09/23 12:42:14 fetching corpus: 1142, signal 112988/131227 (executing program)
2022/09/23 12:42:14 fetching corpus: 1192, signal 114892/133412 (executing program)
2022/09/23 12:42:14 fetching corpus: 1242, signal 116923/135643 (executing program)
2022/09/23 12:42:14 fetching corpus: 1292, signal 118242/137287 (executing program)
2022/09/23 12:42:14 fetching corpus: 1342, signal 119974/139225 (executing program)
2022/09/23 12:42:14 fetching corpus: 1392, signal 121556/140967 (executing program)
2022/09/23 12:42:14 fetching corpus: 1442, signal 122536/142320 (executing program)
2022/09/23 12:42:14 fetching corpus: 1492, signal 124033/144017 (executing program)
2022/09/23 12:42:15 fetching corpus: 1542, signal 125521/145610 (executing program)
2022/09/23 12:42:15 fetching corpus: 1592, signal 126897/147144 (executing program)
2022/09/23 12:42:15 fetching corpus: 1642, signal 128476/148842 (executing program)
2022/09/23 12:42:15 fetching corpus: 1692, signal 129219/149970 (executing program)
2022/09/23 12:42:15 fetching corpus: 1742, signal 131166/151800 (executing program)
2022/09/23 12:42:15 fetching corpus: 1792, signal 132626/153249 (executing program)
2022/09/23 12:42:15 fetching corpus: 1842, signal 134355/154805 (executing program)
2022/09/23 12:42:15 fetching corpus: 1892, signal 135282/155868 (executing program)
2022/09/23 12:42:15 fetching corpus: 1942, signal 136710/157186 (executing program)
2022/09/23 12:42:16 fetching corpus: 1992, signal 138305/158693 (executing program)
2022/09/23 12:42:16 fetching corpus: 2042, signal 139584/159854 (executing program)
2022/09/23 12:42:16 fetching corpus: 2092, signal 141384/161297 (executing program)
2022/09/23 12:42:16 fetching corpus: 2142, signal 142112/162175 (executing program)
2022/09/23 12:42:16 fetching corpus: 2192, signal 143355/163239 (executing program)
2022/09/23 12:42:16 fetching corpus: 2242, signal 144977/164472 (executing program)
2022/09/23 12:42:16 fetching corpus: 2292, signal 145430/165138 (executing program)
2022/09/23 12:42:16 fetching corpus: 2342, signal 146981/166276 (executing program)
2022/09/23 12:42:16 fetching corpus: 2392, signal 147837/167081 (executing program)
2022/09/23 12:42:17 fetching corpus: 2442, signal 148859/167991 (executing program)
2022/09/23 12:42:17 fetching corpus: 2492, signal 149634/168732 (executing program)
2022/09/23 12:42:17 fetching corpus: 2542, signal 150716/169592 (executing program)
2022/09/23 12:42:17 fetching corpus: 2592, signal 152174/170556 (executing program)
2022/09/23 12:42:17 fetching corpus: 2642, signal 152791/171182 (executing program)
2022/09/23 12:42:17 fetching corpus: 2692, signal 154256/172056 (executing program)
2022/09/23 12:42:17 fetching corpus: 2742, signal 155014/172695 (executing program)
2022/09/23 12:42:17 fetching corpus: 2792, signal 155915/173347 (executing program)
2022/09/23 12:42:17 fetching corpus: 2842, signal 157131/174145 (executing program)
2022/09/23 12:42:17 fetching corpus: 2892, signal 157952/174719 (executing program)
2022/09/23 12:42:18 fetching corpus: 2942, signal 158887/175358 (executing program)
2022/09/23 12:42:18 fetching corpus: 2992, signal 159896/176007 (executing program)
2022/09/23 12:42:18 fetching corpus: 3042, signal 160591/176490 (executing program)
2022/09/23 12:42:18 fetching corpus: 3092, signal 161976/177214 (executing program)
2022/09/23 12:42:18 fetching corpus: 3142, signal 162449/177610 (executing program)
2022/09/23 12:42:18 fetching corpus: 3192, signal 163209/178029 (executing program)
2022/09/23 12:42:18 fetching corpus: 3242, signal 164305/178574 (executing program)
2022/09/23 12:42:18 fetching corpus: 3292, signal 164738/178871 (executing program)
2022/09/23 12:42:19 fetching corpus: 3342, signal 165446/179258 (executing program)
2022/09/23 12:42:19 fetching corpus: 3392, signal 166348/179657 (executing program)
2022/09/23 12:42:19 fetching corpus: 3442, signal 167010/179987 (executing program)
2022/09/23 12:42:19 fetching corpus: 3492, signal 167934/180366 (executing program)
2022/09/23 12:42:19 fetching corpus: 3542, signal 169209/180762 (executing program)
2022/09/23 12:42:19 fetching corpus: 3592, signal 169860/181022 (executing program)
2022/09/23 12:42:19 fetching corpus: 3642, signal 170855/181353 (executing program)
2022/09/23 12:42:19 fetching corpus: 3692, signal 171462/181605 (executing program)
2022/09/23 12:42:20 fetching corpus: 3742, signal 172344/181867 (executing program)
2022/09/23 12:42:20 fetching corpus: 3792, signal 173276/182140 (executing program)
2022/09/23 12:42:20 fetching corpus: 3842, signal 174237/182385 (executing program)
2022/09/23 12:42:20 fetching corpus: 3892, signal 174859/182557 (executing program)
2022/09/23 12:42:20 fetching corpus: 3942, signal 175894/182815 (executing program)
2022/09/23 12:42:20 fetching corpus: 3992, signal 176836/182998 (executing program)
2022/09/23 12:42:20 fetching corpus: 4042, signal 177538/183155 (executing program)
2022/09/23 12:42:21 fetching corpus: 4092, signal 178701/183350 (executing program)
2022/09/23 12:42:21 fetching corpus: 4112, signal 178918/183478 (executing program)
2022/09/23 12:42:21 fetching corpus: 4112, signal 178918/183528 (executing program)
2022/09/23 12:42:21 fetching corpus: 4112, signal 178918/183579 (executing program)
2022/09/23 12:42:21 fetching corpus: 4112, signal 178918/183622 (executing program)
2022/09/23 12:42:21 fetching corpus: 4112, signal 178918/183679 (executing program)
2022/09/23 12:42:21 fetching corpus: 4112, signal 178918/183726 (executing program)
2022/09/23 12:42:21 fetching corpus: 4112, signal 178918/183766 (executing program)
2022/09/23 12:42:21 fetching corpus: 4112, signal 178918/183766 (executing program)
2022/09/23 12:42:23 starting 8 fuzzer processes
12:42:23 executing program 0:
set_mempolicy(0x0, &(0x7f0000000000)=0x1, 0x8)
set_mempolicy(0x0, &(0x7f0000000040)=0x6, 0x7ff)
set_mempolicy(0x0, &(0x7f0000000080)=0x1, 0xfffffffffffffffc)
set_mempolicy(0x0, &(0x7f00000000c0)=0x8, 0xa9)
set_mempolicy(0x3, &(0x7f0000000100)=0x8, 0x6)
set_mempolicy(0x3, &(0x7f0000000140)=0x8, 0x5)
set_mempolicy(0x0, &(0x7f0000000180), 0x1)
set_mempolicy(0x4000, &(0x7f00000001c0)=0x9f1, 0xfffffffffffeffff)
set_mempolicy(0x2, &(0x7f0000000200)=0xee, 0x0)
set_mempolicy(0x1, &(0x7f0000000240)=0x4, 0x1)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x34, &(0x7f0000000280)={0x10, 0x3, 0x2})
set_mempolicy(0x0, &(0x7f0000000300)=0x5, 0x1)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000380))
12:42:23 executing program 1:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, 0x0, 0x0)
12:42:23 executing program 2:
syz_emit_ethernet(0x1d, &(0x7f0000000000)={@local, @random="7700c24d06a7", @void, {@ipv4={0x800, @igmp={{0x6, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x2, 0x0, @dev, @private, {[@lsrr={0x83, 0x1}]}}, {0x0, 0x0, 0x0, @dev}}}}}, 0x0)
[ 71.043962] audit: type=1400 audit(1663936943.716:6): avc: denied { execmem } for pid=287 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
12:42:23 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0)
ioctl$BLKTRACESETUP(r0, 0x2288, &(0x7f0000000000))
12:42:23 executing program 3:
keyctl$KEYCTL_PKEY_VERIFY(0xe, &(0x7f0000000c00), 0x0, 0x0, 0x0)
12:42:23 executing program 5:
syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, &(0x7f0000001540)={[{@jqfmt_vfsold}, {@journal_checksum}, {@noacl}], [{@smackfshat={'smackfshat', 0x3d, ']\f-['}}]})
12:42:23 executing program 6:
r0 = epoll_create1(0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000bc0)={<r1=>0xffffffffffffffff})
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000c00)={0x4})
12:42:23 executing program 7:
r0 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="fd", 0x1, r0)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, &(0x7f0000000180)='asymmetric\x00', &(0x7f00000000c0)=@keyring={'key_or_keyring:', r1})
keyctl$KEYCTL_MOVE(0x1e, r1, r0, r2, 0x0)
[ 72.366913] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 72.369113] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 72.370778] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 72.374158] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 72.404128] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 72.405560] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 72.406764] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 72.407975] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 72.410765] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 72.413075] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 72.414546] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 72.416223] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 72.417463] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 72.418713] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 72.420059] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 72.421342] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 72.422983] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 72.424313] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 72.428622] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 72.430254] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 72.431426] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 72.435745] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 72.437153] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 72.438400] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 72.439792] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 72.445724] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 72.450427] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 72.455250] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 72.456833] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 72.458303] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 72.459500] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 72.460828] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 72.462515] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 72.463811] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 72.468437] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 72.469755] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 72.469964] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 72.474258] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 72.475601] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 72.477437] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[ 72.478772] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[ 72.480258] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 72.480857] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 72.484942] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 72.489172] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 72.494946] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 72.496054] Bluetooth: hci7: HCI_REQ-0x0c1a
[ 72.498115] Bluetooth: hci4: HCI_REQ-0x0c1a
[ 72.498682] Bluetooth: hci1: HCI_REQ-0x0c1a
[ 72.499291] Bluetooth: hci0: HCI_REQ-0x0c1a
[ 72.499770] Bluetooth: hci2: HCI_REQ-0x0c1a
[ 72.504801] Bluetooth: hci3: HCI_REQ-0x0c1a
[ 72.515502] Bluetooth: hci6: HCI_REQ-0x0c1a
[ 72.519508] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[ 72.534291] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 72.539597] Bluetooth: hci5: HCI_REQ-0x0c1a
[ 74.548004] Bluetooth: hci5: command 0x0409 tx timeout
[ 74.548026] Bluetooth: hci0: command 0x0409 tx timeout
[ 74.549242] Bluetooth: hci7: command 0x0409 tx timeout
[ 74.550066] Bluetooth: hci6: command 0x0409 tx timeout
[ 74.550747] Bluetooth: hci1: command 0x0409 tx timeout
[ 74.551435] Bluetooth: hci4: command 0x0409 tx timeout
[ 74.552032] Bluetooth: hci3: command 0x0409 tx timeout
[ 74.612035] Bluetooth: hci2: command 0x0409 tx timeout
[ 76.594940] Bluetooth: hci4: command 0x041b tx timeout
[ 76.595023] Bluetooth: hci1: command 0x041b tx timeout
[ 76.595409] Bluetooth: hci6: command 0x041b tx timeout
[ 76.595837] Bluetooth: hci7: command 0x041b tx timeout
[ 76.596641] Bluetooth: hci0: command 0x041b tx timeout
[ 76.596964] Bluetooth: hci5: command 0x041b tx timeout
[ 76.597398] Bluetooth: hci3: command 0x041b tx timeout
[ 76.658925] Bluetooth: hci2: command 0x041b tx timeout
[ 78.643000] Bluetooth: hci5: command 0x040f tx timeout
[ 78.643084] Bluetooth: hci0: command 0x040f tx timeout
[ 78.643465] Bluetooth: hci7: command 0x040f tx timeout
[ 78.644176] Bluetooth: hci6: command 0x040f tx timeout
[ 78.645129] Bluetooth: hci3: command 0x040f tx timeout
[ 78.645222] Bluetooth: hci1: command 0x040f tx timeout
[ 78.645542] Bluetooth: hci4: command 0x040f tx timeout
[ 78.707940] Bluetooth: hci2: command 0x040f tx timeout
[ 80.690982] Bluetooth: hci1: command 0x0419 tx timeout
[ 80.691040] Bluetooth: hci4: command 0x0419 tx timeout
[ 80.691450] Bluetooth: hci3: command 0x0419 tx timeout
[ 80.692279] Bluetooth: hci7: command 0x0419 tx timeout
[ 80.692312] Bluetooth: hci6: command 0x0419 tx timeout
[ 80.692340] Bluetooth: hci0: command 0x0419 tx timeout
[ 80.692367] Bluetooth: hci5: command 0x0419 tx timeout
[ 80.754959] Bluetooth: hci2: command 0x0419 tx timeout
12:43:20 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0)
ioctl$BLKTRACESETUP(r0, 0x2288, &(0x7f0000000000))
12:43:20 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0)
ioctl$BLKTRACESETUP(r0, 0x2288, &(0x7f0000000000))
12:43:20 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0)
ioctl$BLKTRACESETUP(r0, 0x2288, &(0x7f0000000000))
12:43:21 executing program 4:
syz_io_uring_setup(0x0, &(0x7f0000000040), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000000c0), &(0x7f0000000100))
12:43:21 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xfffffffffffffffe}, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r0, r0, 0x0, 0x100000)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x2000, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r2)
fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000000)={@dev}, 0x14)
getsockname$packet(r2, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000200)=0x14)
ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r1, 0x89fb, &(0x7f0000000240)={'ip6gre0\x00', &(0x7f0000000300)={'syztnl2\x00', 0x0, 0x4, 0xfe, 0x40, 0x5, 0x32, @ipv4={'\x00', '\xff\xff', @local}, @initdev={0xfe, 0x88, '\x00', 0x2, 0x0}, 0x7, 0x7800, 0x10001}})
socket$inet6_udp(0xa, 0x2, 0x0)
socket$nl_audit(0x10, 0x3, 0x9)
setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000000)={@dev={0xfe, 0x80, '\x00', 0xfd}}, 0x14)
r3 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2080000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000400)={0x3, 0x80, 0x6, 0x5, 0x1, 0x3f, 0x0, 0x3ff, 0x50000, 0x4, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3b, 0x1, @perf_config_ext={0x1, 0x7fff}, 0xa8, 0x1, 0x20, 0x0, 0x0, 0x7fffffff, 0x9, 0x0, 0x4, 0x0, 0xdeb}, 0x0, 0x3, r3, 0x3)
[ 128.691139] audit: type=1400 audit(1663937001.363:7): avc: denied { open } for pid=3780 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 128.694291] audit: type=1400 audit(1663937001.364:8): avc: denied { kernel } for pid=3780 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[ 128.704005] ------------[ cut here ]------------
[ 128.704026]
[ 128.704031] ======================================================
[ 128.704034] WARNING: possible circular locking dependency detected
[ 128.704038] 6.0.0-rc6-next-20220923 #1 Not tainted
[ 128.704045] ------------------------------------------------------
[ 128.704048] syz-executor.4/3781 is trying to acquire lock:
[ 128.704054] ffffffff853faaf8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70
[ 128.704094]
[ 128.704094] but task is already holding lock:
[ 128.704096] ffff88803f40cc20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[ 128.704125]
[ 128.704125] which lock already depends on the new lock.
[ 128.704125]
[ 128.704127]
[ 128.704127] the existing dependency chain (in reverse order) is:
[ 128.704131]
[ 128.704131] -> #3 (&ctx->lock){....}-{2:2}:
[ 128.704144] _raw_spin_lock+0x2a/0x40
[ 128.704163] __perf_event_task_sched_out+0x53b/0x18d0
[ 128.704175] __schedule+0xedd/0x2470
[ 128.704188] schedule+0xda/0x1b0
[ 128.704201] exit_to_user_mode_prepare+0x114/0x1a0
[ 128.704213] syscall_exit_to_user_mode+0x19/0x40
[ 128.704225] do_syscall_64+0x48/0x90
[ 128.704242] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 128.704254]
[ 128.704254] -> #2 (&rq->__lock){-.-.}-{2:2}:
[ 128.704267] _raw_spin_lock_nested+0x30/0x40
[ 128.704285] raw_spin_rq_lock_nested+0x1e/0x30
[ 128.704298] task_fork_fair+0x63/0x4d0
[ 128.704315] sched_cgroup_fork+0x3d0/0x540
[ 128.704328] copy_process+0x4183/0x6e20
[ 128.704338] kernel_clone+0xe7/0x890
[ 128.704348] user_mode_thread+0xad/0xf0
[ 128.704358] rest_init+0x24/0x250
[ 128.704369] arch_call_rest_init+0xf/0x14
[ 128.704386] start_kernel+0x4c1/0x4e6
[ 128.704401] secondary_startup_64_no_verify+0xe0/0xeb
[ 128.704415]
[ 128.704415] -> #1 (&p->pi_lock){-.-.}-{2:2}:
[ 128.704429] _raw_spin_lock_irqsave+0x39/0x60
[ 128.704447] try_to_wake_up+0xab/0x1930
[ 128.704460] up+0x75/0xb0
[ 128.704473] __up_console_sem+0x6e/0x80
[ 128.704488] console_unlock+0x46a/0x590
[ 128.704503] vt_ioctl+0x2822/0x2ca0
[ 128.704517] tty_ioctl+0x7c4/0x1700
[ 128.704529] __x64_sys_ioctl+0x19a/0x210
[ 128.704544] do_syscall_64+0x3b/0x90
[ 128.704560] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 128.704572]
[ 128.704572] -> #0 ((console_sem).lock){....}-{2:2}:
[ 128.704586] __lock_acquire+0x2a02/0x5e70
[ 128.704602] lock_acquire+0x1a2/0x530
[ 128.704617] _raw_spin_lock_irqsave+0x39/0x60
[ 128.704635] down_trylock+0xe/0x70
[ 128.704650] __down_trylock_console_sem+0x3b/0xd0
[ 128.704685] vprintk_emit+0x16b/0x560
[ 128.704700] vprintk+0x84/0xa0
[ 128.704716] _printk+0xba/0xf1
[ 128.704727] report_bug.cold+0x72/0xab
[ 128.704742] handle_bug+0x3c/0x70
[ 128.704758] exc_invalid_op+0x14/0x50
[ 128.704774] asm_exc_invalid_op+0x16/0x20
[ 128.704785] group_sched_out.part.0+0x2c7/0x460
[ 128.704796] ctx_sched_out+0x8f1/0xc10
[ 128.704806] __perf_event_task_sched_out+0x6d0/0x18d0
[ 128.704818] __schedule+0xedd/0x2470
[ 128.704831] schedule+0xda/0x1b0
[ 128.704844] exit_to_user_mode_prepare+0x114/0x1a0
[ 128.704854] syscall_exit_to_user_mode+0x19/0x40
[ 128.704866] do_syscall_64+0x48/0x90
[ 128.704882] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 128.704894]
[ 128.704894] other info that might help us debug this:
[ 128.704894]
[ 128.704896] Chain exists of:
[ 128.704896] (console_sem).lock --> &rq->__lock --> &ctx->lock
[ 128.704896]
[ 128.704911] Possible unsafe locking scenario:
[ 128.704911]
[ 128.704913] CPU0 CPU1
[ 128.704916] ---- ----
[ 128.704918] lock(&ctx->lock);
[ 128.704923] lock(&rq->__lock);
[ 128.704929] lock(&ctx->lock);
[ 128.704936] lock((console_sem).lock);
[ 128.704941]
[ 128.704941] *** DEADLOCK ***
[ 128.704941]
[ 128.704943] 2 locks held by syz-executor.4/3781:
[ 128.704950] #0: ffff88806ce37d18 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470
[ 128.704978] #1: ffff88803f40cc20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[ 128.705006]
[ 128.705006] stack backtrace:
[ 128.705008] CPU: 0 PID: 3781 Comm: syz-executor.4 Not tainted 6.0.0-rc6-next-20220923 #1
[ 128.705021] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[ 128.705029] Call Trace:
[ 128.705032] <TASK>
[ 128.705036] dump_stack_lvl+0x8b/0xb3
[ 128.705054] check_noncircular+0x263/0x2e0
[ 128.705070] ? format_decode+0x26c/0xb50
[ 128.705087] ? print_circular_bug+0x450/0x450
[ 128.705103] ? enable_ptr_key_workfn+0x20/0x20
[ 128.705119] ? format_decode+0x26c/0xb50
[ 128.705136] ? alloc_chain_hlocks+0x1ec/0x5a0
[ 128.705153] __lock_acquire+0x2a02/0x5e70
[ 128.705175] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 128.705197] lock_acquire+0x1a2/0x530
[ 128.705213] ? down_trylock+0xe/0x70
[ 128.705229] ? lock_release+0x750/0x750
[ 128.705249] ? vprintk+0x84/0xa0
[ 128.705267] _raw_spin_lock_irqsave+0x39/0x60
[ 128.705286] ? down_trylock+0xe/0x70
[ 128.705301] down_trylock+0xe/0x70
[ 128.705316] ? vprintk+0x84/0xa0
[ 128.705333] __down_trylock_console_sem+0x3b/0xd0
[ 128.705350] vprintk_emit+0x16b/0x560
[ 128.705368] vprintk+0x84/0xa0
[ 128.705385] _printk+0xba/0xf1
[ 128.705396] ? record_print_text.cold+0x16/0x16
[ 128.705411] ? report_bug.cold+0x66/0xab
[ 128.705429] ? group_sched_out.part.0+0x2c7/0x460
[ 128.705440] report_bug.cold+0x72/0xab
[ 128.705458] handle_bug+0x3c/0x70
[ 128.705475] exc_invalid_op+0x14/0x50
[ 128.705492] asm_exc_invalid_op+0x16/0x20
[ 128.705504] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[ 128.705518] Code: 5e 41 5f e9 5b bb ef ff e8 56 bb ef ff 65 8b 1d 1b 26 ac 7e 31 ff 89 de e8 f6 b7 ef ff 85 db 0f 84 8a 00 00 00 e8 39 bb ef ff <0f> 0b e9 a5 fe ff ff e8 2d bb ef ff 48 8d 7d 10 48 b8 00 00 00 00
[ 128.705530] RSP: 0018:ffff88803d697c48 EFLAGS: 00010006
[ 128.705539] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[ 128.705546] RDX: ffff8880184e0000 RSI: ffffffff81564fb7 RDI: 0000000000000005
[ 128.705554] RBP: ffff8880086685c8 R08: 0000000000000005 R09: 0000000000000001
[ 128.705561] R10: 0000000000000000 R11: ffffffff865b001b R12: ffff88803f40cc00
[ 128.705568] R13: ffff88806ce3d140 R14: ffffffff8547d040 R15: 0000000000000002
[ 128.705579] ? group_sched_out.part.0+0x2c7/0x460
[ 128.705592] ? group_sched_out.part.0+0x2c7/0x460
[ 128.705605] ctx_sched_out+0x8f1/0xc10
[ 128.705618] __perf_event_task_sched_out+0x6d0/0x18d0
[ 128.705633] ? lock_is_held_type+0xd7/0x130
[ 128.705647] ? __perf_cgroup_move+0x160/0x160
[ 128.705659] ? set_next_entity+0x304/0x550
[ 128.705676] ? update_curr+0x267/0x740
[ 128.705694] ? lock_is_held_type+0xd7/0x130
[ 128.705707] __schedule+0xedd/0x2470
[ 128.705723] ? io_schedule_timeout+0x150/0x150
[ 128.705739] ? rcu_read_lock_sched_held+0x3e/0x80
[ 128.705759] schedule+0xda/0x1b0
[ 128.705773] exit_to_user_mode_prepare+0x114/0x1a0
[ 128.705785] syscall_exit_to_user_mode+0x19/0x40
[ 128.705798] do_syscall_64+0x48/0x90
[ 128.705815] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 128.705828] RIP: 0033:0x7ff110c31b19
[ 128.705836] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 128.705847] RSP: 002b:00007ff10e1a7218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 128.705858] RAX: 0000000000000001 RBX: 00007ff110d44f68 RCX: 00007ff110c31b19
[ 128.705865] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ff110d44f6c
[ 128.705872] RBP: 00007ff110d44f60 R08: 000000000000000e R09: 0000000000000000
[ 128.705879] R10: 0000000000000005 R11: 0000000000000246 R12: 00007ff110d44f6c
[ 128.705886] R13: 00007ffef59c9d4f R14: 00007ff10e1a7300 R15: 0000000000022000
[ 128.705899] </TASK>
[ 128.761482] WARNING: CPU: 0 PID: 3781 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460
[ 128.762158] Modules linked in:
[ 128.762406] CPU: 0 PID: 3781 Comm: syz-executor.4 Not tainted 6.0.0-rc6-next-20220923 #1
[ 128.763013] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[ 128.763848] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[ 128.764250] Code: 5e 41 5f e9 5b bb ef ff e8 56 bb ef ff 65 8b 1d 1b 26 ac 7e 31 ff 89 de e8 f6 b7 ef ff 85 db 0f 84 8a 00 00 00 e8 39 bb ef ff <0f> 0b e9 a5 fe ff ff e8 2d bb ef ff 48 8d 7d 10 48 b8 00 00 00 00
[ 128.765615] RSP: 0018:ffff88803d697c48 EFLAGS: 00010006
[ 128.766027] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[ 128.766563] RDX: ffff8880184e0000 RSI: ffffffff81564fb7 RDI: 0000000000000005
[ 128.767094] RBP: ffff8880086685c8 R08: 0000000000000005 R09: 0000000000000001
[ 128.767621] R10: 0000000000000000 R11: ffffffff865b001b R12: ffff88803f40cc00
[ 128.768152] R13: ffff88806ce3d140 R14: ffffffff8547d040 R15: 0000000000000002
[ 128.768688] FS: 00007ff10e1a7700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
[ 128.769289] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 128.769721] CR2: 00007fecb898d620 CR3: 0000000015e00000 CR4: 0000000000350ef0
[ 128.770251] Call Trace:
[ 128.770452] <TASK>
[ 128.770625] ctx_sched_out+0x8f1/0xc10
[ 128.770924] __perf_event_task_sched_out+0x6d0/0x18d0
[ 128.771306] ? lock_is_held_type+0xd7/0x130
[ 128.771626] ? __perf_cgroup_move+0x160/0x160
[ 128.771963] ? set_next_entity+0x304/0x550
[ 128.772285] ? update_curr+0x267/0x740
[ 128.772586] ? lock_is_held_type+0xd7/0x130
[ 128.772923] __schedule+0xedd/0x2470
[ 128.773212] ? io_schedule_timeout+0x150/0x150
[ 128.773567] ? rcu_read_lock_sched_held+0x3e/0x80
[ 128.773935] schedule+0xda/0x1b0
[ 128.774194] exit_to_user_mode_prepare+0x114/0x1a0
[ 128.774564] syscall_exit_to_user_mode+0x19/0x40
[ 128.774927] do_syscall_64+0x48/0x90
[ 128.775213] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 128.775608] RIP: 0033:0x7ff110c31b19
[ 128.775888] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 128.777241] RSP: 002b:00007ff10e1a7218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 128.777805] RAX: 0000000000000001 RBX: 00007ff110d44f68 RCX: 00007ff110c31b19
[ 128.778327] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ff110d44f6c
[ 128.778857] RBP: 00007ff110d44f60 R08: 000000000000000e R09: 0000000000000000
[ 128.779389] R10: 0000000000000005 R11: 0000000000000246 R12: 00007ff110d44f6c
[ 128.779918] R13: 00007ffef59c9d4f R14: 00007ff10e1a7300 R15: 0000000000022000
[ 128.780464] </TASK>
[ 128.780645] irq event stamp: 832
[ 128.780908] hardirqs last enabled at (831): [<ffffffff8133e999>] exit_to_user_mode_prepare+0x109/0x1a0
[ 128.781606] hardirqs last disabled at (832): [<ffffffff84259645>] __schedule+0x1225/0x2470
[ 128.782233] softirqs last enabled at (380): [<ffffffff8116fa8b>] __irq_exit_rcu+0x11b/0x180
[ 128.782867] softirqs last disabled at (353): [<ffffffff8116fa8b>] __irq_exit_rcu+0x11b/0x180
[ 128.783503] ---[ end trace 0000000000000000 ]---
[ 129.076886] hrtimer: interrupt took 19326 ns
[ 129.739454] syz-executor.4 (3781) used greatest stack depth: 24472 bytes left
12:43:22 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xfffffffffffffffe}, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r0, r0, 0x0, 0x100000)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x2000, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r2)
fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000000)={@dev}, 0x14)
getsockname$packet(r2, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000200)=0x14)
ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r1, 0x89fb, &(0x7f0000000240)={'ip6gre0\x00', &(0x7f0000000300)={'syztnl2\x00', 0x0, 0x4, 0xfe, 0x40, 0x5, 0x32, @ipv4={'\x00', '\xff\xff', @local}, @initdev={0xfe, 0x88, '\x00', 0x2, 0x0}, 0x7, 0x7800, 0x10001}})
socket$inet6_udp(0xa, 0x2, 0x0)
socket$nl_audit(0x10, 0x3, 0x9)
setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000000)={@dev={0xfe, 0x80, '\x00', 0xfd}}, 0x14)
r3 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2080000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000400)={0x3, 0x80, 0x6, 0x5, 0x1, 0x3f, 0x0, 0x3ff, 0x50000, 0x4, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3b, 0x1, @perf_config_ext={0x1, 0x7fff}, 0xa8, 0x1, 0x20, 0x0, 0x0, 0x7fffffff, 0x9, 0x0, 0x4, 0x0, 0xdeb}, 0x0, 0x3, r3, 0x3)
12:43:23 executing program 2:
syz_emit_ethernet(0x1d, &(0x7f0000000000)={@local, @random="7700c24d06a7", @void, {@ipv4={0x800, @igmp={{0x6, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x2, 0x0, @dev, @private, {[@lsrr={0x83, 0x1}]}}, {0x0, 0x0, 0x0, @dev}}}}}, 0x0)
[ 133.519185] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 133.520533] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 133.521718] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 133.525131] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 133.526801] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 133.528917] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 133.533426] Bluetooth: hci3: HCI_REQ-0x0c1a
[ 135.538952] Bluetooth: hci3: command 0x0409 tx timeout
[ 135.603112] Bluetooth: hci7: Opcode 0x c03 failed: -110
[ 135.603112] Bluetooth: hci5: Opcode 0x c03 failed: -110
[ 137.586955] Bluetooth: hci3: command 0x041b tx timeout
[ 137.916641] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 137.918917] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 137.920594] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 137.922998] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 137.924455] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[ 137.926297] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 137.929372] Bluetooth: hci7: HCI_REQ-0x0c1a
VM DIAGNOSIS:
12:43:21 Registers:
info registers vcpu 0
RAX=0000000000000000 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9
RSI=ffffffff822b17e1 RDI=ffffffff87645be0 RBP=ffffffff87645ba0 RSP=ffff88803d697678
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001
R12=0000000000000000 R13=ffffffff87645ba0 R14=ffffffff87645bf0 R15=ffffffff87645e48
RIP=ffffffff822b1839 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007ff10e1a7700 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007fecb898d620 CR3=0000000015e00000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 00007ff110d187c0 00007ff110d187c8
YMM02=0000000000000000 0000000000000000 00007ff110d187e0 00007ff110d187c0
YMM03=0000000000000000 0000000000000000 00007ff110d187c8 00007ff110d187c0
YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1
RAX=0000000000000001 RBX=ffff88806cf33b60 RCX=ffffffff842508dc RDX=ffffed100d9e676d
RSI=0000000000000004 RDI=ffff88806cf33b60 RBP=ffff88806cf33b60 RSP=ffff888018177790
R8 =0000000000000000 R9 =ffff88806cf33b63 R10=ffffed100d9e676c R11=0000000000000001
R12=0000000000037aec R13=0000000000000200 R14=ffff88803dadb580 R15=0000000000000246
RIP=ffffffff842508df RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f84e8c38540 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f84e8e23620 CR3=00000000176ac000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 ff00ffffffffffff 0000000000000000
YMM01=0000000000000000 0000000000000000 0100010001000000 ffffffffffffffff
YMM02=0000000000000000 0000000000000000 0500050005000000 455441564952505f
YMM03=0000000000000000 0000000000000000 0000000000000000 000000564952505f
YMM04=0000000000000000 0000000000000000 0003000500050005 0005000000455441
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000