Warning: Permanently added '[localhost]:62919' (ECDSA) to the list of known hosts. 2023/02/24 10:47:58 fuzzer started 2023/02/24 10:47:59 dialing manager at localhost:41417 2023/02/24 10:47:59 checking machine... 2023/02/24 10:47:59 checking revisions... syzkaller login: [ 35.825033] kmemleak: Automatic memory scanning thread ended 2023/02/24 10:47:59 testing simple program... [ 35.905749] cgroup: Unknown subsys name 'net' [ 35.999067] cgroup: Unknown subsys name 'rlimit' executing program executing program executing program executing program [ 50.029621] audit: type=1400 audit(1677235693.454:6): avc: denied { execmem } for pid=259 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 executing program [ 51.161718] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 51.164639] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 51.166258] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 51.173819] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 51.176669] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 51.178306] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 53.248136] Bluetooth: hci0: command 0x0409 tx timeout executing program [ 55.294579] Bluetooth: hci0: command 0x041b tx timeout executing program [ 57.342592] Bluetooth: hci0: command 0x040f tx timeout [ 59.390567] Bluetooth: hci0: command 0x0419 tx timeout executing program executing program executing program [ 68.094158] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.095307] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.101005] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 68.127773] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.128889] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.132283] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2023/02/24 10:48:31 building call list... [ 68.574386] [ 68.574641] ====================================================== [ 68.575315] WARNING: possible circular locking dependency detected [ 68.576052] 6.2.0-next-20230224 #1 Not tainted [ 68.576920] ------------------------------------------------------ [ 68.578548] syz-executor.0/260 is trying to acquire lock: [ 68.580542] ffff88800fcf4880 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: __flush_work+0xdd/0xd80 [ 68.583403] [ 68.583403] but task is already holding lock: [ 68.584308] ffff88800fcf4920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 68.585725] [ 68.585725] which lock already depends on the new lock. [ 68.585725] [ 68.586892] [ 68.586892] the existing dependency chain (in reverse order) is: [ 68.587799] [ 68.587799] -> #1 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}: [ 68.588660] __mutex_lock+0x133/0x14a0 [ 68.589227] hci_cmd_sync_work+0x1e6/0x320 [ 68.589816] process_one_work+0xa0f/0x1790 [ 68.590414] worker_thread+0x63b/0x1260 [ 68.590976] kthread+0x2e9/0x3a0 [ 68.591471] ret_from_fork+0x2c/0x50 [ 68.591993] [ 68.591993] -> #0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}: [ 68.592954] __lock_acquire+0x2d56/0x6380 [ 68.593525] lock_acquire.part.0+0xea/0x320 [ 68.594113] __flush_work+0x109/0xd80 [ 68.594637] __cancel_work_timer+0x39c/0x4e0 [ 68.595210] hci_cmd_sync_clear+0x52/0x250 [ 68.595792] hci_unregister_dev+0xf9/0x410 [ 68.596378] vhci_release+0x80/0x100 [ 68.596904] __fput+0x263/0xa40 [ 68.597383] task_work_run+0x174/0x280 [ 68.597937] do_exit+0xad8/0x2800 [ 68.598432] do_group_exit+0xd4/0x2a0 [ 68.598964] get_signal+0x23c8/0x2450 [ 68.599507] arch_do_signal_or_restart+0x79/0x590 [ 68.600153] exit_to_user_mode_prepare+0x122/0x190 [ 68.600821] syscall_exit_to_user_mode+0x1d/0x50 [ 68.601468] do_syscall_64+0x4c/0x90 [ 68.601983] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 68.602663] [ 68.602663] other info that might help us debug this: [ 68.602663] [ 68.603598] Possible unsafe locking scenario: [ 68.603598] [ 68.604300] CPU0 CPU1 [ 68.604841] ---- ---- [ 68.605370] lock(&hdev->cmd_sync_work_lock); [ 68.605908] lock((work_completion)(&hdev->cmd_sync_work)); [ 68.606847] lock(&hdev->cmd_sync_work_lock); [ 68.607660] lock((work_completion)(&hdev->cmd_sync_work)); [ 68.608338] [ 68.608338] *** DEADLOCK *** [ 68.608338] [ 68.609020] 1 lock held by syz-executor.0/260: [ 68.609564] #0: ffff88800fcf4920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 68.610753] [ 68.610753] stack backtrace: [ 68.611281] CPU: 0 PID: 260 Comm: syz-executor.0 Not tainted 6.2.0-next-20230224 #1 [ 68.612209] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 68.613161] Call Trace: [ 68.613473] [ 68.613747] dump_stack_lvl+0x91/0xf0 [ 68.614210] check_noncircular+0x263/0x2e0 [ 68.614732] ? __pfx_check_noncircular+0x10/0x10 [ 68.615318] ? __lock_acquire+0xbba/0x6380 [ 68.615857] ? __pfx_register_lock_class+0x10/0x10 [ 68.616465] __lock_acquire+0x2d56/0x6380 [ 68.616995] ? __pfx___lock_acquire+0x10/0x10 [ 68.617558] ? __pfx_register_lock_class+0x10/0x10 [ 68.618167] ? __pfx___lock_acquire+0x10/0x10 [ 68.618730] ? __pfx___lock_acquire+0x10/0x10 [ 68.619289] lock_acquire.part.0+0xea/0x320 [ 68.619828] ? __flush_work+0xdd/0xd80 [ 68.620317] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 68.620917] ? __flush_work+0xdd/0xd80 [ 68.621400] ? rcu_read_lock_sched_held+0x42/0x80 [ 68.621983] ? trace_lock_acquire+0x170/0x1e0 [ 68.622541] ? __flush_work+0xdd/0xd80 [ 68.623034] ? lock_acquire+0x32/0xc0 [ 68.623532] ? __flush_work+0xdd/0xd80 [ 68.624030] __flush_work+0x109/0xd80 [ 68.624513] ? __flush_work+0xdd/0xd80 [ 68.625006] ? __pfx_mark_lock.part.0+0x10/0x10 [ 68.625577] ? __pfx___flush_work+0x10/0x10 [ 68.626107] ? lock_acquire.part.0+0xea/0x320 [ 68.626664] ? hci_cmd_sync_clear+0x45/0x250 [ 68.627205] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 68.627817] ? hci_cmd_sync_clear+0x45/0x250 [ 68.628357] ? rcu_read_lock_sched_held+0x42/0x80 [ 68.628939] ? trace_lock_acquire+0x170/0x1e0 [ 68.629490] ? lock_is_held_type+0x9f/0x120 [ 68.630036] ? mark_held_locks+0x9e/0xe0 [ 68.630553] __cancel_work_timer+0x39c/0x4e0 [ 68.631085] ? __pfx___cancel_work_timer+0x10/0x10 [ 68.631691] ? __cancel_work_timer+0x2aa/0x4e0 [ 68.632245] ? __pfx___cancel_work_timer+0x10/0x10 [ 68.632831] ? lock_release+0x1e3/0x710 [ 68.633330] ? __pfx_lock_release+0x10/0x10 [ 68.633866] ? do_raw_write_lock+0x11e/0x3b0 [ 68.634401] ? __pfx_vhci_release+0x10/0x10 [ 68.634931] hci_cmd_sync_clear+0x52/0x250 [ 68.635452] ? __pfx_vhci_release+0x10/0x10 [ 68.635986] hci_unregister_dev+0xf9/0x410 [ 68.636504] vhci_release+0x80/0x100 [ 68.636972] __fput+0x263/0xa40 [ 68.637405] task_work_run+0x174/0x280 [ 68.637904] ? __pfx_task_work_run+0x10/0x10 [ 68.638471] ? switch_task_namespaces+0xb1/0xd0 [ 68.639046] ? kmem_cache_free+0xff/0x510 [ 68.639598] do_exit+0xad8/0x2800 [ 68.640041] ? find_held_lock+0x2c/0x110 [ 68.640557] ? lock_release+0x1e3/0x710 [ 68.641073] ? __pfx_do_exit+0x10/0x10 [ 68.641563] ? do_raw_spin_lock+0x125/0x270 [ 68.642099] do_group_exit+0xd4/0x2a0 [ 68.642583] get_signal+0x23c8/0x2450 [ 68.643072] ? security_file_permission+0xb5/0xe0 [ 68.643707] ? __pfx_get_signal+0x10/0x10 [ 68.644214] ? __pfx_vfs_read+0x10/0x10 [ 68.644715] arch_do_signal_or_restart+0x79/0x590 [ 68.645301] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 68.645959] exit_to_user_mode_prepare+0x122/0x190 [ 68.646587] syscall_exit_to_user_mode+0x1d/0x50 [ 68.647202] do_syscall_64+0x4c/0x90 [ 68.647686] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 68.648323] RIP: 0033:0x7f7d2f17769c [ 68.648784] Code: Unable to access opcode bytes at 0x7f7d2f177672. [ 68.649521] RSP: 002b:00007ffe7e42b230 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 68.650434] RAX: fffffffffffffe00 RBX: 00007ffe7e42b2e0 RCX: 00007f7d2f17769c [ 68.651291] RDX: 0000000000000040 RSI: 00007f7d2f2d4020 RDI: 00000000000000f9 [ 68.652153] RBP: 0000000000000003 R08: 0000000000000000 R09: fefefefeff646b66 [ 68.653004] R10: 0000000000000010 R11: 0000000000000246 R12: 0000000000000032 [ 68.653867] R13: 0000000000000000 R14: 0000000000000003 R15: 00007ffe7e42b320 [ 68.654731] executing program [ 71.268033] audit: type=1400 audit(1677235714.692:7): avc: denied { create } for pid=240 comm="syz-fuzzer" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1 executing program 2023/02/24 10:48:36 syscalls: 2217 2023/02/24 10:48:36 code coverage: enabled 2023/02/24 10:48:36 comparison tracing: enabled 2023/02/24 10:48:36 extra coverage: enabled 2023/02/24 10:48:36 setuid sandbox: enabled 2023/02/24 10:48:36 namespace sandbox: enabled 2023/02/24 10:48:36 Android sandbox: enabled 2023/02/24 10:48:36 fault injection: enabled 2023/02/24 10:48:36 leak checking: enabled 2023/02/24 10:48:36 net packet injection: enabled 2023/02/24 10:48:36 net device setup: enabled 2023/02/24 10:48:36 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2023/02/24 10:48:36 devlink PCI setup: PCI device 0000:00:10.0 is not available 2023/02/24 10:48:36 USB emulation: enabled 2023/02/24 10:48:36 hci packet injection: enabled 2023/02/24 10:48:36 wifi device emulation: enabled 2023/02/24 10:48:36 802.15.4 emulation: enabled 2023/02/24 10:48:36 fetching corpus: 0, signal 0/0 (executing program) 2023/02/24 10:48:36 fetching corpus: 0, signal 0/0 (executing program) 2023/02/24 10:48:38 starting 8 fuzzer processes 10:48:38 executing program 0: r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) write(r0, &(0x7f00000007c0)='2', 0x1) 10:48:38 executing program 1: socket$netlink(0x10, 0x3, 0xcb259cb1d35618a3) 10:48:38 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KDGKBMODE(0xffffffffffffffff, 0x4b44, &(0x7f0000000100)) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000140)="02b2dccad213e1e6cf54b7a797f8f22a47f25b7658fb110b2e76f95b0f", 0x1d}], 0x1) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 10:48:38 executing program 7: r0 = syz_mount_image$tmpfs(&(0x7f00000006c0), &(0x7f0000000700)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80)) symlinkat(&(0x7f0000000000)='./file0\x00', r0, &(0x7f0000000040)='./file0\x00') linkat(r0, &(0x7f00000000c0)='./file0\x00', r0, &(0x7f0000000100)='./file1\x00', 0x0) lseek(r0, 0x78, 0x0) 10:48:38 executing program 3: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x4) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/fib_triestat\x00') sendmsg$SOCK_DESTROY(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="300100001500040028bd7000fcdbdf252b083d000100a45ae428936b6a4b1162cfed7ad73ce5ff1fd9835f01c4216ba72de85642df2d031dbc586692b80da0d695b7bbd5c4c8d0328a0c7fd0bfc37a0000003800010024f73f3912cab6c6c6372f527412174e5fa68fcb7ab51a7be90dcf202e775e73bd43ca8c09273a81bd853449efd85556ef77690300a4bf43fedcca3971ce1dcc6cc5acc0488e1a45e38f2ec8ab3d5483a97f270b929a207edf05b226fefb3203a4354c4e041ccda50f4d485bcabdb3e218bd3ffe7ae3535d1eebcbc41cd329b13ebd56a6ae6b0323cdf2acdbed5128c6f3e8d081b46cb344d96a07cf42d378ac67949e8ae1c2f908c886711083e12b4b7281c6b01b14eb231e9425199330d0c0a4edc034a68687a1fd30a230dd7501538a83b000000000010000000000000052a3f86cd7b866300ba3eed81383dcbef2b47da17a0dee570179ae0b7f82847989c6b6e2d20cb3ae755cee324faaac46a818000000000000f256c4d1e3b8907aab732295cfeee851948f4135bffeb6617b14"], 0x130}}, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = openat2(r0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0xb) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) readahead(0xffffffffffffffff, 0x60, 0x9) ioctl$SNAPSHOT_FREE(r3, 0x3305) mremap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) mremap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000ffa000/0x2000)=nil) shmctl$IPC_RMID(0x0, 0x0) shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ff5000/0x2000)=nil) 10:48:38 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x4042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r1, &(0x7f0000000040)=[{&(0x7f0000000300)="1f46a3bc657fe7aac4a4c37b2627ad853a33ee61085fcd2b454d24e20206c2bca2aeb0d6748432845129107b1fac98", 0x2f}], 0x1, 0x7fffffc, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r0, 0x0, 0x100000) 10:48:38 executing program 5: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x2, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f00000017c0)={'dummy0\x00', &(0x7f0000001780)=@ethtool_pauseparam={0x12}}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) openat(0xffffffffffffffff, &(0x7f0000000340)='./file0/file0\x00', 0x100, 0x0) mount_setattr(0xffffffffffffffff, &(0x7f00000001c0)='./file0/file0\x00', 0x100, &(0x7f0000000240), 0x20) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xa1d7}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) fallocate(r0, 0x0, 0x9, 0x8001) 10:48:38 executing program 6: syz_mount_image$iso9660(&(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x8702, 0x0, &(0x7f0000000480), 0x0, &(0x7f00000004c0)) [ 75.857774] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 75.858977] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 75.862057] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 75.864620] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 75.866824] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 75.867950] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 75.944818] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 75.946247] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 75.947328] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 75.949025] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 75.949855] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 75.950756] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 75.951882] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 75.952785] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 75.953660] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 75.954475] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 75.955631] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 75.956568] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 75.957382] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 75.962388] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 75.963253] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 75.966002] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 75.967041] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 75.967995] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 75.969610] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 75.971204] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 75.972099] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 75.973153] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 75.973987] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 75.974972] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 75.975854] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 75.980810] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 75.981815] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 75.984179] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 75.988930] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 75.993248] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 76.011785] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 76.012840] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 76.016642] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 76.018031] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 76.019478] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 76.023664] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 77.886685] Bluetooth: hci0: command 0x0409 tx timeout [ 77.950586] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 78.014767] Bluetooth: hci5: command 0x0409 tx timeout [ 78.015451] Bluetooth: hci6: command 0x0409 tx timeout [ 78.016160] Bluetooth: hci4: command 0x0409 tx timeout [ 78.016814] Bluetooth: hci2: command 0x0409 tx timeout [ 78.078964] Bluetooth: hci7: command 0x0409 tx timeout [ 78.079698] Bluetooth: hci3: command 0x0409 tx timeout VM DIAGNOSIS: 10:48:32 Registers: info registers vcpu 0 RAX=0000000000000065 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff82502865 RDI=ffffffff87f10da0 RBP=ffffffff87f10d60 RSP=ffff88801929ef70 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000065 R11=0000000000000001 R12=0000000000000065 R13=ffffffff87f10d60 R14=0000000000000010 R15=ffffffff82502850 RIP=ffffffff825028bd RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe3ab5be7000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe3ab5be5000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000555555ba3c58 CR3=000000000e900000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=656e696c6e6f5f646e69665f65726f63 XMM02=5f646d61207420306637313230313866 XMM03=66666666660a676e696c6269735f656e XMM04=30303030303030303030303030303030 XMM05=646d6120742030663731323031386666 XMM06=6c6e6f5f646e69665f65726f636e755f XMM07=666666660a676e696c6269735f656e69 XMM08=5f207420306561313230313866666666 XMM09=6e776f645f65726f636e755f7866705f XMM10=666666666666660a657261706572705f XMM11=6f636e75207420306661313230313866 XMM12=0a657261706572705f6e776f645f6572 XMM13=00000000008a4dee00000000008a69cf XMM14=000000000089d9b900000000008a4694 XMM15=00000000004643c100000000004360f2 info registers vcpu 1 RAX=00000000ffffffff RBX=ffff88801607f03f RCX=ffffffff84456601 RDX=ffff88800fee3580 RSI=00000000fffffff5 RDI=0000000000000000 RBP=ffff88801bbbc18b RSP=ffff888016c9f870 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000065 R11=0000000000000001 R12=0000000000000065 R13=ffff88801bbbd000 R14=ffff88801607f035 R15=000000000000000a RIP=ffffffff814b7188 RFL=00000297 [--S-APC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000000c000310410 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe73dc2e7000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe73dc2e5000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00005638a863a180 CR3=000000000e900000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=666666660a776f68735f65646f6d5f70 XMM02=646f6d5f706172775f65726f636e755f XMM03=5f7866705f5f20742030316331363031 XMM04=30303030303030303030303030303030 XMM05=74735f65726f636e755f5f5f7866705f XMM06=0a776f68735f65646f6d5f656761726f XMM07=30326331363031386666666666666666 XMM08=726f74735f65726f636e755f5f207420 XMM09=66660a776f68735f65646f6d5f656761 XMM10=74203035633136303138666666666666 XMM11=5f65726f636e755f5f5f7866705f5f20 XMM12=0a776f68735f65646f6d5f746e756f63 XMM13=00000000008a4dee00000000008a69cf XMM14=000000000089d9b900000000008a4694 XMM15=00000000004643c100000000004360f2