Warning: Permanently added '[localhost]:36797' (ECDSA) to the list of known hosts. 2022/09/13 13:46:46 fuzzer started 2022/09/13 13:46:46 dialing manager at localhost:36597 syzkaller login: [ 36.806894] cgroup: Unknown subsys name 'net' [ 36.908094] cgroup: Unknown subsys name 'rlimit' 2022/09/13 13:47:01 syscalls: 2215 2022/09/13 13:47:01 code coverage: enabled 2022/09/13 13:47:01 comparison tracing: enabled 2022/09/13 13:47:01 extra coverage: enabled 2022/09/13 13:47:01 setuid sandbox: enabled 2022/09/13 13:47:01 namespace sandbox: enabled 2022/09/13 13:47:01 Android sandbox: enabled 2022/09/13 13:47:01 fault injection: enabled 2022/09/13 13:47:01 leak checking: enabled 2022/09/13 13:47:01 net packet injection: enabled 2022/09/13 13:47:01 net device setup: enabled 2022/09/13 13:47:01 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/13 13:47:01 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/13 13:47:01 USB emulation: enabled 2022/09/13 13:47:01 hci packet injection: enabled 2022/09/13 13:47:01 wifi device emulation: failed to parse kernel version (6.0.0-rc5-next-20220913) 2022/09/13 13:47:01 802.15.4 emulation: enabled 2022/09/13 13:47:01 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/13 13:47:01 fetching corpus: 50, signal 35704/38858 (executing program) 2022/09/13 13:47:01 fetching corpus: 100, signal 51052/55241 (executing program) 2022/09/13 13:47:01 fetching corpus: 150, signal 57339/62633 (executing program) 2022/09/13 13:47:01 fetching corpus: 200, signal 62976/69321 (executing program) 2022/09/13 13:47:01 fetching corpus: 250, signal 70329/77443 (executing program) 2022/09/13 13:47:01 fetching corpus: 300, signal 76633/84412 (executing program) 2022/09/13 13:47:02 fetching corpus: 350, signal 81901/90292 (executing program) 2022/09/13 13:47:02 fetching corpus: 400, signal 86359/95324 (executing program) 2022/09/13 13:47:02 fetching corpus: 450, signal 91050/100412 (executing program) 2022/09/13 13:47:02 fetching corpus: 500, signal 96838/106432 (executing program) 2022/09/13 13:47:02 fetching corpus: 550, signal 101367/111220 (executing program) 2022/09/13 13:47:03 fetching corpus: 600, signal 105050/115130 (executing program) 2022/09/13 13:47:03 fetching corpus: 650, signal 106774/117403 (executing program) 2022/09/13 13:47:03 fetching corpus: 700, signal 109652/120551 (executing program) 2022/09/13 13:47:03 fetching corpus: 750, signal 111999/123207 (executing program) 2022/09/13 13:47:03 fetching corpus: 800, signal 115059/126456 (executing program) 2022/09/13 13:47:04 fetching corpus: 850, signal 119700/130806 (executing program) 2022/09/13 13:47:04 fetching corpus: 900, signal 123306/134281 (executing program) 2022/09/13 13:47:04 fetching corpus: 950, signal 124986/136160 (executing program) 2022/09/13 13:47:04 fetching corpus: 1000, signal 127280/138387 (executing program) 2022/09/13 13:47:04 fetching corpus: 1050, signal 129342/140461 (executing program) 2022/09/13 13:47:04 fetching corpus: 1100, signal 132186/143104 (executing program) 2022/09/13 13:47:04 fetching corpus: 1150, signal 134599/145306 (executing program) 2022/09/13 13:47:05 fetching corpus: 1200, signal 136463/147055 (executing program) 2022/09/13 13:47:05 fetching corpus: 1250, signal 138436/148840 (executing program) 2022/09/13 13:47:05 fetching corpus: 1300, signal 140331/150553 (executing program) 2022/09/13 13:47:05 fetching corpus: 1350, signal 142096/152073 (executing program) 2022/09/13 13:47:05 fetching corpus: 1400, signal 144123/153799 (executing program) 2022/09/13 13:47:06 fetching corpus: 1450, signal 146196/155564 (executing program) 2022/09/13 13:47:06 fetching corpus: 1500, signal 147174/156467 (executing program) 2022/09/13 13:47:06 fetching corpus: 1550, signal 149287/158060 (executing program) 2022/09/13 13:47:06 fetching corpus: 1600, signal 150353/159025 (executing program) 2022/09/13 13:47:06 fetching corpus: 1650, signal 152413/160586 (executing program) 2022/09/13 13:47:06 fetching corpus: 1700, signal 153484/161476 (executing program) 2022/09/13 13:47:07 fetching corpus: 1750, signal 155166/162705 (executing program) 2022/09/13 13:47:07 fetching corpus: 1800, signal 157356/164140 (executing program) 2022/09/13 13:47:07 fetching corpus: 1850, signal 158696/165052 (executing program) 2022/09/13 13:47:07 fetching corpus: 1900, signal 159923/165859 (executing program) 2022/09/13 13:47:07 fetching corpus: 1950, signal 161200/166688 (executing program) 2022/09/13 13:47:07 fetching corpus: 2000, signal 162635/167603 (executing program) 2022/09/13 13:47:08 fetching corpus: 2050, signal 163701/168289 (executing program) 2022/09/13 13:47:08 fetching corpus: 2100, signal 165000/169109 (executing program) 2022/09/13 13:47:08 fetching corpus: 2150, signal 165946/169652 (executing program) 2022/09/13 13:47:08 fetching corpus: 2200, signal 167248/170366 (executing program) 2022/09/13 13:47:08 fetching corpus: 2214, signal 167502/170547 (executing program) 2022/09/13 13:47:08 fetching corpus: 2214, signal 167502/170629 (executing program) 2022/09/13 13:47:08 fetching corpus: 2214, signal 167502/170703 (executing program) 2022/09/13 13:47:08 fetching corpus: 2214, signal 167502/170761 (executing program) 2022/09/13 13:47:08 fetching corpus: 2214, signal 167502/170821 (executing program) 2022/09/13 13:47:08 fetching corpus: 2214, signal 167502/170887 (executing program) 2022/09/13 13:47:08 fetching corpus: 2214, signal 167502/170969 (executing program) 2022/09/13 13:47:08 fetching corpus: 2214, signal 167502/171037 (executing program) 2022/09/13 13:47:08 fetching corpus: 2214, signal 167502/171109 (executing program) 2022/09/13 13:47:08 fetching corpus: 2214, signal 167502/171173 (executing program) 2022/09/13 13:47:08 fetching corpus: 2214, signal 167502/171243 (executing program) 2022/09/13 13:47:08 fetching corpus: 2214, signal 167502/171309 (executing program) 2022/09/13 13:47:08 fetching corpus: 2214, signal 167502/171389 (executing program) 2022/09/13 13:47:08 fetching corpus: 2214, signal 167502/171456 (executing program) 2022/09/13 13:47:08 fetching corpus: 2214, signal 167502/171527 (executing program) 2022/09/13 13:47:08 fetching corpus: 2214, signal 167502/171612 (executing program) 2022/09/13 13:47:08 fetching corpus: 2214, signal 167502/171680 (executing program) 2022/09/13 13:47:08 fetching corpus: 2214, signal 167502/171759 (executing program) 2022/09/13 13:47:08 fetching corpus: 2214, signal 167502/171821 (executing program) 2022/09/13 13:47:08 fetching corpus: 2214, signal 167502/171875 (executing program) 2022/09/13 13:47:08 fetching corpus: 2214, signal 167502/171932 (executing program) 2022/09/13 13:47:08 fetching corpus: 2214, signal 167502/172005 (executing program) 2022/09/13 13:47:08 fetching corpus: 2214, signal 167502/172074 (executing program) 2022/09/13 13:47:08 fetching corpus: 2214, signal 167502/172142 (executing program) 2022/09/13 13:47:08 fetching corpus: 2214, signal 167502/172203 (executing program) 2022/09/13 13:47:08 fetching corpus: 2214, signal 167502/172276 (executing program) 2022/09/13 13:47:08 fetching corpus: 2214, signal 167502/172338 (executing program) 2022/09/13 13:47:08 fetching corpus: 2214, signal 167502/172392 (executing program) 2022/09/13 13:47:08 fetching corpus: 2214, signal 167502/172444 (executing program) 2022/09/13 13:47:09 fetching corpus: 2214, signal 167502/172516 (executing program) 2022/09/13 13:47:09 fetching corpus: 2214, signal 167502/172589 (executing program) 2022/09/13 13:47:09 fetching corpus: 2214, signal 167502/172655 (executing program) 2022/09/13 13:47:09 fetching corpus: 2214, signal 167502/172713 (executing program) 2022/09/13 13:47:09 fetching corpus: 2214, signal 167502/172779 (executing program) 2022/09/13 13:47:09 fetching corpus: 2214, signal 167502/172830 (executing program) 2022/09/13 13:47:09 fetching corpus: 2214, signal 167502/172892 (executing program) 2022/09/13 13:47:09 fetching corpus: 2214, signal 167502/172958 (executing program) 2022/09/13 13:47:09 fetching corpus: 2214, signal 167502/173028 (executing program) 2022/09/13 13:47:09 fetching corpus: 2214, signal 167502/173099 (executing program) 2022/09/13 13:47:09 fetching corpus: 2214, signal 167502/173099 (executing program) 2022/09/13 13:47:09 fetching corpus: 2214, signal 167502/173099 (executing program) 2022/09/13 13:47:11 starting 8 fuzzer processes 13:47:11 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000002c0)={@dev, 0x0, 0x0, 0xff, 0x9}, 0x22) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000002c0)={@remote, 0x2000000, 0x0, 0xff, 0x9}, 0x20) 13:47:11 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt(r0, 0xff, 0x7, &(0x7f00000003c0)="ae78c9bb", 0x4) 13:47:11 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000009c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x3a]}}}}]}) 13:47:11 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4}, 0x80, 0x0, 0x7, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(0x0, 0xffffffffffffffff, 0x6, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000000, 0x81}, 0x603, 0x0, 0x0, 0x1}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000040)=[{&(0x7f0000010000)="601c6d6b646f736689254300080120000400004000f8000020004000030000000000000001", 0x25}, {0x0, 0x0, 0x20000010000}], 0x0, &(0x7f0000000040)=ANY=[]) perf_event_open(&(0x7f0000000300)={0x5, 0x80, 0x4, 0x1, 0x5, 0x3f, 0x0, 0xffffffff, 0x80008, 0x6, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x8, 0x1, @perf_bp={&(0x7f0000000180)}, 0xbc0, 0x8, 0xa0, 0x7, 0x401, 0x1, 0x4, 0x0, 0xfffffffd, 0x0, 0x1d5}, 0xffffffffffffffff, 0x8, r1, 0xb) r3 = open_tree(0xffffffffffffffff, &(0x7f0000000140)='./file0/file0\x00', 0x1) ioctl$FS_IOC_GETVERSION(0xffffffffffffffff, 0x80087601, &(0x7f0000000100)) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0xc, 0xa0, 0xba, 0x7, 0x0, 0x7, 0x8, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0xfffffffc, 0x0, @perf_config_ext={0x100000000, 0x5}, 0x1000, 0x0, 0x101, 0x4, 0x3, 0x0, 0x3, 0x0, 0x6, 0x0, 0xffffffff}, 0x0, 0x1, r3, 0x2) fcntl$getflags(0xffffffffffffffff, 0x3) ioctl$FS_IOC_GETVERSION(r2, 0x80087601, &(0x7f0000000200)) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt$bt_hci(r4, 0x0, 0x2, &(0x7f0000003300)=""/3, &(0x7f0000003640)=0x3) r5 = dup(0xffffffffffffffff) fcntl$dupfd(r5, 0x0, 0xffffffffffffffff) write(0xffffffffffffffff, &(0x7f0000000400)="b2e74091ab71798740fbb16ea25e0c853e1907fc621f26bf9c8842cebe74bb1f247fbb52b4122ec66f15b753bac80e4a5acff03ed11665e3ff56117769801ccd947592f759", 0x45) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f00000001c0)={0xf0000005}) 13:47:11 executing program 4: getgroups(0x2, &(0x7f0000000140)=[0x0, 0xee00]) setresgid(r0, 0x0, r0) syz_mount_image$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) stat(&(0x7f0000000240)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r1, 0x0) setgid(0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), 0x0) [ 61.774248] audit: type=1400 audit(1663076831.854:6): avc: denied { execmem } for pid=284 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 13:47:11 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r0, &(0x7f0000000340)=[{&(0x7f00000000c0)='\"', 0x1}], 0x1, 0x0, 0x0) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0xd, 0x1, {{0x80, 0x4, 0x6}, 0x6}}, 0x18) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = dup2(r1, r1) getsockopt$inet_int(r2, 0x0, 0x17, 0x0, &(0x7f00000001c0)) close_range(r0, r0, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000040)) close(0xffffffffffffffff) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000140)={0x600, 0x4, 0x1, 0x0, 0x2, "ef8a0061728960537fbebf0ef1379fdc8a2484", 0x80000000, 0x8}) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x4042, 0x0) pwrite64(r4, &(0x7f0000000000)='y', 0xfffffe5f, 0x8040000) 13:47:11 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x1, 0x4) close_range(r0, 0xffffffffffffffff, 0x0) 13:47:11 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open$cgroup(&(0x7f00000000c0)={0x2, 0x80, 0x47, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='clear_refs\x00') [ 63.134534] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 63.136405] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 63.138583] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 63.140759] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 63.142404] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 63.143517] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 63.147399] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 63.148799] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 63.150918] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 63.151028] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 63.153576] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 63.155135] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 63.160181] Bluetooth: hci0: HCI_REQ-0x0c1a [ 63.173489] Bluetooth: hci1: HCI_REQ-0x0c1a [ 63.193086] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 63.194538] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 63.213228] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 63.214294] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 63.216285] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 63.216352] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 63.222044] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 63.223378] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 63.225543] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 63.225881] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 63.229943] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 63.231519] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 63.234711] Bluetooth: hci2: HCI_REQ-0x0c1a [ 63.244568] Bluetooth: hci3: HCI_REQ-0x0c1a [ 63.335405] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 63.347356] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 63.353506] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 63.355154] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 63.357137] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 63.359155] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 63.360860] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 63.362948] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 63.369009] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 63.370361] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 63.374412] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 63.376030] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 63.378435] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 63.380556] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 63.394262] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 63.403746] Bluetooth: hci4: HCI_REQ-0x0c1a [ 63.404234] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 63.407086] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 63.408941] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 63.468743] Bluetooth: hci6: HCI_REQ-0x0c1a [ 63.469740] Bluetooth: hci7: HCI_REQ-0x0c1a [ 65.212514] Bluetooth: hci1: command 0x0409 tx timeout [ 65.214639] Bluetooth: hci0: command 0x0409 tx timeout [ 65.275711] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 65.275726] Bluetooth: hci3: command 0x0409 tx timeout [ 65.277990] Bluetooth: hci2: command 0x0409 tx timeout [ 65.467748] Bluetooth: hci4: command 0x0409 tx timeout [ 65.531672] Bluetooth: hci7: command 0x0409 tx timeout [ 65.532229] Bluetooth: hci6: command 0x0409 tx timeout [ 67.259671] Bluetooth: hci0: command 0x041b tx timeout [ 67.260150] Bluetooth: hci1: command 0x041b tx timeout [ 67.323727] Bluetooth: hci3: command 0x041b tx timeout [ 67.323840] Bluetooth: hci2: command 0x041b tx timeout [ 67.515671] Bluetooth: hci4: command 0x041b tx timeout [ 67.579712] Bluetooth: hci6: command 0x041b tx timeout [ 67.580207] Bluetooth: hci7: command 0x041b tx timeout [ 68.762519] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 68.764347] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 68.769193] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 68.772690] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 68.773798] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 68.775306] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 68.788679] Bluetooth: hci5: HCI_REQ-0x0c1a [ 69.308719] Bluetooth: hci1: command 0x040f tx timeout [ 69.309298] Bluetooth: hci0: command 0x040f tx timeout [ 69.371699] Bluetooth: hci2: command 0x040f tx timeout [ 69.372688] Bluetooth: hci3: command 0x040f tx timeout [ 69.563769] Bluetooth: hci4: command 0x040f tx timeout [ 69.627649] Bluetooth: hci7: command 0x040f tx timeout [ 69.627693] Bluetooth: hci6: command 0x040f tx timeout [ 70.843656] Bluetooth: hci5: command 0x0409 tx timeout [ 71.356763] Bluetooth: hci0: command 0x0419 tx timeout [ 71.357254] Bluetooth: hci1: command 0x0419 tx timeout [ 71.420703] Bluetooth: hci3: command 0x0419 tx timeout [ 71.422408] Bluetooth: hci2: command 0x0419 tx timeout [ 71.611668] Bluetooth: hci4: command 0x0419 tx timeout [ 71.675654] Bluetooth: hci6: command 0x0419 tx timeout [ 71.676084] Bluetooth: hci7: command 0x0419 tx timeout [ 72.892661] Bluetooth: hci5: command 0x041b tx timeout [ 74.940697] Bluetooth: hci5: command 0x040f tx timeout [ 76.987687] Bluetooth: hci5: command 0x0419 tx timeout [ 119.121102] audit: type=1400 audit(1663076889.200:7): avc: denied { open } for pid=3781 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 119.127723] audit: type=1400 audit(1663076889.201:8): avc: denied { kernel } for pid=3781 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 119.146908] hrtimer: interrupt took 47909 ns [ 119.149383] ------------[ cut here ]------------ [ 119.149415] [ 119.149420] ====================================================== [ 119.149426] WARNING: possible circular locking dependency detected [ 119.149435] 6.0.0-rc5-next-20220913 #1 Not tainted [ 119.149448] ------------------------------------------------------ [ 119.149453] syz-executor.5/3784 is trying to acquire lock: [ 119.149464] ffffffff853fa878 ((console_sem).lock){-...}-{2:2}, at: down_trylock+0xe/0x70 [ 119.149530] [ 119.149530] but task is already holding lock: [ 119.149535] ffff88800fae1820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 119.149587] [ 119.149587] which lock already depends on the new lock. [ 119.149587] [ 119.149595] [ 119.149595] the existing dependency chain (in reverse order) is: [ 119.149607] [ 119.149607] -> #3 (&ctx->lock){....}-{2:2}: [ 119.149632] _raw_spin_lock+0x2a/0x40 [ 119.149689] __perf_event_task_sched_out+0x53b/0x18d0 [ 119.149712] __schedule+0xedd/0x2470 [ 119.149730] preempt_schedule_common+0x45/0xc0 [ 119.149754] __cond_resched+0x17/0x30 [ 119.149772] __mutex_lock+0xa3/0x14d0 [ 119.149793] __do_sys_perf_event_open+0x1eec/0x32c0 [ 119.149820] do_syscall_64+0x3b/0x90 [ 119.149850] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 119.149883] [ 119.149883] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 119.149911] _raw_spin_lock_nested+0x30/0x40 [ 119.149942] raw_spin_rq_lock_nested+0x1e/0x30 [ 119.149965] task_fork_fair+0x63/0x4d0 [ 119.149999] sched_cgroup_fork+0x3d0/0x540 [ 119.150027] copy_process+0x3f9e/0x6df0 [ 119.150045] kernel_clone+0xe7/0x890 [ 119.150062] user_mode_thread+0xad/0xf0 [ 119.150085] rest_init+0x24/0x250 [ 119.150116] arch_call_rest_init+0xf/0x14 [ 119.150154] start_kernel+0x4c1/0x4e6 [ 119.150190] secondary_startup_64_no_verify+0xe0/0xeb [ 119.150216] [ 119.150216] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 119.150245] _raw_spin_lock_irqsave+0x39/0x60 [ 119.150276] try_to_wake_up+0xab/0x1920 [ 119.150301] up+0x75/0xb0 [ 119.150323] __up_console_sem+0x6e/0x80 [ 119.150355] console_unlock+0x46a/0x590 [ 119.150385] vt_ioctl+0x2822/0x2ca0 [ 119.150411] tty_ioctl+0x7c4/0x1700 [ 119.150431] __x64_sys_ioctl+0x19a/0x210 [ 119.150458] do_syscall_64+0x3b/0x90 [ 119.150486] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 119.150524] [ 119.150524] -> #0 ((console_sem).lock){-...}-{2:2}: [ 119.150550] __lock_acquire+0x2a02/0x5e70 [ 119.150585] lock_acquire+0x1a2/0x530 [ 119.150615] _raw_spin_lock_irqsave+0x39/0x60 [ 119.150645] down_trylock+0xe/0x70 [ 119.150670] __down_trylock_console_sem+0x3b/0xd0 [ 119.150701] vprintk_emit+0x16b/0x560 [ 119.150737] vprintk+0x84/0xa0 [ 119.150769] _printk+0xba/0xf1 [ 119.150801] report_bug.cold+0x72/0xab [ 119.150828] handle_bug+0x3c/0x70 [ 119.150855] exc_invalid_op+0x14/0x50 [ 119.150881] asm_exc_invalid_op+0x16/0x20 [ 119.150911] group_sched_out.part.0+0x2c7/0x460 [ 119.150931] ctx_sched_out+0x8f1/0xc10 [ 119.150948] __perf_event_task_sched_out+0x6d0/0x18d0 [ 119.150971] __schedule+0xedd/0x2470 [ 119.150989] preempt_schedule_common+0x45/0xc0 [ 119.151009] __cond_resched+0x17/0x30 [ 119.151027] __mutex_lock+0xa3/0x14d0 [ 119.151047] __do_sys_perf_event_open+0x1eec/0x32c0 [ 119.151071] do_syscall_64+0x3b/0x90 [ 119.151095] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 119.151127] [ 119.151127] other info that might help us debug this: [ 119.151127] [ 119.151132] Chain exists of: [ 119.151132] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 119.151132] [ 119.151160] Possible unsafe locking scenario: [ 119.151160] [ 119.151165] CPU0 CPU1 [ 119.151169] ---- ---- [ 119.151173] lock(&ctx->lock); [ 119.151183] lock(&rq->__lock); [ 119.151195] lock(&ctx->lock); [ 119.151207] lock((console_sem).lock); [ 119.151218] [ 119.151218] *** DEADLOCK *** [ 119.151218] [ 119.151221] 2 locks held by syz-executor.5/3784: [ 119.151234] #0: ffff88806cf37cd8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 119.151282] #1: ffff88800fae1820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 119.151334] [ 119.151334] stack backtrace: [ 119.151338] CPU: 1 PID: 3784 Comm: syz-executor.5 Not tainted 6.0.0-rc5-next-20220913 #1 [ 119.151362] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 119.151376] Call Trace: [ 119.151382] [ 119.151389] dump_stack_lvl+0x8b/0xb3 [ 119.151416] check_noncircular+0x263/0x2e0 [ 119.151447] ? format_decode+0x26c/0xb50 [ 119.151474] ? print_circular_bug+0x450/0x450 [ 119.151507] ? enable_ptr_key_workfn+0x20/0x20 [ 119.151538] ? __lockdep_reset_lock+0x180/0x180 [ 119.151570] ? format_decode+0x26c/0xb50 [ 119.151598] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 119.151636] __lock_acquire+0x2a02/0x5e70 [ 119.151677] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 119.151719] lock_acquire+0x1a2/0x530 [ 119.151751] ? down_trylock+0xe/0x70 [ 119.151778] ? rcu_read_unlock+0x40/0x40 [ 119.151811] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 119.151851] ? vprintk+0x84/0xa0 [ 119.151885] _raw_spin_lock_irqsave+0x39/0x60 [ 119.151914] ? down_trylock+0xe/0x70 [ 119.151944] down_trylock+0xe/0x70 [ 119.151969] ? vprintk+0x84/0xa0 [ 119.152001] __down_trylock_console_sem+0x3b/0xd0 [ 119.152038] vprintk_emit+0x16b/0x560 [ 119.152070] ? lock_downgrade+0x6d0/0x6d0 [ 119.152105] vprintk+0x84/0xa0 [ 119.152139] _printk+0xba/0xf1 [ 119.152172] ? record_print_text.cold+0x16/0x16 [ 119.152209] ? hrtimer_try_to_cancel+0x163/0x2c0 [ 119.152235] ? lock_downgrade+0x6d0/0x6d0 [ 119.152268] ? report_bug.cold+0x66/0xab [ 119.152294] ? group_sched_out.part.0+0x2c7/0x460 [ 119.152315] report_bug.cold+0x72/0xab [ 119.152343] handle_bug+0x3c/0x70 [ 119.152369] exc_invalid_op+0x14/0x50 [ 119.152396] asm_exc_invalid_op+0x16/0x20 [ 119.152428] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 119.152453] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 119.152474] RSP: 0018:ffff888018837978 EFLAGS: 00010006 [ 119.152491] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 119.152505] RDX: ffff88801d240000 RSI: ffffffff81566027 RDI: 0000000000000005 [ 119.152520] RBP: ffff88801f1c8000 R08: 0000000000000005 R09: 0000000000000001 [ 119.152534] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800fae1800 [ 119.152548] R13: ffff88806cf3d100 R14: ffffffff8547bfc0 R15: 0000000000000002 [ 119.152568] ? group_sched_out.part.0+0x2c7/0x460 [ 119.152593] ? group_sched_out.part.0+0x2c7/0x460 [ 119.152617] ctx_sched_out+0x8f1/0xc10 [ 119.152640] __perf_event_task_sched_out+0x6d0/0x18d0 [ 119.152668] ? lock_is_held_type+0xd7/0x130 [ 119.152703] ? __perf_cgroup_move+0x160/0x160 [ 119.152726] ? set_next_entity+0x304/0x550 [ 119.152760] ? update_curr+0x267/0x740 [ 119.152795] ? lock_is_held_type+0xd7/0x130 [ 119.152829] __schedule+0xedd/0x2470 [ 119.152858] ? io_schedule_timeout+0x150/0x150 [ 119.152879] ? find_held_lock+0x2c/0x110 [ 119.152910] ? lock_is_held_type+0xd7/0x130 [ 119.152947] ? __cond_resched+0x17/0x30 [ 119.152968] preempt_schedule_common+0x45/0xc0 [ 119.152992] __cond_resched+0x17/0x30 [ 119.153012] __mutex_lock+0xa3/0x14d0 [ 119.153036] ? lock_is_held_type+0xd7/0x130 [ 119.153068] ? __do_sys_perf_event_open+0x1eec/0x32c0 [ 119.153096] ? mutex_lock_io_nested+0x1310/0x1310 [ 119.153120] ? lock_release+0x3b2/0x750 [ 119.153153] ? __up_read+0x192/0x730 [ 119.153181] ? up_write+0x480/0x480 [ 119.153213] __do_sys_perf_event_open+0x1eec/0x32c0 [ 119.153248] ? perf_compat_ioctl+0x130/0x130 [ 119.153272] ? xfd_validate_state+0x59/0x180 [ 119.153315] ? syscall_enter_from_user_mode+0x1d/0x50 [ 119.153354] ? syscall_enter_from_user_mode+0x1d/0x50 [ 119.153392] do_syscall_64+0x3b/0x90 [ 119.153418] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 119.153451] RIP: 0033:0x7f1d8f0cfb19 [ 119.153467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 119.153488] RSP: 002b:00007f1d8c645188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 119.153509] RAX: ffffffffffffffda RBX: 00007f1d8f1e2f60 RCX: 00007f1d8f0cfb19 [ 119.153524] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000280 [ 119.153538] RBP: 00007f1d8f129f6d R08: 0000000000000000 R09: 0000000000000000 [ 119.153552] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 119.153566] R13: 00007ffd68dccadf R14: 00007f1d8c645300 R15: 0000000000022000 [ 119.153590] [ 119.276919] WARNING: CPU: 1 PID: 3784 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 119.278228] Modules linked in: [ 119.278696] CPU: 1 PID: 3784 Comm: syz-executor.5 Not tainted 6.0.0-rc5-next-20220913 #1 [ 119.279837] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 119.281409] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 119.282197] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 119.284735] RSP: 0018:ffff888018837978 EFLAGS: 00010006 [ 119.285496] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 119.286486] RDX: ffff88801d240000 RSI: ffffffff81566027 RDI: 0000000000000005 [ 119.287504] RBP: ffff88801f1c8000 R08: 0000000000000005 R09: 0000000000000001 [ 119.288530] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800fae1800 [ 119.289556] R13: ffff88806cf3d100 R14: ffffffff8547bfc0 R15: 0000000000000002 [ 119.290598] FS: 00007f1d8c645700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 119.291753] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.292603] CR2: 00007f557a0ff008 CR3: 000000003e7c6000 CR4: 0000000000350ee0 [ 119.293602] Call Trace: [ 119.293995] [ 119.294328] ctx_sched_out+0x8f1/0xc10 [ 119.294883] __perf_event_task_sched_out+0x6d0/0x18d0 [ 119.295606] ? lock_is_held_type+0xd7/0x130 [ 119.296231] ? __perf_cgroup_move+0x160/0x160 [ 119.296872] ? set_next_entity+0x304/0x550 [ 119.297479] ? update_curr+0x267/0x740 [ 119.298047] ? lock_is_held_type+0xd7/0x130 [ 119.298666] __schedule+0xedd/0x2470 [ 119.299220] ? io_schedule_timeout+0x150/0x150 [ 119.299891] ? find_held_lock+0x2c/0x110 [ 119.300482] ? lock_is_held_type+0xd7/0x130 [ 119.301102] ? __cond_resched+0x17/0x30 [ 119.301666] preempt_schedule_common+0x45/0xc0 [ 119.302312] __cond_resched+0x17/0x30 [ 119.302844] __mutex_lock+0xa3/0x14d0 [ 119.303385] ? lock_is_held_type+0xd7/0x130 [ 119.304026] ? __do_sys_perf_event_open+0x1eec/0x32c0 [ 119.304776] ? mutex_lock_io_nested+0x1310/0x1310 [ 119.305475] ? lock_release+0x3b2/0x750 [ 119.306084] ? __up_read+0x192/0x730 [ 119.306628] ? up_write+0x480/0x480 [ 119.307184] __do_sys_perf_event_open+0x1eec/0x32c0 [ 119.307915] ? perf_compat_ioctl+0x130/0x130 [ 119.308562] ? xfd_validate_state+0x59/0x180 [ 119.309223] ? syscall_enter_from_user_mode+0x1d/0x50 [ 119.309989] ? syscall_enter_from_user_mode+0x1d/0x50 [ 119.310757] do_syscall_64+0x3b/0x90 [ 119.311313] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 119.312073] RIP: 0033:0x7f1d8f0cfb19 [ 119.312612] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 119.315194] RSP: 002b:00007f1d8c645188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 119.316236] RAX: ffffffffffffffda RBX: 00007f1d8f1e2f60 RCX: 00007f1d8f0cfb19 [ 119.317250] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000280 [ 119.318258] RBP: 00007f1d8f129f6d R08: 0000000000000000 R09: 0000000000000000 [ 119.319275] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 119.320300] R13: 00007ffd68dccadf R14: 00007f1d8c645300 R15: 0000000000022000 [ 119.321322] [ 119.321681] irq event stamp: 1896 [ 119.322187] hardirqs last enabled at (1895): [] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 119.323537] hardirqs last disabled at (1896): [] __schedule+0x1225/0x2470 [ 119.324673] softirqs last enabled at (1886): [] __irq_exit_rcu+0x11b/0x180 [ 119.325881] softirqs last disabled at (1753): [] __irq_exit_rcu+0x11b/0x180 [ 119.327105] ---[ end trace 0000000000000000 ]--- 13:48:09 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r0, &(0x7f0000000340)=[{&(0x7f00000000c0)='\"', 0x1}], 0x1, 0x0, 0x0) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0xd, 0x1, {{0x80, 0x4, 0x6}, 0x6}}, 0x18) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = dup2(r1, r1) getsockopt$inet_int(r2, 0x0, 0x17, 0x0, &(0x7f00000001c0)) close_range(r0, r0, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000040)) close(0xffffffffffffffff) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000140)={0x600, 0x4, 0x1, 0x0, 0x2, "ef8a0061728960537fbebf0ef1379fdc8a2484", 0x80000000, 0x8}) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x4042, 0x0) pwrite64(r4, &(0x7f0000000000)='y', 0xfffffe5f, 0x8040000) 13:48:09 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x1, 0x4) close_range(r0, 0xffffffffffffffff, 0x0) 13:48:09 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt(r0, 0xff, 0x7, &(0x7f00000003c0)="ae78c9bb", 0x4) 13:48:09 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x1, 0x4) close_range(r0, 0xffffffffffffffff, 0x0) 13:48:09 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x1, 0x4) close_range(r0, 0xffffffffffffffff, 0x0) 13:48:09 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt(r0, 0xff, 0x7, &(0x7f00000003c0)="ae78c9bb", 0x4) 13:48:10 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt(r0, 0xff, 0x7, &(0x7f00000003c0)="ae78c9bb", 0x4) 13:48:10 executing program 6: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt(r0, 0xff, 0x7, &(0x7f00000003c0)="ae78c9bb", 0x4) [ 120.882723] tmpfs: Bad value for 'mpol' [ 120.889711] tmpfs: Bad value for 'mpol' [ 122.989882] loop3: detected capacity change from 0 to 264192 [ 123.010187] FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) [ 123.026292] audit: type=1400 audit(1663076893.105:9): avc: denied { write } for pid=3968 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 124.035249] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 124.037726] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 124.038721] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 124.044094] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 124.045326] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 124.046142] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 124.051793] Bluetooth: hci0: HCI_REQ-0x0c1a [ 126.075651] Bluetooth: hci0: command 0x0409 tx timeout [ 128.123659] Bluetooth: hci0: command 0x041b tx timeout VM DIAGNOSIS: 13:48:09 Registers: info registers vcpu 0 RAX=ffffffff8178821a RBX=ffffffff8135b390 RCX=0000000000000000 RDX=1ffff11003a22eb4 RSI=ffffffff8178821a RDI=ffff88801d117610 RBP=ffff88801d1175e0 RSP=ffff88801d117540 R8 =ffffffff85ed999a R9 =ffffffff85ed999e R10=ffffed1003a22eb6 R11=ffff88801d117588 R12=ffff88801d117610 R13=0000000000000000 R14=ffff88803e373580 R15=ffff888007c75000 RIP=ffffffff8135b390 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f1ea4f2f8e0 CR3=000000003e744000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 756e696c2d34365f 3638782f62696c2f YMM01=0000000000000000 0000000000000000 00362e6f732e6362 696c2f756e672d78 YMM02=0000000000000000 0000000000000000 ffff0000000000ff ffffffffffffffff YMM03=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=0000000000000066 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822b25c1 RDI=ffffffff8763fae0 RBP=ffffffff8763faa0 RSP=ffff8880188373c8 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000066 R11=0000000000000001 R12=0000000000000066 R13=ffffffff8763faa0 R14=0000000000000010 R15=ffffffff822b25b0 RIP=ffffffff822b2619 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f1d8c645700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f557a0ff008 CR3=000000003e7c6000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM02=0000000000000000 0000000000000000 00524f5252450040 0000000000000000 YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM04=0000000000000000 0000000000000000 0000000000000000 00000000000000ff YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000