syzkaller login: [ 35.354739] sshd (243) used greatest stack depth: 24624 bytes left Warning: Permanently added '[localhost]:5444' (ECDSA) to the list of known hosts. 2022/09/13 16:37:28 fuzzer started 2022/09/13 16:37:29 dialing manager at localhost:36597 [ 37.654241] cgroup: Unknown subsys name 'net' [ 37.764264] cgroup: Unknown subsys name 'rlimit' 2022/09/13 16:37:43 syscalls: 2215 2022/09/13 16:37:43 code coverage: enabled 2022/09/13 16:37:43 comparison tracing: enabled 2022/09/13 16:37:43 extra coverage: enabled 2022/09/13 16:37:43 setuid sandbox: enabled 2022/09/13 16:37:43 namespace sandbox: enabled 2022/09/13 16:37:43 Android sandbox: enabled 2022/09/13 16:37:43 fault injection: enabled 2022/09/13 16:37:43 leak checking: enabled 2022/09/13 16:37:43 net packet injection: enabled 2022/09/13 16:37:43 net device setup: enabled 2022/09/13 16:37:43 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/13 16:37:43 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/13 16:37:43 USB emulation: enabled 2022/09/13 16:37:43 hci packet injection: enabled 2022/09/13 16:37:43 wifi device emulation: failed to parse kernel version (6.0.0-rc5-next-20220913) 2022/09/13 16:37:43 802.15.4 emulation: enabled 2022/09/13 16:37:43 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/13 16:37:43 fetching corpus: 31, signal 23987/27615 (executing program) 2022/09/13 16:37:43 fetching corpus: 79, signal 45578/50494 (executing program) 2022/09/13 16:37:44 fetching corpus: 127, signal 58226/64407 (executing program) 2022/09/13 16:37:44 fetching corpus: 175, signal 62832/70395 (executing program) 2022/09/13 16:37:44 fetching corpus: 225, signal 68275/77115 (executing program) 2022/09/13 16:37:44 fetching corpus: 275, signal 74959/84900 (executing program) 2022/09/13 16:37:45 fetching corpus: 325, signal 83596/94449 (executing program) 2022/09/13 16:37:45 fetching corpus: 375, signal 87663/99587 (executing program) 2022/09/13 16:37:45 fetching corpus: 425, signal 91969/104866 (executing program) 2022/09/13 16:37:45 fetching corpus: 475, signal 96230/110056 (executing program) 2022/09/13 16:37:45 fetching corpus: 524, signal 100571/115225 (executing program) 2022/09/13 16:37:45 fetching corpus: 574, signal 103111/118727 (executing program) 2022/09/13 16:37:45 fetching corpus: 624, signal 107072/123451 (executing program) 2022/09/13 16:37:46 fetching corpus: 674, signal 110462/127635 (executing program) 2022/09/13 16:37:46 fetching corpus: 724, signal 113655/131585 (executing program) 2022/09/13 16:37:46 fetching corpus: 774, signal 117421/135982 (executing program) 2022/09/13 16:37:46 fetching corpus: 824, signal 119701/139077 (executing program) 2022/09/13 16:37:46 fetching corpus: 874, signal 122504/142445 (executing program) 2022/09/13 16:37:46 fetching corpus: 924, signal 124362/145039 (executing program) 2022/09/13 16:37:47 fetching corpus: 974, signal 127239/148495 (executing program) 2022/09/13 16:37:47 fetching corpus: 1024, signal 129083/151013 (executing program) 2022/09/13 16:37:47 fetching corpus: 1074, signal 132904/155231 (executing program) 2022/09/13 16:37:47 fetching corpus: 1124, signal 134401/157376 (executing program) 2022/09/13 16:37:47 fetching corpus: 1174, signal 136186/159786 (executing program) 2022/09/13 16:37:47 fetching corpus: 1224, signal 138302/162464 (executing program) 2022/09/13 16:37:47 fetching corpus: 1274, signal 140248/164949 (executing program) 2022/09/13 16:37:48 fetching corpus: 1324, signal 142220/167381 (executing program) 2022/09/13 16:37:48 fetching corpus: 1374, signal 144305/169905 (executing program) 2022/09/13 16:37:48 fetching corpus: 1423, signal 146099/172251 (executing program) 2022/09/13 16:37:48 fetching corpus: 1473, signal 147466/174148 (executing program) 2022/09/13 16:37:48 fetching corpus: 1523, signal 149206/176288 (executing program) 2022/09/13 16:37:48 fetching corpus: 1573, signal 150748/178307 (executing program) 2022/09/13 16:37:48 fetching corpus: 1623, signal 152450/180335 (executing program) 2022/09/13 16:37:49 fetching corpus: 1673, signal 153814/182174 (executing program) 2022/09/13 16:37:49 fetching corpus: 1722, signal 155381/184090 (executing program) 2022/09/13 16:37:49 fetching corpus: 1772, signal 156511/185695 (executing program) 2022/09/13 16:37:49 fetching corpus: 1822, signal 157309/187025 (executing program) 2022/09/13 16:37:49 fetching corpus: 1872, signal 158902/188949 (executing program) 2022/09/13 16:37:49 fetching corpus: 1922, signal 160048/190531 (executing program) 2022/09/13 16:37:50 fetching corpus: 1972, signal 162694/193068 (executing program) 2022/09/13 16:37:50 fetching corpus: 2022, signal 164323/194929 (executing program) 2022/09/13 16:37:50 fetching corpus: 2072, signal 165535/196452 (executing program) 2022/09/13 16:37:50 fetching corpus: 2122, signal 167030/198229 (executing program) 2022/09/13 16:37:50 fetching corpus: 2172, signal 168102/199597 (executing program) 2022/09/13 16:37:50 fetching corpus: 2222, signal 169473/201177 (executing program) 2022/09/13 16:37:50 fetching corpus: 2272, signal 170866/202759 (executing program) 2022/09/13 16:37:51 fetching corpus: 2322, signal 172965/204751 (executing program) 2022/09/13 16:37:51 fetching corpus: 2372, signal 173809/205925 (executing program) 2022/09/13 16:37:51 fetching corpus: 2422, signal 174765/207204 (executing program) 2022/09/13 16:37:51 fetching corpus: 2472, signal 176033/208606 (executing program) 2022/09/13 16:37:51 fetching corpus: 2522, signal 176977/209848 (executing program) 2022/09/13 16:37:51 fetching corpus: 2572, signal 178676/211458 (executing program) 2022/09/13 16:37:52 fetching corpus: 2622, signal 179961/212811 (executing program) 2022/09/13 16:37:52 fetching corpus: 2672, signal 180897/213982 (executing program) 2022/09/13 16:37:52 fetching corpus: 2722, signal 182295/215367 (executing program) 2022/09/13 16:37:52 fetching corpus: 2771, signal 183317/216550 (executing program) 2022/09/13 16:37:52 fetching corpus: 2821, signal 184930/217992 (executing program) 2022/09/13 16:37:52 fetching corpus: 2871, signal 185744/219017 (executing program) 2022/09/13 16:37:52 fetching corpus: 2921, signal 186567/219980 (executing program) 2022/09/13 16:37:53 fetching corpus: 2971, signal 187605/221115 (executing program) 2022/09/13 16:37:53 fetching corpus: 3021, signal 189334/222560 (executing program) 2022/09/13 16:37:53 fetching corpus: 3071, signal 190405/223679 (executing program) 2022/09/13 16:37:53 fetching corpus: 3121, signal 191533/224765 (executing program) 2022/09/13 16:37:53 fetching corpus: 3171, signal 192594/225813 (executing program) 2022/09/13 16:37:54 fetching corpus: 3221, signal 193701/226893 (executing program) 2022/09/13 16:37:54 fetching corpus: 3271, signal 194948/227994 (executing program) 2022/09/13 16:37:54 fetching corpus: 3321, signal 196072/229024 (executing program) 2022/09/13 16:37:54 fetching corpus: 3371, signal 197198/230023 (executing program) 2022/09/13 16:37:54 fetching corpus: 3421, signal 197987/230856 (executing program) 2022/09/13 16:37:54 fetching corpus: 3471, signal 198761/231701 (executing program) 2022/09/13 16:37:55 fetching corpus: 3521, signal 199530/232523 (executing program) 2022/09/13 16:37:55 fetching corpus: 3571, signal 200321/233342 (executing program) 2022/09/13 16:37:55 fetching corpus: 3621, signal 201657/234378 (executing program) 2022/09/13 16:37:55 fetching corpus: 3671, signal 202359/235202 (executing program) 2022/09/13 16:37:55 fetching corpus: 3721, signal 203130/235982 (executing program) 2022/09/13 16:37:55 fetching corpus: 3771, signal 203788/236621 (executing program) 2022/09/13 16:37:56 fetching corpus: 3821, signal 204488/237321 (executing program) 2022/09/13 16:37:56 fetching corpus: 3871, signal 205546/238164 (executing program) 2022/09/13 16:37:56 fetching corpus: 3921, signal 206495/238951 (executing program) 2022/09/13 16:37:56 fetching corpus: 3971, signal 207431/239685 (executing program) 2022/09/13 16:37:56 fetching corpus: 4021, signal 207989/240339 (executing program) 2022/09/13 16:37:57 fetching corpus: 4071, signal 208857/241060 (executing program) 2022/09/13 16:37:57 fetching corpus: 4120, signal 209350/241614 (executing program) 2022/09/13 16:37:57 fetching corpus: 4170, signal 210021/242211 (executing program) 2022/09/13 16:37:57 fetching corpus: 4220, signal 210818/242910 (executing program) 2022/09/13 16:37:57 fetching corpus: 4270, signal 211497/243519 (executing program) 2022/09/13 16:37:57 fetching corpus: 4320, signal 212300/244207 (executing program) 2022/09/13 16:37:58 fetching corpus: 4370, signal 213334/244899 (executing program) 2022/09/13 16:37:58 fetching corpus: 4420, signal 213831/245390 (executing program) 2022/09/13 16:37:58 fetching corpus: 4469, signal 214741/246031 (executing program) 2022/09/13 16:37:58 fetching corpus: 4519, signal 215205/246537 (executing program) 2022/09/13 16:37:58 fetching corpus: 4569, signal 216096/247136 (executing program) 2022/09/13 16:37:58 fetching corpus: 4619, signal 216898/247679 (executing program) 2022/09/13 16:37:59 fetching corpus: 4669, signal 217531/248200 (executing program) 2022/09/13 16:37:59 fetching corpus: 4719, signal 217971/248662 (executing program) 2022/09/13 16:37:59 fetching corpus: 4769, signal 218734/249299 (executing program) 2022/09/13 16:37:59 fetching corpus: 4819, signal 219727/249865 (executing program) 2022/09/13 16:37:59 fetching corpus: 4869, signal 220531/250355 (executing program) 2022/09/13 16:37:59 fetching corpus: 4918, signal 221152/250842 (executing program) 2022/09/13 16:38:00 fetching corpus: 4968, signal 221986/251310 (executing program) 2022/09/13 16:38:00 fetching corpus: 5018, signal 222685/251743 (executing program) 2022/09/13 16:38:00 fetching corpus: 5067, signal 223241/252097 (executing program) 2022/09/13 16:38:00 fetching corpus: 5117, signal 223881/252542 (executing program) 2022/09/13 16:38:00 fetching corpus: 5167, signal 224617/252961 (executing program) 2022/09/13 16:38:01 fetching corpus: 5217, signal 225547/253449 (executing program) 2022/09/13 16:38:01 fetching corpus: 5267, signal 226582/253899 (executing program) 2022/09/13 16:38:01 fetching corpus: 5317, signal 227673/254316 (executing program) 2022/09/13 16:38:01 fetching corpus: 5367, signal 228492/254663 (executing program) 2022/09/13 16:38:01 fetching corpus: 5417, signal 229022/254984 (executing program) 2022/09/13 16:38:01 fetching corpus: 5467, signal 229437/255267 (executing program) 2022/09/13 16:38:02 fetching corpus: 5517, signal 229972/255665 (executing program) 2022/09/13 16:38:02 fetching corpus: 5567, signal 230575/256075 (executing program) 2022/09/13 16:38:02 fetching corpus: 5616, signal 231057/256346 (executing program) 2022/09/13 16:38:02 fetching corpus: 5666, signal 231703/256667 (executing program) 2022/09/13 16:38:02 fetching corpus: 5716, signal 232425/256954 (executing program) 2022/09/13 16:38:02 fetching corpus: 5766, signal 232943/257205 (executing program) 2022/09/13 16:38:03 fetching corpus: 5816, signal 233550/257462 (executing program) 2022/09/13 16:38:03 fetching corpus: 5866, signal 234019/257716 (executing program) 2022/09/13 16:38:03 fetching corpus: 5916, signal 234463/257963 (executing program) 2022/09/13 16:38:03 fetching corpus: 5966, signal 235145/258196 (executing program) 2022/09/13 16:38:03 fetching corpus: 6016, signal 236436/258463 (executing program) 2022/09/13 16:38:03 fetching corpus: 6066, signal 236894/258651 (executing program) 2022/09/13 16:38:04 fetching corpus: 6116, signal 237801/258845 (executing program) 2022/09/13 16:38:04 fetching corpus: 6166, signal 238354/259006 (executing program) 2022/09/13 16:38:04 fetching corpus: 6216, signal 238903/259167 (executing program) 2022/09/13 16:38:04 fetching corpus: 6266, signal 239256/259226 (executing program) 2022/09/13 16:38:04 fetching corpus: 6316, signal 240051/259235 (executing program) 2022/09/13 16:38:04 fetching corpus: 6366, signal 240575/259237 (executing program) 2022/09/13 16:38:05 fetching corpus: 6416, signal 241333/259274 (executing program) 2022/09/13 16:38:05 fetching corpus: 6466, signal 241888/259350 (executing program) 2022/09/13 16:38:05 fetching corpus: 6516, signal 242354/259386 (executing program) 2022/09/13 16:38:05 fetching corpus: 6566, signal 242826/259387 (executing program) 2022/09/13 16:38:05 fetching corpus: 6616, signal 243356/259439 (executing program) 2022/09/13 16:38:05 fetching corpus: 6666, signal 244201/259452 (executing program) 2022/09/13 16:38:06 fetching corpus: 6716, signal 244667/259479 (executing program) 2022/09/13 16:38:06 fetching corpus: 6766, signal 245516/259490 (executing program) 2022/09/13 16:38:06 fetching corpus: 6816, signal 245948/259523 (executing program) 2022/09/13 16:38:06 fetching corpus: 6866, signal 246495/259523 (executing program) 2022/09/13 16:38:06 fetching corpus: 6916, signal 246919/259536 (executing program) 2022/09/13 16:38:06 fetching corpus: 6966, signal 247371/259539 (executing program) 2022/09/13 16:38:06 fetching corpus: 7015, signal 247845/259564 (executing program) 2022/09/13 16:38:07 fetching corpus: 7065, signal 248345/259567 (executing program) 2022/09/13 16:38:07 fetching corpus: 7115, signal 248875/259593 (executing program) 2022/09/13 16:38:07 fetching corpus: 7165, signal 249211/259597 (executing program) 2022/09/13 16:38:07 fetching corpus: 7215, signal 249480/259604 (executing program) 2022/09/13 16:38:07 fetching corpus: 7265, signal 249832/259605 (executing program) 2022/09/13 16:38:07 fetching corpus: 7297, signal 250138/259607 (executing program) 2022/09/13 16:38:07 fetching corpus: 7297, signal 250138/259607 (executing program) 2022/09/13 16:38:10 starting 8 fuzzer processes 16:38:10 executing program 0: waitid(0x0, 0x0, 0x0, 0x3a4feb4c51a9aecb, 0x0) 16:38:10 executing program 3: mknod(&(0x7f0000008d80)='./file0\x00', 0x0, 0x0) mount$9p_unix(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)) 16:38:10 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, 0x0, 0x0) 16:38:10 executing program 2: futex(0x0, 0xc, 0x0, &(0x7f00000001c0)={0x77359400}, &(0x7f0000000200), 0x0) [ 78.667011] audit: type=1400 audit(1663087090.236:6): avc: denied { execmem } for pid=283 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 16:38:10 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$setown(r0, 0x8, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000000)={'\x00', 0x0, 0x1, 0xd6c2}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000040)=0x80) ioctl$BLKTRACETEARDOWN(r2, 0x1276, 0x0) ioctl$SCSI_IOCTL_DOORLOCK(r1, 0x5380) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000340)={'\x00', 0x80, 0x3f, 0x7fffffff, 0x0, 0x2}) 16:38:10 executing program 5: r0 = getpid() tgkill(r0, r0, 0x0) 16:38:10 executing program 6: syz_io_uring_setup(0x284d, &(0x7f0000000140)={0x0, 0x0, 0x2000}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) 16:38:10 executing program 7: syz_genetlink_get_family_id$devlink(&(0x7f0000008900), 0xffffffffffffffff) syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff) [ 79.953962] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 79.955296] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 79.956239] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 79.958085] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 79.959211] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 79.960189] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 79.964202] Bluetooth: hci0: HCI_REQ-0x0c1a [ 80.006494] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 80.012558] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 80.015151] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 80.031307] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 80.035103] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 80.037401] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 80.042652] Bluetooth: hci1: HCI_REQ-0x0c1a [ 80.073722] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 80.078750] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 80.081897] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 80.086307] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 80.090027] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 80.093116] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 80.101770] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 80.141163] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 80.142895] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 80.143898] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 80.144812] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 80.145716] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 80.152373] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 80.154694] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 80.165868] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 80.186381] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 80.190164] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 80.192672] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 80.193852] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 80.194454] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 80.195209] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 80.204032] Bluetooth: hci4: HCI_REQ-0x0c1a [ 80.204881] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 80.225210] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 80.227422] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 80.251248] Bluetooth: hci2: HCI_REQ-0x0c1a [ 80.254314] Bluetooth: hci5: HCI_REQ-0x0c1a [ 80.315214] Bluetooth: hci3: HCI_REQ-0x0c1a [ 80.331543] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 80.372611] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 80.382012] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 80.395238] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 80.403490] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 80.409417] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 80.435709] Bluetooth: hci7: HCI_REQ-0x0c1a [ 81.972496] Bluetooth: hci0: command 0x0409 tx timeout [ 82.103975] Bluetooth: hci1: command 0x0409 tx timeout [ 82.164540] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 82.227990] Bluetooth: hci4: command 0x0409 tx timeout [ 82.292057] Bluetooth: hci5: command 0x0409 tx timeout [ 82.292651] Bluetooth: hci2: command 0x0409 tx timeout [ 82.356178] Bluetooth: hci3: command 0x0409 tx timeout [ 82.484267] Bluetooth: hci7: command 0x0409 tx timeout [ 84.020293] Bluetooth: hci0: command 0x041b tx timeout [ 84.148044] Bluetooth: hci1: command 0x041b tx timeout [ 84.276037] Bluetooth: hci4: command 0x041b tx timeout [ 84.341038] Bluetooth: hci2: command 0x041b tx timeout [ 84.341852] Bluetooth: hci5: command 0x041b tx timeout [ 84.406053] Bluetooth: hci3: command 0x041b tx timeout [ 84.531982] Bluetooth: hci7: command 0x041b tx timeout [ 86.068975] Bluetooth: hci0: command 0x040f tx timeout [ 86.196983] Bluetooth: hci1: command 0x040f tx timeout [ 86.324028] Bluetooth: hci4: command 0x040f tx timeout [ 86.389047] Bluetooth: hci5: command 0x040f tx timeout [ 86.389693] Bluetooth: hci2: command 0x040f tx timeout [ 86.453010] Bluetooth: hci3: command 0x040f tx timeout [ 86.580010] Bluetooth: hci7: command 0x040f tx timeout [ 87.605016] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 88.116993] Bluetooth: hci0: command 0x0419 tx timeout [ 88.245033] Bluetooth: hci1: command 0x0419 tx timeout [ 88.372305] Bluetooth: hci4: command 0x0419 tx timeout [ 88.436073] Bluetooth: hci2: command 0x0419 tx timeout [ 88.436669] Bluetooth: hci5: command 0x0419 tx timeout [ 88.501140] Bluetooth: hci3: command 0x0419 tx timeout [ 88.628114] Bluetooth: hci7: command 0x0419 tx timeout [ 92.596071] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 95.516948] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 95.523332] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 95.524531] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 95.549268] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 95.558722] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 95.561271] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 95.565411] Bluetooth: hci6: HCI_REQ-0x0c1a [ 97.589039] Bluetooth: hci6: command 0x0409 tx timeout [ 99.637055] Bluetooth: hci6: command 0x041b tx timeout [ 101.684008] Bluetooth: hci6: command 0x040f tx timeout [ 103.732004] Bluetooth: hci6: command 0x0419 tx timeout [ 139.342729] syz-executor.0 (293) used greatest stack depth: 24192 bytes left [ 142.039349] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 142.042860] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 142.045451] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 142.049384] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 142.052898] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 142.054584] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 142.057779] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 142.060852] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 142.065294] Bluetooth: hci2: HCI_REQ-0x0c1a [ 142.068155] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 142.084904] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 142.086781] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 142.089855] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 142.094099] Bluetooth: hci3: HCI_REQ-0x0c1a [ 143.732016] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 144.052047] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 144.052319] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 144.053239] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 144.053739] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 144.116048] Bluetooth: hci3: command 0x0409 tx timeout [ 144.116084] Bluetooth: hci2: command 0x0409 tx timeout 16:39:16 executing program 6: r0 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8953, &(0x7f0000000000)={'wlan1\x00'}) [ 145.004473] syz-executor.6 uses obsolete (PF_INET,SOCK_PACKET) 16:39:16 executing program 6: r0 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8953, &(0x7f0000000000)={'wlan1\x00'}) 16:39:16 executing program 6: r0 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8953, &(0x7f0000000000)={'wlan1\x00'}) 16:39:16 executing program 6: r0 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8953, &(0x7f0000000000)={'wlan1\x00'}) 16:39:16 executing program 6: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000080)={@multicast2, @dev}, 0xc) setsockopt$inet_mreqn(r0, 0x0, 0x25, &(0x7f00000003c0)={@multicast1, @local}, 0xc) 16:39:16 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f00000001c0)=ANY=[@ANYBLOB="0100ff", @ANYRES32, @ANYRES32]) ioctl$BTRFS_IOC_INO_LOOKUP(0xffffffffffffffff, 0xd0009412, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000480), 0x1}, 0x4e30b}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='map_files\x00') fstat(0xffffffffffffffff, &(0x7f0000000a40)) stat(&(0x7f0000000180)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000940)={'trans=unix,', {[{@cache_fscache}, {@access_client}, {@access_any}, {@version_u}, {@privport}, {@dfltgid={'dfltgid', 0x3d, r1}}], [{@fscontext={'fscontext', 0x3d, 'system_u'}}, {@obj_user={'obj_user', 0x3d, 'environ\x00'}}, {@subj_role={'subj_role', 0x3d, 'environ\x00'}}, {@obj_role={'obj_role', 0x3d, '\'%}'}}]}}) getdents(r0, &(0x7f0000000000)=""/94, 0x20000018) fstat(0xffffffffffffffff, &(0x7f0000000400)) [ 145.294888] audit: type=1400 audit(1663087156.864:7): avc: denied { open } for pid=3751 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 145.296417] audit: type=1400 audit(1663087156.864:8): avc: denied { kernel } for pid=3751 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 145.308484] ------------[ cut here ]------------ [ 145.308503] [ 145.308506] ====================================================== [ 145.308509] WARNING: possible circular locking dependency detected [ 145.308513] 6.0.0-rc5-next-20220913 #1 Not tainted [ 145.308519] ------------------------------------------------------ [ 145.308523] syz-executor.6/3752 is trying to acquire lock: [ 145.308529] ffffffff853fa878 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 145.308566] [ 145.308566] but task is already holding lock: [ 145.308569] ffff8880087cc020 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 145.308597] [ 145.308597] which lock already depends on the new lock. [ 145.308597] [ 145.308600] [ 145.308600] the existing dependency chain (in reverse order) is: [ 145.308603] [ 145.308603] -> #3 (&ctx->lock){....}-{2:2}: [ 145.308623] _raw_spin_lock+0x2a/0x40 [ 145.308640] __perf_event_task_sched_out+0x53b/0x18d0 [ 145.308652] __schedule+0xedd/0x2470 [ 145.308662] schedule+0xda/0x1b0 [ 145.308672] futex_wait_queue+0xf5/0x1e0 [ 145.308684] futex_wait+0x28e/0x690 [ 145.308693] do_futex+0x2ff/0x380 [ 145.308703] __x64_sys_futex+0x1c6/0x4d0 [ 145.308713] do_syscall_64+0x3b/0x90 [ 145.308727] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 145.308744] [ 145.308744] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 145.308758] _raw_spin_lock_nested+0x30/0x40 [ 145.308772] raw_spin_rq_lock_nested+0x1e/0x30 [ 145.308785] task_fork_fair+0x63/0x4d0 [ 145.308801] sched_cgroup_fork+0x3d0/0x540 [ 145.308815] copy_process+0x3f9e/0x6df0 [ 145.308826] kernel_clone+0xe7/0x890 [ 145.308835] user_mode_thread+0xad/0xf0 [ 145.308845] rest_init+0x24/0x250 [ 145.308861] arch_call_rest_init+0xf/0x14 [ 145.308881] start_kernel+0x4c1/0x4e6 [ 145.308897] secondary_startup_64_no_verify+0xe0/0xeb [ 145.308914] [ 145.308914] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 145.308927] _raw_spin_lock_irqsave+0x39/0x60 [ 145.308942] try_to_wake_up+0xab/0x1920 [ 145.308954] up+0x75/0xb0 [ 145.308965] __up_console_sem+0x6e/0x80 [ 145.308981] console_unlock+0x46a/0x590 [ 145.308996] vprintk_emit+0x1bd/0x560 [ 145.309012] vprintk+0x84/0xa0 [ 145.309028] _printk+0xba/0xf1 [ 145.309045] kauditd_hold_skb.cold+0x3f/0x4e [ 145.309059] kauditd_send_queue+0x233/0x290 [ 145.309073] kauditd_thread+0x5da/0x9a0 [ 145.309087] kthread+0x2ed/0x3a0 [ 145.309101] ret_from_fork+0x22/0x30 [ 145.309114] [ 145.309114] -> #0 ((console_sem).lock){....}-{2:2}: [ 145.309128] __lock_acquire+0x2a02/0x5e70 [ 145.309144] lock_acquire+0x1a2/0x530 [ 145.309159] _raw_spin_lock_irqsave+0x39/0x60 [ 145.309174] down_trylock+0xe/0x70 [ 145.309186] __down_trylock_console_sem+0x3b/0xd0 [ 145.309201] vprintk_emit+0x16b/0x560 [ 145.309217] vprintk+0x84/0xa0 [ 145.309232] _printk+0xba/0xf1 [ 145.309248] report_bug.cold+0x72/0xab [ 145.309260] handle_bug+0x3c/0x70 [ 145.309272] exc_invalid_op+0x14/0x50 [ 145.309284] asm_exc_invalid_op+0x16/0x20 [ 145.309300] group_sched_out.part.0+0x2c7/0x460 [ 145.309311] ctx_sched_out+0x8f1/0xc10 [ 145.309320] __perf_event_task_sched_out+0x6d0/0x18d0 [ 145.309332] __schedule+0xedd/0x2470 [ 145.309341] schedule+0xda/0x1b0 [ 145.309351] futex_wait_queue+0xf5/0x1e0 [ 145.309361] futex_wait+0x28e/0x690 [ 145.309370] do_futex+0x2ff/0x380 [ 145.309379] __x64_sys_futex+0x1c6/0x4d0 [ 145.309389] do_syscall_64+0x3b/0x90 [ 145.309401] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 145.309417] [ 145.309417] other info that might help us debug this: [ 145.309417] [ 145.309420] Chain exists of: [ 145.309420] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 145.309420] [ 145.309435] Possible unsafe locking scenario: [ 145.309435] [ 145.309438] CPU0 CPU1 [ 145.309441] ---- ---- [ 145.309443] lock(&ctx->lock); [ 145.309449] lock(&rq->__lock); [ 145.309455] lock(&ctx->lock); [ 145.309461] lock((console_sem).lock); [ 145.309467] [ 145.309467] *** DEADLOCK *** [ 145.309467] [ 145.309469] 2 locks held by syz-executor.6/3752: [ 145.309476] #0: ffff88806cf37cd8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 145.309501] #1: ffff8880087cc020 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 145.309529] [ 145.309529] stack backtrace: [ 145.309532] CPU: 1 PID: 3752 Comm: syz-executor.6 Not tainted 6.0.0-rc5-next-20220913 #1 [ 145.309544] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 145.309552] Call Trace: [ 145.309555] [ 145.309559] dump_stack_lvl+0x8b/0xb3 [ 145.309573] check_noncircular+0x263/0x2e0 [ 145.309589] ? format_decode+0x26c/0xb50 [ 145.309604] ? print_circular_bug+0x450/0x450 [ 145.309621] ? enable_ptr_key_workfn+0x20/0x20 [ 145.309636] ? format_decode+0x26c/0xb50 [ 145.309649] ? memcpy+0x39/0x60 [ 145.309669] ? vsnprintf+0x4ba/0x1600 [ 145.309685] __lock_acquire+0x2a02/0x5e70 [ 145.309706] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 145.309728] lock_acquire+0x1a2/0x530 [ 145.309744] ? down_trylock+0xe/0x70 [ 145.309758] ? rcu_read_unlock+0x40/0x40 [ 145.309779] ? vprintk+0x84/0xa0 [ 145.309796] _raw_spin_lock_irqsave+0x39/0x60 [ 145.309811] ? down_trylock+0xe/0x70 [ 145.309824] down_trylock+0xe/0x70 [ 145.309837] ? vprintk+0x84/0xa0 [ 145.309854] __down_trylock_console_sem+0x3b/0xd0 [ 145.309871] vprintk_emit+0x16b/0x560 [ 145.309889] vprintk+0x84/0xa0 [ 145.309906] _printk+0xba/0xf1 [ 145.309923] ? record_print_text.cold+0x16/0x16 [ 145.309944] ? report_bug.cold+0x66/0xab [ 145.309958] ? group_sched_out.part.0+0x2c7/0x460 [ 145.309969] report_bug.cold+0x72/0xab [ 145.309983] handle_bug+0x3c/0x70 [ 145.309997] exc_invalid_op+0x14/0x50 [ 145.310011] asm_exc_invalid_op+0x16/0x20 [ 145.310027] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 145.310041] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 145.310052] RSP: 0018:ffff88803db8f8f8 EFLAGS: 00010006 [ 145.310061] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 145.310069] RDX: ffff88801731b580 RSI: ffffffff81566027 RDI: 0000000000000005 [ 145.310077] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001 [ 145.310084] R10: 0000000000000000 R11: ffffffff865aa05b R12: ffff8880087cc000 [ 145.310092] R13: ffff88806cf3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 145.310103] ? group_sched_out.part.0+0x2c7/0x460 [ 145.310116] ? group_sched_out.part.0+0x2c7/0x460 [ 145.310129] ctx_sched_out+0x8f1/0xc10 [ 145.310141] __perf_event_task_sched_out+0x6d0/0x18d0 [ 145.310156] ? lock_is_held_type+0xd7/0x130 [ 145.310174] ? __perf_cgroup_move+0x160/0x160 [ 145.310186] ? set_next_entity+0x304/0x550 [ 145.310205] ? lock_is_held_type+0xd7/0x130 [ 145.310223] __schedule+0xedd/0x2470 [ 145.310236] ? io_schedule_timeout+0x150/0x150 [ 145.310247] ? futex_wait_setup+0x166/0x230 [ 145.310261] schedule+0xda/0x1b0 [ 145.310272] futex_wait_queue+0xf5/0x1e0 [ 145.310284] futex_wait+0x28e/0x690 [ 145.310296] ? futex_wait_setup+0x230/0x230 [ 145.310309] ? wake_up_q+0x8b/0xf0 [ 145.310322] ? do_raw_spin_unlock+0x4f/0x220 [ 145.310341] ? futex_wake+0x158/0x490 [ 145.310357] ? fd_install+0x1f9/0x640 [ 145.310373] do_futex+0x2ff/0x380 [ 145.310384] ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0 [ 145.310400] __x64_sys_futex+0x1c6/0x4d0 [ 145.310412] ? __x64_sys_futex_time32+0x480/0x480 [ 145.310424] ? syscall_enter_from_user_mode+0x1d/0x50 [ 145.310442] ? syscall_enter_from_user_mode+0x1d/0x50 [ 145.310462] do_syscall_64+0x3b/0x90 [ 145.310475] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 145.310492] RIP: 0033:0x7f10fb76eb19 [ 145.310501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 145.310512] RSP: 002b:00007f10f8ce4218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 145.310523] RAX: ffffffffffffffda RBX: 00007f10fb881f68 RCX: 00007f10fb76eb19 [ 145.310531] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f10fb881f68 [ 145.310538] RBP: 00007f10fb881f60 R08: 0000000000000000 R09: 0000000000000000 [ 145.310545] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f10fb881f6c [ 145.310553] R13: 00007ffca91be8ef R14: 00007f10f8ce4300 R15: 0000000000022000 [ 145.310566] [ 145.373577] WARNING: CPU: 1 PID: 3752 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 145.374266] Modules linked in: [ 145.374508] CPU: 1 PID: 3752 Comm: syz-executor.6 Not tainted 6.0.0-rc5-next-20220913 #1 [ 145.375106] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 145.375938] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 145.376343] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 145.377694] RSP: 0018:ffff88803db8f8f8 EFLAGS: 00010006 [ 145.378098] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 145.378637] RDX: ffff88801731b580 RSI: ffffffff81566027 RDI: 0000000000000005 [ 145.379169] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001 [ 145.379701] R10: 0000000000000000 R11: ffffffff865aa05b R12: ffff8880087cc000 [ 145.380235] R13: ffff88806cf3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 145.380794] FS: 00007f10f8ce4700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 145.381389] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 145.381831] CR2: 00007efcb5d8d1f0 CR3: 000000000f2ce000 CR4: 0000000000350ee0 [ 145.382366] Call Trace: [ 145.382564] [ 145.382744] ctx_sched_out+0x8f1/0xc10 [ 145.383040] __perf_event_task_sched_out+0x6d0/0x18d0 [ 145.383430] ? lock_is_held_type+0xd7/0x130 [ 145.383763] ? __perf_cgroup_move+0x160/0x160 [ 145.384102] ? set_next_entity+0x304/0x550 [ 145.384431] ? lock_is_held_type+0xd7/0x130 [ 145.384766] __schedule+0xedd/0x2470 [ 145.385053] ? io_schedule_timeout+0x150/0x150 [ 145.385400] ? futex_wait_setup+0x166/0x230 [ 145.385725] schedule+0xda/0x1b0 [ 145.385987] futex_wait_queue+0xf5/0x1e0 [ 145.386290] futex_wait+0x28e/0x690 [ 145.386571] ? futex_wait_setup+0x230/0x230 [ 145.386896] ? wake_up_q+0x8b/0xf0 [ 145.387172] ? do_raw_spin_unlock+0x4f/0x220 [ 145.387517] ? futex_wake+0x158/0x490 [ 145.387811] ? fd_install+0x1f9/0x640 [ 145.388113] do_futex+0x2ff/0x380 [ 145.388382] ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0 [ 145.388838] __x64_sys_futex+0x1c6/0x4d0 [ 145.389144] ? __x64_sys_futex_time32+0x480/0x480 [ 145.389508] ? syscall_enter_from_user_mode+0x1d/0x50 [ 145.389899] ? syscall_enter_from_user_mode+0x1d/0x50 [ 145.390291] do_syscall_64+0x3b/0x90 [ 145.390588] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 145.390988] RIP: 0033:0x7f10fb76eb19 [ 145.391273] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 145.392627] RSP: 002b:00007f10f8ce4218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 145.393197] RAX: ffffffffffffffda RBX: 00007f10fb881f68 RCX: 00007f10fb76eb19 [ 145.393735] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f10fb881f68 [ 145.394266] RBP: 00007f10fb881f60 R08: 0000000000000000 R09: 0000000000000000 [ 145.394796] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f10fb881f6c [ 145.395326] R13: 00007ffca91be8ef R14: 00007f10f8ce4300 R15: 0000000000022000 [ 145.395858] [ 145.396035] irq event stamp: 764 [ 145.396291] hardirqs last enabled at (763): [] syscall_enter_from_user_mode+0x1d/0x50 [ 145.397007] hardirqs last disabled at (764): [] __schedule+0x1225/0x2470 [ 145.397621] softirqs last enabled at (550): [] __irq_exit_rcu+0x11b/0x180 [ 145.398261] softirqs last disabled at (515): [] __irq_exit_rcu+0x11b/0x180 [ 145.398892] ---[ end trace 0000000000000000 ]--- 16:39:17 executing program 6: syz_mount_image$ext4(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000100)='.\x00', 0x808) setxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0\x00', &(0x7f0000000140), 0x0, 0x0, 0x0) 16:39:17 executing program 6: io_setup(0xd57, &(0x7f0000000100)) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x49, &(0x7f0000000200)={0x77359400}, 0x10) [ 146.169520] Bluetooth: hci2: command 0x041b tx timeout [ 146.170122] Bluetooth: hci3: command 0x041b tx timeout [ 148.211943] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 148.211972] Bluetooth: hci3: command 0x040f tx timeout [ 148.212990] Bluetooth: hci2: command 0x040f tx timeout [ 148.659967] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 148.851941] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 148.851945] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 148.852009] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 150.259949] Bluetooth: hci2: command 0x0419 tx timeout [ 150.260394] Bluetooth: hci3: command 0x0419 tx timeout [ 151.097560] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 151.099591] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 151.100692] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 151.102853] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 151.104470] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 151.105491] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 151.108179] Bluetooth: hci4: HCI_REQ-0x0c1a [ 152.436067] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 152.947937] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 153.139959] Bluetooth: hci4: command 0x0409 tx timeout [ 153.267949] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 153.268586] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 154.601280] 9pnet_fd: p9_fd_create_unix (4633): problem connecting socket: ./file0: -111 [ 155.187992] Bluetooth: hci4: command 0x041b tx timeout [ 155.258042] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 155.258726] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 155.259901] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 155.260999] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 155.261766] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 155.262382] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 155.268106] Bluetooth: hci1: HCI_REQ-0x0c1a VM DIAGNOSIS: 16:39:17 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=ffff88806cf3d420 RCX=0000000000000000 RDX=ffff88803ee99ac0 RSI=ffffffff813bccdb RDI=0000000000000005 RBP=0000000000000003 RSP=ffff88803209f960 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=ffffed100d9e7a85 R13=ffff88806cf3d428 R14=0000000000000001 R15=dffffc0000000000 RIP=ffffffff813bccdd RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555555ca1400 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f10fb87dc5c CR3=000000000f2ce000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007f10fb8557c0 00007f10fb8557c8 YMM02=0000000000000000 0000000000000000 00007f10fb8557e0 00007f10fb8557c0 YMM03=0000000000000000 0000000000000000 00007f10fb8557c8 00007f10fb8557c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=0000000000000065 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822b25c1 RDI=ffffffff8763fae0 RBP=ffffffff8763faa0 RSP=ffff88803db8f348 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000065 R11=0000000000000001 R12=0000000000000065 R13=ffffffff8763faa0 R14=0000000000000010 R15=ffffffff822b25b0 RIP=ffffffff822b2619 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f10f8ce4700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007efcb5d8d1f0 CR3=000000000f2ce000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007f10fb8557c0 00007f10fb8557c8 YMM02=0000000000000000 0000000000000000 00007f10fb8557e0 00007f10fb8557c0 YMM03=0000000000000000 0000000000000000 00007f10fb8557c8 00007f10fb8557c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000