Warning: Permanently added '[localhost]:49875' (ECDSA) to the list of known hosts. 2022/09/12 13:49:13 fuzzer started 2022/09/12 13:49:14 dialing manager at localhost:38027 syzkaller login: [ 44.735563] cgroup: Unknown subsys name 'net' [ 44.798008] cgroup: Unknown subsys name 'rlimit' 2022/09/12 13:49:27 syscalls: 2215 2022/09/12 13:49:27 code coverage: enabled 2022/09/12 13:49:27 comparison tracing: enabled 2022/09/12 13:49:27 extra coverage: enabled 2022/09/12 13:49:27 setuid sandbox: enabled 2022/09/12 13:49:27 namespace sandbox: enabled 2022/09/12 13:49:27 Android sandbox: enabled 2022/09/12 13:49:27 fault injection: enabled 2022/09/12 13:49:27 leak checking: enabled 2022/09/12 13:49:27 net packet injection: enabled 2022/09/12 13:49:27 net device setup: enabled 2022/09/12 13:49:27 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/12 13:49:27 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/12 13:49:27 USB emulation: enabled 2022/09/12 13:49:27 hci packet injection: enabled 2022/09/12 13:49:27 wifi device emulation: failed to parse kernel version (6.0.0-rc5-next-20220912) 2022/09/12 13:49:27 802.15.4 emulation: enabled 2022/09/12 13:49:27 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/12 13:49:27 fetching corpus: 50, signal 27573/30905 (executing program) 2022/09/12 13:49:28 fetching corpus: 100, signal 48231/52432 (executing program) 2022/09/12 13:49:28 fetching corpus: 150, signal 57461/62526 (executing program) 2022/09/12 13:49:28 fetching corpus: 200, signal 62557/68593 (executing program) 2022/09/12 13:49:28 fetching corpus: 250, signal 70490/77110 (executing program) 2022/09/12 13:49:28 fetching corpus: 300, signal 76670/83787 (executing program) 2022/09/12 13:49:29 fetching corpus: 350, signal 80780/88528 (executing program) 2022/09/12 13:49:29 fetching corpus: 400, signal 85408/93585 (executing program) 2022/09/12 13:49:29 fetching corpus: 450, signal 88522/97169 (executing program) 2022/09/12 13:49:29 fetching corpus: 500, signal 93068/101902 (executing program) 2022/09/12 13:49:29 fetching corpus: 550, signal 96375/105496 (executing program) 2022/09/12 13:49:29 fetching corpus: 600, signal 99739/109070 (executing program) 2022/09/12 13:49:30 fetching corpus: 650, signal 102384/111944 (executing program) 2022/09/12 13:49:30 fetching corpus: 700, signal 105252/114964 (executing program) 2022/09/12 13:49:30 fetching corpus: 750, signal 108339/118086 (executing program) 2022/09/12 13:49:30 fetching corpus: 800, signal 111309/120980 (executing program) 2022/09/12 13:49:30 fetching corpus: 850, signal 114115/123748 (executing program) 2022/09/12 13:49:30 fetching corpus: 900, signal 117005/126552 (executing program) 2022/09/12 13:49:31 fetching corpus: 950, signal 119236/128730 (executing program) 2022/09/12 13:49:31 fetching corpus: 1000, signal 120547/130230 (executing program) 2022/09/12 13:49:31 fetching corpus: 1050, signal 123037/132561 (executing program) 2022/09/12 13:49:31 fetching corpus: 1100, signal 125032/134469 (executing program) 2022/09/12 13:49:31 fetching corpus: 1150, signal 127504/136592 (executing program) 2022/09/12 13:49:32 fetching corpus: 1200, signal 129164/138168 (executing program) 2022/09/12 13:49:32 fetching corpus: 1250, signal 130459/139435 (executing program) 2022/09/12 13:49:32 fetching corpus: 1300, signal 132200/140901 (executing program) 2022/09/12 13:49:32 fetching corpus: 1350, signal 134039/142440 (executing program) 2022/09/12 13:49:32 fetching corpus: 1400, signal 136148/144054 (executing program) 2022/09/12 13:49:32 fetching corpus: 1450, signal 137628/145293 (executing program) 2022/09/12 13:49:32 fetching corpus: 1500, signal 139474/146755 (executing program) 2022/09/12 13:49:33 fetching corpus: 1550, signal 141540/148165 (executing program) 2022/09/12 13:49:33 fetching corpus: 1600, signal 143400/149524 (executing program) 2022/09/12 13:49:33 fetching corpus: 1650, signal 145325/150797 (executing program) 2022/09/12 13:49:33 fetching corpus: 1700, signal 146889/151812 (executing program) 2022/09/12 13:49:33 fetching corpus: 1750, signal 148103/152612 (executing program) 2022/09/12 13:49:34 fetching corpus: 1800, signal 150028/153790 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/154411 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/154492 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/154602 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/154684 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/154774 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/154872 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/154951 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/155064 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/155157 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/155255 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/155332 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/155435 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/155523 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/155615 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/155703 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/155776 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/155865 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/155964 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/156064 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/156163 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/156234 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/156322 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/156412 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/156508 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/156609 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/156686 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/156771 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/156861 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/156955 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/157037 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/157111 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/157192 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/157277 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/157363 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/157455 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/157540 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/157634 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/157730 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/157814 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/157883 (executing program) 2022/09/12 13:49:34 fetching corpus: 1849, signal 150940/157883 (executing program) 2022/09/12 13:49:37 starting 8 fuzzer processes 13:49:37 executing program 1: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000040)=[{&(0x7f0000010000)="601c6d6b646f736689254300080120000400004000f8", 0x16}, {0x0, 0x0, 0x10000}], 0x0, &(0x7f0000000040)=ANY=[]) 13:49:37 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x1b, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sysinfo(&(0x7f0000000040)=""/28) 13:49:37 executing program 2: r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$selinux_attr(r0, 0x0, 0xffffff7f) 13:49:37 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x7}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x8}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x0, 0xfffffffffffffffe, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) syz_io_uring_setup(0x227d, &(0x7f0000000140)={0x0, 0x1240, 0x8, 0x2, 0xc1}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000340), &(0x7f0000000200)) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000540)={0x0, 0x0}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0) perf_event_open(&(0x7f00000005c0)={0x2, 0x80, 0x1, 0x3, 0x5, 0x3, 0x0, 0x100000000, 0x280, 0x3, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000001c0)}, 0x54228, 0x8, 0x1, 0x7, 0x101, 0x50, 0x20, 0x0, 0x42db, 0x0, 0x2}, r1, 0x10, 0xffffffffffffffff, 0x2) mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x242880, &(0x7f0000000880)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c7766646e6f3d5947a3c8fb8ffc894704de875f3df272f3e42bf7b9cdca17effcc2ac127905005d0a9b0e2c3e8cd342c9d8db67b101007ea248d1c92f230525b832ac19dcdf362084ef4d4d0cba67450165d1d371419f159483bd9f0f4887bc636aeb8dda5b9af4614827d17bdaa44b5d356046c5d4e1c3e38d795035511f853e945a026d89242f97dfd61048b3c737de6e033947e665640ee43fb9824538bb7a3c9ed7b5747cc23012c0aaa2278ec0c0f1081fe40a7e04bfa253a582a0ce211705c5bb4ae7efb872fba018230e429446c07f698eded53056471dc7226006015bc670db43179aea66433d03b258ba83", @ANYRESHEX, @ANYBLOB="2c63616368653d667363616368652c766572323030302e752c706e6f6461766d61702c6c6f6f73652c006f73697861636c2c6163636573733d3c03e85b9e6c319178d33cefea8e7d1322f213dcde300884f6", @ANYRESDEC, @ANYBLOB="2c6163636573733d616e792c63616368653d6e6f6e652c7375626a5f726f6c653d2c73d661636b6673726f6f743d2c66736e616d653d5c2c736d3f636b66736861743d2c285e5c29075e2c686173682c736d61636b6673666c6f6f723d5e23222c66756e633d4649524d574152455f434845434b2c00"]) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000000, 0x810, r0, 0x0) clock_gettime(0x0, &(0x7f00000004c0)) r2 = syz_io_uring_setup(0x3e5b, &(0x7f0000000100), &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) syz_io_uring_setup(0x1978, &(0x7f0000000400)={0x0, 0x9819, 0x4, 0x1, 0xe7, 0x0, r2}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000000500), &(0x7f0000000540)) syz_io_uring_setup(0x74aa, &(0x7f0000000000)={0x0, 0x1196, 0x0, 0x0, 0x175, 0x0, r2}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0) 13:49:37 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0) pwritev(r0, &(0x7f0000000240)=[{&(0x7f0000000200)="e6", 0x1}], 0x1, 0x7fefffa, 0x0) getpgrp(0x0) eventfd2(0x0, 0x0) close(0xffffffffffffffff) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r1, 0xc020662a, &(0x7f0000000340)={0x0, 0x3}) 13:49:37 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x101042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000040)={{{@in=@multicast2, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2}}, {{@in=@private}, 0x8, @in=@dev, 0x0, 0x4}}, 0xe8) ioctl$BTRFS_IOC_SYNC(r1, 0x9408, 0x0) write(r0, &(0x7f0000000080)="01", 0x20000081) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f0000000180), 0x408000, 0x0) r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1a}, 0x803}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x50, r2, 0x3) ioctl$FS_IOC_GETFLAGS(r2, 0x80086601, &(0x7f0000000180)) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0) pwritev(r3, &(0x7f0000000240)=[{&(0x7f0000000140)="cf", 0x1}], 0x1, 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0) ioctl$BTRFS_IOC_INO_LOOKUP(r3, 0xd0009412, &(0x7f0000000340)={0x0, 0x1a}) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) rename(&(0x7f0000000480)='./file1\x00', &(0x7f00000004c0)='./file0\x00') 13:49:37 executing program 6: io_pgetevents(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 13:49:37 executing program 7: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$VT_DISALLOCATE(r0, 0x4b41) [ 68.254089] audit: type=1400 audit(1662990577.769:6): avc: denied { execmem } for pid=288 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 69.614481] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 69.616521] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 69.617992] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 69.618241] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 69.621737] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 69.623034] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 69.624504] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 69.625849] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 69.627827] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 69.630756] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 69.631148] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 69.633716] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 69.635576] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 69.636223] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 69.656538] Bluetooth: hci1: HCI_REQ-0x0c1a [ 69.668585] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 69.670961] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 69.673345] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 69.675257] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 69.676715] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 69.677742] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 69.679015] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 69.680102] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 69.687793] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 69.689043] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 69.690758] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 69.693060] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 69.696073] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 69.697320] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 69.698532] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 69.700103] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 69.700715] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 69.702983] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 69.704636] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 69.706731] Bluetooth: hci0: HCI_REQ-0x0c1a [ 69.706896] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 69.708721] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 69.709076] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 69.711900] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 69.715947] Bluetooth: hci5: HCI_REQ-0x0c1a [ 69.720654] Bluetooth: hci6: HCI_REQ-0x0c1a [ 69.741300] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 69.741322] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 69.747906] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 69.749954] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 69.751092] Bluetooth: hci4: HCI_REQ-0x0c1a [ 69.751287] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 69.761966] Bluetooth: hci7: HCI_REQ-0x0c1a [ 69.765906] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 69.778845] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 69.790019] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 69.791249] Bluetooth: hci2: HCI_REQ-0x0c1a [ 69.796684] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 69.798373] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 69.799689] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 69.820735] Bluetooth: hci3: HCI_REQ-0x0c1a [ 71.690044] Bluetooth: hci1: command 0x0409 tx timeout [ 71.753553] Bluetooth: hci6: command 0x0409 tx timeout [ 71.754224] Bluetooth: hci0: command 0x0409 tx timeout [ 71.754348] Bluetooth: hci5: command 0x0409 tx timeout [ 71.817470] Bluetooth: hci2: command 0x0409 tx timeout [ 71.817527] Bluetooth: hci4: command 0x0409 tx timeout [ 71.819198] Bluetooth: hci7: command 0x0409 tx timeout [ 71.881449] Bluetooth: hci3: command 0x0409 tx timeout [ 73.737843] Bluetooth: hci1: command 0x041b tx timeout [ 73.801520] Bluetooth: hci5: command 0x041b tx timeout [ 73.802374] Bluetooth: hci0: command 0x041b tx timeout [ 73.804755] Bluetooth: hci6: command 0x041b tx timeout [ 73.865496] Bluetooth: hci7: command 0x041b tx timeout [ 73.865996] Bluetooth: hci4: command 0x041b tx timeout [ 73.867312] Bluetooth: hci2: command 0x041b tx timeout [ 73.929451] Bluetooth: hci3: command 0x041b tx timeout [ 75.785516] Bluetooth: hci1: command 0x040f tx timeout [ 75.849465] Bluetooth: hci6: command 0x040f tx timeout [ 75.850056] Bluetooth: hci0: command 0x040f tx timeout [ 75.851720] Bluetooth: hci5: command 0x040f tx timeout [ 75.913518] Bluetooth: hci2: command 0x040f tx timeout [ 75.914203] Bluetooth: hci4: command 0x040f tx timeout [ 75.915656] Bluetooth: hci7: command 0x040f tx timeout [ 75.977458] Bluetooth: hci3: command 0x040f tx timeout [ 77.833493] Bluetooth: hci1: command 0x0419 tx timeout [ 77.897470] Bluetooth: hci5: command 0x0419 tx timeout [ 77.898064] Bluetooth: hci0: command 0x0419 tx timeout [ 77.899967] Bluetooth: hci6: command 0x0419 tx timeout [ 77.961502] Bluetooth: hci7: command 0x0419 tx timeout [ 77.961984] Bluetooth: hci4: command 0x0419 tx timeout [ 77.962375] Bluetooth: hci2: command 0x0419 tx timeout [ 78.025456] Bluetooth: hci3: command 0x0419 tx timeout [ 127.499135] audit: type=1400 audit(1662990637.014:7): avc: denied { open } for pid=3777 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 127.500910] audit: type=1400 audit(1662990637.014:8): avc: denied { kernel } for pid=3777 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 127.523080] ------------[ cut here ]------------ [ 127.523107] [ 127.523111] ====================================================== [ 127.523116] WARNING: possible circular locking dependency detected [ 127.523121] 6.0.0-rc5-next-20220912 #1 Not tainted [ 127.523129] ------------------------------------------------------ [ 127.523133] syz-executor.0/3778 is trying to acquire lock: [ 127.523141] ffffffff853fa878 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 127.523189] [ 127.523189] but task is already holding lock: [ 127.523192] ffff88800d5b0c20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 127.523227] [ 127.523227] which lock already depends on the new lock. [ 127.523227] [ 127.523231] [ 127.523231] the existing dependency chain (in reverse order) is: [ 127.523234] [ 127.523234] -> #3 (&ctx->lock){....}-{2:2}: [ 127.523252] _raw_spin_lock+0x2a/0x40 [ 127.523273] __perf_event_task_sched_out+0x53b/0x18d0 [ 127.523288] __schedule+0xedd/0x2470 [ 127.523301] schedule+0xda/0x1b0 [ 127.523312] exit_to_user_mode_prepare+0x114/0x1a0 [ 127.523338] syscall_exit_to_user_mode+0x19/0x40 [ 127.523361] do_syscall_64+0x48/0x90 [ 127.523377] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 127.523403] [ 127.523403] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 127.523420] _raw_spin_lock_nested+0x30/0x40 [ 127.523438] raw_spin_rq_lock_nested+0x1e/0x30 [ 127.523455] task_fork_fair+0x63/0x4d0 [ 127.523477] sched_cgroup_fork+0x3d0/0x540 [ 127.523495] copy_process+0x3f9e/0x6df0 [ 127.523508] kernel_clone+0xe7/0x890 [ 127.523520] user_mode_thread+0xad/0xf0 [ 127.523533] rest_init+0x24/0x250 [ 127.523553] arch_call_rest_init+0xf/0x14 [ 127.523577] start_kernel+0x4c1/0x4e6 [ 127.523598] secondary_startup_64_no_verify+0xe0/0xeb [ 127.523616] [ 127.523616] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 127.523634] _raw_spin_lock_irqsave+0x39/0x60 [ 127.523652] try_to_wake_up+0xab/0x1920 [ 127.523669] up+0x75/0xb0 [ 127.523683] __up_console_sem+0x6e/0x80 [ 127.523704] console_unlock+0x46a/0x590 [ 127.523724] vt_ioctl+0x2822/0x2ca0 [ 127.523740] tty_ioctl+0x7c4/0x1700 [ 127.523754] __x64_sys_ioctl+0x19a/0x210 [ 127.523773] do_syscall_64+0x3b/0x90 [ 127.523789] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 127.523810] [ 127.523810] -> #0 ((console_sem).lock){....}-{2:2}: [ 127.523828] __lock_acquire+0x2a02/0x5e70 [ 127.523849] lock_acquire+0x1a2/0x530 [ 127.523869] _raw_spin_lock_irqsave+0x39/0x60 [ 127.523888] down_trylock+0xe/0x70 [ 127.523903] __down_trylock_console_sem+0x3b/0xd0 [ 127.523924] vprintk_emit+0x16b/0x560 [ 127.523945] vprintk+0x84/0xa0 [ 127.523965] _printk+0xba/0xf1 [ 127.523987] report_bug.cold+0x72/0xab [ 127.524003] handle_bug+0x3c/0x70 [ 127.524018] exc_invalid_op+0x14/0x50 [ 127.524035] asm_exc_invalid_op+0x16/0x20 [ 127.524055] group_sched_out.part.0+0x2c7/0x460 [ 127.524068] ctx_sched_out+0x8f1/0xc10 [ 127.524080] __perf_event_task_sched_out+0x6d0/0x18d0 [ 127.524095] __schedule+0xedd/0x2470 [ 127.524107] schedule+0xda/0x1b0 [ 127.524118] exit_to_user_mode_prepare+0x114/0x1a0 [ 127.524142] syscall_exit_to_user_mode+0x19/0x40 [ 127.524164] do_syscall_64+0x48/0x90 [ 127.524179] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 127.524200] [ 127.524200] other info that might help us debug this: [ 127.524200] [ 127.524204] Chain exists of: [ 127.524204] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 127.524204] [ 127.524223] Possible unsafe locking scenario: [ 127.524223] [ 127.524226] CPU0 CPU1 [ 127.524229] ---- ---- [ 127.524231] lock(&ctx->lock); [ 127.524239] lock(&rq->__lock); [ 127.524247] lock(&ctx->lock); [ 127.524254] lock((console_sem).lock); [ 127.524261] [ 127.524261] *** DEADLOCK *** [ 127.524261] [ 127.524264] 2 locks held by syz-executor.0/3778: [ 127.524272] #0: ffff88806ce37cd8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 127.524304] #1: ffff88800d5b0c20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 127.524339] [ 127.524339] stack backtrace: [ 127.524342] CPU: 0 PID: 3778 Comm: syz-executor.0 Not tainted 6.0.0-rc5-next-20220912 #1 [ 127.524358] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 127.524368] Call Trace: [ 127.524373] [ 127.524378] dump_stack_lvl+0x8b/0xb3 [ 127.524396] check_noncircular+0x263/0x2e0 [ 127.524417] ? format_decode+0x26c/0xb50 [ 127.524436] ? print_circular_bug+0x450/0x450 [ 127.524457] ? enable_ptr_key_workfn+0x20/0x20 [ 127.524476] ? format_decode+0x26c/0xb50 [ 127.524495] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 127.524517] __lock_acquire+0x2a02/0x5e70 [ 127.524545] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 127.524573] lock_acquire+0x1a2/0x530 [ 127.524595] ? down_trylock+0xe/0x70 [ 127.524613] ? rcu_read_unlock+0x40/0x40 [ 127.524647] ? vprintk+0x84/0xa0 [ 127.524670] _raw_spin_lock_irqsave+0x39/0x60 [ 127.524689] ? down_trylock+0xe/0x70 [ 127.524706] down_trylock+0xe/0x70 [ 127.524723] ? vprintk+0x84/0xa0 [ 127.524745] __down_trylock_console_sem+0x3b/0xd0 [ 127.524767] vprintk_emit+0x16b/0x560 [ 127.524792] vprintk+0x84/0xa0 [ 127.524814] _printk+0xba/0xf1 [ 127.524836] ? record_print_text.cold+0x16/0x16 [ 127.524864] ? report_bug.cold+0x66/0xab [ 127.524881] ? group_sched_out.part.0+0x2c7/0x460 [ 127.524895] report_bug.cold+0x72/0xab [ 127.524914] handle_bug+0x3c/0x70 [ 127.524931] exc_invalid_op+0x14/0x50 [ 127.524949] asm_exc_invalid_op+0x16/0x20 [ 127.524970] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 127.524986] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 127.525000] RSP: 0018:ffff88801bf3fc48 EFLAGS: 00010006 [ 127.525012] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 127.525022] RDX: ffff88802070d040 RSI: ffffffff81566027 RDI: 0000000000000005 [ 127.525031] RBP: ffff8880086605c8 R08: 0000000000000005 R09: 0000000000000001 [ 127.525041] R10: 0000000000000000 R11: ffffffff865aa01b R12: ffff88800d5b0c00 [ 127.525051] R13: ffff88806ce3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 127.525065] ? group_sched_out.part.0+0x2c7/0x460 [ 127.525081] ? group_sched_out.part.0+0x2c7/0x460 [ 127.525097] ctx_sched_out+0x8f1/0xc10 [ 127.525113] __perf_event_task_sched_out+0x6d0/0x18d0 [ 127.525132] ? lock_is_held_type+0xd7/0x130 [ 127.525155] ? __perf_cgroup_move+0x160/0x160 [ 127.525170] ? set_next_entity+0x304/0x550 [ 127.525193] ? update_curr+0x267/0x740 [ 127.525216] ? lock_is_held_type+0xd7/0x130 [ 127.525239] __schedule+0xedd/0x2470 [ 127.525255] ? io_schedule_timeout+0x150/0x150 [ 127.525271] ? rcu_read_lock_sched_held+0x3e/0x80 [ 127.525297] schedule+0xda/0x1b0 [ 127.525311] exit_to_user_mode_prepare+0x114/0x1a0 [ 127.525337] syscall_exit_to_user_mode+0x19/0x40 [ 127.525359] do_syscall_64+0x48/0x90 [ 127.525377] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 127.525399] RIP: 0033:0x7f15c4168b19 [ 127.525409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 127.525423] RSP: 002b:00007f15c16de218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 127.525437] RAX: 0000000000000001 RBX: 00007f15c427bf68 RCX: 00007f15c4168b19 [ 127.525446] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f15c427bf6c [ 127.525456] RBP: 00007f15c427bf60 R08: 000000000000000e R09: 0000000000000000 [ 127.525465] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f15c427bf6c [ 127.525474] R13: 00007ffe98612a6f R14: 00007f15c16de300 R15: 0000000000022000 [ 127.525490] [ 127.592963] WARNING: CPU: 0 PID: 3778 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 127.593758] Modules linked in: [ 127.594037] CPU: 0 PID: 3778 Comm: syz-executor.0 Not tainted 6.0.0-rc5-next-20220912 #1 [ 127.594730] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 127.595684] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 127.596153] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 127.597699] RSP: 0018:ffff88801bf3fc48 EFLAGS: 00010006 [ 127.598156] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 127.598764] RDX: ffff88802070d040 RSI: ffffffff81566027 RDI: 0000000000000005 [ 127.599381] RBP: ffff8880086605c8 R08: 0000000000000005 R09: 0000000000000001 [ 127.599994] R10: 0000000000000000 R11: ffffffff865aa01b R12: ffff88800d5b0c00 [ 127.600613] R13: ffff88806ce3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 127.601274] FS: 00007f15c16de700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 127.602008] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 127.602536] CR2: 00007f022a2e3260 CR3: 000000003f4bc000 CR4: 0000000000350ef0 [ 127.603148] Call Trace: [ 127.603374] [ 127.603573] ctx_sched_out+0x8f1/0xc10 [ 127.603913] __perf_event_task_sched_out+0x6d0/0x18d0 [ 127.604362] ? lock_is_held_type+0xd7/0x130 [ 127.604751] ? __perf_cgroup_move+0x160/0x160 [ 127.605146] ? set_next_entity+0x304/0x550 [ 127.605519] ? update_curr+0x267/0x740 [ 127.605872] ? lock_is_held_type+0xd7/0x130 [ 127.606263] __schedule+0xedd/0x2470 [ 127.606595] ? io_schedule_timeout+0x150/0x150 [ 127.606996] ? rcu_read_lock_sched_held+0x3e/0x80 [ 127.607421] schedule+0xda/0x1b0 [ 127.607720] exit_to_user_mode_prepare+0x114/0x1a0 [ 127.608152] syscall_exit_to_user_mode+0x19/0x40 [ 127.608575] do_syscall_64+0x48/0x90 [ 127.608932] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 127.609419] RIP: 0033:0x7f15c4168b19 [ 127.609756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 127.611408] RSP: 002b:00007f15c16de218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 127.612095] RAX: 0000000000000001 RBX: 00007f15c427bf68 RCX: 00007f15c4168b19 [ 127.612772] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f15c427bf6c [ 127.613452] RBP: 00007f15c427bf60 R08: 000000000000000e R09: 0000000000000000 [ 127.614131] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f15c427bf6c [ 127.614776] R13: 00007ffe98612a6f R14: 00007f15c16de300 R15: 0000000000022000 [ 127.615422] [ 127.615636] irq event stamp: 772 [ 127.615938] hardirqs last enabled at (771): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 127.616809] hardirqs last disabled at (772): [] __schedule+0x1225/0x2470 [ 127.617562] softirqs last enabled at (516): [] __irq_exit_rcu+0x11b/0x180 [ 127.618343] softirqs last disabled at (507): [] __irq_exit_rcu+0x11b/0x180 [ 127.619126] ---[ end trace 0000000000000000 ]--- 13:50:37 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x7}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x8}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x0, 0xfffffffffffffffe, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) syz_io_uring_setup(0x227d, &(0x7f0000000140)={0x0, 0x1240, 0x8, 0x2, 0xc1}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000340), &(0x7f0000000200)) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000540)={0x0, 0x0}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0) perf_event_open(&(0x7f00000005c0)={0x2, 0x80, 0x1, 0x3, 0x5, 0x3, 0x0, 0x100000000, 0x280, 0x3, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x7, 0x2, @perf_bp={&(0x7f00000001c0)}, 0x54228, 0x8, 0x1, 0x7, 0x101, 0x50, 0x20, 0x0, 0x42db, 0x0, 0x2}, r1, 0x10, 0xffffffffffffffff, 0x2) mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x242880, &(0x7f0000000880)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c7766646e6f3d5947a3c8fb8ffc894704de875f3df272f3e42bf7b9cdca17effcc2ac127905005d0a9b0e2c3e8cd342c9d8db67b101007ea248d1c92f230525b832ac19dcdf362084ef4d4d0cba67450165d1d371419f159483bd9f0f4887bc636aeb8dda5b9af4614827d17bdaa44b5d356046c5d4e1c3e38d795035511f853e945a026d89242f97dfd61048b3c737de6e033947e665640ee43fb9824538bb7a3c9ed7b5747cc23012c0aaa2278ec0c0f1081fe40a7e04bfa253a582a0ce211705c5bb4ae7efb872fba018230e429446c07f698eded53056471dc7226006015bc670db43179aea66433d03b258ba83", @ANYRESHEX, @ANYBLOB="2c63616368653d667363616368652c766572323030302e752c706e6f6461766d61702c6c6f6f73652c006f73697861636c2c6163636573733d3c03e85b9e6c319178d33cefea8e7d1322f213dcde300884f6", @ANYRESDEC, @ANYBLOB="2c6163636573733d616e792c63616368653d6e6f6e652c7375626a5f726f6c653d2c73d661636b6673726f6f743d2c66736e616d653d5c2c736d3f636b66736861743d2c285e5c29075e2c686173682c736d61636b6673666c6f6f723d5e23222c66756e633d4649524d574152455f434845434b2c00"]) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000000, 0x810, r0, 0x0) clock_gettime(0x0, &(0x7f00000004c0)) r2 = syz_io_uring_setup(0x3e5b, &(0x7f0000000100), &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000180), &(0x7f00000001c0)) syz_io_uring_setup(0x1978, &(0x7f0000000400)={0x0, 0x9819, 0x4, 0x1, 0xe7, 0x0, r2}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000000500), &(0x7f0000000540)) syz_io_uring_setup(0x74aa, &(0x7f0000000000)={0x0, 0x1196, 0x0, 0x0, 0x175, 0x0, r2}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0) [ 130.847640] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 130.848812] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 130.850384] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 130.852510] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 130.854286] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 130.855459] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 130.858649] Bluetooth: hci6: HCI_REQ-0x0c1a [ 130.908151] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 130.910093] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 130.911669] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 130.914254] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 130.915757] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 130.916942] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 130.919975] Bluetooth: hci1: HCI_REQ-0x0c1a [ 132.809423] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 132.873441] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 132.873451] Bluetooth: hci6: command 0x0409 tx timeout [ 132.873930] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 132.874817] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 132.938450] Bluetooth: hci1: command 0x0409 tx timeout [ 134.921444] Bluetooth: hci6: command 0x041b tx timeout [ 134.985442] Bluetooth: hci1: command 0x041b tx timeout [ 135.120679] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 135.124318] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 135.125292] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 135.128714] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 135.130143] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 135.132361] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 135.134117] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 135.139558] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 135.141324] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 135.142023] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 135.150101] Bluetooth: hci0: HCI_REQ-0x0c1a [ 135.152881] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 135.154181] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 135.162423] Bluetooth: hci3: HCI_REQ-0x0c1a [ 136.970447] Bluetooth: hci6: command 0x040f tx timeout [ 137.033509] Bluetooth: hci1: command 0x040f tx timeout [ 137.162514] Bluetooth: hci0: command 0x0409 tx timeout [ 137.226502] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 137.227344] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 137.228536] Bluetooth: hci3: command 0x0409 tx timeout VM DIAGNOSIS: 13:50:37 Registers: info registers vcpu 0 RAX=0000000000000063 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822b1e41 RDI=ffffffff8763fae0 RBP=ffffffff8763faa0 RSP=ffff88801bf3f698 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000063 R11=0000000000000001 R12=0000000000000063 R13=ffffffff8763faa0 R14=0000000000000010 R15=ffffffff822b1e30 RIP=ffffffff822b1e99 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f15c16de700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f022a2e3260 CR3=000000003f4bc000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007f15c424f7c0 00007f15c424f7c8 YMM02=0000000000000000 0000000000000000 00007f15c424f7e0 00007f15c424f7c0 YMM03=0000000000000000 0000000000000000 00007f15c424f7c8 00007f15c424f7c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=dffffc0000000000 RBX=0000000000000001 RCX=0000000000000000 RDX=000000000000947f RSI=000000000000947f RDI=ffffffff8628e73c RBP=ffff888020597428 RSP=ffff888020597350 R8 =ffffffff852c4640 R9 =ffffffff85f05326 R10=ffffed10040b2e87 R11=000000000003603d R12=ffff888020597411 R13=ffff888020597430 R14=ffff8880205973d0 R15=ffffffff81947fb2 RIP=ffffffff8111b495 RFL=00000217 [----APC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00005610e6d7d080 CR3=000000001d79a000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 756e696c2d34365f 3638782f62696c2f YMM01=0000000000000000 0000000000000000 322e6f732e6c6462 696c2f756e672d78 YMM02=0000000000000000 0000000000000000 00322e6f732e6c64 62696c2f756e672d YMM03=0000000000000000 0000000000000000 78756e696c2d3436 5f3638782f62696c YMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000