Warning: Permanently added '[localhost]:57100' (ECDSA) to the list of known hosts. 2022/09/14 13:01:37 fuzzer started 2022/09/14 13:01:37 dialing manager at localhost:33849 syzkaller login: [ 47.149990] cgroup: Unknown subsys name 'net' [ 47.214731] cgroup: Unknown subsys name 'rlimit' 2022/09/14 13:01:52 syscalls: 2215 2022/09/14 13:01:52 code coverage: enabled 2022/09/14 13:01:52 comparison tracing: enabled 2022/09/14 13:01:52 extra coverage: enabled 2022/09/14 13:01:52 setuid sandbox: enabled 2022/09/14 13:01:52 namespace sandbox: enabled 2022/09/14 13:01:52 Android sandbox: enabled 2022/09/14 13:01:52 fault injection: enabled 2022/09/14 13:01:52 leak checking: enabled 2022/09/14 13:01:52 net packet injection: enabled 2022/09/14 13:01:52 net device setup: enabled 2022/09/14 13:01:52 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/14 13:01:52 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/14 13:01:52 USB emulation: enabled 2022/09/14 13:01:52 hci packet injection: enabled 2022/09/14 13:01:52 wifi device emulation: failed to parse kernel version (6.0.0-rc5-next-20220914) 2022/09/14 13:01:52 802.15.4 emulation: enabled 2022/09/14 13:01:52 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/14 13:01:52 fetching corpus: 29, signal 20657/24294 (executing program) 2022/09/14 13:01:52 fetching corpus: 64, signal 35086/40181 (executing program) 2022/09/14 13:01:52 fetching corpus: 114, signal 47699/54050 (executing program) 2022/09/14 13:01:53 fetching corpus: 164, signal 53816/61504 (executing program) 2022/09/14 13:01:53 fetching corpus: 214, signal 61684/70530 (executing program) 2022/09/14 13:01:53 fetching corpus: 264, signal 67730/77673 (executing program) 2022/09/14 13:01:53 fetching corpus: 314, signal 76203/86919 (executing program) 2022/09/14 13:01:53 fetching corpus: 364, signal 80599/92339 (executing program) 2022/09/14 13:01:53 fetching corpus: 414, signal 87517/99935 (executing program) 2022/09/14 13:01:54 fetching corpus: 464, signal 92793/105959 (executing program) 2022/09/14 13:01:54 fetching corpus: 514, signal 98371/112200 (executing program) 2022/09/14 13:01:54 fetching corpus: 564, signal 101886/116518 (executing program) 2022/09/14 13:01:54 fetching corpus: 614, signal 105390/120749 (executing program) 2022/09/14 13:01:54 fetching corpus: 664, signal 108917/124880 (executing program) 2022/09/14 13:01:54 fetching corpus: 714, signal 111954/128504 (executing program) 2022/09/14 13:01:54 fetching corpus: 764, signal 114705/131890 (executing program) 2022/09/14 13:01:55 fetching corpus: 814, signal 117498/135273 (executing program) 2022/09/14 13:01:55 fetching corpus: 864, signal 120251/138517 (executing program) 2022/09/14 13:01:55 fetching corpus: 914, signal 121707/140691 (executing program) 2022/09/14 13:01:55 fetching corpus: 964, signal 123800/143307 (executing program) 2022/09/14 13:01:55 fetching corpus: 1014, signal 126242/146226 (executing program) 2022/09/14 13:01:55 fetching corpus: 1064, signal 128070/148595 (executing program) 2022/09/14 13:01:55 fetching corpus: 1114, signal 129916/150921 (executing program) 2022/09/14 13:01:55 fetching corpus: 1164, signal 131898/153290 (executing program) 2022/09/14 13:01:56 fetching corpus: 1214, signal 134271/155952 (executing program) 2022/09/14 13:01:56 fetching corpus: 1264, signal 136187/158284 (executing program) 2022/09/14 13:01:56 fetching corpus: 1314, signal 137662/160247 (executing program) 2022/09/14 13:01:56 fetching corpus: 1364, signal 140257/162928 (executing program) 2022/09/14 13:01:56 fetching corpus: 1414, signal 142393/165280 (executing program) 2022/09/14 13:01:56 fetching corpus: 1464, signal 143534/166821 (executing program) 2022/09/14 13:01:57 fetching corpus: 1514, signal 145235/168797 (executing program) 2022/09/14 13:01:57 fetching corpus: 1564, signal 147797/171322 (executing program) 2022/09/14 13:01:57 fetching corpus: 1614, signal 148904/172797 (executing program) 2022/09/14 13:01:57 fetching corpus: 1664, signal 150957/174942 (executing program) 2022/09/14 13:01:57 fetching corpus: 1714, signal 152320/176564 (executing program) 2022/09/14 13:01:57 fetching corpus: 1764, signal 153627/178210 (executing program) 2022/09/14 13:01:57 fetching corpus: 1814, signal 155175/179923 (executing program) 2022/09/14 13:01:57 fetching corpus: 1864, signal 156296/181354 (executing program) 2022/09/14 13:01:58 fetching corpus: 1914, signal 158053/183156 (executing program) 2022/09/14 13:01:58 fetching corpus: 1964, signal 159517/184692 (executing program) 2022/09/14 13:01:58 fetching corpus: 2014, signal 161213/186414 (executing program) 2022/09/14 13:01:58 fetching corpus: 2064, signal 162124/187652 (executing program) 2022/09/14 13:01:58 fetching corpus: 2114, signal 163030/188799 (executing program) 2022/09/14 13:01:58 fetching corpus: 2164, signal 164350/190131 (executing program) 2022/09/14 13:01:58 fetching corpus: 2214, signal 165172/191218 (executing program) 2022/09/14 13:01:58 fetching corpus: 2264, signal 166331/192418 (executing program) 2022/09/14 13:01:59 fetching corpus: 2314, signal 167445/193658 (executing program) 2022/09/14 13:01:59 fetching corpus: 2364, signal 168497/194742 (executing program) 2022/09/14 13:01:59 fetching corpus: 2414, signal 169588/195880 (executing program) 2022/09/14 13:01:59 fetching corpus: 2464, signal 171700/197485 (executing program) 2022/09/14 13:01:59 fetching corpus: 2514, signal 172487/198409 (executing program) 2022/09/14 13:01:59 fetching corpus: 2564, signal 173214/199299 (executing program) 2022/09/14 13:01:59 fetching corpus: 2614, signal 174294/200342 (executing program) 2022/09/14 13:01:59 fetching corpus: 2664, signal 174884/201078 (executing program) 2022/09/14 13:02:00 fetching corpus: 2714, signal 176054/202170 (executing program) 2022/09/14 13:02:00 fetching corpus: 2764, signal 177496/203348 (executing program) 2022/09/14 13:02:00 fetching corpus: 2814, signal 178701/204414 (executing program) 2022/09/14 13:02:00 fetching corpus: 2864, signal 179655/205370 (executing program) 2022/09/14 13:02:00 fetching corpus: 2914, signal 180999/206504 (executing program) 2022/09/14 13:02:00 fetching corpus: 2964, signal 182123/207451 (executing program) 2022/09/14 13:02:00 fetching corpus: 3014, signal 182893/208210 (executing program) 2022/09/14 13:02:01 fetching corpus: 3064, signal 184093/209172 (executing program) 2022/09/14 13:02:01 fetching corpus: 3114, signal 185016/209946 (executing program) 2022/09/14 13:02:01 fetching corpus: 3164, signal 186290/210867 (executing program) 2022/09/14 13:02:01 fetching corpus: 3214, signal 187268/211591 (executing program) 2022/09/14 13:02:01 fetching corpus: 3264, signal 187829/212180 (executing program) 2022/09/14 13:02:01 fetching corpus: 3314, signal 189260/213063 (executing program) 2022/09/14 13:02:01 fetching corpus: 3364, signal 190026/213691 (executing program) 2022/09/14 13:02:02 fetching corpus: 3413, signal 190896/214342 (executing program) 2022/09/14 13:02:02 fetching corpus: 3463, signal 191548/214914 (executing program) 2022/09/14 13:02:02 fetching corpus: 3513, signal 192913/215955 (executing program) 2022/09/14 13:02:02 fetching corpus: 3563, signal 193613/216508 (executing program) 2022/09/14 13:02:02 fetching corpus: 3613, signal 194419/217095 (executing program) 2022/09/14 13:02:02 fetching corpus: 3663, signal 195226/217635 (executing program) 2022/09/14 13:02:02 fetching corpus: 3713, signal 195976/218169 (executing program) 2022/09/14 13:02:02 fetching corpus: 3763, signal 196816/218753 (executing program) 2022/09/14 13:02:02 fetching corpus: 3813, signal 197568/219199 (executing program) 2022/09/14 13:02:03 fetching corpus: 3863, signal 198102/219674 (executing program) 2022/09/14 13:02:03 fetching corpus: 3913, signal 198684/220079 (executing program) 2022/09/14 13:02:03 fetching corpus: 3963, signal 199276/220551 (executing program) 2022/09/14 13:02:03 fetching corpus: 4013, signal 200319/221069 (executing program) 2022/09/14 13:02:03 fetching corpus: 4063, signal 201010/221468 (executing program) 2022/09/14 13:02:03 fetching corpus: 4113, signal 201669/221831 (executing program) 2022/09/14 13:02:03 fetching corpus: 4163, signal 202296/222200 (executing program) 2022/09/14 13:02:04 fetching corpus: 4213, signal 203450/222778 (executing program) 2022/09/14 13:02:04 fetching corpus: 4263, signal 204262/223118 (executing program) 2022/09/14 13:02:04 fetching corpus: 4313, signal 205129/223611 (executing program) 2022/09/14 13:02:04 fetching corpus: 4363, signal 205507/223922 (executing program) 2022/09/14 13:02:04 fetching corpus: 4413, signal 206361/224262 (executing program) 2022/09/14 13:02:04 fetching corpus: 4463, signal 207822/224761 (executing program) 2022/09/14 13:02:04 fetching corpus: 4513, signal 208560/225111 (executing program) 2022/09/14 13:02:04 fetching corpus: 4563, signal 209049/225343 (executing program) 2022/09/14 13:02:05 fetching corpus: 4613, signal 210351/225678 (executing program) 2022/09/14 13:02:05 fetching corpus: 4663, signal 211052/225914 (executing program) 2022/09/14 13:02:05 fetching corpus: 4713, signal 211676/226129 (executing program) 2022/09/14 13:02:05 fetching corpus: 4763, signal 212575/226343 (executing program) 2022/09/14 13:02:05 fetching corpus: 4813, signal 213309/226564 (executing program) 2022/09/14 13:02:05 fetching corpus: 4863, signal 213886/226730 (executing program) 2022/09/14 13:02:06 fetching corpus: 4913, signal 214679/226931 (executing program) 2022/09/14 13:02:06 fetching corpus: 4963, signal 215435/227076 (executing program) 2022/09/14 13:02:06 fetching corpus: 5013, signal 216183/227214 (executing program) 2022/09/14 13:02:06 fetching corpus: 5063, signal 216986/227352 (executing program) 2022/09/14 13:02:06 fetching corpus: 5113, signal 217517/227468 (executing program) 2022/09/14 13:02:06 fetching corpus: 5163, signal 218080/227558 (executing program) 2022/09/14 13:02:06 fetching corpus: 5213, signal 219344/227611 (executing program) 2022/09/14 13:02:07 fetching corpus: 5263, signal 219968/227625 (executing program) 2022/09/14 13:02:07 fetching corpus: 5277, signal 220145/227648 (executing program) 2022/09/14 13:02:07 fetching corpus: 5277, signal 220145/227648 (executing program) 13:02:10 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000280)={0xffffffff}) 2022/09/14 13:02:10 starting 8 fuzzer processes 13:02:10 executing program 6: ioprio_set$pid(0x1, 0xffffffffffffffff, 0x0) 13:02:10 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) getgid() 13:02:10 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 13:02:10 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000000)=0x21, 0x4) getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, 0x0, &(0x7f0000000080)) 13:02:10 executing program 5: sendmsg$NL80211_CMD_SET_QOS_MAP(0xffffffffffffffff, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000580)={'wg1\x00'}) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000007c0), 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000008c0)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index, 0x8, &(0x7f0000000840)="672341d80b4bc8f617cdcf67dde5b68f9f9a8ecb4b4d8feb7cb989e4788c68f2ea37435235fb13e8cf59b9430588b7adfacaec736bb6112c1cb985defb36ff3f081f2517ac25c33a9b7f202e030b0f769f89bd55c16a08e23123771a6131179e98ae5aab96", 0x65}, 0x100) ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8912, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) syz_open_dev$mouse(&(0x7f0000002a00), 0x2, 0x10000) syz_genetlink_get_family_id$nl80211(&(0x7f0000002a80), 0xffffffffffffffff) [ 79.445614] audit: type=1400 audit(1663160530.098:6): avc: denied { execmem } for pid=286 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 13:02:10 executing program 1: sched_setattr(0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x5, 0x0, 0x0, 0xfffffff9, 0xffffffffffff36cf, 0x0, 0x80000000, 0x0, 0x4}, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000140), 0xffffffffffffffff) 13:02:10 executing program 7: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) io_uring_setup(0x454c, &(0x7f0000000300)={0x0, 0x82e8}) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffff1) [ 80.694121] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 80.705071] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 80.707552] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 80.721408] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 80.723785] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 80.728234] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 80.733205] Bluetooth: hci0: HCI_REQ-0x0c1a [ 80.801196] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 80.802894] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 80.804684] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 80.805903] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 80.808031] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 80.808109] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 80.813500] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 80.814643] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 80.816686] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 80.817715] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 80.818961] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 80.831254] Bluetooth: hci1: HCI_REQ-0x0c1a [ 80.861701] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 80.875479] Bluetooth: hci2: HCI_REQ-0x0c1a [ 80.943480] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 80.946438] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 80.947945] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 80.950550] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 80.953987] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 80.955194] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 80.960460] Bluetooth: hci5: HCI_REQ-0x0c1a [ 80.982734] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 80.987779] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 80.989018] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 80.993437] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 80.996101] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 80.998005] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 81.003501] Bluetooth: hci3: HCI_REQ-0x0c1a [ 81.040955] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 81.052662] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 81.054642] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 81.069653] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 81.072592] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 81.076317] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 81.078085] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 81.082173] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 81.084297] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 81.088245] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 81.094660] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 81.097101] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 81.098588] Bluetooth: hci6: HCI_REQ-0x0c1a [ 81.142875] Bluetooth: hci7: HCI_REQ-0x0c1a [ 82.767973] Bluetooth: hci0: command 0x0409 tx timeout [ 82.895424] Bluetooth: hci2: command 0x0409 tx timeout [ 82.895551] Bluetooth: hci1: command 0x0409 tx timeout [ 82.959458] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 83.023411] Bluetooth: hci3: command 0x0409 tx timeout [ 83.024265] Bluetooth: hci5: command 0x0409 tx timeout [ 83.151522] Bluetooth: hci6: command 0x0409 tx timeout [ 83.215669] Bluetooth: hci7: command 0x0409 tx timeout [ 84.815481] Bluetooth: hci0: command 0x041b tx timeout [ 84.944475] Bluetooth: hci1: command 0x041b tx timeout [ 84.946039] Bluetooth: hci2: command 0x041b tx timeout [ 85.071514] Bluetooth: hci5: command 0x041b tx timeout [ 85.073450] Bluetooth: hci3: command 0x041b tx timeout [ 85.199525] Bluetooth: hci6: command 0x041b tx timeout [ 85.263415] Bluetooth: hci7: command 0x041b tx timeout [ 86.863384] Bluetooth: hci0: command 0x040f tx timeout [ 86.991505] Bluetooth: hci2: command 0x040f tx timeout [ 86.991984] Bluetooth: hci1: command 0x040f tx timeout [ 87.119480] Bluetooth: hci3: command 0x040f tx timeout [ 87.119964] Bluetooth: hci5: command 0x040f tx timeout [ 87.247397] Bluetooth: hci6: command 0x040f tx timeout [ 87.311401] Bluetooth: hci7: command 0x040f tx timeout [ 88.655514] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 88.912378] Bluetooth: hci0: command 0x0419 tx timeout [ 89.040418] Bluetooth: hci1: command 0x0419 tx timeout [ 89.040889] Bluetooth: hci2: command 0x0419 tx timeout [ 89.168388] Bluetooth: hci5: command 0x0419 tx timeout [ 89.168870] Bluetooth: hci3: command 0x0419 tx timeout [ 89.296387] Bluetooth: hci6: command 0x0419 tx timeout [ 89.359882] Bluetooth: hci7: command 0x0419 tx timeout [ 91.284352] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 91.287259] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 91.288124] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 91.290898] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 91.291871] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 91.292948] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 91.297015] Bluetooth: hci4: HCI_REQ-0x0c1a [ 93.327460] Bluetooth: hci4: command 0x0409 tx timeout [ 95.375591] Bluetooth: hci4: command 0x041b tx timeout [ 97.423433] Bluetooth: hci4: command 0x040f tx timeout [ 99.471431] Bluetooth: hci4: command 0x0419 tx timeout 13:03:08 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000000)=0x21, 0x4) getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, 0x0, &(0x7f0000000080)) 13:03:08 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000000)=0x21, 0x4) getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, 0x0, &(0x7f0000000080)) 13:03:08 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000000)=0x21, 0x4) getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, 0x0, &(0x7f0000000080)) 13:03:08 executing program 4: r0 = syz_io_uring_setup(0x6c02, &(0x7f00000003c0), &(0x7f0000ff7000/0x9000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000380)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_READV=@use_registered_buffer, 0x3f) io_uring_enter(r0, 0x2, 0x8cb7, 0x3, 0x0, 0x0) 13:03:09 executing program 4: r0 = syz_io_uring_setup(0x6c02, &(0x7f00000003c0), &(0x7f0000ff7000/0x9000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000380)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_READV=@use_registered_buffer, 0x3f) io_uring_enter(r0, 0x2, 0x8cb7, 0x3, 0x0, 0x0) 13:03:10 executing program 4: r0 = syz_io_uring_setup(0x6c02, &(0x7f00000003c0), &(0x7f0000ff7000/0x9000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000380)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_READV=@use_registered_buffer, 0x3f) io_uring_enter(r0, 0x2, 0x8cb7, 0x3, 0x0, 0x0) 13:03:11 executing program 4: r0 = syz_io_uring_setup(0x6c02, &(0x7f00000003c0), &(0x7f0000ff7000/0x9000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000380)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000100)=@IORING_OP_READV=@use_registered_buffer, 0x3f) io_uring_enter(r0, 0x2, 0x8cb7, 0x3, 0x0, 0x0) 13:03:12 executing program 4: madvise(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x17) madvise(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x14) madvise(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x15) [ 142.697147] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 142.705772] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 142.711392] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 142.715696] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 142.717410] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 142.719049] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 142.724044] Bluetooth: hci0: HCI_REQ-0x0c1a [ 142.804438] audit: type=1400 audit(1663160593.476:7): avc: denied { open } for pid=3863 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 142.805929] audit: type=1400 audit(1663160593.476:8): avc: denied { kernel } for pid=3863 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 142.827852] ------------[ cut here ]------------ [ 142.827881] [ 142.827884] ====================================================== [ 142.827887] WARNING: possible circular locking dependency detected [ 142.827891] 6.0.0-rc5-next-20220914 #1 Not tainted [ 142.827898] ------------------------------------------------------ [ 142.827901] syz-executor.3/3865 is trying to acquire lock: [ 142.827907] ffffffff853fa878 ((console_sem).lock){-...}-{2:2}, at: down_trylock+0xe/0x70 [ 142.827945] [ 142.827945] but task is already holding lock: [ 142.827948] ffff88800eda8c20 (&ctx->lock){-...}-{2:2}, at: event_function+0x182/0x3d0 [ 142.827977] [ 142.827977] which lock already depends on the new lock. [ 142.827977] [ 142.827980] [ 142.827980] the existing dependency chain (in reverse order) is: [ 142.827983] [ 142.827983] -> #3 (&ctx->lock){-...}-{2:2}: [ 142.827996] _raw_spin_lock+0x2a/0x40 [ 142.828012] __perf_event_task_sched_out+0x53b/0x18d0 [ 142.828025] __schedule+0xedd/0x2470 [ 142.828034] schedule+0xda/0x1b0 [ 142.828043] futex_wait_queue+0xf5/0x1e0 [ 142.828054] futex_wait+0x28e/0x690 [ 142.828063] do_futex+0x2ff/0x380 [ 142.828072] __x64_sys_futex+0x1c6/0x4d0 [ 142.828080] do_syscall_64+0x3b/0x90 [ 142.828094] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 142.828111] [ 142.828111] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 142.828123] _raw_spin_lock_nested+0x30/0x40 [ 142.828137] raw_spin_rq_lock_nested+0x1e/0x30 [ 142.828149] task_fork_fair+0x63/0x4d0 [ 142.828165] sched_cgroup_fork+0x3d0/0x540 [ 142.828178] copy_process+0x4183/0x6e20 [ 142.828187] kernel_clone+0xe7/0x890 [ 142.828196] user_mode_thread+0xad/0xf0 [ 142.828205] rest_init+0x24/0x250 [ 142.828221] arch_call_rest_init+0xf/0x14 [ 142.828232] start_kernel+0x4c1/0x4e6 [ 142.828241] secondary_startup_64_no_verify+0xe0/0xeb [ 142.828254] [ 142.828254] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 142.828267] _raw_spin_lock_irqsave+0x39/0x60 [ 142.828281] try_to_wake_up+0xab/0x1920 [ 142.828293] up+0x75/0xb0 [ 142.828303] __up_console_sem+0x6e/0x80 [ 142.828318] console_unlock+0x46a/0x590 [ 142.828335] vt_ioctl+0x2822/0x2ca0 [ 142.828347] tty_ioctl+0x7c4/0x1700 [ 142.828358] __x64_sys_ioctl+0x19a/0x210 [ 142.828372] do_syscall_64+0x3b/0x90 [ 142.828384] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 142.828400] [ 142.828400] -> #0 ((console_sem).lock){-...}-{2:2}: [ 142.828413] __lock_acquire+0x2a02/0x5e70 [ 142.828428] lock_acquire+0x1a2/0x530 [ 142.828443] _raw_spin_lock_irqsave+0x39/0x60 [ 142.828456] down_trylock+0xe/0x70 [ 142.828468] __down_trylock_console_sem+0x3b/0xd0 [ 142.828483] vprintk_emit+0x16b/0x560 [ 142.828498] vprintk+0x84/0xa0 [ 142.828513] _printk+0xba/0xf1 [ 142.828530] report_bug.cold+0x72/0xab [ 142.828541] handle_bug+0x3c/0x70 [ 142.828553] exc_invalid_op+0x14/0x50 [ 142.828565] asm_exc_invalid_op+0x16/0x20 [ 142.828580] perf_group_detach+0x99e/0x12f0 [ 142.828590] __perf_remove_from_context+0x71e/0xb20 [ 142.828602] event_function+0x297/0x3d0 [ 142.828616] remote_function+0x125/0x1b0 [ 142.828629] __flush_smp_call_function_queue+0x1df/0x5a0 [ 142.828640] __sysvec_call_function_single+0x92/0x3a0 [ 142.828657] sysvec_call_function_single+0x89/0xc0 [ 142.828673] asm_sysvec_call_function_single+0x16/0x20 [ 142.828689] __get_user_nocheck_4+0x8/0x20 [ 142.828708] futex_get_value_locked+0x53/0x100 [ 142.828725] futex_wait_setup+0x101/0x230 [ 142.828735] futex_wait+0x264/0x690 [ 142.828744] do_futex+0x2ff/0x380 [ 142.828751] __x64_sys_futex+0x1c6/0x4d0 [ 142.828760] do_syscall_64+0x3b/0x90 [ 142.828772] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 142.828788] [ 142.828788] other info that might help us debug this: [ 142.828788] [ 142.828790] Chain exists of: [ 142.828790] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 142.828790] [ 142.828804] Possible unsafe locking scenario: [ 142.828804] [ 142.828806] CPU0 CPU1 [ 142.828808] ---- ---- [ 142.828810] lock(&ctx->lock); [ 142.828816] lock(&rq->__lock); [ 142.828821] lock(&ctx->lock); [ 142.828827] lock((console_sem).lock); [ 142.828832] [ 142.828832] *** DEADLOCK *** [ 142.828832] [ 142.828834] 3 locks held by syz-executor.3/3865: [ 142.828840] #0: ffff8880088bbfa0 (&futex_queues[i].lock){+.+.}-{2:2}, at: futex_q_lock+0x56/0x70 [ 142.828871] #1: ffff88806cf3d120 (&cpuctx_lock){-...}-{2:2}, at: event_function+0x16f/0x3d0 [ 142.828901] #2: ffff88800eda8c20 (&ctx->lock){-...}-{2:2}, at: event_function+0x182/0x3d0 [ 142.828930] [ 142.828930] stack backtrace: [ 142.828932] CPU: 1 PID: 3865 Comm: syz-executor.3 Not tainted 6.0.0-rc5-next-20220914 #1 [ 142.828944] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 142.828951] Call Trace: [ 142.828955] [ 142.828958] dump_stack_lvl+0x8b/0xb3 [ 142.828973] check_noncircular+0x263/0x2e0 [ 142.828988] ? format_decode+0x26c/0xb50 [ 142.829001] ? print_circular_bug+0x450/0x450 [ 142.829017] ? enable_ptr_key_workfn+0x20/0x20 [ 142.829031] ? format_decode+0x26c/0xb50 [ 142.829044] ? memcpy+0x39/0x60 [ 142.829063] ? vsnprintf+0x4ba/0x1600 [ 142.829078] __lock_acquire+0x2a02/0x5e70 [ 142.829099] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 142.829120] lock_acquire+0x1a2/0x530 [ 142.829135] ? down_trylock+0xe/0x70 [ 142.829149] ? rcu_read_unlock+0x40/0x40 [ 142.829167] ? mark_lock.part.0+0xef/0x2f70 [ 142.829184] ? vprintk+0x84/0xa0 [ 142.829201] _raw_spin_lock_irqsave+0x39/0x60 [ 142.829215] ? down_trylock+0xe/0x70 [ 142.829228] down_trylock+0xe/0x70 [ 142.829240] ? vprintk+0x84/0xa0 [ 142.829256] __down_trylock_console_sem+0x3b/0xd0 [ 142.829273] vprintk_emit+0x16b/0x560 [ 142.829291] vprintk+0x84/0xa0 [ 142.829307] _printk+0xba/0xf1 [ 142.829323] ? record_print_text.cold+0x16/0x16 [ 142.829342] ? __lock_acquire+0x164d/0x5e70 [ 142.829360] ? report_bug.cold+0x66/0xab [ 142.829373] ? perf_group_detach+0x99e/0x12f0 [ 142.829385] report_bug.cold+0x72/0xab [ 142.829399] handle_bug+0x3c/0x70 [ 142.829411] exc_invalid_op+0x14/0x50 [ 142.829425] asm_exc_invalid_op+0x16/0x20 [ 142.829441] RIP: 0010:perf_group_detach+0x99e/0x12f0 [ 142.829454] Code: 85 d5 f8 ff ff e8 22 57 ee ff 65 44 8b 25 96 b5 aa 7e 31 ff 44 89 e6 e8 c0 53 ee ff 45 85 e4 0f 84 0a 05 00 00 e8 02 57 ee ff <0f> 0b e9 a9 f8 ff ff e8 f6 56 ee ff 65 8b 1d 6b b5 aa 7e 31 ff 89 [ 142.829465] RSP: 0018:ffff88806cf09e60 EFLAGS: 00010046 [ 142.829473] RAX: 0000000080010003 RBX: ffff88803c4e0000 RCX: 0000000000000000 [ 142.829480] RDX: ffff88800ff43580 RSI: ffffffff8157c03e RDI: 0000000000000005 [ 142.829488] RBP: ffff88803c4e0000 R08: 0000000000000005 R09: 0000000000000001 [ 142.829495] R10: 0000000000000000 R11: ffffffff865ac05b R12: 0000000000000000 [ 142.829501] R13: ffff88803c4e0090 R14: ffff88800eda8c00 R15: ffff88803c4e0000 [ 142.829512] ? perf_group_detach+0x99e/0x12f0 [ 142.829525] ? event_sched_out+0xd8/0xcd0 [ 142.829537] __perf_remove_from_context+0x71e/0xb20 [ 142.829552] event_function+0x297/0x3d0 [ 142.829567] ? perf_output_read+0xf80/0xf80 [ 142.829584] remote_function+0x125/0x1b0 [ 142.829599] __flush_smp_call_function_queue+0x1df/0x5a0 [ 142.829611] ? perf_duration_warn+0x40/0x40 [ 142.829627] __sysvec_call_function_single+0x92/0x3a0 [ 142.829644] sysvec_call_function_single+0x89/0xc0 [ 142.829660] [ 142.829663] [ 142.829666] asm_sysvec_call_function_single+0x16/0x20 [ 142.829684] RIP: 0010:__get_user_nocheck_4+0x8/0x20 [ 142.829702] Code: 66 90 0f 01 cb 0f ae e8 0f b7 10 31 c0 0f 01 ca e9 fd 05 4d 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 0f 01 cb 0f ae e8 8b 10 <31> c0 0f 01 ca e9 de 05 4d 00 66 66 2e 0f 1f 84 00 00 00 00 00 0f [ 142.829712] RSP: 0018:ffff888036ab7af8 EFLAGS: 00040202 [ 142.829720] RAX: 00007fd6f6d41f68 RBX: ffff888036ab7b70 RCX: ffffc9000660a000 [ 142.829727] RDX: 0000000000000000 RSI: ffffffff813af9ec RDI: ffff88800ff449f0 [ 142.829734] RBP: ffff88800ff43580 R08: 0000000000000001 R09: ffff888036ab7a9b [ 142.829741] R10: ffffed1006d56f53 R11: 0000000000000001 R12: 00007fd6f6d41f68 [ 142.829748] R13: ffffed1006d56f86 R14: ffff888036ab7cc0 R15: 0000000000000000 [ 142.829758] ? futex_get_value_locked+0x1c/0x100 [ 142.829778] futex_get_value_locked+0x53/0x100 [ 142.829795] ? futex_q_lock+0x56/0x70 [ 142.829813] futex_wait_setup+0x101/0x230 [ 142.829825] ? futex_wait_multiple+0xae0/0xae0 [ 142.829836] ? schedule+0xf1/0x1b0 [ 142.829848] futex_wait+0x264/0x690 [ 142.829859] ? futex_wait_setup+0x230/0x230 [ 142.829871] ? __fget_light+0x154/0x280 [ 142.829885] ? futex_hash+0x12/0x200 [ 142.829902] ? futex_wake+0x158/0x490 [ 142.829917] ? fd_install+0x1f9/0x640 [ 142.829932] do_futex+0x2ff/0x380 [ 142.829941] ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0 [ 142.829956] __x64_sys_futex+0x1c6/0x4d0 [ 142.829967] ? __x64_sys_futex_time32+0x480/0x480 [ 142.829978] ? lock_is_held_type+0xd7/0x130 [ 142.829996] ? rcu_read_lock_sched_held+0x3e/0x80 [ 142.830015] do_syscall_64+0x3b/0x90 [ 142.830028] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 142.830045] RIP: 0033:0x7fd6f6c2eb19 [ 142.830054] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 142.830063] RSP: 002b:00007fd6f41a4218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 142.830073] RAX: ffffffffffffffda RBX: 00007fd6f6d41f68 RCX: 00007fd6f6c2eb19 [ 142.830080] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fd6f6d41f68 [ 142.830087] RBP: 00007fd6f6d41f60 R08: 0000000000000000 R09: 0000000000000000 [ 142.830094] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd6f6d41f6c [ 142.830100] R13: 00007ffd6d4ff0ef R14: 00007fd6f41a4300 R15: 0000000000022000 [ 142.830112] [ 142.893271] WARNING: CPU: 1 PID: 3865 at kernel/events/core.c:2047 perf_group_detach+0x99e/0x12f0 [ 142.893862] Modules linked in: [ 142.894084] CPU: 1 PID: 3865 Comm: syz-executor.3 Not tainted 6.0.0-rc5-next-20220914 #1 [ 142.894640] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 142.895387] RIP: 0010:perf_group_detach+0x99e/0x12f0 [ 142.895733] Code: 85 d5 f8 ff ff e8 22 57 ee ff 65 44 8b 25 96 b5 aa 7e 31 ff 44 89 e6 e8 c0 53 ee ff 45 85 e4 0f 84 0a 05 00 00 e8 02 57 ee ff <0f> 0b e9 a9 f8 ff ff e8 f6 56 ee ff 65 8b 1d 6b b5 aa 7e 31 ff 89 [ 142.896934] RSP: 0018:ffff88806cf09e60 EFLAGS: 00010046 [ 142.897293] RAX: 0000000080010003 RBX: ffff88803c4e0000 RCX: 0000000000000000 [ 142.897771] RDX: ffff88800ff43580 RSI: ffffffff8157c03e RDI: 0000000000000005 [ 142.898253] RBP: ffff88803c4e0000 R08: 0000000000000005 R09: 0000000000000001 [ 142.898746] R10: 0000000000000000 R11: ffffffff865ac05b R12: 0000000000000000 [ 142.899223] R13: ffff88803c4e0090 R14: ffff88800eda8c00 R15: ffff88803c4e0000 [ 142.899698] FS: 00007fd6f41a4700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 142.900233] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 142.900624] CR2: 00007f5dcf897088 CR3: 000000001abb2000 CR4: 0000000000350ee0 [ 142.901097] Call Trace: [ 142.901277] [ 142.901433] ? event_sched_out+0xd8/0xcd0 [ 142.901720] __perf_remove_from_context+0x71e/0xb20 [ 142.902064] event_function+0x297/0x3d0 [ 142.902360] ? perf_output_read+0xf80/0xf80 [ 142.902663] remote_function+0x125/0x1b0 [ 142.902947] __flush_smp_call_function_queue+0x1df/0x5a0 [ 142.903320] ? perf_duration_warn+0x40/0x40 [ 142.903619] __sysvec_call_function_single+0x92/0x3a0 [ 142.903979] sysvec_call_function_single+0x89/0xc0 [ 142.904319] [ 142.904478] [ 142.904637] asm_sysvec_call_function_single+0x16/0x20 [ 142.904997] RIP: 0010:__get_user_nocheck_4+0x8/0x20 [ 142.905345] Code: 66 90 0f 01 cb 0f ae e8 0f b7 10 31 c0 0f 01 ca e9 fd 05 4d 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 0f 01 cb 0f ae e8 8b 10 <31> c0 0f 01 ca e9 de 05 4d 00 66 66 2e 0f 1f 84 00 00 00 00 00 0f [ 142.906563] RSP: 0018:ffff888036ab7af8 EFLAGS: 00040202 [ 142.906926] RAX: 00007fd6f6d41f68 RBX: ffff888036ab7b70 RCX: ffffc9000660a000 [ 142.907403] RDX: 0000000000000000 RSI: ffffffff813af9ec RDI: ffff88800ff449f0 [ 142.907879] RBP: ffff88800ff43580 R08: 0000000000000001 R09: ffff888036ab7a9b [ 142.908354] R10: ffffed1006d56f53 R11: 0000000000000001 R12: 00007fd6f6d41f68 [ 142.908828] R13: ffffed1006d56f86 R14: ffff888036ab7cc0 R15: 0000000000000000 [ 142.909309] ? futex_get_value_locked+0x1c/0x100 [ 142.909643] futex_get_value_locked+0x53/0x100 [ 142.909968] ? futex_q_lock+0x56/0x70 [ 142.910236] futex_wait_setup+0x101/0x230 [ 142.910540] ? futex_wait_multiple+0xae0/0xae0 [ 142.910854] ? schedule+0xf1/0x1b0 [ 142.911104] futex_wait+0x264/0x690 [ 142.911360] ? futex_wait_setup+0x230/0x230 [ 142.911657] ? __fget_light+0x154/0x280 [ 142.911933] ? futex_hash+0x12/0x200 [ 142.912198] ? futex_wake+0x158/0x490 [ 142.912468] ? fd_install+0x1f9/0x640 [ 142.912735] do_futex+0x2ff/0x380 [ 142.912976] ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0 [ 142.913369] __x64_sys_futex+0x1c6/0x4d0 [ 142.913652] ? __x64_sys_futex_time32+0x480/0x480 [ 142.913980] ? lock_is_held_type+0xd7/0x130 [ 142.914288] ? rcu_read_lock_sched_held+0x3e/0x80 [ 142.914628] do_syscall_64+0x3b/0x90 [ 142.914888] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 142.915239] RIP: 0033:0x7fd6f6c2eb19 [ 142.915495] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 142.916691] RSP: 002b:00007fd6f41a4218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 142.917195] RAX: ffffffffffffffda RBX: 00007fd6f6d41f68 RCX: 00007fd6f6c2eb19 [ 142.917697] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fd6f6d41f68 [ 142.918204] RBP: 00007fd6f6d41f60 R08: 0000000000000000 R09: 0000000000000000 [ 142.918674] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd6f6d41f6c [ 142.919138] R13: 00007ffd6d4ff0ef R14: 00007fd6f41a4300 R15: 0000000000022000 [ 142.919607] [ 142.919767] irq event stamp: 1120 [ 142.919995] hardirqs last enabled at (1119): [] syscall_enter_from_user_mode+0x1d/0x50 [ 142.920618] hardirqs last disabled at (1120): [] sysvec_call_function_single+0xb/0xc0 [ 142.921226] softirqs last enabled at (936): [] __irq_exit_rcu+0x11b/0x180 [ 142.921792] softirqs last disabled at (729): [] __irq_exit_rcu+0x11b/0x180 [ 142.922355] ---[ end trace 0000000000000000 ]--- [ 143.021574] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 143.022735] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 143.023963] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 143.025801] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 143.027202] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 143.028411] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 143.046120] Bluetooth: hci6: HCI_REQ-0x0c1a [ 144.783431] Bluetooth: hci0: command 0x0409 tx timeout [ 144.976354] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 145.039353] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 145.039355] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 145.039433] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 145.104359] Bluetooth: hci6: command 0x0409 tx timeout [ 146.832400] Bluetooth: hci0: command 0x041b tx timeout [ 147.151387] Bluetooth: hci6: command 0x041b tx timeout [ 148.879405] Bluetooth: hci0: command 0x040f tx timeout [ 149.199379] Bluetooth: hci6: command 0x040f tx timeout [ 149.263862] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 149.327373] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 149.455353] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 149.519373] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 150.928377] Bluetooth: hci0: command 0x0419 tx timeout [ 151.247374] Bluetooth: hci6: command 0x0419 tx timeout [ 151.507753] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 151.508507] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 151.509175] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 151.510665] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 151.512268] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 151.512942] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 151.514778] Bluetooth: hci1: HCI_REQ-0x0c1a VM DIAGNOSIS: 13:03:13 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=1ffff11006da5f44 RCX=0000000000000000 RDX=ffff88801a975040 RSI=ffffffff813bc113 RDI=0000000000000005 RBP=ffff888036d2fad8 RSP=ffff888036d2fa00 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=0000000000000001 R13=0000000000000000 R14=0000000000000000 R15=0000000000000200 RIP=ffffffff813bc115 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555556c42400 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fd6f6d3e000 CR3=000000001abb2000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000ff0000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 0000010000000000 0000000000000000 YMM02=0000000000000000 0000000000000000 7463656a6e695f31 313230385f7a7973 YMM03=0000000000000000 0000000000000000 00007fd6f6d157c8 00007fd6f6d157c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=0000000000000038 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822b24f1 RDI=ffffffff87641b60 RBP=ffffffff87641b20 RSP=ffff88806cf098b8 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000038 R11=0000000000000001 R12=0000000000000038 R13=ffffffff87641b20 R14=0000000000000010 R15=ffffffff822b24e0 RIP=ffffffff822b2549 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fd6f41a4700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f5dcf897088 CR3=000000001abb2000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007fd6f6d157c0 00007fd6f6d157c8 YMM02=0000000000000000 0000000000000000 00007fd6f6d157e0 00007fd6f6d157c0 YMM03=0000000000000000 0000000000000000 00007fd6f6d157c8 00007fd6f6d157c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000