Warning: Permanently added '[localhost]:8552' (ECDSA) to the list of known hosts. 2022/09/16 12:24:39 fuzzer started 2022/09/16 12:24:39 dialing manager at localhost:36051 syzkaller login: [ 40.413907] cgroup: Unknown subsys name 'net' [ 40.527235] cgroup: Unknown subsys name 'rlimit' 2022/09/16 12:24:52 syscalls: 2215 2022/09/16 12:24:52 code coverage: enabled 2022/09/16 12:24:52 comparison tracing: enabled 2022/09/16 12:24:52 extra coverage: enabled 2022/09/16 12:24:52 setuid sandbox: enabled 2022/09/16 12:24:52 namespace sandbox: enabled 2022/09/16 12:24:52 Android sandbox: enabled 2022/09/16 12:24:52 fault injection: enabled 2022/09/16 12:24:52 leak checking: enabled 2022/09/16 12:24:52 net packet injection: enabled 2022/09/16 12:24:52 net device setup: enabled 2022/09/16 12:24:52 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/16 12:24:52 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/16 12:24:52 USB emulation: enabled 2022/09/16 12:24:52 hci packet injection: enabled 2022/09/16 12:24:52 wifi device emulation: failed to parse kernel version (6.0.0-rc5-next-20220916) 2022/09/16 12:24:52 802.15.4 emulation: enabled 2022/09/16 12:24:52 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/16 12:24:52 fetching corpus: 32, signal 25709/29237 (executing program) 2022/09/16 12:24:53 fetching corpus: 82, signal 41937/46761 (executing program) 2022/09/16 12:24:53 fetching corpus: 132, signal 50123/56274 (executing program) 2022/09/16 12:24:53 fetching corpus: 182, signal 54488/61949 (executing program) 2022/09/16 12:24:53 fetching corpus: 232, signal 60829/69403 (executing program) 2022/09/16 12:24:53 fetching corpus: 282, signal 64424/74143 (executing program) 2022/09/16 12:24:53 fetching corpus: 330, signal 69731/80426 (executing program) 2022/09/16 12:24:53 fetching corpus: 380, signal 73009/84773 (executing program) 2022/09/16 12:24:53 fetching corpus: 430, signal 77240/89908 (executing program) 2022/09/16 12:24:53 fetching corpus: 477, signal 80265/93839 (executing program) 2022/09/16 12:24:54 fetching corpus: 527, signal 86938/100973 (executing program) 2022/09/16 12:24:54 fetching corpus: 575, signal 89473/104411 (executing program) 2022/09/16 12:24:54 fetching corpus: 624, signal 94061/109530 (executing program) 2022/09/16 12:24:54 fetching corpus: 673, signal 97606/113615 (executing program) 2022/09/16 12:24:54 fetching corpus: 723, signal 102463/118807 (executing program) 2022/09/16 12:24:54 fetching corpus: 772, signal 105613/122464 (executing program) 2022/09/16 12:24:54 fetching corpus: 819, signal 107684/125147 (executing program) 2022/09/16 12:24:54 fetching corpus: 868, signal 109428/127517 (executing program) 2022/09/16 12:24:55 fetching corpus: 918, signal 112562/130991 (executing program) 2022/09/16 12:24:55 fetching corpus: 967, signal 115920/134592 (executing program) 2022/09/16 12:24:55 fetching corpus: 1015, signal 117014/136396 (executing program) 2022/09/16 12:24:55 fetching corpus: 1065, signal 120649/140096 (executing program) 2022/09/16 12:24:55 fetching corpus: 1114, signal 122754/142586 (executing program) 2022/09/16 12:24:55 fetching corpus: 1162, signal 124553/144775 (executing program) 2022/09/16 12:24:55 fetching corpus: 1211, signal 127674/147912 (executing program) 2022/09/16 12:24:55 fetching corpus: 1261, signal 128744/149488 (executing program) 2022/09/16 12:24:56 fetching corpus: 1311, signal 130723/151669 (executing program) 2022/09/16 12:24:56 fetching corpus: 1360, signal 133175/154209 (executing program) 2022/09/16 12:24:56 fetching corpus: 1410, signal 134427/155787 (executing program) 2022/09/16 12:24:56 fetching corpus: 1457, signal 135464/157211 (executing program) 2022/09/16 12:24:56 fetching corpus: 1505, signal 137293/159215 (executing program) 2022/09/16 12:24:56 fetching corpus: 1555, signal 138659/160836 (executing program) 2022/09/16 12:24:56 fetching corpus: 1605, signal 140437/162720 (executing program) 2022/09/16 12:24:56 fetching corpus: 1655, signal 141806/164370 (executing program) 2022/09/16 12:24:56 fetching corpus: 1705, signal 143604/166208 (executing program) 2022/09/16 12:24:57 fetching corpus: 1755, signal 144611/167518 (executing program) 2022/09/16 12:24:57 fetching corpus: 1804, signal 145847/168966 (executing program) 2022/09/16 12:24:57 fetching corpus: 1854, signal 147118/170318 (executing program) 2022/09/16 12:24:57 fetching corpus: 1903, signal 148070/171506 (executing program) 2022/09/16 12:24:57 fetching corpus: 1953, signal 149731/173097 (executing program) 2022/09/16 12:24:57 fetching corpus: 2002, signal 151252/174672 (executing program) 2022/09/16 12:24:57 fetching corpus: 2052, signal 152266/175850 (executing program) 2022/09/16 12:24:57 fetching corpus: 2102, signal 153670/177219 (executing program) 2022/09/16 12:24:58 fetching corpus: 2152, signal 154522/178264 (executing program) 2022/09/16 12:24:58 fetching corpus: 2202, signal 155765/179492 (executing program) 2022/09/16 12:24:58 fetching corpus: 2251, signal 157313/180843 (executing program) 2022/09/16 12:24:58 fetching corpus: 2301, signal 158983/182198 (executing program) 2022/09/16 12:24:58 fetching corpus: 2351, signal 160082/183260 (executing program) 2022/09/16 12:24:58 fetching corpus: 2401, signal 161903/184819 (executing program) 2022/09/16 12:24:58 fetching corpus: 2450, signal 163162/185946 (executing program) 2022/09/16 12:24:58 fetching corpus: 2500, signal 164297/186920 (executing program) 2022/09/16 12:24:59 fetching corpus: 2550, signal 166033/188168 (executing program) 2022/09/16 12:24:59 fetching corpus: 2600, signal 167658/189353 (executing program) 2022/09/16 12:24:59 fetching corpus: 2649, signal 168785/190248 (executing program) 2022/09/16 12:24:59 fetching corpus: 2699, signal 170793/191732 (executing program) 2022/09/16 12:24:59 fetching corpus: 2749, signal 171846/192706 (executing program) 2022/09/16 12:25:00 fetching corpus: 2799, signal 172798/193544 (executing program) 2022/09/16 12:25:00 fetching corpus: 2849, signal 173675/194319 (executing program) 2022/09/16 12:25:00 fetching corpus: 2899, signal 174761/195169 (executing program) 2022/09/16 12:25:00 fetching corpus: 2949, signal 175716/195916 (executing program) 2022/09/16 12:25:00 fetching corpus: 2999, signal 176731/196655 (executing program) 2022/09/16 12:25:00 fetching corpus: 3049, signal 177706/197417 (executing program) 2022/09/16 12:25:00 fetching corpus: 3098, signal 178334/197966 (executing program) 2022/09/16 12:25:00 fetching corpus: 3148, signal 178958/198529 (executing program) 2022/09/16 12:25:00 fetching corpus: 3198, signal 179947/199276 (executing program) 2022/09/16 12:25:01 fetching corpus: 3248, signal 181147/199977 (executing program) 2022/09/16 12:25:01 fetching corpus: 3298, signal 181956/200518 (executing program) 2022/09/16 12:25:01 fetching corpus: 3348, signal 183395/201276 (executing program) 2022/09/16 12:25:01 fetching corpus: 3398, signal 184004/201745 (executing program) 2022/09/16 12:25:01 fetching corpus: 3448, signal 184564/202174 (executing program) 2022/09/16 12:25:01 fetching corpus: 3497, signal 185565/202770 (executing program) 2022/09/16 12:25:01 fetching corpus: 3546, signal 186996/203419 (executing program) 2022/09/16 12:25:02 fetching corpus: 3596, signal 187956/203978 (executing program) 2022/09/16 12:25:02 fetching corpus: 3646, signal 189505/204633 (executing program) 2022/09/16 12:25:02 fetching corpus: 3696, signal 190097/204987 (executing program) 2022/09/16 12:25:02 fetching corpus: 3745, signal 190564/205278 (executing program) 2022/09/16 12:25:02 fetching corpus: 3794, signal 191199/205692 (executing program) 2022/09/16 12:25:02 fetching corpus: 3844, signal 191725/205986 (executing program) 2022/09/16 12:25:02 fetching corpus: 3894, signal 192556/206354 (executing program) 2022/09/16 12:25:03 fetching corpus: 3944, signal 193557/206737 (executing program) 2022/09/16 12:25:03 fetching corpus: 3994, signal 194055/207041 (executing program) 2022/09/16 12:25:03 fetching corpus: 4042, signal 194552/207306 (executing program) 2022/09/16 12:25:03 fetching corpus: 4091, signal 194995/207537 (executing program) 2022/09/16 12:25:03 fetching corpus: 4141, signal 195603/207778 (executing program) 2022/09/16 12:25:03 fetching corpus: 4191, signal 196699/208307 (executing program) 2022/09/16 12:25:03 fetching corpus: 4241, signal 197242/208537 (executing program) 2022/09/16 12:25:03 fetching corpus: 4291, signal 198016/208833 (executing program) 2022/09/16 12:25:03 fetching corpus: 4341, signal 198407/209094 (executing program) 2022/09/16 12:25:04 fetching corpus: 4391, signal 199336/209322 (executing program) 2022/09/16 12:25:04 fetching corpus: 4441, signal 200452/209582 (executing program) 2022/09/16 12:25:04 fetching corpus: 4491, signal 201067/209759 (executing program) 2022/09/16 12:25:04 fetching corpus: 4540, signal 201641/209913 (executing program) 2022/09/16 12:25:04 fetching corpus: 4590, signal 202319/210063 (executing program) 2022/09/16 12:25:04 fetching corpus: 4640, signal 203292/210235 (executing program) 2022/09/16 12:25:05 fetching corpus: 4690, signal 204260/210389 (executing program) 2022/09/16 12:25:05 fetching corpus: 4740, signal 204803/210500 (executing program) 2022/09/16 12:25:05 fetching corpus: 4773, signal 205055/210583 (executing program) 2022/09/16 12:25:05 fetching corpus: 4773, signal 205055/210636 (executing program) 2022/09/16 12:25:05 fetching corpus: 4773, signal 205055/210684 (executing program) 2022/09/16 12:25:05 fetching corpus: 4773, signal 205055/210740 (executing program) 2022/09/16 12:25:05 fetching corpus: 4773, signal 205055/210804 (executing program) 2022/09/16 12:25:05 fetching corpus: 4773, signal 205055/210814 (executing program) 2022/09/16 12:25:05 fetching corpus: 4773, signal 205055/210814 (executing program) 2022/09/16 12:25:08 starting 8 fuzzer processes 12:25:08 executing program 0: syz_mount_image$vfat(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0xfe2c, 0x0, 0x0, 0x0) syz_mount_image$nfs(0x0, &(0x7f0000000080)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$tmpfs(0x0, &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000000)='./file1\x00', 0x0) rename(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000180)='./file1\x00') 12:25:08 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0003}]}) fcntl$F_GET_RW_HINT(r0, 0x40b, 0xfffffffffffffffd) 12:25:08 executing program 1: openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x7, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 12:25:08 executing program 5: r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x0) ioctl$EVIOCGUNIQ(r0, 0x80404508, 0x0) 12:25:08 executing program 4: syz_mount_image$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) rename(0x0, &(0x7f0000000040)='./file1\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) openat(0xffffffffffffffff, 0x0, 0x40, 0x1) r1 = openat$sr(0xffffffffffffff9c, 0x0, 0x1cd802, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x2811, r1, 0x0) openat2(r1, &(0x7f0000000000)='./file1\x00', &(0x7f00000001c0)={0x101000, 0x101, 0x11}, 0x18) pwritev(r0, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xa0014, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) truncate(&(0x7f0000000180)='./file1\x00', 0x0) 12:25:08 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) statfs(&(0x7f0000000000)='./file1\x00', &(0x7f0000000300)=""/4096) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 12:25:08 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) sendmmsg(r0, &(0x7f00000033c0)=[{{&(0x7f0000000340)=@can={0x1d, r2}, 0x80, 0x0}}, {{0x0, 0x0, &(0x7f0000000100)=[{0x0}, {0x0}], 0x2}}], 0x2, 0x0) [ 68.957999] audit: type=1400 audit(1663331108.170:6): avc: denied { execmem } for pid=286 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 12:25:08 executing program 7: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000500)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2d, &(0x7f0000000500)={0x3, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) [ 70.361498] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 70.364060] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 70.367731] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 70.392643] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 70.394047] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 70.395980] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 70.398090] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 70.399475] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 70.400740] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 70.402388] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 70.403745] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 70.403869] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 70.405220] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 70.406336] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 70.407871] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 70.408477] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 70.408996] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 70.410946] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 70.412210] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 70.416127] Bluetooth: hci0: HCI_REQ-0x0c1a [ 70.420179] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 70.426331] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 70.434835] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 70.435223] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 70.437674] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 70.437785] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 70.440590] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 70.440727] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 70.442903] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 70.442965] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 70.445679] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 70.447361] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 70.454518] Bluetooth: hci4: HCI_REQ-0x0c1a [ 70.456224] Bluetooth: hci3: HCI_REQ-0x0c1a [ 70.458583] Bluetooth: hci2: HCI_REQ-0x0c1a [ 70.480786] Bluetooth: hci1: HCI_REQ-0x0c1a [ 70.511483] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 70.513900] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 70.524782] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 70.526321] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 70.528678] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 70.530244] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 70.531346] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 70.535661] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 70.549387] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 70.551995] Bluetooth: hci5: HCI_REQ-0x0c1a [ 70.553273] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 70.558357] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 70.568485] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 70.571740] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 70.573715] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 70.575909] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 70.582376] Bluetooth: hci7: HCI_REQ-0x0c1a [ 70.614028] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 70.623416] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 70.651216] Bluetooth: hci6: HCI_REQ-0x0c1a [ 72.476670] Bluetooth: hci3: command 0x0409 tx timeout [ 72.477145] Bluetooth: hci4: command 0x0409 tx timeout [ 72.477705] Bluetooth: hci0: command 0x0409 tx timeout [ 72.477879] Bluetooth: hci2: command 0x0409 tx timeout [ 72.540272] Bluetooth: hci1: command 0x0409 tx timeout [ 72.605153] Bluetooth: hci7: command 0x0409 tx timeout [ 72.605639] Bluetooth: hci5: command 0x0409 tx timeout [ 72.732227] Bluetooth: hci6: command 0x0409 tx timeout [ 74.524201] Bluetooth: hci2: command 0x041b tx timeout [ 74.524725] Bluetooth: hci0: command 0x041b tx timeout [ 74.525187] Bluetooth: hci4: command 0x041b tx timeout [ 74.525999] Bluetooth: hci3: command 0x041b tx timeout [ 74.588158] Bluetooth: hci1: command 0x041b tx timeout [ 74.652164] Bluetooth: hci5: command 0x041b tx timeout [ 74.652676] Bluetooth: hci7: command 0x041b tx timeout [ 74.780280] Bluetooth: hci6: command 0x041b tx timeout [ 76.572205] Bluetooth: hci3: command 0x040f tx timeout [ 76.573146] Bluetooth: hci4: command 0x040f tx timeout [ 76.573810] Bluetooth: hci0: command 0x040f tx timeout [ 76.574574] Bluetooth: hci2: command 0x040f tx timeout [ 76.636146] Bluetooth: hci1: command 0x040f tx timeout [ 76.700213] Bluetooth: hci7: command 0x040f tx timeout [ 76.700865] Bluetooth: hci5: command 0x040f tx timeout [ 76.828177] Bluetooth: hci6: command 0x040f tx timeout [ 78.620219] Bluetooth: hci2: command 0x0419 tx timeout [ 78.621075] Bluetooth: hci0: command 0x0419 tx timeout [ 78.621943] Bluetooth: hci4: command 0x0419 tx timeout [ 78.624313] Bluetooth: hci3: command 0x0419 tx timeout [ 78.684170] Bluetooth: hci1: command 0x0419 tx timeout [ 78.748278] Bluetooth: hci5: command 0x0419 tx timeout [ 78.749047] Bluetooth: hci7: command 0x0419 tx timeout [ 78.876226] Bluetooth: hci6: command 0x0419 tx timeout 12:26:04 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000480)}}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) r0 = epoll_create(0x4) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000240)={0xa0002000}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCSPTLCK(r2, 0x40045431, &(0x7f0000000040)) ioctl$TIOCGPTPEER(r2, 0x5441, 0x0) io_submit(0x0, 0x0, 0x0) openat$vcsu(0xffffffffffffff9c, &(0x7f00000004c0), 0x80000, 0x0) lseek(0xffffffffffffffff, 0xfffffffffffffff7, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0) ioctl$TIOCGPTPEER(r2, 0x5441, 0xd29) [ 125.399644] audit: type=1400 audit(1663331164.612:7): avc: denied { open } for pid=3818 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 125.405290] audit: type=1400 audit(1663331164.613:8): avc: denied { kernel } for pid=3818 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 125.415945] ------------[ cut here ]------------ [ 125.415970] [ 125.415974] ====================================================== [ 125.415979] WARNING: possible circular locking dependency detected [ 125.415984] 6.0.0-rc5-next-20220916 #1 Not tainted [ 125.415992] ------------------------------------------------------ [ 125.415995] syz-executor.2/3819 is trying to acquire lock: [ 125.416003] ffffffff853fa878 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 125.416045] [ 125.416045] but task is already holding lock: [ 125.416049] ffff88800e5a8420 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 125.416082] [ 125.416082] which lock already depends on the new lock. [ 125.416082] [ 125.416089] [ 125.416089] the existing dependency chain (in reverse order) is: [ 125.416093] [ 125.416093] -> #3 (&ctx->lock){....}-{2:2}: [ 125.416113] _raw_spin_lock+0x2a/0x40 [ 125.416135] __perf_event_task_sched_out+0x53b/0x18d0 [ 125.416150] __schedule+0xedd/0x2470 [ 125.416163] schedule+0xda/0x1b0 [ 125.416175] exit_to_user_mode_prepare+0x114/0x1a0 [ 125.416200] syscall_exit_to_user_mode+0x19/0x40 [ 125.416222] do_syscall_64+0x48/0x90 [ 125.416240] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 125.416262] [ 125.416262] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 125.416278] _raw_spin_lock_nested+0x30/0x40 [ 125.416297] raw_spin_rq_lock_nested+0x1e/0x30 [ 125.416313] task_fork_fair+0x63/0x4d0 [ 125.416333] sched_cgroup_fork+0x3d0/0x540 [ 125.416351] copy_process+0x4183/0x6e20 [ 125.416363] kernel_clone+0xe7/0x890 [ 125.416375] user_mode_thread+0xad/0xf0 [ 125.416387] rest_init+0x24/0x250 [ 125.416408] arch_call_rest_init+0xf/0x14 [ 125.416422] start_kernel+0x4c1/0x4e6 [ 125.416434] secondary_startup_64_no_verify+0xe0/0xeb [ 125.416452] [ 125.416452] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 125.416468] _raw_spin_lock_irqsave+0x39/0x60 [ 125.416487] try_to_wake_up+0xab/0x1920 [ 125.416503] up+0x75/0xb0 [ 125.416546] __up_console_sem+0x6e/0x80 [ 125.416568] console_unlock+0x46a/0x590 [ 125.416587] vt_ioctl+0x2822/0x2ca0 [ 125.416603] tty_ioctl+0x7c4/0x1700 [ 125.416618] __x64_sys_ioctl+0x19a/0x210 [ 125.416637] do_syscall_64+0x3b/0x90 [ 125.416653] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 125.416675] [ 125.416675] -> #0 ((console_sem).lock){....}-{2:2}: [ 125.416691] __lock_acquire+0x2a02/0x5e70 [ 125.416712] lock_acquire+0x1a2/0x530 [ 125.416731] _raw_spin_lock_irqsave+0x39/0x60 [ 125.416750] down_trylock+0xe/0x70 [ 125.416765] __down_trylock_console_sem+0x3b/0xd0 [ 125.416785] vprintk_emit+0x16b/0x560 [ 125.416805] vprintk+0x84/0xa0 [ 125.416825] _printk+0xba/0xf1 [ 125.416848] report_bug.cold+0x72/0xab [ 125.416863] handle_bug+0x3c/0x70 [ 125.416880] exc_invalid_op+0x14/0x50 [ 125.416897] asm_exc_invalid_op+0x16/0x20 [ 125.416917] group_sched_out.part.0+0x2c7/0x460 [ 125.416930] ctx_sched_out+0x8f1/0xc10 [ 125.416942] __perf_event_task_sched_out+0x6d0/0x18d0 [ 125.416956] __schedule+0xedd/0x2470 [ 125.416969] schedule+0xda/0x1b0 [ 125.416981] exit_to_user_mode_prepare+0x114/0x1a0 [ 125.417004] syscall_exit_to_user_mode+0x19/0x40 [ 125.417026] do_syscall_64+0x48/0x90 [ 125.417042] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 125.417064] [ 125.417064] other info that might help us debug this: [ 125.417064] [ 125.417067] Chain exists of: [ 125.417067] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 125.417067] [ 125.417085] Possible unsafe locking scenario: [ 125.417085] [ 125.417088] CPU0 CPU1 [ 125.417091] ---- ---- [ 125.417094] lock(&ctx->lock); [ 125.417100] lock(&rq->__lock); [ 125.417108] lock(&ctx->lock); [ 125.417116] lock((console_sem).lock); [ 125.417123] [ 125.417123] *** DEADLOCK *** [ 125.417123] [ 125.417125] 2 locks held by syz-executor.2/3819: [ 125.417133] #0: ffff88806ce37cd8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 125.417165] #1: ffff88800e5a8420 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 125.417198] [ 125.417198] stack backtrace: [ 125.417201] CPU: 0 PID: 3819 Comm: syz-executor.2 Not tainted 6.0.0-rc5-next-20220916 #1 [ 125.417217] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 125.417227] Call Trace: [ 125.417230] [ 125.417236] dump_stack_lvl+0x8b/0xb3 [ 125.417254] check_noncircular+0x263/0x2e0 [ 125.417275] ? format_decode+0x26c/0xb50 [ 125.417294] ? print_circular_bug+0x450/0x450 [ 125.417315] ? enable_ptr_key_workfn+0x20/0x20 [ 125.417334] ? format_decode+0x26c/0xb50 [ 125.417354] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 125.417376] __lock_acquire+0x2a02/0x5e70 [ 125.417403] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 125.417430] lock_acquire+0x1a2/0x530 [ 125.417451] ? down_trylock+0xe/0x70 [ 125.417469] ? rcu_read_unlock+0x40/0x40 [ 125.417495] ? vprintk+0x84/0xa0 [ 125.417517] _raw_spin_lock_irqsave+0x39/0x60 [ 125.417537] ? down_trylock+0xe/0x70 [ 125.417554] down_trylock+0xe/0x70 [ 125.417570] ? vprintk+0x84/0xa0 [ 125.417591] __down_trylock_console_sem+0x3b/0xd0 [ 125.417613] vprintk_emit+0x16b/0x560 [ 125.417636] vprintk+0x84/0xa0 [ 125.417658] _printk+0xba/0xf1 [ 125.417681] ? record_print_text.cold+0x16/0x16 [ 125.417709] ? report_bug.cold+0x66/0xab [ 125.417727] ? group_sched_out.part.0+0x2c7/0x460 [ 125.417740] report_bug.cold+0x72/0xab [ 125.417759] handle_bug+0x3c/0x70 [ 125.417777] exc_invalid_op+0x14/0x50 [ 125.417795] asm_exc_invalid_op+0x16/0x20 [ 125.417817] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 125.417833] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 125.417847] RSP: 0018:ffff888015de7c48 EFLAGS: 00010006 [ 125.417858] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 125.417867] RDX: ffff88803f4c1ac0 RSI: ffffffff81566027 RDI: 0000000000000005 [ 125.417876] RBP: ffff8880086605c8 R08: 0000000000000005 R09: 0000000000000001 [ 125.417885] R10: 0000000000000000 R11: ffffffff865ac01b R12: ffff88800e5a8400 [ 125.417895] R13: ffff88806ce3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 125.417910] ? group_sched_out.part.0+0x2c7/0x460 [ 125.417928] ? group_sched_out.part.0+0x2c7/0x460 [ 125.417945] ctx_sched_out+0x8f1/0xc10 [ 125.417960] __perf_event_task_sched_out+0x6d0/0x18d0 [ 125.417979] ? lock_is_held_type+0xd7/0x130 [ 125.418002] ? __perf_cgroup_move+0x160/0x160 [ 125.418017] ? set_next_entity+0x304/0x550 [ 125.418039] ? update_curr+0x267/0x740 [ 125.418062] ? lock_is_held_type+0xd7/0x130 [ 125.418085] __schedule+0xedd/0x2470 [ 125.418102] ? io_schedule_timeout+0x150/0x150 [ 125.418118] ? rcu_read_lock_sched_held+0x3e/0x80 [ 125.418143] schedule+0xda/0x1b0 [ 125.418157] exit_to_user_mode_prepare+0x114/0x1a0 [ 125.418182] syscall_exit_to_user_mode+0x19/0x40 [ 125.418205] do_syscall_64+0x48/0x90 [ 125.418223] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 125.418245] RIP: 0033:0x7f94249a2b19 [ 125.418256] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 125.418269] RSP: 002b:00007f9421f18218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 125.418282] RAX: 0000000000000001 RBX: 00007f9424ab5f68 RCX: 00007f94249a2b19 [ 125.418291] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f9424ab5f6c [ 125.418300] RBP: 00007f9424ab5f60 R08: 000000000000000e R09: 0000000000000000 [ 125.418309] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f9424ab5f6c [ 125.418318] R13: 00007ffef7a4a31f R14: 00007f9421f18300 R15: 0000000000022000 [ 125.418333] [ 125.486089] WARNING: CPU: 0 PID: 3819 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 125.487483] Modules linked in: [ 125.487977] CPU: 0 PID: 3819 Comm: syz-executor.2 Not tainted 6.0.0-rc5-next-20220916 #1 [ 125.489191] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 125.490884] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 125.491698] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 125.494296] RSP: 0018:ffff888015de7c48 EFLAGS: 00010006 [ 125.495016] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 125.495977] RDX: ffff88803f4c1ac0 RSI: ffffffff81566027 RDI: 0000000000000005 [ 125.496954] RBP: ffff8880086605c8 R08: 0000000000000005 R09: 0000000000000001 [ 125.497925] R10: 0000000000000000 R11: ffffffff865ac01b R12: ffff88800e5a8400 [ 125.498893] R13: ffff88806ce3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 125.499839] FS: 00007f9421f18700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 125.500930] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.501716] CR2: 00007f101bc3d088 CR3: 000000001b1e4000 CR4: 0000000000350ef0 [ 125.502679] Call Trace: [ 125.503035] [ 125.503353] ctx_sched_out+0x8f1/0xc10 [ 125.503896] __perf_event_task_sched_out+0x6d0/0x18d0 [ 125.504607] ? lock_is_held_type+0xd7/0x130 [ 125.505212] ? __perf_cgroup_move+0x160/0x160 [ 125.505839] ? set_next_entity+0x304/0x550 [ 125.506443] ? update_curr+0x267/0x740 [ 125.506994] ? lock_is_held_type+0xd7/0x130 [ 125.507601] __schedule+0xedd/0x2470 [ 125.508123] ? io_schedule_timeout+0x150/0x150 [ 125.508776] ? rcu_read_lock_sched_held+0x3e/0x80 [ 125.509458] schedule+0xda/0x1b0 [ 125.509940] exit_to_user_mode_prepare+0x114/0x1a0 [ 125.510652] syscall_exit_to_user_mode+0x19/0x40 [ 125.511320] do_syscall_64+0x48/0x90 [ 125.511844] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 125.512570] RIP: 0033:0x7f94249a2b19 [ 125.513078] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 125.515541] RSP: 002b:00007f9421f18218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 125.516566] RAX: 0000000000000001 RBX: 00007f9424ab5f68 RCX: 00007f94249a2b19 [ 125.517535] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f9424ab5f6c [ 125.518492] RBP: 00007f9424ab5f60 R08: 000000000000000e R09: 0000000000000000 [ 125.519444] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f9424ab5f6c [ 125.520400] R13: 00007ffef7a4a31f R14: 00007f9421f18300 R15: 0000000000022000 [ 125.521391] [ 125.521720] irq event stamp: 1066 [ 125.522190] hardirqs last enabled at (1065): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 125.523483] hardirqs last disabled at (1066): [] __schedule+0x1225/0x2470 [ 125.524618] softirqs last enabled at (930): [] __irq_exit_rcu+0x11b/0x180 [ 125.525776] softirqs last disabled at (691): [] __irq_exit_rcu+0x11b/0x180 [ 125.526921] ---[ end trace 0000000000000000 ]--- 12:26:05 executing program 1: openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x7, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 12:26:05 executing program 1: openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x7, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 12:26:05 executing program 1: openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x7, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 126.104110] hrtimer: interrupt took 18815 ns 12:26:05 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000400)={'ip6_vti0\x00', &(0x7f0000000380)={'ip6gre0\x00', 0x0, 0x29, 0x4, 0x6, 0x1, 0x10, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private1={0xfc, 0x1, '\x00', 0x1}, 0x80, 0x20, 0x1000, 0xffffffff}}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000440)={@dev={0xfe, 0x80, '\x00', 0x33}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x10001, 0x5, 0x200, 0x0, 0x9e, 0x1000000, r1}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000000)={@remote, @ipv4={'\x00', '\xff\xff', @empty}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x6395, 0x0, 0x0, 0x0, 0x5000004}) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000100)={{0x1, 0x1, 0x18, 0xffffffffffffffff, @in_args={0x4}}, './file0\x00'}) ioctl$sock_inet6_SIOCDELRT(r2, 0x890c, &(0x7f0000000140)={@mcast1, @mcast1, @remote, 0x8, 0x2, 0x400, 0x100, 0x3, 0x100000}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000040)=[{&(0x7f0000010000)="601c6d6b646f736689254300080120000400004000f8000020004000030000000000000001", 0x25}, {0x0, 0x0, 0x10000}], 0x2100c, 0x0) 12:26:05 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000480)}}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) r0 = epoll_create(0x4) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000240)={0xa0002000}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCSPTLCK(r2, 0x40045431, &(0x7f0000000040)) ioctl$TIOCGPTPEER(r2, 0x5441, 0x0) io_submit(0x0, 0x0, 0x0) openat$vcsu(0xffffffffffffff9c, &(0x7f00000004c0), 0x80000, 0x0) lseek(0xffffffffffffffff, 0xfffffffffffffff7, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0) ioctl$TIOCGPTPEER(r2, 0x5441, 0xd29) 12:26:06 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000480)}}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) r0 = epoll_create(0x4) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000240)={0xa0002000}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCSPTLCK(r2, 0x40045431, &(0x7f0000000040)) ioctl$TIOCGPTPEER(r2, 0x5441, 0x0) io_submit(0x0, 0x0, 0x0) openat$vcsu(0xffffffffffffff9c, &(0x7f00000004c0), 0x80000, 0x0) lseek(0xffffffffffffffff, 0xfffffffffffffff7, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0) ioctl$TIOCGPTPEER(r2, 0x5441, 0xd29) [ 127.153618] loop1: detected capacity change from 0 to 256 [ 127.167690] loop3: detected capacity change from 0 to 40 [ 127.202084] loop1: detected capacity change from 0 to 256 12:26:06 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000400)={'ip6_vti0\x00', &(0x7f0000000380)={'ip6gre0\x00', 0x0, 0x29, 0x4, 0x6, 0x1, 0x10, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private1={0xfc, 0x1, '\x00', 0x1}, 0x80, 0x20, 0x1000, 0xffffffff}}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000440)={@dev={0xfe, 0x80, '\x00', 0x33}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x10001, 0x5, 0x200, 0x0, 0x9e, 0x1000000, r1}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000000)={@remote, @ipv4={'\x00', '\xff\xff', @empty}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x6395, 0x0, 0x0, 0x0, 0x5000004}) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000100)={{0x1, 0x1, 0x18, 0xffffffffffffffff, @in_args={0x4}}, './file0\x00'}) ioctl$sock_inet6_SIOCDELRT(r2, 0x890c, &(0x7f0000000140)={@mcast1, @mcast1, @remote, 0x8, 0x2, 0x400, 0x100, 0x3, 0x100000}) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000040)=[{&(0x7f0000010000)="601c6d6b646f736689254300080120000400004000f8000020004000030000000000000001", 0x25}, {0x0, 0x0, 0x10000}], 0x2100c, 0x0) [ 127.335567] loop1: detected capacity change from 0 to 256 [ 128.005898] syz-executor.3: attempt to access beyond end of device [ 128.005898] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 128.007444] Buffer I/O error on dev loop3, logical block 10, lost async page write [ 128.017334] syz-executor.3: attempt to access beyond end of device [ 128.017334] loop3: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 128.018835] Buffer I/O error on dev loop3, logical block 10, lost async page write [ 131.430461] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 131.431889] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 131.434285] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 131.436301] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 131.438964] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 131.440080] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 131.444173] Bluetooth: hci7: HCI_REQ-0x0c1a [ 133.404124] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 133.468239] Bluetooth: hci7: command 0x0409 tx timeout VM DIAGNOSIS: 12:26:04 Registers: info registers vcpu 0 RAX=0000000000000032 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822b3251 RDI=ffffffff87641ba0 RBP=ffffffff87641b60 RSP=ffff888015de7698 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000032 R11=0000000000000001 R12=0000000000000032 R13=ffffffff87641b60 R14=0000000000000010 R15=ffffffff822b3240 RIP=ffffffff822b32a9 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f9421f18700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f101bc3d088 CR3=000000001b1e4000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007f9424a897c0 00007f9424a897c8 YMM02=0000000000000000 0000000000000000 00007f9424a897e0 00007f9424a897c0 YMM03=0000000000000000 0000000000000000 00007f9424a897c8 00007f9424a897c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=0000000080000001 RBX=ffff88803fa57d88 RCX=0000000080000001 RDX=ffff88803fc53580 RSI=ffffffff8169a557 RDI=0000000000000007 RBP=ffffea00001e2bc0 RSP=ffff88803fa57b60 R8 =0000000000000007 R9 =0000000000002000 R10=0000000000000000 R11=0000000000000001 R12=80000000078af025 R13=ffff8880185e74e0 R14=0000000000000000 R15=ffffea00001e2bc0 RIP=ffffffff8146174d RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f66e2a10dc8 CR3=000000001ba6c000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 000000ff00000000 0000000000000000 YMM01=0000000000000000 0000000000000000 62696c00312e312e 6f732e6f74707972 YMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM03=0000000000000000 0000000000000000 0000000000000000 0000004700352e32 YMM04=0000000000000000 0000000000000000 4342494c4700362e 322e325f4342494c YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000