Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:45070' (ECDSA) to the list of known hosts. 2022/09/12 16:58:23 fuzzer started 2022/09/12 16:58:23 dialing manager at localhost:38027 syzkaller login: [ 39.918653] cgroup: Unknown subsys name 'net' [ 40.005828] cgroup: Unknown subsys name 'rlimit' 2022/09/12 16:58:38 syscalls: 2215 2022/09/12 16:58:38 code coverage: enabled 2022/09/12 16:58:38 comparison tracing: enabled 2022/09/12 16:58:38 extra coverage: enabled 2022/09/12 16:58:38 setuid sandbox: enabled 2022/09/12 16:58:38 namespace sandbox: enabled 2022/09/12 16:58:38 Android sandbox: enabled 2022/09/12 16:58:38 fault injection: enabled 2022/09/12 16:58:38 leak checking: enabled 2022/09/12 16:58:38 net packet injection: enabled 2022/09/12 16:58:38 net device setup: enabled 2022/09/12 16:58:38 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/12 16:58:38 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/12 16:58:38 USB emulation: enabled 2022/09/12 16:58:38 hci packet injection: enabled 2022/09/12 16:58:38 wifi device emulation: failed to parse kernel version (6.0.0-rc5-next-20220912) 2022/09/12 16:58:38 802.15.4 emulation: enabled 2022/09/12 16:58:38 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/12 16:58:38 fetching corpus: 50, signal 27965/31545 (executing program) 2022/09/12 16:58:38 fetching corpus: 100, signal 44579/49518 (executing program) 2022/09/12 16:58:38 fetching corpus: 150, signal 52399/58751 (executing program) 2022/09/12 16:58:38 fetching corpus: 200, signal 61425/68940 (executing program) 2022/09/12 16:58:38 fetching corpus: 250, signal 70923/79483 (executing program) 2022/09/12 16:58:39 fetching corpus: 300, signal 77911/87500 (executing program) 2022/09/12 16:58:39 fetching corpus: 350, signal 82661/93329 (executing program) 2022/09/12 16:58:39 fetching corpus: 400, signal 86088/97811 (executing program) 2022/09/12 16:58:39 fetching corpus: 450, signal 89217/102008 (executing program) 2022/09/12 16:58:39 fetching corpus: 500, signal 91996/105803 (executing program) 2022/09/12 16:58:39 fetching corpus: 550, signal 96976/111540 (executing program) 2022/09/12 16:58:39 fetching corpus: 600, signal 100546/115959 (executing program) 2022/09/12 16:58:39 fetching corpus: 650, signal 102802/119157 (executing program) 2022/09/12 16:58:39 fetching corpus: 700, signal 105311/122584 (executing program) 2022/09/12 16:58:40 fetching corpus: 750, signal 108297/126350 (executing program) 2022/09/12 16:58:40 fetching corpus: 800, signal 111335/130053 (executing program) 2022/09/12 16:58:40 fetching corpus: 850, signal 115182/134524 (executing program) 2022/09/12 16:58:40 fetching corpus: 900, signal 116938/137130 (executing program) 2022/09/12 16:58:40 fetching corpus: 950, signal 118846/139778 (executing program) 2022/09/12 16:58:40 fetching corpus: 1000, signal 121932/143404 (executing program) 2022/09/12 16:58:40 fetching corpus: 1050, signal 124085/146260 (executing program) 2022/09/12 16:58:41 fetching corpus: 1100, signal 127004/149658 (executing program) 2022/09/12 16:58:41 fetching corpus: 1150, signal 129534/152710 (executing program) 2022/09/12 16:58:41 fetching corpus: 1200, signal 131044/154887 (executing program) 2022/09/12 16:58:41 fetching corpus: 1250, signal 133214/157612 (executing program) 2022/09/12 16:58:41 fetching corpus: 1300, signal 135592/160399 (executing program) 2022/09/12 16:58:41 fetching corpus: 1350, signal 136828/162241 (executing program) 2022/09/12 16:58:41 fetching corpus: 1400, signal 138187/164233 (executing program) 2022/09/12 16:58:42 fetching corpus: 1450, signal 139921/166417 (executing program) 2022/09/12 16:58:42 fetching corpus: 1500, signal 142069/168912 (executing program) 2022/09/12 16:58:42 fetching corpus: 1550, signal 143825/171118 (executing program) 2022/09/12 16:58:42 fetching corpus: 1600, signal 146159/173637 (executing program) 2022/09/12 16:58:42 fetching corpus: 1650, signal 148103/175886 (executing program) 2022/09/12 16:58:42 fetching corpus: 1700, signal 148973/177359 (executing program) 2022/09/12 16:58:42 fetching corpus: 1750, signal 150740/179439 (executing program) 2022/09/12 16:58:43 fetching corpus: 1800, signal 152302/181355 (executing program) 2022/09/12 16:58:43 fetching corpus: 1850, signal 154059/183306 (executing program) 2022/09/12 16:58:43 fetching corpus: 1900, signal 155898/185362 (executing program) 2022/09/12 16:58:43 fetching corpus: 1950, signal 156774/186707 (executing program) 2022/09/12 16:58:43 fetching corpus: 2000, signal 157887/188173 (executing program) 2022/09/12 16:58:43 fetching corpus: 2050, signal 159296/189878 (executing program) 2022/09/12 16:58:43 fetching corpus: 2100, signal 160800/191612 (executing program) 2022/09/12 16:58:44 fetching corpus: 2150, signal 162174/193236 (executing program) 2022/09/12 16:58:44 fetching corpus: 2200, signal 163295/194686 (executing program) 2022/09/12 16:58:44 fetching corpus: 2250, signal 165580/196870 (executing program) 2022/09/12 16:58:44 fetching corpus: 2300, signal 166592/198135 (executing program) 2022/09/12 16:58:44 fetching corpus: 2350, signal 167628/199464 (executing program) 2022/09/12 16:58:44 fetching corpus: 2399, signal 168622/200700 (executing program) 2022/09/12 16:58:44 fetching corpus: 2449, signal 170188/202293 (executing program) 2022/09/12 16:58:45 fetching corpus: 2499, signal 171314/203587 (executing program) 2022/09/12 16:58:45 fetching corpus: 2549, signal 172834/205124 (executing program) 2022/09/12 16:58:45 fetching corpus: 2599, signal 174012/206528 (executing program) 2022/09/12 16:58:45 fetching corpus: 2649, signal 175096/207765 (executing program) 2022/09/12 16:58:45 fetching corpus: 2699, signal 175696/208671 (executing program) 2022/09/12 16:58:45 fetching corpus: 2749, signal 176893/209972 (executing program) 2022/09/12 16:58:45 fetching corpus: 2798, signal 177776/211033 (executing program) 2022/09/12 16:58:45 fetching corpus: 2848, signal 178875/212181 (executing program) 2022/09/12 16:58:45 fetching corpus: 2898, signal 179723/213233 (executing program) 2022/09/12 16:58:46 fetching corpus: 2948, signal 180568/214244 (executing program) 2022/09/12 16:58:46 fetching corpus: 2998, signal 181682/215398 (executing program) 2022/09/12 16:58:46 fetching corpus: 3048, signal 182195/216211 (executing program) 2022/09/12 16:58:46 fetching corpus: 3098, signal 183198/217272 (executing program) 2022/09/12 16:58:46 fetching corpus: 3148, signal 184230/218253 (executing program) 2022/09/12 16:58:46 fetching corpus: 3198, signal 185627/219455 (executing program) 2022/09/12 16:58:46 fetching corpus: 3248, signal 186193/220270 (executing program) 2022/09/12 16:58:47 fetching corpus: 3298, signal 186907/221081 (executing program) 2022/09/12 16:58:47 fetching corpus: 3348, signal 187592/221987 (executing program) 2022/09/12 16:58:47 fetching corpus: 3398, signal 188335/222891 (executing program) 2022/09/12 16:58:47 fetching corpus: 3448, signal 189110/223780 (executing program) 2022/09/12 16:58:47 fetching corpus: 3498, signal 190119/224716 (executing program) 2022/09/12 16:58:47 fetching corpus: 3548, signal 191170/225665 (executing program) 2022/09/12 16:58:47 fetching corpus: 3598, signal 192554/226720 (executing program) 2022/09/12 16:58:47 fetching corpus: 3648, signal 193063/227377 (executing program) 2022/09/12 16:58:47 fetching corpus: 3697, signal 194276/228346 (executing program) 2022/09/12 16:58:48 fetching corpus: 3747, signal 194937/229038 (executing program) 2022/09/12 16:58:48 fetching corpus: 3797, signal 195655/229763 (executing program) 2022/09/12 16:58:48 fetching corpus: 3847, signal 196367/230518 (executing program) 2022/09/12 16:58:48 fetching corpus: 3897, signal 197396/231362 (executing program) 2022/09/12 16:58:48 fetching corpus: 3947, signal 198079/232034 (executing program) 2022/09/12 16:58:48 fetching corpus: 3997, signal 198542/232630 (executing program) 2022/09/12 16:58:48 fetching corpus: 4047, signal 199333/233329 (executing program) 2022/09/12 16:58:49 fetching corpus: 4097, signal 199983/234009 (executing program) 2022/09/12 16:58:49 fetching corpus: 4147, signal 200578/234610 (executing program) 2022/09/12 16:58:49 fetching corpus: 4197, signal 201255/235280 (executing program) 2022/09/12 16:58:49 fetching corpus: 4247, signal 202174/235943 (executing program) 2022/09/12 16:58:49 fetching corpus: 4297, signal 202595/236455 (executing program) 2022/09/12 16:58:49 fetching corpus: 4347, signal 203402/237090 (executing program) 2022/09/12 16:58:49 fetching corpus: 4397, signal 204246/237748 (executing program) 2022/09/12 16:58:49 fetching corpus: 4447, signal 205033/238348 (executing program) 2022/09/12 16:58:50 fetching corpus: 4496, signal 205823/238905 (executing program) 2022/09/12 16:58:50 fetching corpus: 4546, signal 206428/239452 (executing program) 2022/09/12 16:58:50 fetching corpus: 4595, signal 207281/240026 (executing program) 2022/09/12 16:58:50 fetching corpus: 4645, signal 208043/240631 (executing program) 2022/09/12 16:58:50 fetching corpus: 4695, signal 208818/241161 (executing program) 2022/09/12 16:58:50 fetching corpus: 4745, signal 209700/241704 (executing program) 2022/09/12 16:58:50 fetching corpus: 4795, signal 210641/242245 (executing program) 2022/09/12 16:58:50 fetching corpus: 4845, signal 211090/242709 (executing program) 2022/09/12 16:58:51 fetching corpus: 4895, signal 211837/243182 (executing program) 2022/09/12 16:58:51 fetching corpus: 4945, signal 212528/243604 (executing program) 2022/09/12 16:58:51 fetching corpus: 4995, signal 213094/244036 (executing program) 2022/09/12 16:58:51 fetching corpus: 5045, signal 213679/244565 (executing program) 2022/09/12 16:58:51 fetching corpus: 5094, signal 214299/245000 (executing program) 2022/09/12 16:58:51 fetching corpus: 5144, signal 214903/245442 (executing program) 2022/09/12 16:58:51 fetching corpus: 5194, signal 215762/245894 (executing program) 2022/09/12 16:58:52 fetching corpus: 5244, signal 216405/246351 (executing program) 2022/09/12 16:58:52 fetching corpus: 5294, signal 217135/246736 (executing program) 2022/09/12 16:58:52 fetching corpus: 5344, signal 218009/247174 (executing program) 2022/09/12 16:58:52 fetching corpus: 5394, signal 218741/247537 (executing program) 2022/09/12 16:58:52 fetching corpus: 5444, signal 219197/247859 (executing program) 2022/09/12 16:58:52 fetching corpus: 5493, signal 219920/248342 (executing program) 2022/09/12 16:58:53 fetching corpus: 5543, signal 220765/248709 (executing program) 2022/09/12 16:58:53 fetching corpus: 5593, signal 221191/249009 (executing program) 2022/09/12 16:58:53 fetching corpus: 5643, signal 221901/249299 (executing program) 2022/09/12 16:58:53 fetching corpus: 5693, signal 222523/249590 (executing program) 2022/09/12 16:58:53 fetching corpus: 5743, signal 223119/249876 (executing program) 2022/09/12 16:58:53 fetching corpus: 5793, signal 223781/250174 (executing program) 2022/09/12 16:58:53 fetching corpus: 5842, signal 224197/250492 (executing program) 2022/09/12 16:58:53 fetching corpus: 5892, signal 224949/250777 (executing program) 2022/09/12 16:58:54 fetching corpus: 5942, signal 225347/251014 (executing program) 2022/09/12 16:58:54 fetching corpus: 5992, signal 226045/251280 (executing program) 2022/09/12 16:58:54 fetching corpus: 6041, signal 226586/251520 (executing program) 2022/09/12 16:58:54 fetching corpus: 6090, signal 227013/251628 (executing program) 2022/09/12 16:58:54 fetching corpus: 6140, signal 227593/251669 (executing program) 2022/09/12 16:58:54 fetching corpus: 6187, signal 228081/251672 (executing program) 2022/09/12 16:58:54 fetching corpus: 6236, signal 228966/251675 (executing program) 2022/09/12 16:58:54 fetching corpus: 6286, signal 229522/251705 (executing program) 2022/09/12 16:58:55 fetching corpus: 6336, signal 229907/251730 (executing program) 2022/09/12 16:58:55 fetching corpus: 6384, signal 230359/251753 (executing program) 2022/09/12 16:58:55 fetching corpus: 6434, signal 230814/251768 (executing program) 2022/09/12 16:58:55 fetching corpus: 6484, signal 231471/251779 (executing program) 2022/09/12 16:58:55 fetching corpus: 6534, signal 232263/251821 (executing program) 2022/09/12 16:58:55 fetching corpus: 6584, signal 232913/251824 (executing program) 2022/09/12 16:58:55 fetching corpus: 6634, signal 233335/251855 (executing program) 2022/09/12 16:58:56 fetching corpus: 6682, signal 233826/251877 (executing program) 2022/09/12 16:58:56 fetching corpus: 6731, signal 234321/251918 (executing program) 2022/09/12 16:58:56 fetching corpus: 6779, signal 234763/251933 (executing program) 2022/09/12 16:58:56 fetching corpus: 6828, signal 235359/251994 (executing program) 2022/09/12 16:58:56 fetching corpus: 6877, signal 235945/252025 (executing program) 2022/09/12 16:58:56 fetching corpus: 6927, signal 236228/252029 (executing program) 2022/09/12 16:58:56 fetching corpus: 6977, signal 237004/252176 (executing program) 2022/09/12 16:58:57 fetching corpus: 7027, signal 237555/252178 (executing program) 2022/09/12 16:58:57 fetching corpus: 7077, signal 237988/252194 (executing program) 2022/09/12 16:58:57 fetching corpus: 7127, signal 238719/252196 (executing program) 2022/09/12 16:58:57 fetching corpus: 7177, signal 239107/252208 (executing program) 2022/09/12 16:58:57 fetching corpus: 7227, signal 239602/252237 (executing program) 2022/09/12 16:58:57 fetching corpus: 7276, signal 239987/252251 (executing program) 2022/09/12 16:58:58 fetching corpus: 7326, signal 240531/252267 (executing program) 2022/09/12 16:58:58 fetching corpus: 7376, signal 240823/252292 (executing program) 2022/09/12 16:58:58 fetching corpus: 7425, signal 241332/252321 (executing program) 2022/09/12 16:58:58 fetching corpus: 7447, signal 241494/252342 (executing program) 2022/09/12 16:58:58 fetching corpus: 7447, signal 241494/252342 (executing program) 2022/09/12 16:59:00 starting 8 fuzzer processes 16:59:01 executing program 4: r0 = socket$inet6(0xa, 0x801, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @empty}, 0x1c) r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) r2 = socket(0x23, 0x5, 0x401) getsockopt$inet6_int(r2, 0x29, 0x10, &(0x7f0000000180), &(0x7f00000003c0)=0x4) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) shmdt(0x0) openat2(r3, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5) sendto$unix(r3, &(0x7f0000000340)="35096a773adb7d1d36d875808da81befb06d941c7e45dd8499cffd0180f67841a413f368df4699ff8e48fff7facc132a5e310e6f1631c880ef5d7c682c374fcc071a408423f98bda4d2b71a4d1c52fe56e6449de857a7bf95de55bdfc7eda7910109a10bd4cb216137edc6c9f6705eb2f2fb31d8affb5d99da19", 0x7a, 0x4000, &(0x7f00000001c0)=@abs={0x1, 0x0, 0x4e20}, 0x6e) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r3, 0xc018937d, &(0x7f0000000100)={{0x1, 0x1, 0x18, r1, {0x100}}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r6, 0xc018937e, &(0x7f0000000140)={{0x1, 0x1, 0x18, r3, @out_args}, './file0\x00'}) 16:59:01 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001440)=[{&(0x7f00000001c0)={0x14, 0x1e, 0x101, 0x0, 0x0, "", [@nested={0x2}]}, 0x14}], 0x1}, 0x0) 16:59:01 executing program 2: socketpair(0x0, 0x0, 0x0, 0xfffffffffffffffc) 16:59:01 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020801000270008000f801", 0x17}], 0x0, &(0x7f00000006c0)=ANY=[]) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) 16:59:01 executing program 0: syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/time\x00') 16:59:01 executing program 5: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) setxattr$security_selinux(&(0x7f0000000180)='./file1\x00', &(0x7f0000000080), &(0x7f00000000c0)='system_u:object_r:devicekit_var_run_t:s0\x00', 0x66, 0x0) llistxattr(&(0x7f0000000000)='./file1\x00', 0x0, 0x0) [ 77.311645] audit: type=1400 audit(1663001941.032:6): avc: denied { execmem } for pid=286 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 16:59:01 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r1, &(0x7f0000001180)=ANY=[], 0x220) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0xfffffdef) 16:59:01 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) process_madvise(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) [ 78.636183] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 78.639176] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 78.640676] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 78.642072] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 78.643774] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 78.647446] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 78.648781] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 78.649917] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 78.651161] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 78.654690] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 78.655975] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 78.657376] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 78.658536] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 78.659692] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 78.660855] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 78.662066] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 78.664357] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 78.665541] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 78.668334] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 78.669531] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 78.671364] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 78.672729] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 78.674114] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 78.675296] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 78.676530] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 78.677858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 78.678987] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 78.681516] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 78.685186] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 78.686686] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 78.688758] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 78.689763] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 78.690719] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 78.691598] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 78.692308] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 78.693073] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 78.693391] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 78.694849] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 78.696391] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 78.697380] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 78.697871] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 78.699063] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 78.700029] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 78.707081] Bluetooth: hci5: HCI_REQ-0x0c1a [ 78.707538] Bluetooth: hci4: HCI_REQ-0x0c1a [ 78.708075] Bluetooth: hci1: HCI_REQ-0x0c1a [ 78.709690] Bluetooth: hci0: HCI_REQ-0x0c1a [ 78.710774] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 78.712819] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 78.713536] Bluetooth: hci2: HCI_REQ-0x0c1a [ 78.714808] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 78.718950] Bluetooth: hci7: HCI_REQ-0x0c1a [ 78.719743] Bluetooth: hci3: HCI_REQ-0x0c1a [ 78.741023] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 78.742221] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 78.747291] Bluetooth: hci6: HCI_REQ-0x0c1a [ 80.750964] Bluetooth: hci4: command 0x0409 tx timeout [ 80.750965] Bluetooth: hci5: command 0x0409 tx timeout [ 80.751304] Bluetooth: hci7: command 0x0409 tx timeout [ 80.752873] Bluetooth: hci0: command 0x0409 tx timeout [ 80.753428] Bluetooth: hci1: command 0x0409 tx timeout [ 80.753837] Bluetooth: hci3: command 0x0409 tx timeout [ 80.754491] Bluetooth: hci2: command 0x0409 tx timeout [ 80.814614] Bluetooth: hci6: command 0x0409 tx timeout [ 82.798303] Bluetooth: hci2: command 0x041b tx timeout [ 82.801015] Bluetooth: hci3: command 0x041b tx timeout [ 82.803409] Bluetooth: hci1: command 0x041b tx timeout [ 82.804722] Bluetooth: hci0: command 0x041b tx timeout [ 82.806785] Bluetooth: hci7: command 0x041b tx timeout [ 82.807618] Bluetooth: hci5: command 0x041b tx timeout [ 82.810761] Bluetooth: hci4: command 0x041b tx timeout [ 82.862300] Bluetooth: hci6: command 0x041b tx timeout [ 84.846287] Bluetooth: hci4: command 0x040f tx timeout [ 84.847885] Bluetooth: hci5: command 0x040f tx timeout [ 84.848792] Bluetooth: hci7: command 0x040f tx timeout [ 84.850755] Bluetooth: hci0: command 0x040f tx timeout [ 84.851950] Bluetooth: hci1: command 0x040f tx timeout [ 84.853595] Bluetooth: hci3: command 0x040f tx timeout [ 84.854459] Bluetooth: hci2: command 0x040f tx timeout [ 84.911188] Bluetooth: hci6: command 0x040f tx timeout [ 86.895381] Bluetooth: hci2: command 0x0419 tx timeout [ 86.896497] Bluetooth: hci3: command 0x0419 tx timeout [ 86.898965] Bluetooth: hci1: command 0x0419 tx timeout [ 86.899863] Bluetooth: hci0: command 0x0419 tx timeout [ 86.901912] Bluetooth: hci7: command 0x0419 tx timeout [ 86.902879] Bluetooth: hci5: command 0x0419 tx timeout [ 86.905288] Bluetooth: hci4: command 0x0419 tx timeout [ 86.958191] Bluetooth: hci6: command 0x0419 tx timeout [ 135.036880] audit: type=1400 audit(1663001998.757:7): avc: denied { open } for pid=3806 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 135.041332] audit: type=1400 audit(1663001998.757:8): avc: denied { kernel } for pid=3806 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 16:59:58 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) process_madvise(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) [ 135.256057] ------------[ cut here ]------------ [ 135.256087] [ 135.256090] ====================================================== [ 135.256094] WARNING: possible circular locking dependency detected [ 135.256098] 6.0.0-rc5-next-20220912 #1 Not tainted [ 135.256104] ------------------------------------------------------ [ 135.256107] syz-executor.7/3820 is trying to acquire lock: [ 135.256116] ffffffff853fa878 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 135.256153] [ 135.256153] but task is already holding lock: [ 135.256156] ffff8880174efc20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 135.256183] [ 135.256183] which lock already depends on the new lock. [ 135.256183] [ 135.256186] [ 135.256186] the existing dependency chain (in reverse order) is: [ 135.256189] [ 135.256189] -> #3 (&ctx->lock){....}-{2:2}: [ 135.256203] _raw_spin_lock+0x2a/0x40 [ 135.256220] __perf_event_task_sched_out+0x53b/0x18d0 [ 135.256232] __schedule+0xedd/0x2470 [ 135.256242] preempt_schedule_common+0x45/0xc0 [ 135.256253] __cond_resched+0x17/0x30 [ 135.256262] __mutex_lock+0xa3/0x14d0 [ 135.256273] __do_sys_perf_event_open+0x1eec/0x32c0 [ 135.256286] do_syscall_64+0x3b/0x90 [ 135.256299] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 135.256316] [ 135.256316] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 135.256330] _raw_spin_lock_nested+0x30/0x40 [ 135.256345] raw_spin_rq_lock_nested+0x1e/0x30 [ 135.256358] task_fork_fair+0x63/0x4d0 [ 135.256375] sched_cgroup_fork+0x3d0/0x540 [ 135.256395] copy_process+0x3f9e/0x6df0 [ 135.256405] kernel_clone+0xe7/0x890 [ 135.256414] user_mode_thread+0xad/0xf0 [ 135.256424] rest_init+0x24/0x250 [ 135.256440] arch_call_rest_init+0xf/0x14 [ 135.256459] start_kernel+0x4c1/0x4e6 [ 135.256475] secondary_startup_64_no_verify+0xe0/0xeb [ 135.256489] [ 135.256489] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 135.256503] _raw_spin_lock_irqsave+0x39/0x60 [ 135.256517] try_to_wake_up+0xab/0x1920 [ 135.256530] up+0x75/0xb0 [ 135.256541] __up_console_sem+0x6e/0x80 [ 135.256557] console_unlock+0x46a/0x590 [ 135.256572] vprintk_emit+0x1bd/0x560 [ 135.256588] vprintk+0x84/0xa0 [ 135.256603] _printk+0xba/0xf1 [ 135.256620] kauditd_hold_skb.cold+0x3f/0x4e [ 135.256634] kauditd_send_queue+0x233/0x290 [ 135.256649] kauditd_thread+0x5da/0x9a0 [ 135.256662] kthread+0x2ed/0x3a0 [ 135.256676] ret_from_fork+0x22/0x30 [ 135.256688] [ 135.256688] -> #0 ((console_sem).lock){....}-{2:2}: [ 135.256702] __lock_acquire+0x2a02/0x5e70 [ 135.256718] lock_acquire+0x1a2/0x530 [ 135.256733] _raw_spin_lock_irqsave+0x39/0x60 [ 135.256747] down_trylock+0xe/0x70 [ 135.256759] __down_trylock_console_sem+0x3b/0xd0 [ 135.256775] vprintk_emit+0x16b/0x560 [ 135.256791] vprintk+0x84/0xa0 [ 135.256806] _printk+0xba/0xf1 [ 135.256822] report_bug.cold+0x72/0xab [ 135.256834] handle_bug+0x3c/0x70 [ 135.256846] exc_invalid_op+0x14/0x50 [ 135.256858] asm_exc_invalid_op+0x16/0x20 [ 135.256873] group_sched_out.part.0+0x2c7/0x460 [ 135.256884] ctx_sched_out+0x8f1/0xc10 [ 135.256893] __perf_event_task_sched_out+0x6d0/0x18d0 [ 135.256905] __schedule+0xedd/0x2470 [ 135.256915] schedule+0xda/0x1b0 [ 135.256924] exit_to_user_mode_prepare+0x114/0x1a0 [ 135.256943] syscall_exit_to_user_mode+0x19/0x40 [ 135.256959] do_syscall_64+0x48/0x90 [ 135.256972] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 135.256988] [ 135.256988] other info that might help us debug this: [ 135.256988] [ 135.256990] Chain exists of: [ 135.256990] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 135.256990] [ 135.257005] Possible unsafe locking scenario: [ 135.257005] [ 135.257007] CPU0 CPU1 [ 135.257010] ---- ---- [ 135.257012] lock(&ctx->lock); [ 135.257018] lock(&rq->__lock); [ 135.257024] lock(&ctx->lock); [ 135.257030] lock((console_sem).lock); [ 135.257036] [ 135.257036] *** DEADLOCK *** [ 135.257036] [ 135.257038] 2 locks held by syz-executor.7/3820: [ 135.257045] #0: ffff88806ce37cd8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 135.257070] #1: ffff8880174efc20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 135.257098] [ 135.257098] stack backtrace: [ 135.257100] CPU: 0 PID: 3820 Comm: syz-executor.7 Not tainted 6.0.0-rc5-next-20220912 #1 [ 135.257113] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 135.257121] Call Trace: [ 135.257125] [ 135.257129] dump_stack_lvl+0x8b/0xb3 [ 135.257143] check_noncircular+0x263/0x2e0 [ 135.257159] ? format_decode+0x26c/0xb50 [ 135.257174] ? print_circular_bug+0x450/0x450 [ 135.257191] ? enable_ptr_key_workfn+0x20/0x20 [ 135.257205] ? format_decode+0x26c/0xb50 [ 135.257220] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 135.257237] __lock_acquire+0x2a02/0x5e70 [ 135.257258] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 135.257280] lock_acquire+0x1a2/0x530 [ 135.257297] ? down_trylock+0xe/0x70 [ 135.257311] ? rcu_read_unlock+0x40/0x40 [ 135.257329] ? __lock_acquire+0x164d/0x5e70 [ 135.257347] ? vprintk+0x84/0xa0 [ 135.257365] _raw_spin_lock_irqsave+0x39/0x60 [ 135.257380] ? down_trylock+0xe/0x70 [ 135.257393] down_trylock+0xe/0x70 [ 135.257406] ? vprintk+0x84/0xa0 [ 135.257423] __down_trylock_console_sem+0x3b/0xd0 [ 135.257440] vprintk_emit+0x16b/0x560 [ 135.257458] vprintk+0x84/0xa0 [ 135.257475] _printk+0xba/0xf1 [ 135.257492] ? record_print_text.cold+0x16/0x16 [ 135.257513] ? report_bug.cold+0x66/0xab [ 135.257527] ? group_sched_out.part.0+0x2c7/0x460 [ 135.257538] report_bug.cold+0x72/0xab [ 135.257552] handle_bug+0x3c/0x70 [ 135.257565] exc_invalid_op+0x14/0x50 [ 135.257579] asm_exc_invalid_op+0x16/0x20 [ 135.257596] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 135.257609] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 135.257621] RSP: 0018:ffff888018857c48 EFLAGS: 00010006 [ 135.257630] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 135.257637] RDX: ffff88800db0b580 RSI: ffffffff81566027 RDI: 0000000000000005 [ 135.257645] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001 [ 135.257653] R10: 0000000000000000 R11: ffffffff865aa01b R12: ffff8880174efc00 [ 135.257661] R13: ffff88806ce3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 135.257671] ? group_sched_out.part.0+0x2c7/0x460 [ 135.257685] ? group_sched_out.part.0+0x2c7/0x460 [ 135.257697] ctx_sched_out+0x8f1/0xc10 [ 135.257710] __perf_event_task_sched_out+0x6d0/0x18d0 [ 135.257725] ? lock_is_held_type+0xd7/0x130 [ 135.257743] ? __perf_cgroup_move+0x160/0x160 [ 135.257754] ? set_next_entity+0x304/0x550 [ 135.257772] ? update_curr+0x267/0x740 [ 135.257790] ? lock_is_held_type+0xd7/0x130 [ 135.257807] __schedule+0xedd/0x2470 [ 135.257820] ? io_schedule_timeout+0x150/0x150 [ 135.257832] ? rcu_read_lock_sched_held+0x3e/0x80 [ 135.257852] schedule+0xda/0x1b0 [ 135.257863] exit_to_user_mode_prepare+0x114/0x1a0 [ 135.257883] syscall_exit_to_user_mode+0x19/0x40 [ 135.257900] do_syscall_64+0x48/0x90 [ 135.257914] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 135.257930] RIP: 0033:0x7fe894cbeb19 [ 135.257939] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 135.257950] RSP: 002b:00007fe892234218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 135.257961] RAX: 0000000000000001 RBX: 00007fe894dd1f68 RCX: 00007fe894cbeb19 [ 135.257968] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe894dd1f6c [ 135.257975] RBP: 00007fe894dd1f60 R08: 000000000000000e R09: 0000000000000000 [ 135.257983] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fe894dd1f6c [ 135.257990] R13: 00007ffd4cd8fe0f R14: 00007fe892234300 R15: 0000000000022000 [ 135.258003] [ 135.314223] WARNING: CPU: 0 PID: 3820 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 135.314824] Modules linked in: [ 135.315041] CPU: 0 PID: 3820 Comm: syz-executor.7 Not tainted 6.0.0-rc5-next-20220912 #1 [ 135.315563] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 135.316293] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 135.316657] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 135.317824] RSP: 0018:ffff888018857c48 EFLAGS: 00010006 [ 135.318173] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 135.318635] RDX: ffff88800db0b580 RSI: ffffffff81566027 RDI: 0000000000000005 [ 135.319157] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001 [ 135.319680] R10: 0000000000000000 R11: ffffffff865aa01b R12: ffff8880174efc00 [ 135.320194] R13: ffff88806ce3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 135.320728] FS: 00007fe892234700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 135.321330] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 135.321757] CR2: 00007fe894dd2018 CR3: 0000000009984000 CR4: 0000000000350ef0 [ 135.322285] Call Trace: [ 135.322480] [ 135.322655] ctx_sched_out+0x8f1/0xc10 [ 135.322951] __perf_event_task_sched_out+0x6d0/0x18d0 [ 135.323345] ? lock_is_held_type+0xd7/0x130 [ 135.323669] ? __perf_cgroup_move+0x160/0x160 [ 135.324021] ? set_next_entity+0x304/0x550 [ 135.324354] ? update_curr+0x267/0x740 [ 135.324675] ? lock_is_held_type+0xd7/0x130 [ 135.325007] __schedule+0xedd/0x2470 [ 135.325306] ? io_schedule_timeout+0x150/0x150 [ 135.325652] ? rcu_read_lock_sched_held+0x3e/0x80 [ 135.326033] schedule+0xda/0x1b0 [ 135.326301] exit_to_user_mode_prepare+0x114/0x1a0 [ 135.326673] syscall_exit_to_user_mode+0x19/0x40 [ 135.327043] do_syscall_64+0x48/0x90 [ 135.327333] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 135.327732] RIP: 0033:0x7fe894cbeb19 [ 135.328011] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 135.329371] RSP: 002b:00007fe892234218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 135.329919] RAX: 0000000000000001 RBX: 00007fe894dd1f68 RCX: 00007fe894cbeb19 [ 135.330459] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe894dd1f6c [ 135.330998] RBP: 00007fe894dd1f60 R08: 000000000000000e R09: 0000000000000000 [ 135.331531] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fe894dd1f6c [ 135.332063] R13: 00007ffd4cd8fe0f R14: 00007fe892234300 R15: 0000000000022000 [ 135.332605] [ 135.332786] irq event stamp: 250 [ 135.333039] hardirqs last enabled at (249): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 135.333750] hardirqs last disabled at (250): [] __schedule+0x1225/0x2470 [ 135.334372] softirqs last enabled at (0): [] copy_process+0x1dfe/0x6df0 [ 135.334995] softirqs last disabled at (0): [<0000000000000000>] 0x0 [ 135.335474] ---[ end trace 0000000000000000 ]--- 16:59:59 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) process_madvise(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 16:59:59 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) process_madvise(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 16:59:59 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) close(r0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) write(r1, &(0x7f0000000240)="01", 0x1) close(r1) 16:59:59 executing program 1: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000), 0x4) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000040)={r0, 0xb58a, 0x100000001, 0x2}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0) pwritev(r2, &(0x7f0000000140), 0x0, 0x0, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r2, 0x6611) openat(0xffffffffffffffff, 0x0, 0x400000, 0x8) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x181c00, 0x0) mmap$perf(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1000000, 0x810, 0xffffffffffffffff, 0x4) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r3, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)={0x18, 0x1d, 0x1, 0x0, 0x0, "", [@typed={0x7, 0x0, 0x0, 0x0, @binary="d8c931"}]}, 0x18}], 0x1}, 0x0) 16:59:59 executing program 7: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = eventfd(0x0) signalfd(r0, &(0x7f0000000040), 0x8) 16:59:59 executing program 1: io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000018c0)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000), 0x4) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000040)={r0, 0xb58a, 0x100000001, 0x2}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0) pwritev(r2, &(0x7f0000000140), 0x0, 0x0, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r2, 0x6611) openat(0xffffffffffffffff, 0x0, 0x400000, 0x8) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x181c00, 0x0) mmap$perf(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1000000, 0x810, 0xffffffffffffffff, 0x4) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r3, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)={0x18, 0x1d, 0x1, 0x0, 0x0, "", [@typed={0x7, 0x0, 0x0, 0x0, @binary="d8c931"}]}, 0x18}], 0x1}, 0x0) 16:59:59 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 136.490914] loop3: detected capacity change from 0 to 264192 [ 136.547331] loop6: detected capacity change from 0 to 40 [ 136.601477] syz-executor.6: attempt to access beyond end of device [ 136.601477] loop6: rw=2049, sector=40, nr_sectors = 4 limit=40 [ 136.602655] Buffer I/O error on dev loop6, logical block 10, lost async page write [ 139.698596] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 139.705791] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 139.707089] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 139.709954] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 139.711076] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 139.713003] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 139.715419] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 139.716801] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 139.718466] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 139.722791] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 139.723937] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 139.725879] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 139.729496] Bluetooth: hci1: HCI_REQ-0x0c1a [ 139.732299] Bluetooth: hci2: HCI_REQ-0x0c1a [ 141.743190] Bluetooth: hci1: command 0x0409 tx timeout [ 141.806738] Bluetooth: hci2: command 0x0409 tx timeout [ 143.790387] Bluetooth: hci1: command 0x041b tx timeout [ 143.854184] Bluetooth: hci2: command 0x041b tx timeout VM DIAGNOSIS: 16:59:59 Registers: info registers vcpu 0 RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822b1e41 RDI=ffffffff8763fae0 RBP=ffffffff8763faa0 RSP=ffff888018857698 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000030 R11=0000000000000001 R12=0000000000000030 R13=ffffffff8763faa0 R14=0000000000000010 R15=ffffffff822b1e30 RIP=ffffffff822b1e99 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fe892234700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fe894dd2018 CR3=0000000009984000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007fe894da57c0 00007fe894da57c8 YMM02=0000000000000000 0000000000000000 00007fe894da57e0 00007fe894da57c0 YMM03=0000000000000000 0000000000000000 00007fe894da57c8 00007fe894da57c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=1ffff11003389121 RBX=ffff88800de1b4b8 RCX=1ffff1100821e1c4 RDX=dffffc0000000000 RSI=ffff88800f012f30 RDI=ffff888019c48908 RBP=ffff88800f012ea0 RSP=ffff8880408878f8 R8 =0000000000000001 R9 =0000000000000246 R10=ffffed1008110f0d R11=0000000000000001 R12=ffff88800d7a4708 R13=0000000000000000 R14=ffff888019c488d8 R15=ffff88800d7a46c0 RIP=ffffffff817bd186 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fe984735540 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f2b1ef55310 CR3=0000000015dba000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 000000ff00000000 00000000000000ff YMM01=0000000000000000 0000000000000000 ffffff0000ff00ff ffffffffffffff00 YMM02=0000000000000000 0000000000000000 494c4700362e322e 325f4342494c4700 YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000004700 YMM04=0000000000000000 0000000000000000 4342494c4700362e 322e325f4342494c YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000