syzkaller login: [ 42.993949] sshd (251) used greatest stack depth: 24744 bytes left Warning: Permanently added '[localhost]:59875' (ECDSA) to the list of known hosts. 2022/09/19 14:35:49 fuzzer started 2022/09/19 14:35:49 dialing manager at localhost:42121 [ 45.885038] cgroup: Unknown subsys name 'net' [ 45.968326] cgroup: Unknown subsys name 'rlimit' 2022/09/19 14:36:02 syscalls: 2215 2022/09/19 14:36:02 code coverage: enabled 2022/09/19 14:36:02 comparison tracing: enabled 2022/09/19 14:36:02 extra coverage: enabled 2022/09/19 14:36:02 setuid sandbox: enabled 2022/09/19 14:36:02 namespace sandbox: enabled 2022/09/19 14:36:02 Android sandbox: enabled 2022/09/19 14:36:02 fault injection: enabled 2022/09/19 14:36:02 leak checking: enabled 2022/09/19 14:36:02 net packet injection: enabled 2022/09/19 14:36:02 net device setup: enabled 2022/09/19 14:36:02 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/19 14:36:02 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/19 14:36:02 USB emulation: enabled 2022/09/19 14:36:02 hci packet injection: enabled 2022/09/19 14:36:02 wifi device emulation: failed to parse kernel version (6.0.0-rc6-next-20220919) 2022/09/19 14:36:02 802.15.4 emulation: enabled 2022/09/19 14:36:02 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/19 14:36:03 fetching corpus: 44, signal 22695/26299 (executing program) 2022/09/19 14:36:03 fetching corpus: 94, signal 43396/48210 (executing program) 2022/09/19 14:36:03 fetching corpus: 142, signal 52339/58423 (executing program) 2022/09/19 14:36:03 fetching corpus: 192, signal 62268/69449 (executing program) 2022/09/19 14:36:03 fetching corpus: 242, signal 70489/78672 (executing program) 2022/09/19 14:36:03 fetching corpus: 290, signal 75621/84808 (executing program) 2022/09/19 14:36:04 fetching corpus: 340, signal 84557/94400 (executing program) 2022/09/19 14:36:04 fetching corpus: 390, signal 88779/99525 (executing program) 2022/09/19 14:36:04 fetching corpus: 440, signal 91835/103466 (executing program) 2022/09/19 14:36:04 fetching corpus: 490, signal 96098/108579 (executing program) 2022/09/19 14:36:04 fetching corpus: 539, signal 98804/112072 (executing program) 2022/09/19 14:36:04 fetching corpus: 589, signal 101976/115986 (executing program) 2022/09/19 14:36:04 fetching corpus: 639, signal 105419/120096 (executing program) 2022/09/19 14:36:05 fetching corpus: 689, signal 107858/123239 (executing program) 2022/09/19 14:36:05 fetching corpus: 739, signal 110332/126350 (executing program) 2022/09/19 14:36:05 fetching corpus: 789, signal 112926/129589 (executing program) 2022/09/19 14:36:05 fetching corpus: 839, signal 114179/131605 (executing program) 2022/09/19 14:36:05 fetching corpus: 888, signal 115907/134004 (executing program) 2022/09/19 14:36:05 fetching corpus: 938, signal 118865/137365 (executing program) 2022/09/19 14:36:05 fetching corpus: 988, signal 123433/142039 (executing program) 2022/09/19 14:36:05 fetching corpus: 1038, signal 125543/144650 (executing program) 2022/09/19 14:36:06 fetching corpus: 1087, signal 127044/146689 (executing program) 2022/09/19 14:36:06 fetching corpus: 1137, signal 128575/148752 (executing program) 2022/09/19 14:36:06 fetching corpus: 1185, signal 130893/151387 (executing program) 2022/09/19 14:36:06 fetching corpus: 1232, signal 134012/154608 (executing program) 2022/09/19 14:36:06 fetching corpus: 1282, signal 135703/156713 (executing program) 2022/09/19 14:36:06 fetching corpus: 1328, signal 137015/158508 (executing program) 2022/09/19 14:36:06 fetching corpus: 1378, signal 138261/160207 (executing program) 2022/09/19 14:36:06 fetching corpus: 1428, signal 139988/162218 (executing program) 2022/09/19 14:36:07 fetching corpus: 1478, signal 141747/164240 (executing program) 2022/09/19 14:36:07 fetching corpus: 1528, signal 142907/165788 (executing program) 2022/09/19 14:36:07 fetching corpus: 1577, signal 143985/167249 (executing program) 2022/09/19 14:36:07 fetching corpus: 1627, signal 145484/169010 (executing program) 2022/09/19 14:36:07 fetching corpus: 1677, signal 147933/171398 (executing program) 2022/09/19 14:36:07 fetching corpus: 1727, signal 149443/173051 (executing program) 2022/09/19 14:36:07 fetching corpus: 1777, signal 151094/174757 (executing program) 2022/09/19 14:36:08 fetching corpus: 1827, signal 153319/176880 (executing program) 2022/09/19 14:36:08 fetching corpus: 1874, signal 154462/178208 (executing program) 2022/09/19 14:36:08 fetching corpus: 1923, signal 155652/179562 (executing program) 2022/09/19 14:36:08 fetching corpus: 1972, signal 156467/180721 (executing program) 2022/09/19 14:36:08 fetching corpus: 2021, signal 157335/181846 (executing program) 2022/09/19 14:36:08 fetching corpus: 2071, signal 158821/183339 (executing program) 2022/09/19 14:36:08 fetching corpus: 2119, signal 159736/184482 (executing program) 2022/09/19 14:36:08 fetching corpus: 2169, signal 161654/186193 (executing program) 2022/09/19 14:36:08 fetching corpus: 2219, signal 162871/187414 (executing program) 2022/09/19 14:36:09 fetching corpus: 2269, signal 164436/188878 (executing program) 2022/09/19 14:36:09 fetching corpus: 2318, signal 164997/189719 (executing program) 2022/09/19 14:36:09 fetching corpus: 2367, signal 166350/190996 (executing program) 2022/09/19 14:36:09 fetching corpus: 2416, signal 167743/192277 (executing program) 2022/09/19 14:36:09 fetching corpus: 2466, signal 168638/193223 (executing program) 2022/09/19 14:36:09 fetching corpus: 2515, signal 169143/193968 (executing program) 2022/09/19 14:36:09 fetching corpus: 2564, signal 170824/195354 (executing program) 2022/09/19 14:36:10 fetching corpus: 2609, signal 171939/196386 (executing program) 2022/09/19 14:36:10 fetching corpus: 2659, signal 174111/197982 (executing program) 2022/09/19 14:36:10 fetching corpus: 2708, signal 174787/198784 (executing program) 2022/09/19 14:36:10 fetching corpus: 2757, signal 176472/199999 (executing program) 2022/09/19 14:36:10 fetching corpus: 2806, signal 177350/200861 (executing program) 2022/09/19 14:36:10 fetching corpus: 2854, signal 178593/201875 (executing program) 2022/09/19 14:36:10 fetching corpus: 2903, signal 179151/202465 (executing program) 2022/09/19 14:36:10 fetching corpus: 2953, signal 179879/203185 (executing program) 2022/09/19 14:36:11 fetching corpus: 3001, signal 180675/204061 (executing program) 2022/09/19 14:36:11 fetching corpus: 3049, signal 181481/204824 (executing program) 2022/09/19 14:36:11 fetching corpus: 3098, signal 182279/205477 (executing program) 2022/09/19 14:36:11 fetching corpus: 3148, signal 182686/205994 (executing program) 2022/09/19 14:36:11 fetching corpus: 3198, signal 183630/206738 (executing program) 2022/09/19 14:36:11 fetching corpus: 3247, signal 184467/207406 (executing program) 2022/09/19 14:36:11 fetching corpus: 3296, signal 185416/208154 (executing program) 2022/09/19 14:36:11 fetching corpus: 3346, signal 186261/208833 (executing program) 2022/09/19 14:36:11 fetching corpus: 3393, signal 187155/209499 (executing program) 2022/09/19 14:36:12 fetching corpus: 3441, signal 187943/210107 (executing program) 2022/09/19 14:36:12 fetching corpus: 3491, signal 188343/210529 (executing program) 2022/09/19 14:36:12 fetching corpus: 3541, signal 189478/211192 (executing program) 2022/09/19 14:36:12 fetching corpus: 3591, signal 190080/211671 (executing program) 2022/09/19 14:36:12 fetching corpus: 3640, signal 190889/212231 (executing program) 2022/09/19 14:36:12 fetching corpus: 3690, signal 191507/212776 (executing program) 2022/09/19 14:36:12 fetching corpus: 3740, signal 192183/213266 (executing program) 2022/09/19 14:36:12 fetching corpus: 3790, signal 193045/213807 (executing program) 2022/09/19 14:36:12 fetching corpus: 3839, signal 193792/214255 (executing program) 2022/09/19 14:36:13 fetching corpus: 3889, signal 194465/214688 (executing program) 2022/09/19 14:36:13 fetching corpus: 3939, signal 194863/215060 (executing program) 2022/09/19 14:36:13 fetching corpus: 3984, signal 195755/215539 (executing program) 2022/09/19 14:36:13 fetching corpus: 4033, signal 196610/216025 (executing program) 2022/09/19 14:36:13 fetching corpus: 4083, signal 197160/216398 (executing program) 2022/09/19 14:36:13 fetching corpus: 4132, signal 197840/216831 (executing program) 2022/09/19 14:36:13 fetching corpus: 4182, signal 198731/217225 (executing program) 2022/09/19 14:36:13 fetching corpus: 4231, signal 199692/217640 (executing program) 2022/09/19 14:36:14 fetching corpus: 4281, signal 200540/218005 (executing program) 2022/09/19 14:36:14 fetching corpus: 4331, signal 201406/218384 (executing program) 2022/09/19 14:36:14 fetching corpus: 4381, signal 202162/218721 (executing program) 2022/09/19 14:36:14 fetching corpus: 4431, signal 202932/219047 (executing program) 2022/09/19 14:36:14 fetching corpus: 4481, signal 203577/219376 (executing program) 2022/09/19 14:36:14 fetching corpus: 4531, signal 204251/219655 (executing program) 2022/09/19 14:36:14 fetching corpus: 4581, signal 204768/219890 (executing program) 2022/09/19 14:36:14 fetching corpus: 4631, signal 205824/220256 (executing program) 2022/09/19 14:36:15 fetching corpus: 4680, signal 206721/220502 (executing program) 2022/09/19 14:36:15 fetching corpus: 4729, signal 207166/220743 (executing program) 2022/09/19 14:36:15 fetching corpus: 4779, signal 207642/220939 (executing program) 2022/09/19 14:36:15 fetching corpus: 4828, signal 208223/221106 (executing program) 2022/09/19 14:36:15 fetching corpus: 4877, signal 208515/221265 (executing program) 2022/09/19 14:36:15 fetching corpus: 4926, signal 209320/221488 (executing program) 2022/09/19 14:36:15 fetching corpus: 4976, signal 210037/221681 (executing program) 2022/09/19 14:36:15 fetching corpus: 5025, signal 210614/221828 (executing program) 2022/09/19 14:36:15 fetching corpus: 5075, signal 211768/222012 (executing program) 2022/09/19 14:36:16 fetching corpus: 5124, signal 212433/222143 (executing program) 2022/09/19 14:36:16 fetching corpus: 5173, signal 213395/222289 (executing program) 2022/09/19 14:36:16 fetching corpus: 5223, signal 214106/222378 (executing program) 2022/09/19 14:36:16 fetching corpus: 5272, signal 215115/222460 (executing program) 2022/09/19 14:36:16 fetching corpus: 5322, signal 215565/222542 (executing program) 2022/09/19 14:36:16 fetching corpus: 5372, signal 216149/222602 (executing program) 2022/09/19 14:36:16 fetching corpus: 5395, signal 216422/222603 (executing program) 2022/09/19 14:36:16 fetching corpus: 5395, signal 216422/222603 (executing program) 2022/09/19 14:36:19 starting 8 fuzzer processes 14:36:19 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, &(0x7f0000000040)) ioctl$sock_inet_udp_SIOCINQ(r0, 0x541b, &(0x7f0000000180)) 14:36:19 executing program 1: get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000ffb000/0x4000)=nil, 0x8) 14:36:19 executing program 2: openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = perf_event_open(&(0x7f00000038c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x0) r1 = perf_event_open(&(0x7f00000038c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r1, 0x2401, 0x0) fork() 14:36:19 executing program 3: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000180)={{0x1, 0x0, 0x0, 0x94941533d2fde23f}}) [ 75.706903] audit: type=1400 audit(1663598179.422:6): avc: denied { execmem } for pid=286 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 14:36:19 executing program 4: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) 14:36:19 executing program 5: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x200000, 0xd, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f736616e0ca00088020000400000004f80000200040000300000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60}, {&(0x7f0000010100)='RRaA\x00'/32, 0x20, 0x800}, {&(0x7f0000010200)="00000000727241610100000007000000000000000000000000000000000055aa", 0x20, 0x9e0}, {&(0x7f0000010300)="601c6d6b646f736616e0ca00088020000400000004f80000200040000300000000000000010000000000000002000000010006000000000000000000000000008000"/96, 0x60, 0x3000}, {&(0x7f0000010400)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0f", 0x20, 0x10000}, {&(0x7f0000010500)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0f", 0x20, 0x10800}, {&(0x7f0000010600)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0f", 0x20, 0x11000}, {&(0x7f0000010700)="f8ffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0fffffff0f", 0x20, 0x11800}, {&(0x7f0000010800)="53595a4b414c4c45522020080000ec80325132510000ec80325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020100061ec70325132510000ec70325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c4531202020202020200061ec70325132510000ec70325105000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c4532202020202020200062ec70325132510000ec70325106002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c200062ec70325132510000ec703251070064000000", 0x120, 0x12000}, {&(0x7f0000010a00)="2e20202020202020202020100061ec70325132510000ec7032510300000000002e2e202020202020202020100061ec70325132510000ec70325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c4530202020202020200061ec70325132510000ec70325104001a040000", 0x80, 0x52000}, {&(0x7f0000010b00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x92000}, {&(0x7f0000011000)='syzkallers\x00'/32, 0x20, 0xd2000}, {&(0x7f0000011100)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x152000}], 0x0, &(0x7f0000011200)) 14:36:19 executing program 6: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r0, &(0x7f00000005c0)={&(0x7f0000000040)=@abs, 0x6e, &(0x7f0000000440)=[{0x0}, {0x0}], 0x2}, 0x0) 14:36:19 executing program 7: r0 = socket$inet6(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x6, 0x10, &(0x7f0000000000), 0xc) [ 76.971980] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.973870] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.975274] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.979416] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.981358] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 76.982698] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.987575] Bluetooth: hci0: HCI_REQ-0x0c1a [ 77.062863] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 77.064744] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 77.067042] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 77.067611] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 77.068841] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 77.074696] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 77.075729] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 77.077190] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 77.081822] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 77.082981] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 77.083950] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 77.085200] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 77.086680] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 77.087725] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 77.095011] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 77.097716] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 77.098847] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 77.099177] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 77.099864] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 77.100790] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 77.105564] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 77.112030] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 77.117604] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 77.119049] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 77.121135] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 77.131927] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 77.133503] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 77.138029] Bluetooth: hci1: HCI_REQ-0x0c1a [ 77.143735] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 77.148357] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 77.152580] Bluetooth: hci3: HCI_REQ-0x0c1a [ 77.157850] Bluetooth: hci6: HCI_REQ-0x0c1a [ 77.159879] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 77.164920] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 77.166370] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 77.177420] Bluetooth: hci7: HCI_REQ-0x0c1a [ 77.195631] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 77.199203] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 77.201018] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 77.206511] Bluetooth: hci2: HCI_REQ-0x0c1a [ 77.206660] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 77.211009] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 77.213380] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 77.214478] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 77.216410] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 77.220810] Bluetooth: hci5: HCI_REQ-0x0c1a [ 77.239439] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 77.240969] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 77.246332] Bluetooth: hci4: HCI_REQ-0x0c1a [ 78.998761] Bluetooth: hci0: command 0x0409 tx timeout [ 79.190445] Bluetooth: hci7: command 0x0409 tx timeout [ 79.190962] Bluetooth: hci6: command 0x0409 tx timeout [ 79.191421] Bluetooth: hci3: command 0x0409 tx timeout [ 79.191839] Bluetooth: hci1: command 0x0409 tx timeout [ 79.255291] Bluetooth: hci4: command 0x0409 tx timeout [ 79.265250] Bluetooth: hci5: command 0x0409 tx timeout [ 79.269587] Bluetooth: hci2: command 0x0409 tx timeout [ 81.046529] Bluetooth: hci0: command 0x041b tx timeout [ 81.238415] Bluetooth: hci1: command 0x041b tx timeout [ 81.238915] Bluetooth: hci3: command 0x041b tx timeout [ 81.239401] Bluetooth: hci6: command 0x041b tx timeout [ 81.239844] Bluetooth: hci7: command 0x041b tx timeout [ 81.302441] Bluetooth: hci2: command 0x041b tx timeout [ 81.302947] Bluetooth: hci5: command 0x041b tx timeout [ 81.303430] Bluetooth: hci4: command 0x041b tx timeout [ 83.094292] Bluetooth: hci0: command 0x040f tx timeout [ 83.286411] Bluetooth: hci7: command 0x040f tx timeout [ 83.287177] Bluetooth: hci6: command 0x040f tx timeout [ 83.288965] Bluetooth: hci3: command 0x040f tx timeout [ 83.289582] Bluetooth: hci1: command 0x040f tx timeout [ 83.350356] Bluetooth: hci4: command 0x040f tx timeout [ 83.352348] Bluetooth: hci5: command 0x040f tx timeout [ 83.352928] Bluetooth: hci2: command 0x040f tx timeout [ 85.142385] Bluetooth: hci0: command 0x0419 tx timeout [ 85.334314] Bluetooth: hci1: command 0x0419 tx timeout [ 85.334796] Bluetooth: hci3: command 0x0419 tx timeout [ 85.335222] Bluetooth: hci6: command 0x0419 tx timeout [ 85.335959] Bluetooth: hci7: command 0x0419 tx timeout [ 85.398287] Bluetooth: hci2: command 0x0419 tx timeout [ 85.398740] Bluetooth: hci5: command 0x0419 tx timeout [ 85.399153] Bluetooth: hci4: command 0x0419 tx timeout 14:37:19 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x0, 0x3, 0x1, 0xff, 0x0, 0xf651, 0x840, 0xf, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x5, 0x2, @perf_bp={&(0x7f0000000000), 0xe}, 0x104, 0x1, 0x800, 0x4, 0x0, 0x7, 0x3, 0x0, 0x9}, 0x0, 0x8, 0xffffffffffffffff, 0x2) sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x80, 0x0, 0x0, 0xffffffffffffffff}}}, 0xb8}}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000001d0001"], 0x1c}}, 0x0) [ 135.376159] audit: type=1400 audit(1663598239.090:7): avc: denied { open } for pid=3821 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 135.377566] audit: type=1400 audit(1663598239.091:8): avc: denied { kernel } for pid=3821 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 135.391431] ------------[ cut here ]------------ [ 135.391451] [ 135.391455] ====================================================== [ 135.391458] WARNING: possible circular locking dependency detected [ 135.391462] 6.0.0-rc6-next-20220919 #1 Not tainted [ 135.391469] ------------------------------------------------------ [ 135.391472] syz-executor.1/3823 is trying to acquire lock: [ 135.391478] ffffffff853fa838 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 135.391513] [ 135.391513] but task is already holding lock: [ 135.391516] ffff88803ea6e020 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 135.391543] [ 135.391543] which lock already depends on the new lock. [ 135.391543] [ 135.391546] [ 135.391546] the existing dependency chain (in reverse order) is: [ 135.391549] [ 135.391549] -> #3 (&ctx->lock){....}-{2:2}: [ 135.391562] _raw_spin_lock+0x2a/0x40 [ 135.391579] __perf_event_task_sched_out+0x53b/0x18d0 [ 135.391591] __schedule+0xedd/0x2470 [ 135.391601] preempt_schedule_common+0x45/0xc0 [ 135.391613] __cond_resched+0x17/0x30 [ 135.391623] __mutex_lock+0xa3/0x14d0 [ 135.391634] __do_sys_perf_event_open+0x1eec/0x32c0 [ 135.391646] do_syscall_64+0x3b/0x90 [ 135.391659] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 135.391676] [ 135.391676] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 135.391690] _raw_spin_lock_nested+0x30/0x40 [ 135.391704] raw_spin_rq_lock_nested+0x1e/0x30 [ 135.391717] task_fork_fair+0x63/0x4d0 [ 135.391732] sched_cgroup_fork+0x3d0/0x540 [ 135.391746] copy_process+0x4183/0x6e20 [ 135.391756] kernel_clone+0xe7/0x890 [ 135.391765] user_mode_thread+0xad/0xf0 [ 135.391775] rest_init+0x24/0x250 [ 135.391791] arch_call_rest_init+0xf/0x14 [ 135.391803] start_kernel+0x4c1/0x4e6 [ 135.391815] secondary_startup_64_no_verify+0xe0/0xeb [ 135.391834] [ 135.391834] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 135.391850] _raw_spin_lock_irqsave+0x39/0x60 [ 135.391865] try_to_wake_up+0xab/0x1920 [ 135.391877] up+0x75/0xb0 [ 135.391888] __up_console_sem+0x6e/0x80 [ 135.391903] console_unlock+0x46a/0x590 [ 135.391918] do_con_write+0xc05/0x1d50 [ 135.391929] con_write+0x21/0x40 [ 135.391939] n_tty_write+0x4d4/0xfe0 [ 135.391951] file_tty_write.constprop.0+0x49c/0x8f0 [ 135.391963] vfs_write+0x9c3/0xd90 [ 135.391980] ksys_write+0x127/0x250 [ 135.391996] do_syscall_64+0x3b/0x90 [ 135.392009] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 135.392026] [ 135.392026] -> #0 ((console_sem).lock){....}-{2:2}: [ 135.392042] __lock_acquire+0x2a02/0x5e70 [ 135.392057] lock_acquire+0x1a2/0x530 [ 135.392073] _raw_spin_lock_irqsave+0x39/0x60 [ 135.392087] down_trylock+0xe/0x70 [ 135.392099] __down_trylock_console_sem+0x3b/0xd0 [ 135.392115] vprintk_emit+0x16b/0x560 [ 135.392130] vprintk+0x84/0xa0 [ 135.392146] _printk+0xba/0xf1 [ 135.392162] report_bug.cold+0x72/0xab [ 135.392175] handle_bug+0x3c/0x70 [ 135.392187] exc_invalid_op+0x14/0x50 [ 135.392200] asm_exc_invalid_op+0x16/0x20 [ 135.392216] group_sched_out.part.0+0x2c7/0x460 [ 135.392226] ctx_sched_out+0x8f1/0xc10 [ 135.392235] __perf_event_task_sched_out+0x6d0/0x18d0 [ 135.392247] __schedule+0xedd/0x2470 [ 135.392257] preempt_schedule_common+0x45/0xc0 [ 135.392268] __cond_resched+0x17/0x30 [ 135.392278] __mutex_lock+0xa3/0x14d0 [ 135.392289] __do_sys_perf_event_open+0x1eec/0x32c0 [ 135.392301] do_syscall_64+0x3b/0x90 [ 135.392314] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 135.392331] [ 135.392331] other info that might help us debug this: [ 135.392331] [ 135.392333] Chain exists of: [ 135.392333] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 135.392333] [ 135.392348] Possible unsafe locking scenario: [ 135.392348] [ 135.392350] CPU0 CPU1 [ 135.392352] ---- ---- [ 135.392354] lock(&ctx->lock); [ 135.392359] lock(&rq->__lock); [ 135.392366] lock(&ctx->lock); [ 135.392372] lock((console_sem).lock); [ 135.392377] [ 135.392377] *** DEADLOCK *** [ 135.392377] [ 135.392379] 2 locks held by syz-executor.1/3823: [ 135.392386] #0: ffff88806ce37d18 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 135.392411] #1: ffff88803ea6e020 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 135.392438] [ 135.392438] stack backtrace: [ 135.392441] CPU: 0 PID: 3823 Comm: syz-executor.1 Not tainted 6.0.0-rc6-next-20220919 #1 [ 135.392453] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 135.392461] Call Trace: [ 135.392465] [ 135.392469] dump_stack_lvl+0x8b/0xb3 [ 135.392484] check_noncircular+0x263/0x2e0 [ 135.392500] ? format_decode+0x26c/0xb50 [ 135.392515] ? print_circular_bug+0x450/0x450 [ 135.392531] ? enable_ptr_key_workfn+0x20/0x20 [ 135.392546] ? lock_release+0x547/0x750 [ 135.392562] ? format_decode+0x26c/0xb50 [ 135.392577] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 135.392594] __lock_acquire+0x2a02/0x5e70 [ 135.392615] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 135.392637] lock_acquire+0x1a2/0x530 [ 135.392653] ? down_trylock+0xe/0x70 [ 135.392668] ? lock_release+0x750/0x750 [ 135.392688] ? vprintk+0x84/0xa0 [ 135.392705] _raw_spin_lock_irqsave+0x39/0x60 [ 135.392720] ? down_trylock+0xe/0x70 [ 135.392734] down_trylock+0xe/0x70 [ 135.392747] ? vprintk+0x84/0xa0 [ 135.392763] __down_trylock_console_sem+0x3b/0xd0 [ 135.392780] vprintk_emit+0x16b/0x560 [ 135.392798] vprintk+0x84/0xa0 [ 135.392819] _printk+0xba/0xf1 [ 135.392843] ? record_print_text.cold+0x16/0x16 [ 135.392865] ? report_bug.cold+0x66/0xab [ 135.392879] ? group_sched_out.part.0+0x2c7/0x460 [ 135.392890] report_bug.cold+0x72/0xab [ 135.392905] handle_bug+0x3c/0x70 [ 135.392919] exc_invalid_op+0x14/0x50 [ 135.392933] asm_exc_invalid_op+0x16/0x20 [ 135.392950] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 135.392963] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d 5b 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 135.392974] RSP: 0018:ffff8880189ff978 EFLAGS: 00010006 [ 135.392984] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 135.392991] RDX: ffff888019d1b580 RSI: ffffffff81566077 RDI: 0000000000000005 [ 135.392999] RBP: ffff8880086605c8 R08: 0000000000000005 R09: 0000000000000001 [ 135.393007] R10: 0000000000000000 R11: ffffffff865ac01b R12: ffff88803ea6e000 [ 135.393014] R13: ffff88806ce3d140 R14: ffffffff8547c620 R15: 0000000000000002 [ 135.393025] ? group_sched_out.part.0+0x2c7/0x460 [ 135.393038] ? group_sched_out.part.0+0x2c7/0x460 [ 135.393051] ctx_sched_out+0x8f1/0xc10 [ 135.393063] __perf_event_task_sched_out+0x6d0/0x18d0 [ 135.393078] ? lock_is_held_type+0xd7/0x130 [ 135.393096] ? __perf_cgroup_move+0x160/0x160 [ 135.393108] ? set_next_entity+0x304/0x550 [ 135.393125] ? update_curr+0x267/0x740 [ 135.393143] ? lock_is_held_type+0xd7/0x130 [ 135.393161] __schedule+0xedd/0x2470 [ 135.393174] ? io_schedule_timeout+0x150/0x150 [ 135.393186] ? find_held_lock+0x2c/0x110 [ 135.393201] ? lock_is_held_type+0xd7/0x130 [ 135.393219] ? __cond_resched+0x17/0x30 [ 135.393230] preempt_schedule_common+0x45/0xc0 [ 135.393243] __cond_resched+0x17/0x30 [ 135.393254] __mutex_lock+0xa3/0x14d0 [ 135.393267] ? lock_is_held_type+0xd7/0x130 [ 135.393284] ? __do_sys_perf_event_open+0x1eec/0x32c0 [ 135.393298] ? mutex_lock_io_nested+0x1310/0x1310 [ 135.393311] ? lock_release+0x3b2/0x750 [ 135.393328] ? __up_read+0x192/0x730 [ 135.393342] ? up_write+0x480/0x480 [ 135.393356] ? _raw_spin_unlock_irqrestore+0x28/0x60 [ 135.393374] __do_sys_perf_event_open+0x1eec/0x32c0 [ 135.393390] ? __up_read+0x192/0x730 [ 135.393404] ? perf_compat_ioctl+0x130/0x130 [ 135.393417] ? up_write+0x480/0x480 [ 135.393434] ? syscall_enter_from_user_mode+0x1d/0x50 [ 135.393452] ? syscall_enter_from_user_mode+0x1d/0x50 [ 135.393472] do_syscall_64+0x3b/0x90 [ 135.393486] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 135.393503] RIP: 0033:0x7faa78da8b19 [ 135.393512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 135.393523] RSP: 002b:00007faa7631e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 135.393534] RAX: ffffffffffffffda RBX: 00007faa78ebbf60 RCX: 00007faa78da8b19 [ 135.393542] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080 [ 135.393549] RBP: 00007faa78e02f6d R08: 0000000000000000 R09: 0000000000000000 [ 135.393556] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 135.393564] R13: 00007ffc2e80bedf R14: 00007faa7631e300 R15: 0000000000022000 [ 135.393577] [ 135.454534] WARNING: CPU: 0 PID: 3823 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 135.455221] Modules linked in: [ 135.455465] CPU: 0 PID: 3823 Comm: syz-executor.1 Not tainted 6.0.0-rc6-next-20220919 #1 [ 135.456073] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 135.456918] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 135.457322] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d 5b 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 135.458686] RSP: 0018:ffff8880189ff978 EFLAGS: 00010006 [ 135.459091] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 135.459624] RDX: ffff888019d1b580 RSI: ffffffff81566077 RDI: 0000000000000005 [ 135.460176] RBP: ffff8880086605c8 R08: 0000000000000005 R09: 0000000000000001 [ 135.460712] R10: 0000000000000000 R11: ffffffff865ac01b R12: ffff88803ea6e000 [ 135.461264] R13: ffff88806ce3d140 R14: ffffffff8547c620 R15: 0000000000000002 [ 135.461808] FS: 00007faa7631e700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 135.462414] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 135.462854] CR2: 00007fd4c683a028 CR3: 000000001032a000 CR4: 0000000000350ef0 [ 135.463380] Call Trace: [ 135.463573] [ 135.463748] ctx_sched_out+0x8f1/0xc10 [ 135.464057] __perf_event_task_sched_out+0x6d0/0x18d0 [ 135.464452] ? lock_is_held_type+0xd7/0x130 [ 135.464781] ? __perf_cgroup_move+0x160/0x160 [ 135.465126] ? set_next_entity+0x304/0x550 [ 135.465443] ? update_curr+0x267/0x740 [ 135.465737] ? lock_is_held_type+0xd7/0x130 [ 135.466082] __schedule+0xedd/0x2470 [ 135.466373] ? io_schedule_timeout+0x150/0x150 [ 135.466717] ? find_held_lock+0x2c/0x110 [ 135.467034] ? lock_is_held_type+0xd7/0x130 [ 135.467368] ? __cond_resched+0x17/0x30 [ 135.467661] preempt_schedule_common+0x45/0xc0 [ 135.468027] __cond_resched+0x17/0x30 [ 135.468314] __mutex_lock+0xa3/0x14d0 [ 135.468605] ? lock_is_held_type+0xd7/0x130 [ 135.468937] ? __do_sys_perf_event_open+0x1eec/0x32c0 [ 135.469330] ? mutex_lock_io_nested+0x1310/0x1310 [ 135.469697] ? lock_release+0x3b2/0x750 [ 135.470018] ? __up_read+0x192/0x730 [ 135.470304] ? up_write+0x480/0x480 [ 135.470583] ? _raw_spin_unlock_irqrestore+0x28/0x60 [ 135.470973] __do_sys_perf_event_open+0x1eec/0x32c0 [ 135.471346] ? __up_read+0x192/0x730 [ 135.471628] ? perf_compat_ioctl+0x130/0x130 [ 135.471977] ? up_write+0x480/0x480 [ 135.472258] ? syscall_enter_from_user_mode+0x1d/0x50 [ 135.472643] ? syscall_enter_from_user_mode+0x1d/0x50 [ 135.473039] do_syscall_64+0x3b/0x90 [ 135.473324] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 135.473717] RIP: 0033:0x7faa78da8b19 [ 135.474023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 135.475368] RSP: 002b:00007faa7631e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 135.475955] RAX: ffffffffffffffda RBX: 00007faa78ebbf60 RCX: 00007faa78da8b19 [ 135.476474] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080 [ 135.477053] RBP: 00007faa78e02f6d R08: 0000000000000000 R09: 0000000000000000 [ 135.477578] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 135.478121] R13: 00007ffc2e80bedf R14: 00007faa7631e300 R15: 0000000000022000 [ 135.478647] [ 135.478825] irq event stamp: 744 [ 135.479074] hardirqs last enabled at (743): [] _raw_spin_unlock_irqrestore+0x28/0x60 [ 135.479751] hardirqs last disabled at (744): [] __schedule+0x1225/0x2470 [ 135.480365] softirqs last enabled at (740): [] __irq_exit_rcu+0x11b/0x180 [ 135.481013] softirqs last disabled at (735): [] __irq_exit_rcu+0x11b/0x180 [ 135.481805] ---[ end trace 0000000000000000 ]--- [ 135.485034] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. 14:37:19 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x49, &(0x7f0000000000)={0x77359400}, 0x10) [ 135.747363] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 140.374404] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 140.374438] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 140.375494] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 140.377432] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 142.619709] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 142.621105] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 142.622707] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 142.624787] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 142.626481] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 142.627689] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 142.633678] Bluetooth: hci1: HCI_REQ-0x0c1a [ 144.662419] Bluetooth: hci1: command 0x0409 tx timeout [ 144.726260] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 144.726354] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 144.728175] Bluetooth: hci5: Opcode 0x c03 failed: -110 VM DIAGNOSIS: 14:37:19 Registers: info registers vcpu 0 RAX=0000000000000031 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822b2e71 RDI=ffffffff87641ba0 RBP=ffffffff87641b60 RSP=ffff8880189ff3c8 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000031 R11=0000000000000001 R12=0000000000000031 R13=ffffffff87641b60 R14=0000000000000010 R15=ffffffff822b2e60 RIP=ffffffff822b2ec9 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007faa7631e700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fd4c683a028 CR3=000000001032a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM04=0000000000000000 0000000000000000 0000000000000000 00000000000000ff YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=1ffffffff0bbf37c RBX=ffffffff85df9be0 RCX=ffffffff8423faca RDX=0000000000000000 RSI=ffffffff8623c90a RDI=ffffffff85df9bbc RBP=ffffffff85df9be0 RSP=ffff88802cc37558 R8 =ffffffff8623c90a R9 =ffffffff85ecafc2 R10=ffffed1005986ed1 R11=000000000003603d R12=ffffffff85df9be4 R13=ffffffff85df9bbc R14=ffffffff85df9bdc R15=dffffc0000000000 RIP=ffffffff8111ac7f RFL=00000212 [----A--] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f033bbfe1f0 CR3=00000000176ca000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 756e696c2d34365f 3638782f62696c2f YMM01=0000000000000000 0000000000000000 6461657268747062 696c2f756e672d78 YMM02=0000000000000000 0000000000000000 00302e6f732e6461 657268747062696c YMM03=0000000000000000 0000000000000000 2f756e672d78756e 696c2d34365f3638 YMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000