Warning: Permanently added '[localhost]:8380' (ECDSA) to the list of known hosts. 2022/09/12 17:03:26 fuzzer started 2022/09/12 17:03:27 dialing manager at localhost:38027 syzkaller login: [ 49.404151] cgroup: Unknown subsys name 'net' [ 49.510628] cgroup: Unknown subsys name 'rlimit' 2022/09/12 17:03:43 syscalls: 2215 2022/09/12 17:03:43 code coverage: enabled 2022/09/12 17:03:43 comparison tracing: enabled 2022/09/12 17:03:43 extra coverage: enabled 2022/09/12 17:03:43 setuid sandbox: enabled 2022/09/12 17:03:43 namespace sandbox: enabled 2022/09/12 17:03:43 Android sandbox: enabled 2022/09/12 17:03:43 fault injection: enabled 2022/09/12 17:03:43 leak checking: enabled 2022/09/12 17:03:43 net packet injection: enabled 2022/09/12 17:03:43 net device setup: enabled 2022/09/12 17:03:43 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/12 17:03:43 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/12 17:03:43 USB emulation: enabled 2022/09/12 17:03:43 hci packet injection: enabled 2022/09/12 17:03:43 wifi device emulation: failed to parse kernel version (6.0.0-rc5-next-20220912) 2022/09/12 17:03:43 802.15.4 emulation: enabled 2022/09/12 17:03:43 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/12 17:03:43 fetching corpus: 36, signal 23863/27462 (executing program) 2022/09/12 17:03:43 fetching corpus: 76, signal 35899/41026 (executing program) 2022/09/12 17:03:43 fetching corpus: 126, signal 49817/56225 (executing program) 2022/09/12 17:03:43 fetching corpus: 176, signal 59248/66888 (executing program) 2022/09/12 17:03:43 fetching corpus: 226, signal 66285/75133 (executing program) 2022/09/12 17:03:43 fetching corpus: 276, signal 73837/83721 (executing program) 2022/09/12 17:03:43 fetching corpus: 326, signal 79143/90088 (executing program) 2022/09/12 17:03:43 fetching corpus: 376, signal 82802/94854 (executing program) 2022/09/12 17:03:44 fetching corpus: 426, signal 85726/98895 (executing program) 2022/09/12 17:03:44 fetching corpus: 476, signal 88979/103147 (executing program) 2022/09/12 17:03:44 fetching corpus: 525, signal 93741/108766 (executing program) 2022/09/12 17:03:44 fetching corpus: 575, signal 98248/114032 (executing program) 2022/09/12 17:03:44 fetching corpus: 625, signal 100202/117031 (executing program) 2022/09/12 17:03:44 fetching corpus: 675, signal 102560/120324 (executing program) 2022/09/12 17:03:44 fetching corpus: 725, signal 106097/124604 (executing program) 2022/09/12 17:03:45 fetching corpus: 775, signal 108044/127455 (executing program) 2022/09/12 17:03:45 fetching corpus: 823, signal 112386/132332 (executing program) 2022/09/12 17:03:45 fetching corpus: 872, signal 114740/135477 (executing program) 2022/09/12 17:03:45 fetching corpus: 922, signal 116848/138329 (executing program) 2022/09/12 17:03:45 fetching corpus: 972, signal 120420/142431 (executing program) 2022/09/12 17:03:45 fetching corpus: 1022, signal 121899/144654 (executing program) 2022/09/12 17:03:45 fetching corpus: 1072, signal 124101/147521 (executing program) 2022/09/12 17:03:45 fetching corpus: 1122, signal 126343/150353 (executing program) 2022/09/12 17:03:45 fetching corpus: 1172, signal 128879/153349 (executing program) 2022/09/12 17:03:46 fetching corpus: 1222, signal 130383/155564 (executing program) 2022/09/12 17:03:46 fetching corpus: 1272, signal 132499/158234 (executing program) 2022/09/12 17:03:46 fetching corpus: 1322, signal 133844/160248 (executing program) 2022/09/12 17:03:46 fetching corpus: 1372, signal 135596/162559 (executing program) 2022/09/12 17:03:46 fetching corpus: 1422, signal 137187/164718 (executing program) 2022/09/12 17:03:46 fetching corpus: 1472, signal 138819/166863 (executing program) 2022/09/12 17:03:46 fetching corpus: 1522, signal 140588/169056 (executing program) 2022/09/12 17:03:46 fetching corpus: 1572, signal 141573/170674 (executing program) 2022/09/12 17:03:47 fetching corpus: 1622, signal 143287/172817 (executing program) 2022/09/12 17:03:47 fetching corpus: 1672, signal 145178/175100 (executing program) 2022/09/12 17:03:47 fetching corpus: 1722, signal 147101/177358 (executing program) 2022/09/12 17:03:47 fetching corpus: 1772, signal 148346/179097 (executing program) 2022/09/12 17:03:47 fetching corpus: 1822, signal 150624/181517 (executing program) 2022/09/12 17:03:47 fetching corpus: 1872, signal 152167/183357 (executing program) 2022/09/12 17:03:48 fetching corpus: 1922, signal 154050/185478 (executing program) 2022/09/12 17:03:48 fetching corpus: 1972, signal 155785/187502 (executing program) 2022/09/12 17:03:48 fetching corpus: 2022, signal 157875/189695 (executing program) 2022/09/12 17:03:48 fetching corpus: 2069, signal 158945/191150 (executing program) 2022/09/12 17:03:48 fetching corpus: 2116, signal 160002/192551 (executing program) 2022/09/12 17:03:48 fetching corpus: 2166, signal 161191/194070 (executing program) 2022/09/12 17:03:48 fetching corpus: 2216, signal 162273/195524 (executing program) 2022/09/12 17:03:48 fetching corpus: 2266, signal 163335/196870 (executing program) 2022/09/12 17:03:49 fetching corpus: 2316, signal 164428/198260 (executing program) 2022/09/12 17:03:49 fetching corpus: 2366, signal 165315/199530 (executing program) 2022/09/12 17:03:49 fetching corpus: 2416, signal 166006/200648 (executing program) 2022/09/12 17:03:49 fetching corpus: 2466, signal 167041/201934 (executing program) 2022/09/12 17:03:49 fetching corpus: 2516, signal 168539/203507 (executing program) 2022/09/12 17:03:49 fetching corpus: 2566, signal 170230/205166 (executing program) 2022/09/12 17:03:49 fetching corpus: 2616, signal 171059/206284 (executing program) 2022/09/12 17:03:49 fetching corpus: 2666, signal 172079/207496 (executing program) 2022/09/12 17:03:50 fetching corpus: 2716, signal 172931/208606 (executing program) 2022/09/12 17:03:50 fetching corpus: 2766, signal 173759/209727 (executing program) 2022/09/12 17:03:50 fetching corpus: 2816, signal 174519/210773 (executing program) 2022/09/12 17:03:50 fetching corpus: 2866, signal 175418/211896 (executing program) 2022/09/12 17:03:50 fetching corpus: 2916, signal 176479/213069 (executing program) 2022/09/12 17:03:50 fetching corpus: 2965, signal 177951/214467 (executing program) 2022/09/12 17:03:50 fetching corpus: 3015, signal 178566/215384 (executing program) 2022/09/12 17:03:51 fetching corpus: 3065, signal 179680/216569 (executing program) 2022/09/12 17:03:51 fetching corpus: 3115, signal 181106/217865 (executing program) 2022/09/12 17:03:51 fetching corpus: 3165, signal 182991/219359 (executing program) 2022/09/12 17:03:51 fetching corpus: 3214, signal 183692/220222 (executing program) 2022/09/12 17:03:51 fetching corpus: 3264, signal 185018/221384 (executing program) 2022/09/12 17:03:51 fetching corpus: 3314, signal 186310/222517 (executing program) 2022/09/12 17:03:51 fetching corpus: 3364, signal 187675/223655 (executing program) 2022/09/12 17:03:52 fetching corpus: 3414, signal 189179/224865 (executing program) 2022/09/12 17:03:52 fetching corpus: 3464, signal 190223/225800 (executing program) 2022/09/12 17:03:52 fetching corpus: 3514, signal 191082/226686 (executing program) 2022/09/12 17:03:52 fetching corpus: 3564, signal 192110/227624 (executing program) 2022/09/12 17:03:52 fetching corpus: 3612, signal 192802/228417 (executing program) 2022/09/12 17:03:52 fetching corpus: 3662, signal 193744/229272 (executing program) 2022/09/12 17:03:52 fetching corpus: 3712, signal 194578/230045 (executing program) 2022/09/12 17:03:53 fetching corpus: 3761, signal 195572/230888 (executing program) 2022/09/12 17:03:53 fetching corpus: 3811, signal 196406/231678 (executing program) 2022/09/12 17:03:53 fetching corpus: 3860, signal 197428/232603 (executing program) 2022/09/12 17:03:53 fetching corpus: 3909, signal 198228/233374 (executing program) 2022/09/12 17:03:53 fetching corpus: 3959, signal 199094/234137 (executing program) 2022/09/12 17:03:53 fetching corpus: 4009, signal 199816/234849 (executing program) 2022/09/12 17:03:53 fetching corpus: 4059, signal 200503/235536 (executing program) 2022/09/12 17:03:54 fetching corpus: 4109, signal 201127/236175 (executing program) 2022/09/12 17:03:54 fetching corpus: 4158, signal 202238/237059 (executing program) 2022/09/12 17:03:54 fetching corpus: 4208, signal 203141/237771 (executing program) 2022/09/12 17:03:54 fetching corpus: 4258, signal 204338/238521 (executing program) 2022/09/12 17:03:54 fetching corpus: 4308, signal 205052/239111 (executing program) 2022/09/12 17:03:54 fetching corpus: 4358, signal 206564/240016 (executing program) 2022/09/12 17:03:54 fetching corpus: 4408, signal 206956/240500 (executing program) 2022/09/12 17:03:55 fetching corpus: 4458, signal 207509/241002 (executing program) 2022/09/12 17:03:55 fetching corpus: 4508, signal 208288/241585 (executing program) 2022/09/12 17:03:55 fetching corpus: 4558, signal 209027/242158 (executing program) 2022/09/12 17:03:55 fetching corpus: 4608, signal 209665/242703 (executing program) 2022/09/12 17:03:55 fetching corpus: 4658, signal 210143/243204 (executing program) 2022/09/12 17:03:55 fetching corpus: 4708, signal 211082/243778 (executing program) 2022/09/12 17:03:55 fetching corpus: 4758, signal 211774/244299 (executing program) 2022/09/12 17:03:56 fetching corpus: 4808, signal 212452/244755 (executing program) 2022/09/12 17:03:56 fetching corpus: 4858, signal 213021/245219 (executing program) 2022/09/12 17:03:56 fetching corpus: 4908, signal 213486/245622 (executing program) 2022/09/12 17:03:56 fetching corpus: 4958, signal 213960/246048 (executing program) 2022/09/12 17:03:56 fetching corpus: 5008, signal 214972/246661 (executing program) 2022/09/12 17:03:56 fetching corpus: 5058, signal 215401/247046 (executing program) 2022/09/12 17:03:56 fetching corpus: 5108, signal 216097/247468 (executing program) 2022/09/12 17:03:56 fetching corpus: 5158, signal 216613/247841 (executing program) 2022/09/12 17:03:56 fetching corpus: 5208, signal 217143/248220 (executing program) 2022/09/12 17:03:57 fetching corpus: 5258, signal 217903/248600 (executing program) 2022/09/12 17:03:57 fetching corpus: 5308, signal 218333/248943 (executing program) 2022/09/12 17:03:57 fetching corpus: 5358, signal 218718/249316 (executing program) 2022/09/12 17:03:57 fetching corpus: 5408, signal 219527/249671 (executing program) 2022/09/12 17:03:57 fetching corpus: 5458, signal 220131/250030 (executing program) 2022/09/12 17:03:57 fetching corpus: 5508, signal 220916/250392 (executing program) 2022/09/12 17:03:57 fetching corpus: 5558, signal 221787/250749 (executing program) 2022/09/12 17:03:58 fetching corpus: 5608, signal 222080/251035 (executing program) 2022/09/12 17:03:58 fetching corpus: 5658, signal 222683/251333 (executing program) 2022/09/12 17:03:58 fetching corpus: 5708, signal 223295/251631 (executing program) 2022/09/12 17:03:58 fetching corpus: 5758, signal 223773/251943 (executing program) 2022/09/12 17:03:58 fetching corpus: 5808, signal 224436/252229 (executing program) 2022/09/12 17:03:58 fetching corpus: 5858, signal 225064/252515 (executing program) 2022/09/12 17:03:58 fetching corpus: 5908, signal 225603/252769 (executing program) 2022/09/12 17:03:59 fetching corpus: 5958, signal 226098/252984 (executing program) 2022/09/12 17:03:59 fetching corpus: 6008, signal 226749/253200 (executing program) 2022/09/12 17:03:59 fetching corpus: 6058, signal 227256/253437 (executing program) 2022/09/12 17:03:59 fetching corpus: 6108, signal 227703/253564 (executing program) 2022/09/12 17:03:59 fetching corpus: 6158, signal 228208/253570 (executing program) 2022/09/12 17:03:59 fetching corpus: 6208, signal 228802/253580 (executing program) 2022/09/12 17:03:59 fetching corpus: 6258, signal 229482/253589 (executing program) 2022/09/12 17:04:00 fetching corpus: 6308, signal 230056/253606 (executing program) 2022/09/12 17:04:00 fetching corpus: 6358, signal 230479/253616 (executing program) 2022/09/12 17:04:00 fetching corpus: 6408, signal 231223/253664 (executing program) 2022/09/12 17:04:00 fetching corpus: 6458, signal 231646/253665 (executing program) 2022/09/12 17:04:00 fetching corpus: 6508, signal 232062/253801 (executing program) 2022/09/12 17:04:00 fetching corpus: 6558, signal 232588/253808 (executing program) 2022/09/12 17:04:00 fetching corpus: 6608, signal 233061/253834 (executing program) 2022/09/12 17:04:00 fetching corpus: 6658, signal 233673/253875 (executing program) 2022/09/12 17:04:01 fetching corpus: 6708, signal 234056/253892 (executing program) 2022/09/12 17:04:01 fetching corpus: 6758, signal 234502/253907 (executing program) 2022/09/12 17:04:01 fetching corpus: 6808, signal 234895/253911 (executing program) 2022/09/12 17:04:01 fetching corpus: 6858, signal 235189/253924 (executing program) 2022/09/12 17:04:01 fetching corpus: 6908, signal 236016/253924 (executing program) 2022/09/12 17:04:01 fetching corpus: 6958, signal 236656/253938 (executing program) 2022/09/12 17:04:01 fetching corpus: 7008, signal 237144/253942 (executing program) 2022/09/12 17:04:01 fetching corpus: 7058, signal 237508/253955 (executing program) 2022/09/12 17:04:02 fetching corpus: 7108, signal 238137/253972 (executing program) 2022/09/12 17:04:02 fetching corpus: 7158, signal 238996/253988 (executing program) 2022/09/12 17:04:02 fetching corpus: 7208, signal 239645/254002 (executing program) 2022/09/12 17:04:02 fetching corpus: 7258, signal 239928/254030 (executing program) 2022/09/12 17:04:02 fetching corpus: 7308, signal 240305/254045 (executing program) 2022/09/12 17:04:02 fetching corpus: 7358, signal 240898/254057 (executing program) 2022/09/12 17:04:02 fetching corpus: 7408, signal 241233/254063 (executing program) 2022/09/12 17:04:03 fetching corpus: 7458, signal 241721/254065 (executing program) 2022/09/12 17:04:03 fetching corpus: 7508, signal 242255/254105 (executing program) 2022/09/12 17:04:03 fetching corpus: 7558, signal 242544/254110 (executing program) 2022/09/12 17:04:03 fetching corpus: 7608, signal 243173/254128 (executing program) 2022/09/12 17:04:03 fetching corpus: 7636, signal 243311/254137 (executing program) 2022/09/12 17:04:03 fetching corpus: 7636, signal 243311/254137 (executing program) 2022/09/12 17:04:06 starting 8 fuzzer processes 17:04:06 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) bind$unix(r0, &(0x7f0000000c80)=@abs={0x1}, 0x6e) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x2) 17:04:06 executing program 3: msgget$private(0x0, 0x0) 17:04:06 executing program 2: syz_mount_image$tmpfs(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) lsetxattr$security_selinux(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080), &(0x7f00000000c0)='system_u:object_r:systemd_unit_file_t:s0\x00', 0x21, 0x0) 17:04:06 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x200000, 0x7, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000e2f4655fe2f4655f0100ffff53ef010001000000e1f4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000001c0)="000000000000000000000000fc8e0b4946704d25a0f18393550c433b010040", 0x1f, 0x4e0}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000012600)="ed41000000100000e1f4655fe2f4655fe2f4655f000000000000040080", 0x1d, 0x4400}, {&(0x7f00000009c0)="8081000000180000e1f4655fe1f4655fe1f4655f00000000000001008000000010000800000000000af3010004000000000000000000000002000000300000008ecb094ed2cb5734dbcd5e221a6cb8687d39f581e6234abf4a895e4f8a4ec38cc28363c4208886e83521c1c9900d4e95", 0x70, 0x4800}, {&(0x7f0000012900)=' \x00', 0x2, 0x4880}], 0x0, &(0x7f0000014a00)) 17:04:06 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x1}, 0x1c) accept$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @empty}, &(0x7f00000001c0)=0x1c) sendmmsg$inet6(r1, &(0x7f0000002880), 0x4000101, 0x0) 17:04:06 executing program 5: syz_emit_ethernet(0x66, &(0x7f0000000040)={@local, @random="d400db5f2610", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "2ddc20", 0x30, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @dest_unreach={0x1, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "2cd177", 0x0, 0x62, 0x0, @loopback, @rand_addr=' \x01\x00'}}}}}}}, 0x0) 17:04:06 executing program 6: unshare(0x28000200) unshare(0x20020000) syz_mount_image$ext4(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)='devpts\x00', 0x0, 0x0) unshare(0x0) 17:04:06 executing program 7: io_uring_setup(0x56e7, &(0x7f00000023c0)={0x0, 0x0, 0x0, 0x0, 0x51}) [ 86.120182] audit: type=1400 audit(1663002246.345:6): avc: denied { execmem } for pid=289 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 87.474128] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 87.474985] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 87.476218] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 87.484651] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 87.489321] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 87.490775] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 87.491943] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 87.496031] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 87.497566] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 87.499273] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 87.500483] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 87.500654] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 87.503310] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 87.504544] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 87.505053] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 87.506947] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 87.508543] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 87.510457] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 87.517145] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 87.521619] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 87.524101] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 87.525665] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 87.526992] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 87.528620] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 87.529941] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 87.532711] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 87.534121] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 87.535321] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 87.536615] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 87.538012] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 87.539226] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 87.540489] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 87.542561] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 87.544598] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 87.546552] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 87.550401] Bluetooth: hci5: HCI_REQ-0x0c1a [ 87.551723] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 87.554305] Bluetooth: hci6: HCI_REQ-0x0c1a [ 87.554726] Bluetooth: hci3: HCI_REQ-0x0c1a [ 87.555924] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 87.559555] Bluetooth: hci1: HCI_REQ-0x0c1a [ 87.573922] Bluetooth: hci4: HCI_REQ-0x0c1a [ 87.578362] Bluetooth: hci2: HCI_REQ-0x0c1a [ 87.594049] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 87.595789] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 87.596630] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 87.608497] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 87.613529] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 87.617368] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 87.636473] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 87.636492] Bluetooth: hci7: HCI_REQ-0x0c1a [ 87.659581] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 87.686943] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 87.706967] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 87.725475] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 87.736008] Bluetooth: hci0: HCI_REQ-0x0c1a [ 89.577470] Bluetooth: hci4: command 0x0409 tx timeout [ 89.577806] Bluetooth: hci5: command 0x0409 tx timeout [ 89.578823] Bluetooth: hci1: command 0x0409 tx timeout [ 89.580341] Bluetooth: hci6: command 0x0409 tx timeout [ 89.581293] Bluetooth: hci3: command 0x0409 tx timeout [ 89.640893] Bluetooth: hci2: command 0x0409 tx timeout [ 89.704860] Bluetooth: hci7: command 0x0409 tx timeout [ 89.768827] Bluetooth: hci0: command 0x0409 tx timeout [ 91.625137] Bluetooth: hci3: command 0x041b tx timeout [ 91.627031] Bluetooth: hci6: command 0x041b tx timeout [ 91.627591] Bluetooth: hci1: command 0x041b tx timeout [ 91.629172] Bluetooth: hci5: command 0x041b tx timeout [ 91.629704] Bluetooth: hci4: command 0x041b tx timeout [ 91.688834] Bluetooth: hci2: command 0x041b tx timeout [ 91.752822] Bluetooth: hci7: command 0x041b tx timeout [ 91.816792] Bluetooth: hci0: command 0x041b tx timeout [ 93.672818] Bluetooth: hci4: command 0x040f tx timeout [ 93.673296] Bluetooth: hci5: command 0x040f tx timeout [ 93.673703] Bluetooth: hci1: command 0x040f tx timeout [ 93.674167] Bluetooth: hci6: command 0x040f tx timeout [ 93.674561] Bluetooth: hci3: command 0x040f tx timeout [ 93.736817] Bluetooth: hci2: command 0x040f tx timeout [ 93.800833] Bluetooth: hci7: command 0x040f tx timeout [ 93.864856] Bluetooth: hci0: command 0x040f tx timeout [ 95.720952] Bluetooth: hci3: command 0x0419 tx timeout [ 95.722094] Bluetooth: hci6: command 0x0419 tx timeout [ 95.724847] Bluetooth: hci1: command 0x0419 tx timeout [ 95.725636] Bluetooth: hci5: command 0x0419 tx timeout [ 95.728895] Bluetooth: hci4: command 0x0419 tx timeout [ 95.784890] Bluetooth: hci2: command 0x0419 tx timeout [ 95.849958] Bluetooth: hci7: command 0x0419 tx timeout [ 95.912939] Bluetooth: hci0: command 0x0419 tx timeout [ 141.316613] loop0: detected capacity change from 0 to 4096 [ 141.363374] EXT4-fs error (device loop0): ext4_quota_enable:6779: inode #3: comm syz-executor.0: iget: bad i_size value: -7688192601748400128 [ 141.366825] EXT4-fs error (device loop0): ext4_quota_enable:6781: comm syz-executor.0: Bad quota inode # 3 [ 141.383841] EXT4-fs warning (device loop0): ext4_enable_quotas:6818: Failed to enable quota tracking (type=0, err=-117). Please run e2fsck to fix. [ 141.386339] EXT4-fs (loop0): mount failed [ 141.423921] loop0: detected capacity change from 0 to 4096 [ 141.447277] EXT4-fs error (device loop0): ext4_quota_enable:6779: inode #3: comm syz-executor.0: iget: bad i_size value: -7688192601748400128 [ 141.460837] EXT4-fs error (device loop0): ext4_quota_enable:6781: comm syz-executor.0: Bad quota inode # 3 [ 141.461646] EXT4-fs warning (device loop0): ext4_enable_quotas:6818: Failed to enable quota tracking (type=0, err=-117). Please run e2fsck to fix. [ 141.463835] EXT4-fs (loop0): mount failed 17:05:01 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x200000, 0x7, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000e2f4655fe2f4655f0100ffff53ef010001000000e1f4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000001c0)="000000000000000000000000fc8e0b4946704d25a0f18393550c433b010040", 0x1f, 0x4e0}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000012600)="ed41000000100000e1f4655fe2f4655fe2f4655f000000000000040080", 0x1d, 0x4400}, {&(0x7f00000009c0)="8081000000180000e1f4655fe1f4655fe1f4655f00000000000001008000000010000800000000000af3010004000000000000000000000002000000300000008ecb094ed2cb5734dbcd5e221a6cb8687d39f581e6234abf4a895e4f8a4ec38cc28363c4208886e83521c1c9900d4e95", 0x70, 0x4800}, {&(0x7f0000012900)=' \x00', 0x2, 0x4880}], 0x0, &(0x7f0000014a00)) [ 141.625957] loop0: detected capacity change from 0 to 4096 [ 141.636709] EXT4-fs error (device loop0): ext4_quota_enable:6779: inode #3: comm syz-executor.0: iget: bad i_size value: -7688192601748400128 [ 141.647942] EXT4-fs error (device loop0): ext4_quota_enable:6781: comm syz-executor.0: Bad quota inode # 3 [ 141.648784] EXT4-fs warning (device loop0): ext4_enable_quotas:6818: Failed to enable quota tracking (type=0, err=-117). Please run e2fsck to fix. [ 141.650507] EXT4-fs (loop0): mount failed 17:05:01 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x200000, 0x7, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000e2f4655fe2f4655f0100ffff53ef010001000000e1f4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000001c0)="000000000000000000000000fc8e0b4946704d25a0f18393550c433b010040", 0x1f, 0x4e0}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000012600)="ed41000000100000e1f4655fe2f4655fe2f4655f000000000000040080", 0x1d, 0x4400}, {&(0x7f00000009c0)="8081000000180000e1f4655fe1f4655fe1f4655f00000000000001008000000010000800000000000af3010004000000000000000000000002000000300000008ecb094ed2cb5734dbcd5e221a6cb8687d39f581e6234abf4a895e4f8a4ec38cc28363c4208886e83521c1c9900d4e95", 0x70, 0x4800}, {&(0x7f0000012900)=' \x00', 0x2, 0x4880}], 0x0, &(0x7f0000014a00)) [ 141.805279] loop0: detected capacity change from 0 to 4096 [ 141.850983] EXT4-fs error (device loop0): ext4_quota_enable:6779: inode #3: comm syz-executor.0: iget: bad i_size value: -7688192601748400128 [ 141.883633] EXT4-fs error (device loop0): ext4_quota_enable:6781: comm syz-executor.0: Bad quota inode # 3 [ 141.888800] EXT4-fs warning (device loop0): ext4_enable_quotas:6818: Failed to enable quota tracking (type=0, err=-117). Please run e2fsck to fix. [ 141.900326] EXT4-fs (loop0): mount failed 17:05:02 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x200000, 0x7, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000e2f4655fe2f4655f0100ffff53ef010001000000e1f4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f00000001c0)="000000000000000000000000fc8e0b4946704d25a0f18393550c433b010040", 0x1f, 0x4e0}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000012600)="ed41000000100000e1f4655fe2f4655fe2f4655f000000000000040080", 0x1d, 0x4400}, {&(0x7f00000009c0)="8081000000180000e1f4655fe1f4655fe1f4655f00000000000001008000000010000800000000000af3010004000000000000000000000002000000300000008ecb094ed2cb5734dbcd5e221a6cb8687d39f581e6234abf4a895e4f8a4ec38cc28363c4208886e83521c1c9900d4e95", 0x70, 0x4800}, {&(0x7f0000012900)=' \x00', 0x2, 0x4880}], 0x0, &(0x7f0000014a00)) [ 142.062662] loop0: detected capacity change from 0 to 4096 [ 142.093315] EXT4-fs error (device loop0): ext4_quota_enable:6779: inode #3: comm syz-executor.0: iget: bad i_size value: -7688192601748400128 [ 142.108785] EXT4-fs error (device loop0): ext4_quota_enable:6781: comm syz-executor.0: Bad quota inode # 3 [ 142.110788] EXT4-fs warning (device loop0): ext4_enable_quotas:6818: Failed to enable quota tracking (type=0, err=-117). Please run e2fsck to fix. [ 142.126224] EXT4-fs (loop0): mount failed 17:05:03 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = getpid() ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300)=0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)=0x0) clone3(&(0x7f0000000440)={0x80000800, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000100), {0x3b}, &(0x7f0000000180)=""/79, 0x4f, &(0x7f0000000240)=""/2, &(0x7f0000000380)=[r1, r2, r0], 0x3}, 0x58) gettid() r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$FAT_IOCTL_GET_VOLUME_ID(r3, 0x80047213, &(0x7f00000004c0)) recvmsg$unix(0xffffffffffffffff, &(0x7f0000001980)={&(0x7f0000000500), 0x6e, &(0x7f00000018c0)=[{&(0x7f0000000140)=""/5, 0x5}, {&(0x7f0000000600)=""/149, 0x95}, {&(0x7f00000006c0)=""/4096, 0x1000}, {&(0x7f00000016c0)=""/154, 0x9a}, {&(0x7f0000001780)=""/75, 0x4b}, {&(0x7f0000000200)=""/38, 0x26}, {&(0x7f0000001800)=""/143, 0x8f}, {&(0x7f0000000400)=""/44, 0x2c}], 0x8, &(0x7f0000001940)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0}}}], 0x40}, 0x40010042) syz_open_procfs(r4, &(0x7f00000019c0)='net/rpc\x00') perf_event_open(&(0x7f0000000580)={0x3, 0x80, 0x4, 0x85, 0xf, 0x9, 0x0, 0xb6, 0x40121, 0x4ce85b42c354d306, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x4, 0x6, @perf_config_ext={0x0, 0x3}, 0x4000, 0x4, 0x0, 0x8, 0x3195, 0x3, 0xfffa, 0x0, 0xfac, 0x0, 0x81}, 0xffffffffffffffff, 0x10, 0xffffffffffffffff, 0x3) syz_open_dev$tty20(0xc, 0x4, 0x0) r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$notify(r5, 0x402, 0x2) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 142.991361] audit: type=1400 audit(1663002303.216:7): avc: denied { open } for pid=3696 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 142.996339] audit: type=1400 audit(1663002303.216:8): avc: denied { kernel } for pid=3696 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 142.997641] ------------[ cut here ]------------ [ 142.997664] [ 142.997668] ====================================================== [ 142.997671] WARNING: possible circular locking dependency detected [ 142.997676] 6.0.0-rc5-next-20220912 #1 Not tainted [ 142.997682] ------------------------------------------------------ [ 142.997686] syz-executor.0/3699 is trying to acquire lock: [ 142.997692] ffffffff853fa878 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 142.997734] [ 142.997734] but task is already holding lock: [ 142.997737] ffff888017537420 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 142.997765] [ 142.997765] which lock already depends on the new lock. [ 142.997765] [ 142.997768] [ 142.997768] the existing dependency chain (in reverse order) is: [ 142.997771] [ 142.997771] -> #3 (&ctx->lock){....}-{2:2}: [ 142.997785] _raw_spin_lock+0x2a/0x40 [ 142.997802] __perf_event_task_sched_out+0x53b/0x18d0 [ 142.997815] __schedule+0xedd/0x2470 [ 142.997825] schedule+0xda/0x1b0 [ 142.997834] exit_to_user_mode_prepare+0x114/0x1a0 [ 142.997855] syscall_exit_to_user_mode+0x19/0x40 [ 142.997872] do_syscall_64+0x48/0x90 [ 142.997886] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 142.997903] [ 142.997903] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 142.997917] _raw_spin_lock_nested+0x30/0x40 [ 142.997932] raw_spin_rq_lock_nested+0x1e/0x30 [ 142.997946] task_fork_fair+0x63/0x4d0 [ 142.997963] sched_cgroup_fork+0x3d0/0x540 [ 142.997977] copy_process+0x3f9e/0x6df0 [ 142.997988] kernel_clone+0xe7/0x890 [ 142.997997] user_mode_thread+0xad/0xf0 [ 142.998007] rest_init+0x24/0x250 [ 142.998024] arch_call_rest_init+0xf/0x14 [ 142.998043] start_kernel+0x4c1/0x4e6 [ 142.998060] secondary_startup_64_no_verify+0xe0/0xeb [ 142.998075] [ 142.998075] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 142.998088] _raw_spin_lock_irqsave+0x39/0x60 [ 142.998103] try_to_wake_up+0xab/0x1920 [ 142.998134] up+0x75/0xb0 [ 142.998146] __up_console_sem+0x6e/0x80 [ 142.998162] console_unlock+0x46a/0x590 [ 142.998178] vt_ioctl+0x2822/0x2ca0 [ 142.998191] tty_ioctl+0x7c4/0x1700 [ 142.998202] __x64_sys_ioctl+0x19a/0x210 [ 142.998217] do_syscall_64+0x3b/0x90 [ 142.998230] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 142.998247] [ 142.998247] -> #0 ((console_sem).lock){....}-{2:2}: [ 142.998261] __lock_acquire+0x2a02/0x5e70 [ 142.998278] lock_acquire+0x1a2/0x530 [ 142.998294] _raw_spin_lock_irqsave+0x39/0x60 [ 142.998309] down_trylock+0xe/0x70 [ 142.998322] __down_trylock_console_sem+0x3b/0xd0 [ 142.998338] vprintk_emit+0x16b/0x560 [ 142.998355] vprintk+0x84/0xa0 [ 142.998371] _printk+0xba/0xf1 [ 142.998389] report_bug.cold+0x72/0xab [ 142.998401] handle_bug+0x3c/0x70 [ 142.998414] exc_invalid_op+0x14/0x50 [ 142.998427] asm_exc_invalid_op+0x16/0x20 [ 142.998443] group_sched_out.part.0+0x2c7/0x460 [ 142.998454] ctx_sched_out+0x8f1/0xc10 [ 142.998463] __perf_event_task_sched_out+0x6d0/0x18d0 [ 142.998476] __schedule+0xedd/0x2470 [ 142.998485] schedule+0xda/0x1b0 [ 142.998494] exit_to_user_mode_prepare+0x114/0x1a0 [ 142.998514] syscall_exit_to_user_mode+0x19/0x40 [ 142.998531] do_syscall_64+0x48/0x90 [ 142.998543] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 142.998560] [ 142.998560] other info that might help us debug this: [ 142.998560] [ 142.998563] Chain exists of: [ 142.998563] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 142.998563] [ 142.998578] Possible unsafe locking scenario: [ 142.998578] [ 142.998580] CPU0 CPU1 [ 142.998583] ---- ---- [ 142.998585] lock(&ctx->lock); [ 142.998591] lock(&rq->__lock); [ 142.998597] lock(&ctx->lock); [ 142.998604] lock((console_sem).lock); [ 142.998609] [ 142.998609] *** DEADLOCK *** [ 142.998609] [ 142.998611] 2 locks held by syz-executor.0/3699: [ 142.998618] #0: ffff88806ce37cd8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 142.998644] #1: ffff888017537420 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 142.998671] [ 142.998671] stack backtrace: [ 142.998675] CPU: 0 PID: 3699 Comm: syz-executor.0 Not tainted 6.0.0-rc5-next-20220912 #1 [ 142.998687] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 142.998695] Call Trace: [ 142.998699] [ 142.998703] dump_stack_lvl+0x8b/0xb3 [ 142.998717] check_noncircular+0x263/0x2e0 [ 142.998734] ? format_decode+0x26c/0xb50 [ 142.998749] ? print_circular_bug+0x450/0x450 [ 142.998767] ? enable_ptr_key_workfn+0x20/0x20 [ 142.998781] ? format_decode+0x26c/0xb50 [ 142.998797] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 142.998815] __lock_acquire+0x2a02/0x5e70 [ 142.998837] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 142.998859] lock_acquire+0x1a2/0x530 [ 142.998877] ? down_trylock+0xe/0x70 [ 142.998892] ? rcu_read_unlock+0x40/0x40 [ 142.998913] ? vprintk+0x84/0xa0 [ 142.998931] _raw_spin_lock_irqsave+0x39/0x60 [ 142.998947] ? down_trylock+0xe/0x70 [ 142.998962] down_trylock+0xe/0x70 [ 142.998976] ? vprintk+0x84/0xa0 [ 142.998993] __down_trylock_console_sem+0x3b/0xd0 [ 142.999011] vprintk_emit+0x16b/0x560 [ 142.999031] vprintk+0x84/0xa0 [ 142.999048] _printk+0xba/0xf1 [ 142.999066] ? record_print_text.cold+0x16/0x16 [ 142.999088] ? report_bug.cold+0x66/0xab [ 142.999102] ? group_sched_out.part.0+0x2c7/0x460 [ 142.999113] report_bug.cold+0x72/0xab [ 142.999128] handle_bug+0x3c/0x70 [ 142.999142] exc_invalid_op+0x14/0x50 [ 142.999156] asm_exc_invalid_op+0x16/0x20 [ 142.999173] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 142.999187] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 142.999199] RSP: 0018:ffff888042727c48 EFLAGS: 00010006 [ 142.999208] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 142.999216] RDX: ffff888041d81ac0 RSI: ffffffff81566027 RDI: 0000000000000005 [ 142.999224] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001 [ 142.999231] R10: 0000000000000000 R11: ffffffff865aa01b R12: ffff888017537400 [ 142.999239] R13: ffff88806ce3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 142.999250] ? group_sched_out.part.0+0x2c7/0x460 [ 142.999263] ? group_sched_out.part.0+0x2c7/0x460 [ 142.999276] ctx_sched_out+0x8f1/0xc10 [ 142.999289] __perf_event_task_sched_out+0x6d0/0x18d0 [ 142.999304] ? lock_is_held_type+0xd7/0x130 [ 142.999322] ? __perf_cgroup_move+0x160/0x160 [ 142.999334] ? set_next_entity+0x304/0x550 [ 142.999353] ? update_curr+0x267/0x740 [ 142.999371] ? lock_is_held_type+0xd7/0x130 [ 142.999390] __schedule+0xedd/0x2470 [ 142.999403] ? io_schedule_timeout+0x150/0x150 [ 142.999415] ? rcu_read_lock_sched_held+0x3e/0x80 [ 142.999436] schedule+0xda/0x1b0 [ 142.999447] exit_to_user_mode_prepare+0x114/0x1a0 [ 142.999467] syscall_exit_to_user_mode+0x19/0x40 [ 142.999485] do_syscall_64+0x48/0x90 [ 142.999499] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 142.999517] RIP: 0033:0x7ff9a8301b19 [ 142.999525] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 142.999536] RSP: 002b:00007ff9a5877218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 142.999547] RAX: 0000000000000001 RBX: 00007ff9a8414f68 RCX: 00007ff9a8301b19 [ 142.999554] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ff9a8414f6c [ 142.999562] RBP: 00007ff9a8414f60 R08: 000000000000000e R09: 0000000000000000 [ 142.999569] R10: 0000000000000003 R11: 0000000000000246 R12: 00007ff9a8414f6c [ 142.999577] R13: 00007ffcacce3cbf R14: 00007ff9a5877300 R15: 0000000000022000 [ 142.999590] [ 143.054206] WARNING: CPU: 0 PID: 3699 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 143.054884] Modules linked in: [ 143.055126] CPU: 0 PID: 3699 Comm: syz-executor.0 Not tainted 6.0.0-rc5-next-20220912 #1 [ 143.055723] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 143.056546] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 143.056946] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 143.058299] RSP: 0018:ffff888042727c48 EFLAGS: 00010006 [ 143.058696] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 143.059197] RDX: ffff888041d81ac0 RSI: ffffffff81566027 RDI: 0000000000000005 [ 143.059735] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001 [ 143.060252] R10: 0000000000000000 R11: ffffffff865aa01b R12: ffff888017537400 [ 143.060752] R13: ffff88806ce3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 143.061254] FS: 00007ff9a5877700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 143.061818] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 143.062236] CR2: 00007f5628680b90 CR3: 000000001a90e000 CR4: 0000000000350ef0 [ 143.062740] Call Trace: [ 143.062925] [ 143.063095] ctx_sched_out+0x8f1/0xc10 [ 143.063379] __perf_event_task_sched_out+0x6d0/0x18d0 [ 143.063751] ? lock_is_held_type+0xd7/0x130 [ 143.064066] ? __perf_cgroup_move+0x160/0x160 [ 143.064389] ? set_next_entity+0x304/0x550 [ 143.064702] ? update_curr+0x267/0x740 [ 143.064998] ? lock_is_held_type+0xd7/0x130 [ 143.065314] __schedule+0xedd/0x2470 [ 143.065601] ? io_schedule_timeout+0x150/0x150 [ 143.065949] ? rcu_read_lock_sched_held+0x3e/0x80 [ 143.066342] schedule+0xda/0x1b0 [ 143.066601] exit_to_user_mode_prepare+0x114/0x1a0 [ 143.066982] syscall_exit_to_user_mode+0x19/0x40 [ 143.067343] do_syscall_64+0x48/0x90 [ 143.067631] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 143.068024] RIP: 0033:0x7ff9a8301b19 [ 143.068303] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 143.069642] RSP: 002b:00007ff9a5877218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 143.070221] RAX: 0000000000000001 RBX: 00007ff9a8414f68 RCX: 00007ff9a8301b19 [ 143.070746] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ff9a8414f6c [ 143.071274] RBP: 00007ff9a8414f60 R08: 000000000000000e R09: 0000000000000000 [ 143.071804] R10: 0000000000000003 R11: 0000000000000246 R12: 00007ff9a8414f6c [ 143.072338] R13: 00007ffcacce3cbf R14: 00007ff9a5877300 R15: 0000000000022000 [ 143.072874] [ 143.073053] irq event stamp: 664 [ 143.073303] hardirqs last enabled at (663): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 143.074001] hardirqs last disabled at (664): [] __schedule+0x1225/0x2470 [ 143.074628] softirqs last enabled at (412): [] __irq_exit_rcu+0x11b/0x180 [ 143.075256] softirqs last disabled at (339): [] __irq_exit_rcu+0x11b/0x180 [ 143.075879] ---[ end trace 0000000000000000 ]--- 17:05:04 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = getpid() ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000300)=0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340)=0x0) clone3(&(0x7f0000000440)={0x80000800, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000100), {0x3b}, &(0x7f0000000180)=""/79, 0x4f, &(0x7f0000000240)=""/2, &(0x7f0000000380)=[r1, r2, r0], 0x3}, 0x58) gettid() r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$FAT_IOCTL_GET_VOLUME_ID(r3, 0x80047213, &(0x7f00000004c0)) recvmsg$unix(0xffffffffffffffff, &(0x7f0000001980)={&(0x7f0000000500), 0x6e, &(0x7f00000018c0)=[{&(0x7f0000000140)=""/5, 0x5}, {&(0x7f0000000600)=""/149, 0x95}, {&(0x7f00000006c0)=""/4096, 0x1000}, {&(0x7f00000016c0)=""/154, 0x9a}, {&(0x7f0000001780)=""/75, 0x4b}, {&(0x7f0000000200)=""/38, 0x26}, {&(0x7f0000001800)=""/143, 0x8f}, {&(0x7f0000000400)=""/44, 0x2c}], 0x8, &(0x7f0000001940)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0}}}], 0x40}, 0x40010042) syz_open_procfs(r4, &(0x7f00000019c0)='net/rpc\x00') perf_event_open(&(0x7f0000000580)={0x3, 0x80, 0x4, 0x85, 0xf, 0x9, 0x0, 0xb6, 0x40121, 0x4ce85b42c354d306, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x4, 0x6, @perf_config_ext={0x0, 0x3}, 0x4000, 0x4, 0x0, 0x8, 0x3195, 0x3, 0xfffa, 0x0, 0xfac, 0x0, 0x81}, 0xffffffffffffffff, 0x10, 0xffffffffffffffff, 0x3) syz_open_dev$tty20(0xc, 0x4, 0x0) r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$notify(r5, 0x402, 0x2) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 17:05:04 executing program 6: unshare(0x28000200) unshare(0x20020000) syz_mount_image$ext4(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)='devpts\x00', 0x0, 0x0) unshare(0x0) 17:05:04 executing program 6: unshare(0x28000200) unshare(0x20020000) syz_mount_image$ext4(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)='devpts\x00', 0x0, 0x0) unshare(0x0) 17:05:04 executing program 6: unshare(0x28000200) unshare(0x20020000) syz_mount_image$ext4(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)='devpts\x00', 0x0, 0x0) unshare(0x0) [ 145.858350] SELinux: Context system_u:object_r:systemd_unit_fi is not valid (left unmapped). [ 150.760910] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 150.760925] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 150.762098] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 150.763029] Bluetooth: hci2: Opcode 0x c03 failed: -110 VM DIAGNOSIS: 17:05:03 Registers: info registers vcpu 0 RAX=000000000000000d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822b1e41 RDI=ffffffff8763fae0 RBP=ffffffff8763faa0 RSP=ffff888042727698 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=000000000000000d R13=ffffffff8763faa0 R14=0000000000000010 R15=ffffffff822b1e30 RIP=ffffffff822b1e99 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007ff9a5877700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f5628680b90 CR3=000000001a90e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007ff9a83e87c0 00007ff9a83e87c8 YMM02=0000000000000000 0000000000000000 00007ff9a83e87e0 00007ff9a83e87c0 YMM03=0000000000000000 0000000000000000 00007ff9a83e87c8 00007ff9a83e87c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=0000000000000001 RBX=0000000000033b60 RCX=0000000000000000 RDX=ffff88801856d040 RSI=0000000000000002 RDI=0000000000000000 RBP=ffffffff84de5560 RSP=ffff8880428df5b0 R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=0000000000000001 R13=ffffffff84de5520 R14=ffff888007c75000 R15=0000000000000000 RIP=ffffffff8423f0ee RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f89b5cf80d0 CR3=000000000f224000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM04=0000000000000000 0000000000000000 0000000000000000 00000000000000ff YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000