Warning: Permanently added '[localhost]:47004' (ECDSA) to the list of known hosts. 2022/09/12 17:15:41 fuzzer started 2022/09/12 17:15:42 dialing manager at localhost:38027 syzkaller login: [ 41.075884] cgroup: Unknown subsys name 'net' [ 41.200161] cgroup: Unknown subsys name 'rlimit' 2022/09/12 17:15:57 syscalls: 2215 2022/09/12 17:15:57 code coverage: enabled 2022/09/12 17:15:57 comparison tracing: enabled 2022/09/12 17:15:57 extra coverage: enabled 2022/09/12 17:15:57 setuid sandbox: enabled 2022/09/12 17:15:57 namespace sandbox: enabled 2022/09/12 17:15:57 Android sandbox: enabled 2022/09/12 17:15:57 fault injection: enabled 2022/09/12 17:15:57 leak checking: enabled 2022/09/12 17:15:57 net packet injection: enabled 2022/09/12 17:15:57 net device setup: enabled 2022/09/12 17:15:57 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/12 17:15:57 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/12 17:15:57 USB emulation: enabled 2022/09/12 17:15:57 hci packet injection: enabled 2022/09/12 17:15:57 wifi device emulation: failed to parse kernel version (6.0.0-rc5-next-20220912) 2022/09/12 17:15:57 802.15.4 emulation: enabled 2022/09/12 17:15:57 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/12 17:15:57 fetching corpus: 50, signal 33051/36495 (executing program) 2022/09/12 17:15:57 fetching corpus: 100, signal 44451/49368 (executing program) 2022/09/12 17:15:57 fetching corpus: 150, signal 57692/63830 (executing program) 2022/09/12 17:15:57 fetching corpus: 200, signal 61655/69175 (executing program) 2022/09/12 17:15:57 fetching corpus: 250, signal 69715/78397 (executing program) 2022/09/12 17:15:58 fetching corpus: 300, signal 76835/86574 (executing program) 2022/09/12 17:15:58 fetching corpus: 350, signal 82095/92918 (executing program) 2022/09/12 17:15:58 fetching corpus: 400, signal 84797/96772 (executing program) 2022/09/12 17:15:58 fetching corpus: 450, signal 90440/103300 (executing program) 2022/09/12 17:15:58 fetching corpus: 500, signal 94289/108057 (executing program) 2022/09/12 17:15:58 fetching corpus: 550, signal 97215/112007 (executing program) 2022/09/12 17:15:58 fetching corpus: 600, signal 99781/115554 (executing program) 2022/09/12 17:15:58 fetching corpus: 650, signal 102898/119562 (executing program) 2022/09/12 17:15:59 fetching corpus: 700, signal 107531/124826 (executing program) 2022/09/12 17:15:59 fetching corpus: 750, signal 110077/128203 (executing program) 2022/09/12 17:15:59 fetching corpus: 800, signal 112052/130998 (executing program) 2022/09/12 17:15:59 fetching corpus: 850, signal 113941/133753 (executing program) 2022/09/12 17:15:59 fetching corpus: 900, signal 115823/136463 (executing program) 2022/09/12 17:15:59 fetching corpus: 950, signal 120594/141613 (executing program) 2022/09/12 17:15:59 fetching corpus: 1000, signal 122908/144543 (executing program) 2022/09/12 17:16:00 fetching corpus: 1050, signal 125577/147833 (executing program) 2022/09/12 17:16:00 fetching corpus: 1100, signal 127620/150524 (executing program) 2022/09/12 17:16:00 fetching corpus: 1150, signal 129841/153320 (executing program) 2022/09/12 17:16:00 fetching corpus: 1200, signal 131345/155496 (executing program) 2022/09/12 17:16:00 fetching corpus: 1250, signal 133053/157865 (executing program) 2022/09/12 17:16:00 fetching corpus: 1300, signal 134550/160012 (executing program) 2022/09/12 17:16:00 fetching corpus: 1350, signal 136969/162824 (executing program) 2022/09/12 17:16:01 fetching corpus: 1400, signal 138778/165161 (executing program) 2022/09/12 17:16:01 fetching corpus: 1450, signal 140949/167705 (executing program) 2022/09/12 17:16:01 fetching corpus: 1500, signal 142376/169773 (executing program) 2022/09/12 17:16:01 fetching corpus: 1550, signal 144100/171954 (executing program) 2022/09/12 17:16:01 fetching corpus: 1600, signal 145497/173878 (executing program) 2022/09/12 17:16:01 fetching corpus: 1650, signal 146800/175660 (executing program) 2022/09/12 17:16:01 fetching corpus: 1700, signal 148262/177593 (executing program) 2022/09/12 17:16:01 fetching corpus: 1750, signal 150026/179719 (executing program) 2022/09/12 17:16:02 fetching corpus: 1800, signal 151135/181315 (executing program) 2022/09/12 17:16:02 fetching corpus: 1850, signal 152804/183308 (executing program) 2022/09/12 17:16:02 fetching corpus: 1899, signal 154187/185108 (executing program) 2022/09/12 17:16:02 fetching corpus: 1948, signal 155518/186848 (executing program) 2022/09/12 17:16:02 fetching corpus: 1998, signal 157163/188789 (executing program) 2022/09/12 17:16:02 fetching corpus: 2048, signal 158545/190478 (executing program) 2022/09/12 17:16:02 fetching corpus: 2098, signal 159523/191889 (executing program) 2022/09/12 17:16:03 fetching corpus: 2148, signal 161392/193934 (executing program) 2022/09/12 17:16:03 fetching corpus: 2198, signal 162437/195369 (executing program) 2022/09/12 17:16:03 fetching corpus: 2248, signal 163645/196829 (executing program) 2022/09/12 17:16:03 fetching corpus: 2298, signal 165229/198589 (executing program) 2022/09/12 17:16:03 fetching corpus: 2347, signal 166740/200293 (executing program) 2022/09/12 17:16:03 fetching corpus: 2397, signal 168229/201945 (executing program) 2022/09/12 17:16:03 fetching corpus: 2446, signal 170117/203765 (executing program) 2022/09/12 17:16:03 fetching corpus: 2496, signal 171101/205033 (executing program) 2022/09/12 17:16:04 fetching corpus: 2546, signal 172254/206360 (executing program) 2022/09/12 17:16:04 fetching corpus: 2596, signal 173179/207546 (executing program) 2022/09/12 17:16:04 fetching corpus: 2646, signal 174286/208861 (executing program) 2022/09/12 17:16:04 fetching corpus: 2696, signal 175063/209979 (executing program) 2022/09/12 17:16:04 fetching corpus: 2745, signal 176101/211206 (executing program) 2022/09/12 17:16:04 fetching corpus: 2795, signal 177125/212435 (executing program) 2022/09/12 17:16:04 fetching corpus: 2845, signal 178284/213639 (executing program) 2022/09/12 17:16:04 fetching corpus: 2894, signal 178916/214629 (executing program) 2022/09/12 17:16:05 fetching corpus: 2944, signal 180460/216088 (executing program) 2022/09/12 17:16:05 fetching corpus: 2994, signal 181832/217433 (executing program) 2022/09/12 17:16:05 fetching corpus: 3044, signal 183014/218598 (executing program) 2022/09/12 17:16:05 fetching corpus: 3092, signal 183696/219520 (executing program) 2022/09/12 17:16:05 fetching corpus: 3142, signal 185084/220786 (executing program) 2022/09/12 17:16:05 fetching corpus: 3192, signal 186275/221918 (executing program) 2022/09/12 17:16:05 fetching corpus: 3242, signal 187066/222833 (executing program) 2022/09/12 17:16:06 fetching corpus: 3292, signal 188347/223947 (executing program) 2022/09/12 17:16:06 fetching corpus: 3342, signal 189197/224884 (executing program) 2022/09/12 17:16:06 fetching corpus: 3392, signal 190135/225854 (executing program) 2022/09/12 17:16:06 fetching corpus: 3442, signal 191373/226947 (executing program) 2022/09/12 17:16:06 fetching corpus: 3492, signal 192132/227807 (executing program) 2022/09/12 17:16:06 fetching corpus: 3542, signal 193054/228747 (executing program) 2022/09/12 17:16:06 fetching corpus: 3592, signal 193987/229639 (executing program) 2022/09/12 17:16:06 fetching corpus: 3642, signal 194721/230460 (executing program) 2022/09/12 17:16:07 fetching corpus: 3692, signal 195514/231275 (executing program) 2022/09/12 17:16:07 fetching corpus: 3742, signal 196274/232088 (executing program) 2022/09/12 17:16:07 fetching corpus: 3792, signal 197297/232975 (executing program) 2022/09/12 17:16:07 fetching corpus: 3842, signal 197851/233637 (executing program) 2022/09/12 17:16:07 fetching corpus: 3892, signal 198769/234430 (executing program) 2022/09/12 17:16:07 fetching corpus: 3942, signal 199414/235152 (executing program) 2022/09/12 17:16:07 fetching corpus: 3992, signal 199983/235819 (executing program) 2022/09/12 17:16:07 fetching corpus: 4042, signal 200655/236532 (executing program) 2022/09/12 17:16:08 fetching corpus: 4092, signal 201612/237279 (executing program) 2022/09/12 17:16:08 fetching corpus: 4142, signal 202219/237988 (executing program) 2022/09/12 17:16:08 fetching corpus: 4192, signal 203101/238755 (executing program) 2022/09/12 17:16:08 fetching corpus: 4242, signal 203910/239450 (executing program) 2022/09/12 17:16:08 fetching corpus: 4292, signal 204688/240086 (executing program) 2022/09/12 17:16:08 fetching corpus: 4342, signal 205471/240732 (executing program) 2022/09/12 17:16:09 fetching corpus: 4392, signal 206094/241336 (executing program) 2022/09/12 17:16:09 fetching corpus: 4442, signal 206642/241888 (executing program) 2022/09/12 17:16:09 fetching corpus: 4492, signal 207049/242385 (executing program) 2022/09/12 17:16:09 fetching corpus: 4542, signal 207640/242959 (executing program) 2022/09/12 17:16:09 fetching corpus: 4592, signal 208454/243545 (executing program) 2022/09/12 17:16:09 fetching corpus: 4642, signal 209255/244198 (executing program) 2022/09/12 17:16:09 fetching corpus: 4692, signal 209748/244703 (executing program) 2022/09/12 17:16:09 fetching corpus: 4742, signal 210300/245221 (executing program) 2022/09/12 17:16:10 fetching corpus: 4792, signal 210716/245675 (executing program) 2022/09/12 17:16:10 fetching corpus: 4842, signal 211422/246213 (executing program) 2022/09/12 17:16:10 fetching corpus: 4892, signal 212100/246776 (executing program) 2022/09/12 17:16:10 fetching corpus: 4942, signal 212893/247276 (executing program) 2022/09/12 17:16:10 fetching corpus: 4992, signal 213741/247832 (executing program) 2022/09/12 17:16:10 fetching corpus: 5042, signal 214404/248281 (executing program) 2022/09/12 17:16:10 fetching corpus: 5092, signal 214903/248730 (executing program) 2022/09/12 17:16:11 fetching corpus: 5141, signal 215613/249172 (executing program) 2022/09/12 17:16:11 fetching corpus: 5191, signal 216187/249560 (executing program) 2022/09/12 17:16:11 fetching corpus: 5241, signal 216590/249988 (executing program) 2022/09/12 17:16:11 fetching corpus: 5291, signal 217137/250382 (executing program) 2022/09/12 17:16:11 fetching corpus: 5341, signal 217866/250790 (executing program) 2022/09/12 17:16:11 fetching corpus: 5391, signal 218708/251201 (executing program) 2022/09/12 17:16:11 fetching corpus: 5441, signal 219612/251629 (executing program) 2022/09/12 17:16:12 fetching corpus: 5491, signal 220167/251996 (executing program) 2022/09/12 17:16:12 fetching corpus: 5541, signal 220824/252357 (executing program) 2022/09/12 17:16:12 fetching corpus: 5591, signal 221750/252809 (executing program) 2022/09/12 17:16:12 fetching corpus: 5641, signal 222215/253112 (executing program) 2022/09/12 17:16:12 fetching corpus: 5691, signal 222755/253421 (executing program) 2022/09/12 17:16:12 fetching corpus: 5741, signal 223531/253749 (executing program) 2022/09/12 17:16:12 fetching corpus: 5791, signal 224046/254021 (executing program) 2022/09/12 17:16:12 fetching corpus: 5841, signal 224883/254314 (executing program) 2022/09/12 17:16:13 fetching corpus: 5891, signal 225505/254596 (executing program) 2022/09/12 17:16:13 fetching corpus: 5941, signal 225935/254889 (executing program) 2022/09/12 17:16:13 fetching corpus: 5991, signal 226584/255172 (executing program) 2022/09/12 17:16:13 fetching corpus: 6041, signal 227248/255471 (executing program) 2022/09/12 17:16:13 fetching corpus: 6091, signal 228122/255754 (executing program) 2022/09/12 17:16:13 fetching corpus: 6141, signal 228614/255967 (executing program) 2022/09/12 17:16:13 fetching corpus: 6191, signal 228990/256175 (executing program) 2022/09/12 17:16:14 fetching corpus: 6241, signal 229417/256206 (executing program) 2022/09/12 17:16:14 fetching corpus: 6291, signal 229947/256216 (executing program) 2022/09/12 17:16:14 fetching corpus: 6341, signal 230227/256222 (executing program) 2022/09/12 17:16:14 fetching corpus: 6391, signal 230579/256237 (executing program) 2022/09/12 17:16:14 fetching corpus: 6441, signal 231302/256365 (executing program) 2022/09/12 17:16:14 fetching corpus: 6491, signal 231978/256377 (executing program) 2022/09/12 17:16:14 fetching corpus: 6541, signal 232464/256382 (executing program) 2022/09/12 17:16:14 fetching corpus: 6591, signal 232855/256383 (executing program) 2022/09/12 17:16:15 fetching corpus: 6641, signal 233435/256410 (executing program) 2022/09/12 17:16:15 fetching corpus: 6691, signal 233993/256416 (executing program) 2022/09/12 17:16:15 fetching corpus: 6741, signal 234752/256675 (executing program) 2022/09/12 17:16:15 fetching corpus: 6791, signal 235228/256675 (executing program) 2022/09/12 17:16:15 fetching corpus: 6840, signal 235603/256727 (executing program) 2022/09/12 17:16:15 fetching corpus: 6890, signal 236071/256733 (executing program) 2022/09/12 17:16:15 fetching corpus: 6940, signal 236634/256752 (executing program) 2022/09/12 17:16:16 fetching corpus: 6990, signal 236953/256756 (executing program) 2022/09/12 17:16:16 fetching corpus: 7040, signal 237535/256764 (executing program) 2022/09/12 17:16:16 fetching corpus: 7090, signal 238148/256768 (executing program) 2022/09/12 17:16:16 fetching corpus: 7140, signal 238605/256771 (executing program) 2022/09/12 17:16:16 fetching corpus: 7190, signal 239064/256786 (executing program) 2022/09/12 17:16:16 fetching corpus: 7240, signal 239650/256801 (executing program) 2022/09/12 17:16:16 fetching corpus: 7290, signal 240361/256805 (executing program) 2022/09/12 17:16:17 fetching corpus: 7340, signal 240707/256842 (executing program) 2022/09/12 17:16:17 fetching corpus: 7390, signal 241177/256848 (executing program) 2022/09/12 17:16:17 fetching corpus: 7440, signal 241717/256875 (executing program) 2022/09/12 17:16:17 fetching corpus: 7490, signal 242163/256895 (executing program) 2022/09/12 17:16:17 fetching corpus: 7540, signal 242700/256905 (executing program) 2022/09/12 17:16:17 fetching corpus: 7590, signal 243086/256961 (executing program) 2022/09/12 17:16:17 fetching corpus: 7640, signal 243614/256994 (executing program) 2022/09/12 17:16:18 fetching corpus: 7690, signal 243981/257024 (executing program) 2022/09/12 17:16:18 fetching corpus: 7740, signal 244529/257034 (executing program) 2022/09/12 17:16:18 fetching corpus: 7790, signal 245116/257061 (executing program) 2022/09/12 17:16:18 fetching corpus: 7840, signal 245472/257066 (executing program) 2022/09/12 17:16:18 fetching corpus: 7886, signal 246068/257122 (executing program) 2022/09/12 17:16:18 fetching corpus: 7886, signal 246068/257122 (executing program) 2022/09/12 17:16:21 starting 8 fuzzer processes 17:16:21 executing program 0: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{0x0}], 0x0, &(0x7f0000011200)=ANY=[]) fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000200), &(0x7f0000000300)='./file1\x00', 0x8, 0x1) unlinkat(r0, &(0x7f0000000040)='./file1\x00', 0x0) r1 = openat$hpet(0xffffffffffffff9c, &(0x7f00000001c0), 0x80080, 0x0) ioctl$BLKTRACESTOP(0xffffffffffffffff, 0x2271, 0x7ffffffff000) ioctl$AUTOFS_DEV_IOCTL_FAIL(r1, 0xc0189377, &(0x7f0000000240)=ANY=[@ANYBLOB="01001000000000000000000014ff8ec25310c44af3b65103978663", @ANYRES32, @ANYBLOB="01000100af0500002e2f66696c65"]) r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000001180)=ANY=[@ANYBLOB="0100000001010000180000008f676efa438f8b1de10f0d18a0f2fe3d010100007521a8110be2d7b55cfae9c3ae82178c1300cc907ab755366a6f684a0ff08d72c4", @ANYRES32=r2, @ANYBLOB="6c6531009ed70fa98514cffc3c3c701c51"]) openat2(r0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140)={0x4000, 0x100}, 0x18) r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x4042, 0x28) pwrite64(r3, &(0x7f0000000000)='y', 0xfffffe5f, 0x8040000) 17:16:21 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f0000000000)) 17:16:21 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f000000c340)={0x0, 0xff00, &(0x7f0000000100)=[{&(0x7f0000000000)={0x18, 0x1a, 0xa21, 0x0, 0x0, "", [@typed={0x2, 0x0, 0x0, 0x0, @ipv4=@broadcast}]}, 0x18}], 0x1}, 0x0) 17:16:21 executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETA(r0, 0x5406, 0x0) [ 80.254365] audit: type=1400 audit(1663002981.520:6): avc: denied { execmem } for pid=285 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 17:16:21 executing program 4: mremap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000fff000/0x1000)=nil) mlock(&(0x7f0000ffa000/0x2000)=nil, 0x2000) 17:16:21 executing program 5: setitimer(0x2, &(0x7f0000000000)={{0x0, 0xea60}, {0x0, 0x2710}}, 0x0) setitimer(0x2, 0x0, 0x0) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) 17:16:21 executing program 6: r0 = syz_io_uring_setup(0xeaf, &(0x7f0000000200), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000380)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5}, 0x0) syz_io_uring_setup(0x16e0, &(0x7f0000001400), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000001480), &(0x7f00000014c0)=0x0) syz_io_uring_submit(r1, r3, &(0x7f0000000300)=@IORING_OP_FSYNC, 0x0) io_uring_enter(r0, 0x100008, 0x0, 0x0, 0x0, 0x0) 17:16:21 executing program 7: inotify_init1(0x80800) pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) [ 81.542813] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 81.544352] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 81.545455] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 81.547866] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 81.549335] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 81.550531] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 81.556642] Bluetooth: hci0: HCI_REQ-0x0c1a [ 81.598339] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 81.600751] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 81.602928] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 81.609787] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 81.615870] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 81.618672] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 81.637669] Bluetooth: hci1: HCI_REQ-0x0c1a [ 81.670172] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 81.670999] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 81.673434] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 81.674383] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 81.677939] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 81.678547] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 81.681035] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 81.686086] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 81.687024] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 81.691334] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 81.692194] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 81.694136] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 81.695505] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 81.699488] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 81.699650] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 81.701376] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 81.701443] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 81.704758] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 81.706644] Bluetooth: hci2: HCI_REQ-0x0c1a [ 81.708076] Bluetooth: hci3: HCI_REQ-0x0c1a [ 81.740741] Bluetooth: hci4: HCI_REQ-0x0c1a [ 81.747205] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 81.748775] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 81.750349] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 81.758740] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 81.762882] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 81.764122] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 81.767948] Bluetooth: hci6: HCI_REQ-0x0c1a [ 81.779266] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 81.779444] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 81.781959] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 81.791134] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 81.791156] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 81.792467] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 81.797277] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 81.798377] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 81.799805] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 81.799900] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 81.801545] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 81.802485] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 81.809985] Bluetooth: hci5: HCI_REQ-0x0c1a [ 81.827709] Bluetooth: hci7: HCI_REQ-0x0c1a [ 83.572519] Bluetooth: hci0: command 0x0409 tx timeout [ 83.699878] Bluetooth: hci1: command 0x0409 tx timeout [ 83.763614] Bluetooth: hci4: command 0x0409 tx timeout [ 83.763794] Bluetooth: hci3: command 0x0409 tx timeout [ 83.765060] Bluetooth: hci2: command 0x0409 tx timeout [ 83.827607] Bluetooth: hci6: command 0x0409 tx timeout [ 83.827649] Bluetooth: hci5: command 0x0409 tx timeout [ 83.891669] Bluetooth: hci7: command 0x0409 tx timeout [ 85.619951] Bluetooth: hci0: command 0x041b tx timeout [ 85.747633] Bluetooth: hci1: command 0x041b tx timeout [ 85.811639] Bluetooth: hci2: command 0x041b tx timeout [ 85.812188] Bluetooth: hci3: command 0x041b tx timeout [ 85.813215] Bluetooth: hci4: command 0x041b tx timeout [ 85.875645] Bluetooth: hci5: command 0x041b tx timeout [ 85.876215] Bluetooth: hci6: command 0x041b tx timeout [ 85.940660] Bluetooth: hci7: command 0x041b tx timeout [ 87.668643] Bluetooth: hci0: command 0x040f tx timeout [ 87.796617] Bluetooth: hci1: command 0x040f tx timeout [ 87.860667] Bluetooth: hci4: command 0x040f tx timeout [ 87.862228] Bluetooth: hci3: command 0x040f tx timeout [ 87.862751] Bluetooth: hci2: command 0x040f tx timeout [ 87.924661] Bluetooth: hci6: command 0x040f tx timeout [ 87.925337] Bluetooth: hci5: command 0x040f tx timeout [ 87.989377] Bluetooth: hci7: command 0x040f tx timeout [ 89.716625] Bluetooth: hci0: command 0x0419 tx timeout [ 89.844608] Bluetooth: hci1: command 0x0419 tx timeout [ 89.908655] Bluetooth: hci2: command 0x0419 tx timeout [ 89.909099] Bluetooth: hci3: command 0x0419 tx timeout [ 89.909506] Bluetooth: hci4: command 0x0419 tx timeout [ 89.972609] Bluetooth: hci5: command 0x0419 tx timeout [ 89.973045] Bluetooth: hci6: command 0x0419 tx timeout [ 90.036637] Bluetooth: hci7: command 0x0419 tx timeout 17:17:18 executing program 6: r0 = syz_io_uring_setup(0xeaf, &(0x7f0000000200), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000380)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5}, 0x0) syz_io_uring_setup(0x16e0, &(0x7f0000001400), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000001480), &(0x7f00000014c0)=0x0) syz_io_uring_submit(r1, r3, &(0x7f0000000300)=@IORING_OP_FSYNC, 0x0) io_uring_enter(r0, 0x100008, 0x0, 0x0, 0x0, 0x0) 17:17:19 executing program 6: r0 = syz_io_uring_setup(0xeaf, &(0x7f0000000200), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000380)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5}, 0x0) syz_io_uring_setup(0x16e0, &(0x7f0000001400), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000001480), &(0x7f00000014c0)=0x0) syz_io_uring_submit(r1, r3, &(0x7f0000000300)=@IORING_OP_FSYNC, 0x0) io_uring_enter(r0, 0x100008, 0x0, 0x0, 0x0, 0x0) 17:17:19 executing program 6: r0 = syz_io_uring_setup(0xeaf, &(0x7f0000000200), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000380)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_LINK_TIMEOUT={0xf, 0x5}, 0x0) syz_io_uring_setup(0x16e0, &(0x7f0000001400), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000001480), &(0x7f00000014c0)=0x0) syz_io_uring_submit(r1, r3, &(0x7f0000000300)=@IORING_OP_FSYNC, 0x0) io_uring_enter(r0, 0x100008, 0x0, 0x0, 0x0, 0x0) 17:17:19 executing program 6: pipe(&(0x7f00000010c0)={0xffffffffffffffff, 0xffffffffffffffff}) close_range(r0, 0xffffffffffffffff, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) 17:17:19 executing program 6: pipe(&(0x7f00000010c0)={0xffffffffffffffff, 0xffffffffffffffff}) close_range(r0, 0xffffffffffffffff, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) 17:17:19 executing program 6: pipe(&(0x7f00000010c0)={0xffffffffffffffff, 0xffffffffffffffff}) close_range(r0, 0xffffffffffffffff, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) 17:17:19 executing program 6: pipe(&(0x7f00000010c0)={0xffffffffffffffff, 0xffffffffffffffff}) close_range(r0, 0xffffffffffffffff, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) 17:17:19 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) rt_tgsigqueueinfo(0x0, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0xffffffc4}) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f00000007c0)=ANY=[@ANYBLOB="0100000001000000000000000000c93d7502e21b8d0266d50aef230579e59d74d18c2a9d050d876edcd9190a", @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00']) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x3, 0x80, 0x81, 0x5, 0x0, 0xffff, 0x2000, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x6, 0x2, @perf_bp={0x0}, 0x0, 0x9, 0x5, 0x0, 0x3, 0xffffffff, 0x7aec, 0x0, 0x1, 0x0, 0x8001}, 0x0, 0xc, r1, 0x19) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x32261, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xd}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r2, 0x6, 0x3, 0x0, 0x0) readv(r2, &(0x7f0000001600)=[{&(0x7f0000001200)=""/12, 0xc}, {&(0x7f0000001240)=""/103, 0x67}, {&(0x7f00000012c0)=""/126, 0x7e}, {&(0x7f0000001340)=""/171, 0xab}, {&(0x7f0000001400)=""/18, 0x12}, {&(0x7f0000001440)=""/245, 0xf5}, {&(0x7f0000001540)=""/177, 0xb1}], 0x7) syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') socket$inet6_icmp(0xa, 0x2, 0x3a) setsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) socket$nl_audit(0x10, 0x3, 0x9) [ 138.642969] audit: type=1400 audit(1663003039.909:7): avc: denied { open } for pid=3714 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 138.644529] audit: type=1400 audit(1663003039.909:8): avc: denied { kernel } for pid=3714 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 138.668130] ------------[ cut here ]------------ [ 138.668153] [ 138.668158] ====================================================== [ 138.668161] WARNING: possible circular locking dependency detected [ 138.668166] 6.0.0-rc5-next-20220912 #1 Not tainted [ 138.668173] ------------------------------------------------------ [ 138.668176] syz-executor.6/3716 is trying to acquire lock: [ 138.668183] ffffffff853fa878 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 138.668226] [ 138.668226] but task is already holding lock: [ 138.668229] ffff88800fb4fc20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 138.668257] [ 138.668257] which lock already depends on the new lock. [ 138.668257] [ 138.668260] [ 138.668260] the existing dependency chain (in reverse order) is: [ 138.668264] [ 138.668264] -> #3 (&ctx->lock){....}-{2:2}: [ 138.668278] _raw_spin_lock+0x2a/0x40 [ 138.668295] __perf_event_task_sched_out+0x53b/0x18d0 [ 138.668307] __schedule+0xedd/0x2470 [ 138.668317] schedule+0xda/0x1b0 [ 138.668326] futex_wait_queue+0xf5/0x1e0 [ 138.668339] futex_wait+0x28e/0x690 [ 138.668349] do_futex+0x2ff/0x380 [ 138.668358] __x64_sys_futex+0x1c6/0x4d0 [ 138.668368] do_syscall_64+0x3b/0x90 [ 138.668382] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 138.668399] [ 138.668399] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 138.668413] _raw_spin_lock_nested+0x30/0x40 [ 138.668427] raw_spin_rq_lock_nested+0x1e/0x30 [ 138.668441] task_fork_fair+0x63/0x4d0 [ 138.668459] sched_cgroup_fork+0x3d0/0x540 [ 138.668473] copy_process+0x3f9e/0x6df0 [ 138.668484] kernel_clone+0xe7/0x890 [ 138.668493] user_mode_thread+0xad/0xf0 [ 138.668504] rest_init+0x24/0x250 [ 138.668520] arch_call_rest_init+0xf/0x14 [ 138.668540] start_kernel+0x4c1/0x4e6 [ 138.668560] secondary_startup_64_no_verify+0xe0/0xeb [ 138.668575] [ 138.668575] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 138.668588] _raw_spin_lock_irqsave+0x39/0x60 [ 138.668603] try_to_wake_up+0xab/0x1920 [ 138.668616] up+0x75/0xb0 [ 138.668628] __up_console_sem+0x6e/0x80 [ 138.668645] console_unlock+0x46a/0x590 [ 138.668661] vprintk_emit+0x1bd/0x560 [ 138.668678] vprintk+0x84/0xa0 [ 138.668694] _printk+0xba/0xf1 [ 138.668712] kauditd_hold_skb.cold+0x3f/0x4e [ 138.668726] kauditd_send_queue+0x233/0x290 [ 138.668741] kauditd_thread+0x5da/0x9a0 [ 138.668755] kthread+0x2ed/0x3a0 [ 138.668770] ret_from_fork+0x22/0x30 [ 138.668783] [ 138.668783] -> #0 ((console_sem).lock){....}-{2:2}: [ 138.668796] __lock_acquire+0x2a02/0x5e70 [ 138.668813] lock_acquire+0x1a2/0x530 [ 138.668829] _raw_spin_lock_irqsave+0x39/0x60 [ 138.668844] down_trylock+0xe/0x70 [ 138.668856] __down_trylock_console_sem+0x3b/0xd0 [ 138.668873] vprintk_emit+0x16b/0x560 [ 138.668889] vprintk+0x84/0xa0 [ 138.668906] _printk+0xba/0xf1 [ 138.668922] report_bug.cold+0x72/0xab [ 138.668934] handle_bug+0x3c/0x70 [ 138.668946] exc_invalid_op+0x14/0x50 [ 138.668959] asm_exc_invalid_op+0x16/0x20 [ 138.668976] group_sched_out.part.0+0x2c7/0x460 [ 138.668986] ctx_sched_out+0x8f1/0xc10 [ 138.668996] __perf_event_task_sched_out+0x6d0/0x18d0 [ 138.669008] __schedule+0xedd/0x2470 [ 138.669017] schedule+0xda/0x1b0 [ 138.669026] futex_wait_queue+0xf5/0x1e0 [ 138.669036] futex_wait+0x28e/0x690 [ 138.669046] do_futex+0x2ff/0x380 [ 138.669055] __x64_sys_futex+0x1c6/0x4d0 [ 138.669064] do_syscall_64+0x3b/0x90 [ 138.669077] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 138.669094] [ 138.669094] other info that might help us debug this: [ 138.669094] [ 138.669097] Chain exists of: [ 138.669097] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 138.669097] [ 138.669112] Possible unsafe locking scenario: [ 138.669112] [ 138.669114] CPU0 CPU1 [ 138.669116] ---- ---- [ 138.669119] lock(&ctx->lock); [ 138.669124] lock(&rq->__lock); [ 138.669131] lock(&ctx->lock); [ 138.669137] lock((console_sem).lock); [ 138.669143] [ 138.669143] *** DEADLOCK *** [ 138.669143] [ 138.669145] 2 locks held by syz-executor.6/3716: [ 138.669152] #0: ffff88806ce37cd8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 138.669177] #1: ffff88800fb4fc20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 138.669204] [ 138.669204] stack backtrace: [ 138.669207] CPU: 0 PID: 3716 Comm: syz-executor.6 Not tainted 6.0.0-rc5-next-20220912 #1 [ 138.669220] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 138.669228] Call Trace: [ 138.669232] [ 138.669236] dump_stack_lvl+0x8b/0xb3 [ 138.669251] check_noncircular+0x263/0x2e0 [ 138.669268] ? format_decode+0x26c/0xb50 [ 138.669283] ? print_circular_bug+0x450/0x450 [ 138.669300] ? enable_ptr_key_workfn+0x20/0x20 [ 138.669315] ? format_decode+0x26c/0xb50 [ 138.669330] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 138.669348] __lock_acquire+0x2a02/0x5e70 [ 138.669370] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 138.669393] lock_acquire+0x1a2/0x530 [ 138.669410] ? down_trylock+0xe/0x70 [ 138.669424] ? rcu_read_unlock+0x40/0x40 [ 138.669445] ? vprintk+0x84/0xa0 [ 138.669464] _raw_spin_lock_irqsave+0x39/0x60 [ 138.669479] ? down_trylock+0xe/0x70 [ 138.669493] down_trylock+0xe/0x70 [ 138.669506] ? vprintk+0x84/0xa0 [ 138.669523] __down_trylock_console_sem+0x3b/0xd0 [ 138.669541] vprintk_emit+0x16b/0x560 [ 138.669560] vprintk+0x84/0xa0 [ 138.669578] _printk+0xba/0xf1 [ 138.669596] ? record_print_text.cold+0x16/0x16 [ 138.669618] ? report_bug.cold+0x66/0xab [ 138.669632] ? group_sched_out.part.0+0x2c7/0x460 [ 138.669643] report_bug.cold+0x72/0xab [ 138.669658] handle_bug+0x3c/0x70 [ 138.669671] exc_invalid_op+0x14/0x50 [ 138.669685] asm_exc_invalid_op+0x16/0x20 [ 138.669702] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 138.669716] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 138.669728] RSP: 0018:ffff88802075f8f8 EFLAGS: 00010006 [ 138.669737] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 138.669745] RDX: ffff888018bed040 RSI: ffffffff81566027 RDI: 0000000000000005 [ 138.669753] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001 [ 138.669760] R10: 0000000000000000 R11: ffffffff865aa01b R12: ffff88800fb4fc00 [ 138.669768] R13: ffff88806ce3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 138.669779] ? group_sched_out.part.0+0x2c7/0x460 [ 138.669792] ? group_sched_out.part.0+0x2c7/0x460 [ 138.669805] ctx_sched_out+0x8f1/0xc10 [ 138.669817] __perf_event_task_sched_out+0x6d0/0x18d0 [ 138.669832] ? lock_is_held_type+0xd7/0x130 [ 138.669851] ? __perf_cgroup_move+0x160/0x160 [ 138.669863] ? set_next_entity+0x304/0x550 [ 138.669883] ? lock_is_held_type+0xd7/0x130 [ 138.669901] __schedule+0xedd/0x2470 [ 138.669914] ? io_schedule_timeout+0x150/0x150 [ 138.669925] ? futex_wait_setup+0x166/0x230 [ 138.669939] schedule+0xda/0x1b0 [ 138.669950] futex_wait_queue+0xf5/0x1e0 [ 138.669962] futex_wait+0x28e/0x690 [ 138.669974] ? futex_wait_setup+0x230/0x230 [ 138.669987] ? wake_up_q+0x8b/0xf0 [ 138.670001] ? do_raw_spin_unlock+0x4f/0x220 [ 138.670021] ? futex_wake+0x158/0x490 [ 138.670036] ? fd_install+0x1f9/0x640 [ 138.670053] do_futex+0x2ff/0x380 [ 138.670064] ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0 [ 138.670080] __x64_sys_futex+0x1c6/0x4d0 [ 138.670093] ? __x64_sys_futex_time32+0x480/0x480 [ 138.670105] ? syscall_enter_from_user_mode+0x1d/0x50 [ 138.670123] ? syscall_enter_from_user_mode+0x1d/0x50 [ 138.670144] do_syscall_64+0x3b/0x90 [ 138.670157] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 138.670175] RIP: 0033:0x7f7cfce93b19 [ 138.670183] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 138.670194] RSP: 002b:00007f7cfa409218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 138.670205] RAX: ffffffffffffffda RBX: 00007f7cfcfa6f68 RCX: 00007f7cfce93b19 [ 138.670213] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f7cfcfa6f68 [ 138.670220] RBP: 00007f7cfcfa6f60 R08: 0000000000000000 R09: 0000000000000000 [ 138.670228] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7cfcfa6f6c [ 138.670235] R13: 00007ffc7c59f31f R14: 00007f7cfa409300 R15: 0000000000022000 [ 138.670248] [ 138.729451] WARNING: CPU: 0 PID: 3716 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 138.730148] Modules linked in: [ 138.730385] CPU: 0 PID: 3716 Comm: syz-executor.6 Not tainted 6.0.0-rc5-next-20220912 #1 [ 138.730970] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 138.731789] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 138.732203] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 138.733547] RSP: 0018:ffff88802075f8f8 EFLAGS: 00010006 [ 138.733944] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 138.734440] RDX: ffff888018bed040 RSI: ffffffff81566027 RDI: 0000000000000005 [ 138.734935] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001 [ 138.735437] R10: 0000000000000000 R11: ffffffff865aa01b R12: ffff88800fb4fc00 [ 138.735935] R13: ffff88806ce3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 138.736465] FS: 00007f7cfa409700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 138.737057] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 138.737490] CR2: 00005611fbc6a080 CR3: 0000000040e80000 CR4: 0000000000350ef0 [ 138.738007] Call Trace: [ 138.738201] [ 138.738380] ctx_sched_out+0x8f1/0xc10 [ 138.738682] __perf_event_task_sched_out+0x6d0/0x18d0 [ 138.739073] ? lock_is_held_type+0xd7/0x130 [ 138.739403] ? __perf_cgroup_move+0x160/0x160 [ 138.739735] ? set_next_entity+0x304/0x550 [ 138.740067] ? lock_is_held_type+0xd7/0x130 [ 138.740392] __schedule+0xedd/0x2470 [ 138.740675] ? io_schedule_timeout+0x150/0x150 [ 138.741014] ? futex_wait_setup+0x166/0x230 [ 138.741339] schedule+0xda/0x1b0 [ 138.741596] futex_wait_queue+0xf5/0x1e0 [ 138.741898] futex_wait+0x28e/0x690 [ 138.742180] ? futex_wait_setup+0x230/0x230 [ 138.742498] ? wake_up_q+0x8b/0xf0 [ 138.742770] ? do_raw_spin_unlock+0x4f/0x220 [ 138.743108] ? futex_wake+0x158/0x490 [ 138.743399] ? fd_install+0x1f9/0x640 [ 138.743693] do_futex+0x2ff/0x380 [ 138.743955] ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0 [ 138.744398] __x64_sys_futex+0x1c6/0x4d0 [ 138.744709] ? __x64_sys_futex_time32+0x480/0x480 [ 138.745069] ? syscall_enter_from_user_mode+0x1d/0x50 [ 138.745462] ? syscall_enter_from_user_mode+0x1d/0x50 [ 138.745860] do_syscall_64+0x3b/0x90 [ 138.746142] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 138.746533] RIP: 0033:0x7f7cfce93b19 [ 138.746810] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 138.748134] RSP: 002b:00007f7cfa409218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 138.748700] RAX: ffffffffffffffda RBX: 00007f7cfcfa6f68 RCX: 00007f7cfce93b19 [ 138.749173] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f7cfcfa6f68 [ 138.749698] RBP: 00007f7cfcfa6f60 R08: 0000000000000000 R09: 0000000000000000 [ 138.750226] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7cfcfa6f6c [ 138.750752] R13: 00007ffc7c59f31f R14: 00007f7cfa409300 R15: 0000000000022000 [ 138.751281] [ 138.751458] irq event stamp: 698 [ 138.751711] hardirqs last enabled at (697): [] syscall_enter_from_user_mode+0x1d/0x50 [ 138.752417] hardirqs last disabled at (698): [] __schedule+0x1225/0x2470 [ 138.753026] softirqs last enabled at (392): [] __irq_exit_rcu+0x11b/0x180 [ 138.753649] softirqs last disabled at (383): [] __irq_exit_rcu+0x11b/0x180 [ 138.754263] ---[ end trace 0000000000000000 ]--- [ 138.978575] hrtimer: interrupt took 24095 ns [ 139.245764] syz-executor.5 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 143.112687] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 143.113723] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 143.115109] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 143.116521] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 143.119664] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 143.121786] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 143.123372] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 143.125375] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 143.126975] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 143.128441] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 143.129785] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 143.130886] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 143.130988] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 143.131508] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 143.134337] Bluetooth: hci3: HCI_REQ-0x0c1a [ 143.135177] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 143.137636] Bluetooth: hci5: HCI_REQ-0x0c1a [ 143.138303] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 143.141818] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 143.146072] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 143.147887] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 143.148440] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 143.149735] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 143.151043] Bluetooth: hci6: HCI_REQ-0x0c1a [ 143.157029] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 143.165272] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 143.166888] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 143.177491] Bluetooth: hci2: HCI_REQ-0x0c1a [ 145.075581] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 145.139617] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 145.140626] Bluetooth: hci3: command 0x0409 tx timeout [ 145.203601] Bluetooth: hci2: command 0x0409 tx timeout [ 145.203621] Bluetooth: hci6: command 0x0409 tx timeout [ 145.204775] Bluetooth: hci5: command 0x0409 tx timeout [ 147.187656] Bluetooth: hci3: command 0x041b tx timeout [ 147.251660] Bluetooth: hci5: command 0x041b tx timeout [ 147.251668] Bluetooth: hci2: command 0x041b tx timeout [ 147.253066] Bluetooth: hci6: command 0x041b tx timeout [ 147.450281] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 147.450947] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 147.451526] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 147.452600] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 147.453318] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 147.454119] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 147.456291] Bluetooth: hci0: HCI_REQ-0x0c1a VM DIAGNOSIS: 17:17:20 Registers: info registers vcpu 0 RAX=0000000000000033 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822b1e41 RDI=ffffffff8763fae0 RBP=ffffffff8763faa0 RSP=ffff88802075f348 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000033 R11=0000000000000001 R12=0000000000000033 R13=ffffffff8763faa0 R14=0000000000000010 R15=ffffffff822b1e30 RIP=ffffffff822b1e99 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f7cfa409700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00005611fbc6a080 CR3=0000000040e80000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007f7cfcf7a7c0 00007f7cfcf7a7c8 YMM02=0000000000000000 0000000000000000 00007f7cfcf7a7e0 00007f7cfcf7a7c0 YMM03=0000000000000000 0000000000000000 00007f7cfcf7a7c8 00007f7cfcf7a7c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=0000000000000003 RBX=ffff88806ce3eda0 RCX=ffffffff813bcd01 RDX=ffff888020790000 RSI=0000000000000000 RDI=0000000000000005 RBP=0000000000000003 RSP=ffff88804061f958 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=ffffed100d9c7db5 R13=ffff88806ce3eda8 R14=0000000000000001 R15=dffffc0000000000 RIP=ffffffff81461747 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555556e81400 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f7cfcfa30a0 CR3=0000000040e80000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007f7cfcf7a7c0 00007f7cfcf7a7c8 YMM02=0000000000000000 0000000000000000 00007f7cfcf7a7e0 00007f7cfcf7a7c0 YMM03=0000000000000000 0000000000000000 00007f7cfcf7a7c8 00007f7cfcf7a7c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000