Warning: Permanently added '[localhost]:25017' (ECDSA) to the list of known hosts. 2022/09/21 12:24:04 fuzzer started 2022/09/21 12:24:04 dialing manager at localhost:40289 syzkaller login: [ 44.965507] cgroup: Unknown subsys name 'net' [ 45.087489] cgroup: Unknown subsys name 'rlimit' 2022/09/21 12:24:19 syscalls: 2215 2022/09/21 12:24:19 code coverage: enabled 2022/09/21 12:24:19 comparison tracing: enabled 2022/09/21 12:24:19 extra coverage: enabled 2022/09/21 12:24:19 setuid sandbox: enabled 2022/09/21 12:24:19 namespace sandbox: enabled 2022/09/21 12:24:19 Android sandbox: enabled 2022/09/21 12:24:19 fault injection: enabled 2022/09/21 12:24:19 leak checking: enabled 2022/09/21 12:24:19 net packet injection: enabled 2022/09/21 12:24:19 net device setup: enabled 2022/09/21 12:24:19 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/21 12:24:19 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/21 12:24:19 USB emulation: enabled 2022/09/21 12:24:19 hci packet injection: enabled 2022/09/21 12:24:19 wifi device emulation: failed to parse kernel version (6.0.0-rc6-next-20220921) 2022/09/21 12:24:19 802.15.4 emulation: enabled 2022/09/21 12:24:19 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/21 12:24:19 fetching corpus: 50, signal 28500/30930 (executing program) 2022/09/21 12:24:19 fetching corpus: 100, signal 39398/42215 (executing program) 2022/09/21 12:24:20 fetching corpus: 150, signal 49286/51871 (executing program) 2022/09/21 12:24:20 fetching corpus: 200, signal 53786/56463 (executing program) 2022/09/21 12:24:20 fetching corpus: 250, signal 61980/63866 (executing program) 2022/09/21 12:24:20 fetching corpus: 300, signal 66155/67535 (executing program) 2022/09/21 12:24:20 fetching corpus: 328, signal 68369/69444 (executing program) 2022/09/21 12:24:20 fetching corpus: 328, signal 68369/69583 (executing program) 2022/09/21 12:24:20 fetching corpus: 328, signal 68369/69707 (executing program) 2022/09/21 12:24:20 fetching corpus: 328, signal 68369/69828 (executing program) 2022/09/21 12:24:20 fetching corpus: 328, signal 68369/69956 (executing program) 2022/09/21 12:24:20 fetching corpus: 328, signal 68369/70100 (executing program) 2022/09/21 12:24:20 fetching corpus: 328, signal 68369/70235 (executing program) 2022/09/21 12:24:20 fetching corpus: 328, signal 68369/70358 (executing program) 2022/09/21 12:24:20 fetching corpus: 328, signal 68369/70485 (executing program) 2022/09/21 12:24:20 fetching corpus: 328, signal 68369/70616 (executing program) 2022/09/21 12:24:20 fetching corpus: 328, signal 68369/70739 (executing program) 2022/09/21 12:24:20 fetching corpus: 328, signal 68369/70858 (executing program) 2022/09/21 12:24:20 fetching corpus: 328, signal 68369/70992 (executing program) 2022/09/21 12:24:20 fetching corpus: 328, signal 68369/71124 (executing program) 2022/09/21 12:24:20 fetching corpus: 328, signal 68369/71247 (executing program) 2022/09/21 12:24:20 fetching corpus: 328, signal 68369/71375 (executing program) 2022/09/21 12:24:20 fetching corpus: 328, signal 68369/71518 (executing program) 2022/09/21 12:24:21 fetching corpus: 328, signal 68369/71651 (executing program) 2022/09/21 12:24:21 fetching corpus: 328, signal 68369/71764 (executing program) 2022/09/21 12:24:21 fetching corpus: 328, signal 68369/71868 (executing program) 2022/09/21 12:24:21 fetching corpus: 328, signal 68369/71994 (executing program) 2022/09/21 12:24:21 fetching corpus: 328, signal 68369/72120 (executing program) 2022/09/21 12:24:21 fetching corpus: 328, signal 68369/72235 (executing program) 2022/09/21 12:24:21 fetching corpus: 328, signal 68369/72372 (executing program) 2022/09/21 12:24:21 fetching corpus: 328, signal 68369/72498 (executing program) 2022/09/21 12:24:21 fetching corpus: 328, signal 68369/72639 (executing program) 2022/09/21 12:24:21 fetching corpus: 328, signal 68369/72782 (executing program) 2022/09/21 12:24:21 fetching corpus: 328, signal 68369/72828 (executing program) 2022/09/21 12:24:21 fetching corpus: 328, signal 68369/72828 (executing program) 2022/09/21 12:24:23 starting 8 fuzzer processes 12:24:23 executing program 0: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) fsetxattr$security_selinux(r0, &(0x7f0000000100), &(0x7f0000000140)='system_u:object_r:ld_so_t:s0\x00', 0x1d, 0x1) 12:24:23 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000000)=[{0x64}, {0x6}]}, 0x10) 12:24:23 executing program 2: keyctl$KEYCTL_MOVE(0x1e, 0x0, 0x0, 0x0, 0xf8ffffff) [ 63.769670] audit: type=1400 audit(1663763063.477:6): avc: denied { execmem } for pid=287 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 12:24:23 executing program 3: syz_mount_image$nfs4(0x0, &(0x7f0000000300)='./file0\x00', 0x0, 0x1, &(0x7f0000000600)=[{0x0}], 0x0, 0x0) 12:24:23 executing program 4: syz_io_uring_setup(0x0, &(0x7f0000000040), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) io_setup(0x31c1, &(0x7f0000000b40)=0x0) io_pgetevents(r0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000c40), 0x8}) 12:24:23 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCXONC(r0, 0x540a, 0x3) 12:24:23 executing program 7: syz_open_dev$usbmon(0x0, 0x0, 0x0) futex(&(0x7f00000016c0), 0xc, 0x1, &(0x7f0000001700)={0x77359400}, &(0x7f0000001740), 0x2) 12:24:23 executing program 6: sendmsg$TIPC_CMD_SHOW_LINK_STATS(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004001}, 0x2c008000) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x11060, 0x0, 0x1, 0x0, 0x8001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r2 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) getpgid(0xffffffffffffffff) r3 = fcntl$dupfd(r0, 0x0, r1) perf_event_open(&(0x7f0000000140)={0x5, 0x80, 0xac, 0x4, 0x80, 0x1f, 0x0, 0x41, 0x208, 0x8, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0xc1, 0x2, @perf_bp={&(0x7f0000000000), 0x9}, 0x40000, 0x2, 0x1, 0x6, 0xfffffffffffffffe, 0x8, 0x7, 0x0, 0x3, 0x0, 0x1f}, 0x0, 0x5, r3, 0x2) fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x6, 0x0, 0x0, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) getsockopt$packet_int(r4, 0x107, 0xe, &(0x7f0000000780), &(0x7f00000007c0)=0x4) fallocate(r4, 0x8, 0x2, 0xfffffffffffffffe) fsmount(r2, 0x1, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x7, 0x0, 0x0, 0x0) [ 65.079463] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 65.084896] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 65.088069] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 65.094873] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 65.097805] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 65.101039] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 65.112918] Bluetooth: hci0: HCI_REQ-0x0c1a [ 65.130244] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 65.136497] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 65.142784] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 65.144805] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 65.146781] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 65.150182] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 65.153171] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 65.154169] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 65.156200] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 65.156914] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 65.157218] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 65.157936] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 65.161877] Bluetooth: hci3: HCI_REQ-0x0c1a [ 65.162868] Bluetooth: hci2: HCI_REQ-0x0c1a [ 65.166245] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 65.195217] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 65.197481] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 65.198948] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 65.200335] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 65.201969] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 65.202793] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 65.204083] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 65.204972] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 65.207446] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 65.210274] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 65.211751] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 65.212853] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 65.213853] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 65.214693] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 65.215780] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 65.219192] Bluetooth: hci1: HCI_REQ-0x0c1a [ 65.219981] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 65.222863] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 65.226477] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 65.227860] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 65.232307] Bluetooth: hci6: HCI_REQ-0x0c1a [ 65.233247] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 65.239909] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 65.241355] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 65.242517] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 65.248421] Bluetooth: hci7: HCI_REQ-0x0c1a [ 65.248431] Bluetooth: hci4: HCI_REQ-0x0c1a [ 67.153009] Bluetooth: hci0: command 0x0409 tx timeout [ 67.217229] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 67.217312] Bluetooth: hci2: command 0x0409 tx timeout [ 67.218531] Bluetooth: hci3: command 0x0409 tx timeout [ 67.281083] Bluetooth: hci6: command 0x0409 tx timeout [ 67.281101] Bluetooth: hci7: command 0x0409 tx timeout [ 67.281875] Bluetooth: hci1: command 0x0409 tx timeout [ 67.282476] Bluetooth: hci4: command 0x0409 tx timeout [ 69.201251] Bluetooth: hci0: command 0x041b tx timeout [ 69.264711] Bluetooth: hci2: command 0x041b tx timeout [ 69.265276] Bluetooth: hci3: command 0x041b tx timeout [ 69.329399] Bluetooth: hci4: command 0x041b tx timeout [ 69.330002] Bluetooth: hci1: command 0x041b tx timeout [ 69.330525] Bluetooth: hci7: command 0x041b tx timeout [ 69.331081] Bluetooth: hci6: command 0x041b tx timeout [ 71.248714] Bluetooth: hci0: command 0x040f tx timeout [ 71.312781] Bluetooth: hci3: command 0x040f tx timeout [ 71.312822] Bluetooth: hci2: command 0x040f tx timeout [ 71.376820] Bluetooth: hci6: command 0x040f tx timeout [ 71.377401] Bluetooth: hci7: command 0x040f tx timeout [ 71.377967] Bluetooth: hci1: command 0x040f tx timeout [ 71.378534] Bluetooth: hci4: command 0x040f tx timeout [ 72.272699] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 73.296758] Bluetooth: hci0: command 0x0419 tx timeout [ 73.360708] Bluetooth: hci2: command 0x0419 tx timeout [ 73.361733] Bluetooth: hci3: command 0x0419 tx timeout [ 73.424742] Bluetooth: hci4: command 0x0419 tx timeout [ 73.424777] Bluetooth: hci1: command 0x0419 tx timeout [ 73.425306] Bluetooth: hci7: command 0x0419 tx timeout [ 73.426157] Bluetooth: hci6: command 0x0419 tx timeout [ 74.934606] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 74.940218] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 74.941753] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 74.955068] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 74.956381] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 74.961272] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 74.973695] Bluetooth: hci5: HCI_REQ-0x0c1a [ 77.008747] Bluetooth: hci5: command 0x0409 tx timeout [ 79.056741] Bluetooth: hci5: command 0x041b tx timeout [ 81.104747] Bluetooth: hci5: command 0x040f tx timeout [ 83.152818] Bluetooth: hci5: command 0x0419 tx timeout [ 126.741950] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 126.743307] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 126.744749] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 126.746903] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 126.748005] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 126.748745] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 126.751401] Bluetooth: hci1: HCI_REQ-0x0c1a [ 126.804756] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 126.806094] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 126.807231] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 126.809135] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 126.810486] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 126.811430] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 126.814086] Bluetooth: hci2: HCI_REQ-0x0c1a [ 126.936396] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 126.941564] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 126.942487] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 126.946208] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 126.947159] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 126.948594] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 126.960995] Bluetooth: hci3: HCI_REQ-0x0c1a [ 127.012086] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 127.018822] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 127.022794] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 127.040172] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 127.049070] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 127.063599] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 127.084857] Bluetooth: hci4: HCI_REQ-0x0c1a [ 128.720725] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 128.784750] Bluetooth: hci1: command 0x0409 tx timeout [ 128.848730] Bluetooth: hci2: command 0x0409 tx timeout [ 128.976701] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 128.978318] Bluetooth: hci3: command 0x0409 tx timeout [ 128.978886] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 129.104785] Bluetooth: hci4: command 0x0409 tx timeout 12:25:30 executing program 7: syz_open_dev$usbmon(0x0, 0x0, 0x0) futex(&(0x7f00000016c0), 0xc, 0x1, &(0x7f0000001700)={0x77359400}, &(0x7f0000001740), 0x2) 12:25:30 executing program 7: syz_open_dev$usbmon(0x0, 0x0, 0x0) futex(&(0x7f00000016c0), 0xc, 0x1, &(0x7f0000001700)={0x77359400}, &(0x7f0000001740), 0x2) 12:25:30 executing program 7: syz_open_dev$usbmon(0x0, 0x0, 0x0) futex(&(0x7f00000016c0), 0xc, 0x1, &(0x7f0000001700)={0x77359400}, &(0x7f0000001740), 0x2) 12:25:30 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) clone3(&(0x7f0000000640)={0x127363500, &(0x7f00000000c0)=0xffffffffffffffff, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r1 = fsopen(&(0x7f0000000bc0)='debugfs\x00', 0x0) fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, 0x0, 0x0, 0x0) ioctl$F2FS_IOC_FLUSH_DEVICE(r1, 0x4008f50a, &(0x7f0000000000)) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) r3 = gettid() kcmp(r3, 0x0, 0x0, r2, 0xffffffffffffffff) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(r4, &(0x7f0000000300)='./file1\x00', 0x420000, 0x2) ioctl$EXT4_IOC_CHECKPOINT(r4, 0x4004662b, &(0x7f0000000340)) syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000005c0)={0x6, 0x6, 0xb6f, 0x9, 0x47c9}) socket$inet_udp(0x2, 0x2, 0x0) [ 130.538333] audit: type=1400 audit(1663763130.246:7): avc: denied { open } for pid=3852 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 130.540143] audit: type=1400 audit(1663763130.246:8): avc: denied { kernel } for pid=3852 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 130.552206] ------------[ cut here ]------------ [ 130.552225] [ 130.552228] ====================================================== [ 130.552231] WARNING: possible circular locking dependency detected [ 130.552236] 6.0.0-rc6-next-20220921 #1 Not tainted [ 130.552242] ------------------------------------------------------ [ 130.552246] syz-executor.7/3853 is trying to acquire lock: [ 130.552252] ffffffff853faab8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 130.552294] [ 130.552294] but task is already holding lock: [ 130.552297] ffff88800fc81420 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 130.552328] [ 130.552328] which lock already depends on the new lock. [ 130.552328] [ 130.552331] [ 130.552331] the existing dependency chain (in reverse order) is: [ 130.552334] [ 130.552334] -> #3 (&ctx->lock){....}-{2:2}: [ 130.552349] _raw_spin_lock+0x2a/0x40 [ 130.552369] __perf_event_task_sched_out+0x53b/0x18d0 [ 130.552382] __schedule+0xedd/0x2470 [ 130.552396] schedule+0xda/0x1b0 [ 130.552410] exit_to_user_mode_prepare+0x114/0x1a0 [ 130.552422] syscall_exit_to_user_mode+0x19/0x40 [ 130.552434] do_syscall_64+0x48/0x90 [ 130.552452] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 130.552464] [ 130.552464] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 130.552479] _raw_spin_lock_nested+0x30/0x40 [ 130.552498] raw_spin_rq_lock_nested+0x1e/0x30 [ 130.552513] task_fork_fair+0x63/0x4d0 [ 130.552531] sched_cgroup_fork+0x3d0/0x540 [ 130.552547] copy_process+0x4183/0x6e20 [ 130.552558] kernel_clone+0xe7/0x890 [ 130.552568] user_mode_thread+0xad/0xf0 [ 130.552579] rest_init+0x24/0x250 [ 130.552590] arch_call_rest_init+0xf/0x14 [ 130.552608] start_kernel+0x4c1/0x4e6 [ 130.552626] secondary_startup_64_no_verify+0xe0/0xeb [ 130.552641] [ 130.552641] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 130.552655] _raw_spin_lock_irqsave+0x39/0x60 [ 130.552675] try_to_wake_up+0xab/0x1930 [ 130.552689] up+0x75/0xb0 [ 130.552704] __up_console_sem+0x6e/0x80 [ 130.552722] console_unlock+0x46a/0x590 [ 130.552739] do_con_write+0xc05/0x1d50 [ 130.552752] con_write+0x21/0x40 [ 130.552762] n_tty_write+0x4d4/0xfe0 [ 130.552777] file_tty_write.constprop.0+0x49c/0x8f0 [ 130.552790] vfs_write+0x9c3/0xd90 [ 130.552810] ksys_write+0x127/0x250 [ 130.552829] do_syscall_64+0x3b/0x90 [ 130.552847] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 130.552859] [ 130.552859] -> #0 ((console_sem).lock){....}-{2:2}: [ 130.552873] __lock_acquire+0x2a02/0x5e70 [ 130.552892] lock_acquire+0x1a2/0x530 [ 130.552909] _raw_spin_lock_irqsave+0x39/0x60 [ 130.552929] down_trylock+0xe/0x70 [ 130.552944] __down_trylock_console_sem+0x3b/0xd0 [ 130.552962] vprintk_emit+0x16b/0x560 [ 130.552980] vprintk+0x84/0xa0 [ 130.552998] _printk+0xba/0xf1 [ 130.553009] report_bug.cold+0x72/0xab [ 130.553027] handle_bug+0x3c/0x70 [ 130.553044] exc_invalid_op+0x14/0x50 [ 130.553061] asm_exc_invalid_op+0x16/0x20 [ 130.553073] group_sched_out.part.0+0x2c7/0x460 [ 130.553084] ctx_sched_out+0x8f1/0xc10 [ 130.553095] __perf_event_task_sched_out+0x6d0/0x18d0 [ 130.553108] __schedule+0xedd/0x2470 [ 130.553121] schedule+0xda/0x1b0 [ 130.553134] exit_to_user_mode_prepare+0x114/0x1a0 [ 130.553145] syscall_exit_to_user_mode+0x19/0x40 [ 130.553158] do_syscall_64+0x48/0x90 [ 130.553175] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 130.553187] [ 130.553187] other info that might help us debug this: [ 130.553187] [ 130.553190] Chain exists of: [ 130.553190] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 130.553190] [ 130.553206] Possible unsafe locking scenario: [ 130.553206] [ 130.553208] CPU0 CPU1 [ 130.553211] ---- ---- [ 130.553214] lock(&ctx->lock); [ 130.553220] lock(&rq->__lock); [ 130.553227] lock(&ctx->lock); [ 130.553233] lock((console_sem).lock); [ 130.553239] [ 130.553239] *** DEADLOCK *** [ 130.553239] [ 130.553242] 2 locks held by syz-executor.7/3853: [ 130.553249] #0: ffff88806cf37d18 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 130.553279] #1: ffff88800fc81420 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 130.553309] [ 130.553309] stack backtrace: [ 130.553312] CPU: 1 PID: 3853 Comm: syz-executor.7 Not tainted 6.0.0-rc6-next-20220921 #1 [ 130.553325] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 130.553334] Call Trace: [ 130.553337] [ 130.553341] dump_stack_lvl+0x8b/0xb3 [ 130.553360] check_noncircular+0x263/0x2e0 [ 130.553378] ? format_decode+0x26c/0xb50 [ 130.553396] ? print_circular_bug+0x450/0x450 [ 130.553414] ? enable_ptr_key_workfn+0x20/0x20 [ 130.553431] ? format_decode+0x26c/0xb50 [ 130.553449] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 130.553468] __lock_acquire+0x2a02/0x5e70 [ 130.553492] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 130.553516] lock_acquire+0x1a2/0x530 [ 130.553534] ? down_trylock+0xe/0x70 [ 130.553552] ? lock_release+0x750/0x750 [ 130.553574] ? vprintk+0x84/0xa0 [ 130.553594] _raw_spin_lock_irqsave+0x39/0x60 [ 130.553614] ? down_trylock+0xe/0x70 [ 130.553630] down_trylock+0xe/0x70 [ 130.553650] ? vprintk+0x84/0xa0 [ 130.553668] __down_trylock_console_sem+0x3b/0xd0 [ 130.553687] vprintk_emit+0x16b/0x560 [ 130.553708] vprintk+0x84/0xa0 [ 130.553727] _printk+0xba/0xf1 [ 130.553738] ? record_print_text.cold+0x16/0x16 [ 130.553754] ? report_bug.cold+0x66/0xab [ 130.553773] ? group_sched_out.part.0+0x2c7/0x460 [ 130.553785] report_bug.cold+0x72/0xab [ 130.553804] handle_bug+0x3c/0x70 [ 130.553822] exc_invalid_op+0x14/0x50 [ 130.553841] asm_exc_invalid_op+0x16/0x20 [ 130.553853] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 130.553867] Code: 5e 41 5f e9 9b b9 ef ff e8 96 b9 ef ff 65 8b 1d 2b 12 ac 7e 31 ff 89 de e8 36 b6 ef ff 85 db 0f 84 8a 00 00 00 e8 79 b9 ef ff <0f> 0b e9 a5 fe ff ff e8 6d b9 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 130.553879] RSP: 0018:ffff88803491fc48 EFLAGS: 00010006 [ 130.553889] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 130.553897] RDX: ffff88800ffa5040 RSI: ffffffff815663a7 RDI: 0000000000000005 [ 130.553905] RBP: ffff888034920000 R08: 0000000000000005 R09: 0000000000000001 [ 130.553913] R10: 0000000000000000 R11: ffffffff865b005b R12: ffff88800fc81400 [ 130.553922] R13: ffff88806cf3d140 R14: ffffffff8547d0e0 R15: 0000000000000002 [ 130.553933] ? group_sched_out.part.0+0x2c7/0x460 [ 130.553947] ? group_sched_out.part.0+0x2c7/0x460 [ 130.553961] ctx_sched_out+0x8f1/0xc10 [ 130.553974] __perf_event_task_sched_out+0x6d0/0x18d0 [ 130.553990] ? lock_is_held_type+0xd7/0x130 [ 130.554004] ? __perf_cgroup_move+0x160/0x160 [ 130.554016] ? set_next_entity+0x304/0x550 [ 130.554036] ? update_curr+0x267/0x740 [ 130.554056] ? lock_is_held_type+0xd7/0x130 [ 130.554069] __schedule+0xedd/0x2470 [ 130.554087] ? io_schedule_timeout+0x150/0x150 [ 130.554103] ? rcu_read_lock_sched_held+0x3e/0x80 [ 130.554126] schedule+0xda/0x1b0 [ 130.554141] exit_to_user_mode_prepare+0x114/0x1a0 [ 130.554153] syscall_exit_to_user_mode+0x19/0x40 [ 130.554166] do_syscall_64+0x48/0x90 [ 130.554185] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 130.554197] RIP: 0033:0x7fd391abdb19 [ 130.554206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 130.554218] RSP: 002b:00007fd38f033218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 130.554229] RAX: 0000000000000001 RBX: 00007fd391bd0f68 RCX: 00007fd391abdb19 [ 130.554237] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fd391bd0f6c [ 130.554245] RBP: 00007fd391bd0f60 R08: 000000000000000e R09: 0000000000000000 [ 130.554253] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fd391bd0f6c [ 130.554261] R13: 00007ffd5e515a0f R14: 00007fd38f033300 R15: 0000000000022000 [ 130.554274] [ 130.606241] WARNING: CPU: 1 PID: 3853 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 130.606852] Modules linked in: [ 130.607071] CPU: 1 PID: 3853 Comm: syz-executor.7 Not tainted 6.0.0-rc6-next-20220921 #1 [ 130.607609] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 130.608344] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 130.608712] Code: 5e 41 5f e9 9b b9 ef ff e8 96 b9 ef ff 65 8b 1d 2b 12 ac 7e 31 ff 89 de e8 36 b6 ef ff 85 db 0f 84 8a 00 00 00 e8 79 b9 ef ff <0f> 0b e9 a5 fe ff ff e8 6d b9 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 130.609890] RSP: 0018:ffff88803491fc48 EFLAGS: 00010006 [ 130.610244] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 130.610713] RDX: ffff88800ffa5040 RSI: ffffffff815663a7 RDI: 0000000000000005 [ 130.611194] RBP: ffff888034920000 R08: 0000000000000005 R09: 0000000000000001 [ 130.611666] R10: 0000000000000000 R11: ffffffff865b005b R12: ffff88800fc81400 [ 130.612196] R13: ffff88806cf3d140 R14: ffffffff8547d0e0 R15: 0000000000000002 [ 130.612722] FS: 00007fd38f033700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 130.613319] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 130.613756] CR2: 00007fffe465dbe8 CR3: 000000003cb98000 CR4: 0000000000350ee0 [ 130.614290] Call Trace: [ 130.614491] [ 130.614674] ctx_sched_out+0x8f1/0xc10 [ 130.614981] __perf_event_task_sched_out+0x6d0/0x18d0 [ 130.615373] ? lock_is_held_type+0xd7/0x130 [ 130.615699] ? __perf_cgroup_move+0x160/0x160 [ 130.616038] ? set_next_entity+0x304/0x550 [ 130.616363] ? update_curr+0x267/0x740 [ 130.616665] ? lock_is_held_type+0xd7/0x130 [ 130.616993] __schedule+0xedd/0x2470 [ 130.617277] ? io_schedule_timeout+0x150/0x150 [ 130.617627] ? rcu_read_lock_sched_held+0x3e/0x80 [ 130.617994] schedule+0xda/0x1b0 [ 130.618255] exit_to_user_mode_prepare+0x114/0x1a0 [ 130.618617] syscall_exit_to_user_mode+0x19/0x40 [ 130.618973] do_syscall_64+0x48/0x90 [ 130.619281] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 130.619676] RIP: 0033:0x7fd391abdb19 [ 130.619962] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 130.621285] RSP: 002b:00007fd38f033218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 130.621857] RAX: 0000000000000001 RBX: 00007fd391bd0f68 RCX: 00007fd391abdb19 [ 130.622388] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fd391bd0f6c [ 130.622925] RBP: 00007fd391bd0f60 R08: 000000000000000e R09: 0000000000000000 [ 130.623459] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fd391bd0f6c [ 130.623999] R13: 00007ffd5e515a0f R14: 00007fd38f033300 R15: 0000000000022000 [ 130.624532] [ 130.624712] irq event stamp: 660 [ 130.624972] hardirqs last enabled at (659): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 130.625665] hardirqs last disabled at (660): [] __schedule+0x1225/0x2470 [ 130.626281] softirqs last enabled at (408): [] __irq_exit_rcu+0x11b/0x180 [ 130.626923] softirqs last disabled at (345): [] __irq_exit_rcu+0x11b/0x180 [ 130.627570] ---[ end trace 0000000000000000 ]--- [ 130.832663] Bluetooth: hci1: command 0x041b tx timeout 12:25:30 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) clone3(&(0x7f0000000640)={0x127363500, &(0x7f00000000c0)=0xffffffffffffffff, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r1 = fsopen(&(0x7f0000000bc0)='debugfs\x00', 0x0) fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, 0x0, 0x0, 0x0) ioctl$F2FS_IOC_FLUSH_DEVICE(r1, 0x4008f50a, &(0x7f0000000000)) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) r3 = gettid() kcmp(r3, 0x0, 0x0, r2, 0xffffffffffffffff) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(r4, &(0x7f0000000300)='./file1\x00', 0x420000, 0x2) ioctl$EXT4_IOC_CHECKPOINT(r4, 0x4004662b, &(0x7f0000000340)) syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000005c0)={0x6, 0x6, 0xb6f, 0x9, 0x47c9}) socket$inet_udp(0x2, 0x2, 0x0) [ 130.896673] Bluetooth: hci2: command 0x041b tx timeout [ 131.024693] Bluetooth: hci3: command 0x041b tx timeout 12:25:30 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) clone3(&(0x7f0000000640)={0x127363500, &(0x7f00000000c0)=0xffffffffffffffff, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r1 = fsopen(&(0x7f0000000bc0)='debugfs\x00', 0x0) fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, 0x0, 0x0, 0x0) ioctl$F2FS_IOC_FLUSH_DEVICE(r1, 0x4008f50a, &(0x7f0000000000)) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) r3 = gettid() kcmp(r3, 0x0, 0x0, r2, 0xffffffffffffffff) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(r4, &(0x7f0000000300)='./file1\x00', 0x420000, 0x2) ioctl$EXT4_IOC_CHECKPOINT(r4, 0x4004662b, &(0x7f0000000340)) syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000005c0)={0x6, 0x6, 0xb6f, 0x9, 0x47c9}) socket$inet_udp(0x2, 0x2, 0x0) 12:25:30 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) clone3(&(0x7f0000000640)={0x127363500, &(0x7f00000000c0)=0xffffffffffffffff, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r1 = fsopen(&(0x7f0000000bc0)='debugfs\x00', 0x0) fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, 0x0, 0x0, 0x0) ioctl$F2FS_IOC_FLUSH_DEVICE(r1, 0x4008f50a, &(0x7f0000000000)) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) r3 = gettid() kcmp(r3, 0x0, 0x0, r2, 0xffffffffffffffff) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(r4, &(0x7f0000000300)='./file1\x00', 0x420000, 0x2) ioctl$EXT4_IOC_CHECKPOINT(r4, 0x4004662b, &(0x7f0000000340)) syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000005c0)={0x6, 0x6, 0xb6f, 0x9, 0x47c9}) socket$inet_udp(0x2, 0x2, 0x0) [ 131.152690] Bluetooth: hci4: command 0x041b tx timeout 12:25:30 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) clone3(&(0x7f0000000640)={0x127363500, &(0x7f00000000c0)=0xffffffffffffffff, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r1 = fsopen(&(0x7f0000000bc0)='debugfs\x00', 0x0) fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, 0x0, 0x0, 0x0) ioctl$F2FS_IOC_FLUSH_DEVICE(r1, 0x4008f50a, &(0x7f0000000000)) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) r3 = gettid() kcmp(r3, 0x0, 0x0, r2, 0xffffffffffffffff) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) openat(r4, &(0x7f0000000300)='./file1\x00', 0x420000, 0x2) ioctl$EXT4_IOC_CHECKPOINT(r4, 0x4004662b, &(0x7f0000000340)) syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000005c0)={0x6, 0x6, 0xb6f, 0x9, 0x47c9}) socket$inet_udp(0x2, 0x2, 0x0) [ 131.347662] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 131.349061] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 131.350447] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 131.352588] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 131.354167] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 131.355547] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 131.358717] Bluetooth: hci6: HCI_REQ-0x0c1a [ 131.742963] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 131.747042] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 131.749007] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 131.757351] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 131.759779] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 131.761175] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 131.764350] Bluetooth: hci7: HCI_REQ-0x0c1a [ 132.880675] Bluetooth: hci1: command 0x040f tx timeout [ 132.944707] Bluetooth: hci2: command 0x040f tx timeout [ 133.072678] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 133.073492] Bluetooth: hci3: command 0x040f tx timeout [ 133.200659] Bluetooth: hci4: command 0x040f tx timeout [ 133.392837] Bluetooth: hci6: command 0x0409 tx timeout [ 133.776678] Bluetooth: hci7: command 0x0409 tx timeout [ 134.928653] Bluetooth: hci1: command 0x0419 tx timeout [ 134.992737] Bluetooth: hci2: command 0x0419 tx timeout [ 135.120655] Bluetooth: hci3: command 0x0419 tx timeout [ 135.248661] Bluetooth: hci4: command 0x0419 tx timeout [ 135.440845] Bluetooth: hci6: command 0x041b tx timeout [ 135.824659] Bluetooth: hci7: command 0x041b tx timeout [ 137.424654] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 137.488852] Bluetooth: hci6: command 0x040f tx timeout [ 137.872686] Bluetooth: hci7: command 0x040f tx timeout [ 139.536834] Bluetooth: hci6: command 0x0419 tx timeout [ 139.861149] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 139.862601] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 139.864258] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 139.867107] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 139.868732] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 139.870245] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 139.875345] Bluetooth: hci0: HCI_REQ-0x0c1a [ 139.920692] Bluetooth: hci7: command 0x0419 tx timeout VM DIAGNOSIS: 12:25:30 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=0000000000000000 RCX=0000000000000000 RDX=ffff88800f96d040 RSI=0000000000000000 RDI=000055f8b7ff99a0 RBP=ffff88803c527f58 RSP=ffff88803c527f18 R8 =0000000000000000 R9 =ffffffff85b044d7 R10=fffffbfff0b6089a R11=0000000000000001 R12=0000000000000014 R13=0000000000000000 R14=000055f8b7ff99a0 R15=0000000000000000 RIP=ffffffff81125122 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fe20a0b8540 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055f8b7ff99a0 CR3=00000000381ba000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 ff00000000000000 0000000000000000 YMM02=0000000000000000 0000000000000000 00ff000000000000 0000000000000000 YMM03=0000000000000000 0000000000000000 0000000000000000 0000ff00000000ff YMM04=0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=0000000000000031 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822b1c91 RDI=ffffffff87645ba0 RBP=ffffffff87645b60 RSP=ffff88803491f698 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000031 R11=0000000000000001 R12=0000000000000031 R13=ffffffff87645b60 R14=0000000000000010 R15=ffffffff822b1c80 RIP=ffffffff822b1ce9 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fd38f033700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fffe465dbe8 CR3=000000003cb98000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007fd391ba47c0 00007fd391ba47c8 YMM02=0000000000000000 0000000000000000 00007fd391ba47e0 00007fd391ba47c0 YMM03=0000000000000000 0000000000000000 00007fd391ba47c8 00007fd391ba47c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000