Warning: Permanently added '[localhost]:24606' (ECDSA) to the list of known hosts. 2022/09/23 12:41:55 fuzzer started 2022/09/23 12:41:56 dialing manager at localhost:38881 syzkaller login: [ 43.629793] cgroup: Unknown subsys name 'net' [ 43.822841] cgroup: Unknown subsys name 'rlimit' 2022/09/23 12:42:11 syscalls: 2215 2022/09/23 12:42:11 code coverage: enabled 2022/09/23 12:42:11 comparison tracing: enabled 2022/09/23 12:42:11 extra coverage: enabled 2022/09/23 12:42:11 setuid sandbox: enabled 2022/09/23 12:42:11 namespace sandbox: enabled 2022/09/23 12:42:11 Android sandbox: enabled 2022/09/23 12:42:11 fault injection: enabled 2022/09/23 12:42:11 leak checking: enabled 2022/09/23 12:42:11 net packet injection: enabled 2022/09/23 12:42:11 net device setup: enabled 2022/09/23 12:42:11 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/23 12:42:11 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/23 12:42:11 USB emulation: enabled 2022/09/23 12:42:11 hci packet injection: enabled 2022/09/23 12:42:11 wifi device emulation: failed to parse kernel version (6.0.0-rc6-next-20220923) 2022/09/23 12:42:11 802.15.4 emulation: enabled 2022/09/23 12:42:11 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/23 12:42:11 fetching corpus: 42, signal 19036/22628 (executing program) 2022/09/23 12:42:11 fetching corpus: 92, signal 33038/37988 (executing program) 2022/09/23 12:42:11 fetching corpus: 142, signal 43479/49604 (executing program) 2022/09/23 12:42:11 fetching corpus: 192, signal 48528/55889 (executing program) 2022/09/23 12:42:11 fetching corpus: 242, signal 61336/69278 (executing program) 2022/09/23 12:42:11 fetching corpus: 292, signal 65638/74564 (executing program) 2022/09/23 12:42:12 fetching corpus: 342, signal 72083/81725 (executing program) 2022/09/23 12:42:12 fetching corpus: 392, signal 76947/87357 (executing program) 2022/09/23 12:42:12 fetching corpus: 442, signal 79793/91011 (executing program) 2022/09/23 12:42:12 fetching corpus: 492, signal 82166/94244 (executing program) 2022/09/23 12:42:12 fetching corpus: 542, signal 87751/100216 (executing program) 2022/09/23 12:42:12 fetching corpus: 592, signal 90307/103449 (executing program) 2022/09/23 12:42:12 fetching corpus: 642, signal 91685/105620 (executing program) 2022/09/23 12:42:13 fetching corpus: 692, signal 94357/108859 (executing program) 2022/09/23 12:42:13 fetching corpus: 742, signal 96174/111307 (executing program) 2022/09/23 12:42:13 fetching corpus: 792, signal 97790/113544 (executing program) 2022/09/23 12:42:13 fetching corpus: 842, signal 101167/117183 (executing program) 2022/09/23 12:42:13 fetching corpus: 892, signal 103079/119561 (executing program) 2022/09/23 12:42:13 fetching corpus: 942, signal 106435/123031 (executing program) 2022/09/23 12:42:13 fetching corpus: 992, signal 108316/125351 (executing program) 2022/09/23 12:42:13 fetching corpus: 1042, signal 110170/127590 (executing program) 2022/09/23 12:42:13 fetching corpus: 1092, signal 111670/129520 (executing program) 2022/09/23 12:42:14 fetching corpus: 1142, signal 112988/131227 (executing program) 2022/09/23 12:42:14 fetching corpus: 1192, signal 114892/133412 (executing program) 2022/09/23 12:42:14 fetching corpus: 1242, signal 116923/135643 (executing program) 2022/09/23 12:42:14 fetching corpus: 1292, signal 118242/137287 (executing program) 2022/09/23 12:42:14 fetching corpus: 1342, signal 119974/139225 (executing program) 2022/09/23 12:42:14 fetching corpus: 1392, signal 121556/140967 (executing program) 2022/09/23 12:42:14 fetching corpus: 1442, signal 122536/142320 (executing program) 2022/09/23 12:42:14 fetching corpus: 1492, signal 124033/144017 (executing program) 2022/09/23 12:42:15 fetching corpus: 1542, signal 125521/145610 (executing program) 2022/09/23 12:42:15 fetching corpus: 1592, signal 126897/147144 (executing program) 2022/09/23 12:42:15 fetching corpus: 1642, signal 128476/148842 (executing program) 2022/09/23 12:42:15 fetching corpus: 1692, signal 129219/149970 (executing program) 2022/09/23 12:42:15 fetching corpus: 1742, signal 131166/151800 (executing program) 2022/09/23 12:42:15 fetching corpus: 1792, signal 132626/153249 (executing program) 2022/09/23 12:42:15 fetching corpus: 1842, signal 134355/154805 (executing program) 2022/09/23 12:42:15 fetching corpus: 1892, signal 135282/155868 (executing program) 2022/09/23 12:42:15 fetching corpus: 1942, signal 136710/157186 (executing program) 2022/09/23 12:42:16 fetching corpus: 1992, signal 138305/158693 (executing program) 2022/09/23 12:42:16 fetching corpus: 2042, signal 139584/159854 (executing program) 2022/09/23 12:42:16 fetching corpus: 2092, signal 141384/161297 (executing program) 2022/09/23 12:42:16 fetching corpus: 2142, signal 142112/162175 (executing program) 2022/09/23 12:42:16 fetching corpus: 2192, signal 143355/163239 (executing program) 2022/09/23 12:42:16 fetching corpus: 2242, signal 144977/164472 (executing program) 2022/09/23 12:42:16 fetching corpus: 2292, signal 145430/165138 (executing program) 2022/09/23 12:42:16 fetching corpus: 2342, signal 146981/166276 (executing program) 2022/09/23 12:42:16 fetching corpus: 2392, signal 147837/167081 (executing program) 2022/09/23 12:42:17 fetching corpus: 2442, signal 148859/167991 (executing program) 2022/09/23 12:42:17 fetching corpus: 2492, signal 149634/168732 (executing program) 2022/09/23 12:42:17 fetching corpus: 2542, signal 150716/169592 (executing program) 2022/09/23 12:42:17 fetching corpus: 2592, signal 152174/170556 (executing program) 2022/09/23 12:42:17 fetching corpus: 2642, signal 152791/171182 (executing program) 2022/09/23 12:42:17 fetching corpus: 2692, signal 154256/172056 (executing program) 2022/09/23 12:42:17 fetching corpus: 2742, signal 155014/172695 (executing program) 2022/09/23 12:42:17 fetching corpus: 2792, signal 155915/173347 (executing program) 2022/09/23 12:42:17 fetching corpus: 2842, signal 157131/174145 (executing program) 2022/09/23 12:42:17 fetching corpus: 2892, signal 157952/174719 (executing program) 2022/09/23 12:42:18 fetching corpus: 2942, signal 158887/175358 (executing program) 2022/09/23 12:42:18 fetching corpus: 2992, signal 159896/176007 (executing program) 2022/09/23 12:42:18 fetching corpus: 3042, signal 160591/176490 (executing program) 2022/09/23 12:42:18 fetching corpus: 3092, signal 161976/177214 (executing program) 2022/09/23 12:42:18 fetching corpus: 3142, signal 162449/177610 (executing program) 2022/09/23 12:42:18 fetching corpus: 3192, signal 163209/178029 (executing program) 2022/09/23 12:42:18 fetching corpus: 3242, signal 164305/178574 (executing program) 2022/09/23 12:42:18 fetching corpus: 3292, signal 164738/178871 (executing program) 2022/09/23 12:42:19 fetching corpus: 3342, signal 165446/179258 (executing program) 2022/09/23 12:42:19 fetching corpus: 3392, signal 166348/179657 (executing program) 2022/09/23 12:42:19 fetching corpus: 3442, signal 167010/179987 (executing program) 2022/09/23 12:42:19 fetching corpus: 3492, signal 167934/180366 (executing program) 2022/09/23 12:42:19 fetching corpus: 3542, signal 169209/180762 (executing program) 2022/09/23 12:42:19 fetching corpus: 3592, signal 169860/181022 (executing program) 2022/09/23 12:42:19 fetching corpus: 3642, signal 170855/181353 (executing program) 2022/09/23 12:42:19 fetching corpus: 3692, signal 171462/181605 (executing program) 2022/09/23 12:42:20 fetching corpus: 3742, signal 172344/181867 (executing program) 2022/09/23 12:42:20 fetching corpus: 3792, signal 173276/182140 (executing program) 2022/09/23 12:42:20 fetching corpus: 3842, signal 174237/182385 (executing program) 2022/09/23 12:42:20 fetching corpus: 3892, signal 174859/182557 (executing program) 2022/09/23 12:42:20 fetching corpus: 3942, signal 175894/182815 (executing program) 2022/09/23 12:42:20 fetching corpus: 3992, signal 176836/182998 (executing program) 2022/09/23 12:42:20 fetching corpus: 4042, signal 177538/183155 (executing program) 2022/09/23 12:42:21 fetching corpus: 4092, signal 178701/183350 (executing program) 2022/09/23 12:42:21 fetching corpus: 4112, signal 178918/183478 (executing program) 2022/09/23 12:42:21 fetching corpus: 4112, signal 178918/183528 (executing program) 2022/09/23 12:42:21 fetching corpus: 4112, signal 178918/183579 (executing program) 2022/09/23 12:42:21 fetching corpus: 4112, signal 178918/183622 (executing program) 2022/09/23 12:42:21 fetching corpus: 4112, signal 178918/183679 (executing program) 2022/09/23 12:42:21 fetching corpus: 4112, signal 178918/183726 (executing program) 2022/09/23 12:42:21 fetching corpus: 4112, signal 178918/183766 (executing program) 2022/09/23 12:42:21 fetching corpus: 4112, signal 178918/183766 (executing program) 2022/09/23 12:42:23 starting 8 fuzzer processes 12:42:23 executing program 0: set_mempolicy(0x0, &(0x7f0000000000)=0x1, 0x8) set_mempolicy(0x0, &(0x7f0000000040)=0x6, 0x7ff) set_mempolicy(0x0, &(0x7f0000000080)=0x1, 0xfffffffffffffffc) set_mempolicy(0x0, &(0x7f00000000c0)=0x8, 0xa9) set_mempolicy(0x3, &(0x7f0000000100)=0x8, 0x6) set_mempolicy(0x3, &(0x7f0000000140)=0x8, 0x5) set_mempolicy(0x0, &(0x7f0000000180), 0x1) set_mempolicy(0x4000, &(0x7f00000001c0)=0x9f1, 0xfffffffffffeffff) set_mempolicy(0x2, &(0x7f0000000200)=0xee, 0x0) set_mempolicy(0x1, &(0x7f0000000240)=0x4, 0x1) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x34, &(0x7f0000000280)={0x10, 0x3, 0x2}) set_mempolicy(0x0, &(0x7f0000000300)=0x5, 0x1) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000380)) 12:42:23 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, 0x0, 0x0) 12:42:23 executing program 2: syz_emit_ethernet(0x1d, &(0x7f0000000000)={@local, @random="7700c24d06a7", @void, {@ipv4={0x800, @igmp={{0x6, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x2, 0x0, @dev, @private, {[@lsrr={0x83, 0x1}]}}, {0x0, 0x0, 0x0, @dev}}}}}, 0x0) [ 71.043962] audit: type=1400 audit(1663936943.716:6): avc: denied { execmem } for pid=287 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 12:42:23 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0x2288, &(0x7f0000000000)) 12:42:23 executing program 3: keyctl$KEYCTL_PKEY_VERIFY(0xe, &(0x7f0000000c00), 0x0, 0x0, 0x0) 12:42:23 executing program 5: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, &(0x7f0000001540)={[{@jqfmt_vfsold}, {@journal_checksum}, {@noacl}], [{@smackfshat={'smackfshat', 0x3d, ']\f-['}}]}) 12:42:23 executing program 6: r0 = epoll_create1(0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000bc0)={0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000c00)={0x4}) 12:42:23 executing program 7: r0 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="fd", 0x1, r0) r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, &(0x7f0000000180)='asymmetric\x00', &(0x7f00000000c0)=@keyring={'key_or_keyring:', r1}) keyctl$KEYCTL_MOVE(0x1e, r1, r0, r2, 0x0) [ 72.366913] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 72.369113] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 72.370778] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 72.374158] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 72.404128] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 72.405560] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 72.406764] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 72.407975] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 72.410765] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 72.413075] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 72.414546] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 72.416223] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 72.417463] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 72.418713] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 72.420059] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 72.421342] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 72.422983] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 72.424313] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 72.428622] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 72.430254] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 72.431426] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 72.435745] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 72.437153] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 72.438400] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 72.439792] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 72.445724] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 72.450427] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 72.455250] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 72.456833] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 72.458303] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 72.459500] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 72.460828] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 72.462515] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 72.463811] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 72.468437] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 72.469755] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 72.469964] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 72.474258] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 72.475601] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 72.477437] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 72.478772] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 72.480258] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 72.480857] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 72.484942] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 72.489172] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 72.494946] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 72.496054] Bluetooth: hci7: HCI_REQ-0x0c1a [ 72.498115] Bluetooth: hci4: HCI_REQ-0x0c1a [ 72.498682] Bluetooth: hci1: HCI_REQ-0x0c1a [ 72.499291] Bluetooth: hci0: HCI_REQ-0x0c1a [ 72.499770] Bluetooth: hci2: HCI_REQ-0x0c1a [ 72.504801] Bluetooth: hci3: HCI_REQ-0x0c1a [ 72.515502] Bluetooth: hci6: HCI_REQ-0x0c1a [ 72.519508] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 72.534291] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 72.539597] Bluetooth: hci5: HCI_REQ-0x0c1a [ 74.548004] Bluetooth: hci5: command 0x0409 tx timeout [ 74.548026] Bluetooth: hci0: command 0x0409 tx timeout [ 74.549242] Bluetooth: hci7: command 0x0409 tx timeout [ 74.550066] Bluetooth: hci6: command 0x0409 tx timeout [ 74.550747] Bluetooth: hci1: command 0x0409 tx timeout [ 74.551435] Bluetooth: hci4: command 0x0409 tx timeout [ 74.552032] Bluetooth: hci3: command 0x0409 tx timeout [ 74.612035] Bluetooth: hci2: command 0x0409 tx timeout [ 76.594940] Bluetooth: hci4: command 0x041b tx timeout [ 76.595023] Bluetooth: hci1: command 0x041b tx timeout [ 76.595409] Bluetooth: hci6: command 0x041b tx timeout [ 76.595837] Bluetooth: hci7: command 0x041b tx timeout [ 76.596641] Bluetooth: hci0: command 0x041b tx timeout [ 76.596964] Bluetooth: hci5: command 0x041b tx timeout [ 76.597398] Bluetooth: hci3: command 0x041b tx timeout [ 76.658925] Bluetooth: hci2: command 0x041b tx timeout [ 78.643000] Bluetooth: hci5: command 0x040f tx timeout [ 78.643084] Bluetooth: hci0: command 0x040f tx timeout [ 78.643465] Bluetooth: hci7: command 0x040f tx timeout [ 78.644176] Bluetooth: hci6: command 0x040f tx timeout [ 78.645129] Bluetooth: hci3: command 0x040f tx timeout [ 78.645222] Bluetooth: hci1: command 0x040f tx timeout [ 78.645542] Bluetooth: hci4: command 0x040f tx timeout [ 78.707940] Bluetooth: hci2: command 0x040f tx timeout [ 80.690982] Bluetooth: hci1: command 0x0419 tx timeout [ 80.691040] Bluetooth: hci4: command 0x0419 tx timeout [ 80.691450] Bluetooth: hci3: command 0x0419 tx timeout [ 80.692279] Bluetooth: hci7: command 0x0419 tx timeout [ 80.692312] Bluetooth: hci6: command 0x0419 tx timeout [ 80.692340] Bluetooth: hci0: command 0x0419 tx timeout [ 80.692367] Bluetooth: hci5: command 0x0419 tx timeout [ 80.754959] Bluetooth: hci2: command 0x0419 tx timeout 12:43:20 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0x2288, &(0x7f0000000000)) 12:43:20 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0x2288, &(0x7f0000000000)) 12:43:20 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0x2288, &(0x7f0000000000)) 12:43:21 executing program 4: syz_io_uring_setup(0x0, &(0x7f0000000040), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) 12:43:21 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xfffffffffffffffe}, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r0, 0x0, 0x100000) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x2000, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r2) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000000)={@dev}, 0x14) getsockname$packet(r2, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000200)=0x14) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r1, 0x89fb, &(0x7f0000000240)={'ip6gre0\x00', &(0x7f0000000300)={'syztnl2\x00', 0x0, 0x4, 0xfe, 0x40, 0x5, 0x32, @ipv4={'\x00', '\xff\xff', @local}, @initdev={0xfe, 0x88, '\x00', 0x2, 0x0}, 0x7, 0x7800, 0x10001}}) socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_audit(0x10, 0x3, 0x9) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000000)={@dev={0xfe, 0x80, '\x00', 0xfd}}, 0x14) r3 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2080000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000400)={0x3, 0x80, 0x6, 0x5, 0x1, 0x3f, 0x0, 0x3ff, 0x50000, 0x4, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3b, 0x1, @perf_config_ext={0x1, 0x7fff}, 0xa8, 0x1, 0x20, 0x0, 0x0, 0x7fffffff, 0x9, 0x0, 0x4, 0x0, 0xdeb}, 0x0, 0x3, r3, 0x3) [ 128.691139] audit: type=1400 audit(1663937001.363:7): avc: denied { open } for pid=3780 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 128.694291] audit: type=1400 audit(1663937001.364:8): avc: denied { kernel } for pid=3780 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 128.704005] ------------[ cut here ]------------ [ 128.704026] [ 128.704031] ====================================================== [ 128.704034] WARNING: possible circular locking dependency detected [ 128.704038] 6.0.0-rc6-next-20220923 #1 Not tainted [ 128.704045] ------------------------------------------------------ [ 128.704048] syz-executor.4/3781 is trying to acquire lock: [ 128.704054] ffffffff853faaf8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 128.704094] [ 128.704094] but task is already holding lock: [ 128.704096] ffff88803f40cc20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 128.704125] [ 128.704125] which lock already depends on the new lock. [ 128.704125] [ 128.704127] [ 128.704127] the existing dependency chain (in reverse order) is: [ 128.704131] [ 128.704131] -> #3 (&ctx->lock){....}-{2:2}: [ 128.704144] _raw_spin_lock+0x2a/0x40 [ 128.704163] __perf_event_task_sched_out+0x53b/0x18d0 [ 128.704175] __schedule+0xedd/0x2470 [ 128.704188] schedule+0xda/0x1b0 [ 128.704201] exit_to_user_mode_prepare+0x114/0x1a0 [ 128.704213] syscall_exit_to_user_mode+0x19/0x40 [ 128.704225] do_syscall_64+0x48/0x90 [ 128.704242] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 128.704254] [ 128.704254] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 128.704267] _raw_spin_lock_nested+0x30/0x40 [ 128.704285] raw_spin_rq_lock_nested+0x1e/0x30 [ 128.704298] task_fork_fair+0x63/0x4d0 [ 128.704315] sched_cgroup_fork+0x3d0/0x540 [ 128.704328] copy_process+0x4183/0x6e20 [ 128.704338] kernel_clone+0xe7/0x890 [ 128.704348] user_mode_thread+0xad/0xf0 [ 128.704358] rest_init+0x24/0x250 [ 128.704369] arch_call_rest_init+0xf/0x14 [ 128.704386] start_kernel+0x4c1/0x4e6 [ 128.704401] secondary_startup_64_no_verify+0xe0/0xeb [ 128.704415] [ 128.704415] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 128.704429] _raw_spin_lock_irqsave+0x39/0x60 [ 128.704447] try_to_wake_up+0xab/0x1930 [ 128.704460] up+0x75/0xb0 [ 128.704473] __up_console_sem+0x6e/0x80 [ 128.704488] console_unlock+0x46a/0x590 [ 128.704503] vt_ioctl+0x2822/0x2ca0 [ 128.704517] tty_ioctl+0x7c4/0x1700 [ 128.704529] __x64_sys_ioctl+0x19a/0x210 [ 128.704544] do_syscall_64+0x3b/0x90 [ 128.704560] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 128.704572] [ 128.704572] -> #0 ((console_sem).lock){....}-{2:2}: [ 128.704586] __lock_acquire+0x2a02/0x5e70 [ 128.704602] lock_acquire+0x1a2/0x530 [ 128.704617] _raw_spin_lock_irqsave+0x39/0x60 [ 128.704635] down_trylock+0xe/0x70 [ 128.704650] __down_trylock_console_sem+0x3b/0xd0 [ 128.704685] vprintk_emit+0x16b/0x560 [ 128.704700] vprintk+0x84/0xa0 [ 128.704716] _printk+0xba/0xf1 [ 128.704727] report_bug.cold+0x72/0xab [ 128.704742] handle_bug+0x3c/0x70 [ 128.704758] exc_invalid_op+0x14/0x50 [ 128.704774] asm_exc_invalid_op+0x16/0x20 [ 128.704785] group_sched_out.part.0+0x2c7/0x460 [ 128.704796] ctx_sched_out+0x8f1/0xc10 [ 128.704806] __perf_event_task_sched_out+0x6d0/0x18d0 [ 128.704818] __schedule+0xedd/0x2470 [ 128.704831] schedule+0xda/0x1b0 [ 128.704844] exit_to_user_mode_prepare+0x114/0x1a0 [ 128.704854] syscall_exit_to_user_mode+0x19/0x40 [ 128.704866] do_syscall_64+0x48/0x90 [ 128.704882] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 128.704894] [ 128.704894] other info that might help us debug this: [ 128.704894] [ 128.704896] Chain exists of: [ 128.704896] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 128.704896] [ 128.704911] Possible unsafe locking scenario: [ 128.704911] [ 128.704913] CPU0 CPU1 [ 128.704916] ---- ---- [ 128.704918] lock(&ctx->lock); [ 128.704923] lock(&rq->__lock); [ 128.704929] lock(&ctx->lock); [ 128.704936] lock((console_sem).lock); [ 128.704941] [ 128.704941] *** DEADLOCK *** [ 128.704941] [ 128.704943] 2 locks held by syz-executor.4/3781: [ 128.704950] #0: ffff88806ce37d18 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 128.704978] #1: ffff88803f40cc20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 128.705006] [ 128.705006] stack backtrace: [ 128.705008] CPU: 0 PID: 3781 Comm: syz-executor.4 Not tainted 6.0.0-rc6-next-20220923 #1 [ 128.705021] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 128.705029] Call Trace: [ 128.705032] [ 128.705036] dump_stack_lvl+0x8b/0xb3 [ 128.705054] check_noncircular+0x263/0x2e0 [ 128.705070] ? format_decode+0x26c/0xb50 [ 128.705087] ? print_circular_bug+0x450/0x450 [ 128.705103] ? enable_ptr_key_workfn+0x20/0x20 [ 128.705119] ? format_decode+0x26c/0xb50 [ 128.705136] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 128.705153] __lock_acquire+0x2a02/0x5e70 [ 128.705175] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 128.705197] lock_acquire+0x1a2/0x530 [ 128.705213] ? down_trylock+0xe/0x70 [ 128.705229] ? lock_release+0x750/0x750 [ 128.705249] ? vprintk+0x84/0xa0 [ 128.705267] _raw_spin_lock_irqsave+0x39/0x60 [ 128.705286] ? down_trylock+0xe/0x70 [ 128.705301] down_trylock+0xe/0x70 [ 128.705316] ? vprintk+0x84/0xa0 [ 128.705333] __down_trylock_console_sem+0x3b/0xd0 [ 128.705350] vprintk_emit+0x16b/0x560 [ 128.705368] vprintk+0x84/0xa0 [ 128.705385] _printk+0xba/0xf1 [ 128.705396] ? record_print_text.cold+0x16/0x16 [ 128.705411] ? report_bug.cold+0x66/0xab [ 128.705429] ? group_sched_out.part.0+0x2c7/0x460 [ 128.705440] report_bug.cold+0x72/0xab [ 128.705458] handle_bug+0x3c/0x70 [ 128.705475] exc_invalid_op+0x14/0x50 [ 128.705492] asm_exc_invalid_op+0x16/0x20 [ 128.705504] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 128.705518] Code: 5e 41 5f e9 5b bb ef ff e8 56 bb ef ff 65 8b 1d 1b 26 ac 7e 31 ff 89 de e8 f6 b7 ef ff 85 db 0f 84 8a 00 00 00 e8 39 bb ef ff <0f> 0b e9 a5 fe ff ff e8 2d bb ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 128.705530] RSP: 0018:ffff88803d697c48 EFLAGS: 00010006 [ 128.705539] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 128.705546] RDX: ffff8880184e0000 RSI: ffffffff81564fb7 RDI: 0000000000000005 [ 128.705554] RBP: ffff8880086685c8 R08: 0000000000000005 R09: 0000000000000001 [ 128.705561] R10: 0000000000000000 R11: ffffffff865b001b R12: ffff88803f40cc00 [ 128.705568] R13: ffff88806ce3d140 R14: ffffffff8547d040 R15: 0000000000000002 [ 128.705579] ? group_sched_out.part.0+0x2c7/0x460 [ 128.705592] ? group_sched_out.part.0+0x2c7/0x460 [ 128.705605] ctx_sched_out+0x8f1/0xc10 [ 128.705618] __perf_event_task_sched_out+0x6d0/0x18d0 [ 128.705633] ? lock_is_held_type+0xd7/0x130 [ 128.705647] ? __perf_cgroup_move+0x160/0x160 [ 128.705659] ? set_next_entity+0x304/0x550 [ 128.705676] ? update_curr+0x267/0x740 [ 128.705694] ? lock_is_held_type+0xd7/0x130 [ 128.705707] __schedule+0xedd/0x2470 [ 128.705723] ? io_schedule_timeout+0x150/0x150 [ 128.705739] ? rcu_read_lock_sched_held+0x3e/0x80 [ 128.705759] schedule+0xda/0x1b0 [ 128.705773] exit_to_user_mode_prepare+0x114/0x1a0 [ 128.705785] syscall_exit_to_user_mode+0x19/0x40 [ 128.705798] do_syscall_64+0x48/0x90 [ 128.705815] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 128.705828] RIP: 0033:0x7ff110c31b19 [ 128.705836] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 128.705847] RSP: 002b:00007ff10e1a7218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 128.705858] RAX: 0000000000000001 RBX: 00007ff110d44f68 RCX: 00007ff110c31b19 [ 128.705865] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ff110d44f6c [ 128.705872] RBP: 00007ff110d44f60 R08: 000000000000000e R09: 0000000000000000 [ 128.705879] R10: 0000000000000005 R11: 0000000000000246 R12: 00007ff110d44f6c [ 128.705886] R13: 00007ffef59c9d4f R14: 00007ff10e1a7300 R15: 0000000000022000 [ 128.705899] [ 128.761482] WARNING: CPU: 0 PID: 3781 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 128.762158] Modules linked in: [ 128.762406] CPU: 0 PID: 3781 Comm: syz-executor.4 Not tainted 6.0.0-rc6-next-20220923 #1 [ 128.763013] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 128.763848] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 128.764250] Code: 5e 41 5f e9 5b bb ef ff e8 56 bb ef ff 65 8b 1d 1b 26 ac 7e 31 ff 89 de e8 f6 b7 ef ff 85 db 0f 84 8a 00 00 00 e8 39 bb ef ff <0f> 0b e9 a5 fe ff ff e8 2d bb ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 128.765615] RSP: 0018:ffff88803d697c48 EFLAGS: 00010006 [ 128.766027] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 128.766563] RDX: ffff8880184e0000 RSI: ffffffff81564fb7 RDI: 0000000000000005 [ 128.767094] RBP: ffff8880086685c8 R08: 0000000000000005 R09: 0000000000000001 [ 128.767621] R10: 0000000000000000 R11: ffffffff865b001b R12: ffff88803f40cc00 [ 128.768152] R13: ffff88806ce3d140 R14: ffffffff8547d040 R15: 0000000000000002 [ 128.768688] FS: 00007ff10e1a7700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 128.769289] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.769721] CR2: 00007fecb898d620 CR3: 0000000015e00000 CR4: 0000000000350ef0 [ 128.770251] Call Trace: [ 128.770452] [ 128.770625] ctx_sched_out+0x8f1/0xc10 [ 128.770924] __perf_event_task_sched_out+0x6d0/0x18d0 [ 128.771306] ? lock_is_held_type+0xd7/0x130 [ 128.771626] ? __perf_cgroup_move+0x160/0x160 [ 128.771963] ? set_next_entity+0x304/0x550 [ 128.772285] ? update_curr+0x267/0x740 [ 128.772586] ? lock_is_held_type+0xd7/0x130 [ 128.772923] __schedule+0xedd/0x2470 [ 128.773212] ? io_schedule_timeout+0x150/0x150 [ 128.773567] ? rcu_read_lock_sched_held+0x3e/0x80 [ 128.773935] schedule+0xda/0x1b0 [ 128.774194] exit_to_user_mode_prepare+0x114/0x1a0 [ 128.774564] syscall_exit_to_user_mode+0x19/0x40 [ 128.774927] do_syscall_64+0x48/0x90 [ 128.775213] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 128.775608] RIP: 0033:0x7ff110c31b19 [ 128.775888] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 128.777241] RSP: 002b:00007ff10e1a7218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 128.777805] RAX: 0000000000000001 RBX: 00007ff110d44f68 RCX: 00007ff110c31b19 [ 128.778327] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ff110d44f6c [ 128.778857] RBP: 00007ff110d44f60 R08: 000000000000000e R09: 0000000000000000 [ 128.779389] R10: 0000000000000005 R11: 0000000000000246 R12: 00007ff110d44f6c [ 128.779918] R13: 00007ffef59c9d4f R14: 00007ff10e1a7300 R15: 0000000000022000 [ 128.780464] [ 128.780645] irq event stamp: 832 [ 128.780908] hardirqs last enabled at (831): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 128.781606] hardirqs last disabled at (832): [] __schedule+0x1225/0x2470 [ 128.782233] softirqs last enabled at (380): [] __irq_exit_rcu+0x11b/0x180 [ 128.782867] softirqs last disabled at (353): [] __irq_exit_rcu+0x11b/0x180 [ 128.783503] ---[ end trace 0000000000000000 ]--- [ 129.076886] hrtimer: interrupt took 19326 ns [ 129.739454] syz-executor.4 (3781) used greatest stack depth: 24472 bytes left 12:43:22 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xfffffffffffffffe}, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r0, 0x0, 0x100000) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x2000, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r2) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000000)={@dev}, 0x14) getsockname$packet(r2, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000200)=0x14) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r1, 0x89fb, &(0x7f0000000240)={'ip6gre0\x00', &(0x7f0000000300)={'syztnl2\x00', 0x0, 0x4, 0xfe, 0x40, 0x5, 0x32, @ipv4={'\x00', '\xff\xff', @local}, @initdev={0xfe, 0x88, '\x00', 0x2, 0x0}, 0x7, 0x7800, 0x10001}}) socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_audit(0x10, 0x3, 0x9) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000000)={@dev={0xfe, 0x80, '\x00', 0xfd}}, 0x14) r3 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2080000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000400)={0x3, 0x80, 0x6, 0x5, 0x1, 0x3f, 0x0, 0x3ff, 0x50000, 0x4, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3b, 0x1, @perf_config_ext={0x1, 0x7fff}, 0xa8, 0x1, 0x20, 0x0, 0x0, 0x7fffffff, 0x9, 0x0, 0x4, 0x0, 0xdeb}, 0x0, 0x3, r3, 0x3) 12:43:23 executing program 2: syz_emit_ethernet(0x1d, &(0x7f0000000000)={@local, @random="7700c24d06a7", @void, {@ipv4={0x800, @igmp={{0x6, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x2, 0x0, @dev, @private, {[@lsrr={0x83, 0x1}]}}, {0x0, 0x0, 0x0, @dev}}}}}, 0x0) [ 133.519185] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 133.520533] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 133.521718] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 133.525131] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 133.526801] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 133.528917] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 133.533426] Bluetooth: hci3: HCI_REQ-0x0c1a [ 135.538952] Bluetooth: hci3: command 0x0409 tx timeout [ 135.603112] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 135.603112] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 137.586955] Bluetooth: hci3: command 0x041b tx timeout [ 137.916641] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 137.918917] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 137.920594] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 137.922998] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 137.924455] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 137.926297] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 137.929372] Bluetooth: hci7: HCI_REQ-0x0c1a VM DIAGNOSIS: 12:43:21 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9 RSI=ffffffff822b17e1 RDI=ffffffff87645be0 RBP=ffffffff87645ba0 RSP=ffff88803d697678 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=0000000000000000 R13=ffffffff87645ba0 R14=ffffffff87645bf0 R15=ffffffff87645e48 RIP=ffffffff822b1839 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007ff10e1a7700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fecb898d620 CR3=0000000015e00000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007ff110d187c0 00007ff110d187c8 YMM02=0000000000000000 0000000000000000 00007ff110d187e0 00007ff110d187c0 YMM03=0000000000000000 0000000000000000 00007ff110d187c8 00007ff110d187c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=0000000000000001 RBX=ffff88806cf33b60 RCX=ffffffff842508dc RDX=ffffed100d9e676d RSI=0000000000000004 RDI=ffff88806cf33b60 RBP=ffff88806cf33b60 RSP=ffff888018177790 R8 =0000000000000000 R9 =ffff88806cf33b63 R10=ffffed100d9e676c R11=0000000000000001 R12=0000000000037aec R13=0000000000000200 R14=ffff88803dadb580 R15=0000000000000246 RIP=ffffffff842508df RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f84e8c38540 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f84e8e23620 CR3=00000000176ac000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 ff00ffffffffffff 0000000000000000 YMM01=0000000000000000 0000000000000000 0100010001000000 ffffffffffffffff YMM02=0000000000000000 0000000000000000 0500050005000000 455441564952505f YMM03=0000000000000000 0000000000000000 0000000000000000 000000564952505f YMM04=0000000000000000 0000000000000000 0003000500050005 0005000000455441 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000