Warning: Permanently added '[localhost]:30665' (ECDSA) to the list of known hosts. 2022/09/29 03:27:11 fuzzer started 2022/09/29 03:27:12 dialing manager at localhost:45751 syzkaller login: [ 45.024652] cgroup: Unknown subsys name 'net' [ 45.156848] cgroup: Unknown subsys name 'rlimit' 2022/09/29 03:27:27 syscalls: 2215 2022/09/29 03:27:27 code coverage: enabled 2022/09/29 03:27:27 comparison tracing: enabled 2022/09/29 03:27:27 extra coverage: enabled 2022/09/29 03:27:27 setuid sandbox: enabled 2022/09/29 03:27:27 namespace sandbox: enabled 2022/09/29 03:27:27 Android sandbox: enabled 2022/09/29 03:27:27 fault injection: enabled 2022/09/29 03:27:27 leak checking: enabled 2022/09/29 03:27:27 net packet injection: enabled 2022/09/29 03:27:27 net device setup: enabled 2022/09/29 03:27:27 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/29 03:27:27 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/29 03:27:27 USB emulation: enabled 2022/09/29 03:27:27 hci packet injection: enabled 2022/09/29 03:27:27 wifi device emulation: failed to parse kernel version (6.0.0-rc7-next-20220928) 2022/09/29 03:27:27 802.15.4 emulation: enabled 2022/09/29 03:27:27 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/29 03:27:27 fetching corpus: 30, signal 19922/23462 (executing program) 2022/09/29 03:27:27 fetching corpus: 62, signal 30979/35965 (executing program) 2022/09/29 03:27:27 fetching corpus: 111, signal 38379/44690 (executing program) 2022/09/29 03:27:27 fetching corpus: 161, signal 44565/52117 (executing program) 2022/09/29 03:27:27 fetching corpus: 210, signal 52983/61533 (executing program) 2022/09/29 03:27:27 fetching corpus: 259, signal 57074/66728 (executing program) 2022/09/29 03:27:28 fetching corpus: 308, signal 62238/72841 (executing program) 2022/09/29 03:27:28 fetching corpus: 357, signal 66902/78329 (executing program) 2022/09/29 03:27:28 fetching corpus: 405, signal 69329/81809 (executing program) 2022/09/29 03:27:28 fetching corpus: 455, signal 73943/87098 (executing program) 2022/09/29 03:27:28 fetching corpus: 505, signal 77948/91742 (executing program) 2022/09/29 03:27:28 fetching corpus: 555, signal 82190/96504 (executing program) 2022/09/29 03:27:28 fetching corpus: 605, signal 84974/99950 (executing program) 2022/09/29 03:27:28 fetching corpus: 655, signal 86914/102643 (executing program) 2022/09/29 03:27:29 fetching corpus: 705, signal 89304/105652 (executing program) 2022/09/29 03:27:29 fetching corpus: 755, signal 92022/108907 (executing program) 2022/09/29 03:27:29 fetching corpus: 805, signal 94135/111669 (executing program) 2022/09/29 03:27:29 fetching corpus: 855, signal 95748/113908 (executing program) 2022/09/29 03:27:29 fetching corpus: 905, signal 98258/116806 (executing program) 2022/09/29 03:27:29 fetching corpus: 955, signal 100332/119302 (executing program) 2022/09/29 03:27:29 fetching corpus: 1005, signal 101955/121374 (executing program) 2022/09/29 03:27:29 fetching corpus: 1055, signal 104307/124041 (executing program) 2022/09/29 03:27:29 fetching corpus: 1105, signal 105983/126157 (executing program) 2022/09/29 03:27:29 fetching corpus: 1154, signal 107911/128402 (executing program) 2022/09/29 03:27:30 fetching corpus: 1204, signal 110252/130877 (executing program) 2022/09/29 03:27:30 fetching corpus: 1254, signal 111772/132811 (executing program) 2022/09/29 03:27:30 fetching corpus: 1304, signal 113238/134603 (executing program) 2022/09/29 03:27:30 fetching corpus: 1354, signal 114037/135927 (executing program) 2022/09/29 03:27:30 fetching corpus: 1404, signal 115575/137737 (executing program) 2022/09/29 03:27:30 fetching corpus: 1454, signal 117453/139714 (executing program) 2022/09/29 03:27:30 fetching corpus: 1504, signal 119332/141680 (executing program) 2022/09/29 03:27:30 fetching corpus: 1554, signal 121088/143502 (executing program) 2022/09/29 03:27:30 fetching corpus: 1604, signal 122115/144792 (executing program) 2022/09/29 03:27:31 fetching corpus: 1654, signal 125829/147787 (executing program) 2022/09/29 03:27:31 fetching corpus: 1703, signal 126956/149049 (executing program) 2022/09/29 03:27:31 fetching corpus: 1753, signal 128691/150670 (executing program) 2022/09/29 03:27:31 fetching corpus: 1803, signal 130053/152054 (executing program) 2022/09/29 03:27:31 fetching corpus: 1853, signal 131581/153463 (executing program) 2022/09/29 03:27:31 fetching corpus: 1903, signal 133610/155183 (executing program) 2022/09/29 03:27:31 fetching corpus: 1953, signal 134785/156355 (executing program) 2022/09/29 03:27:31 fetching corpus: 2003, signal 135490/157233 (executing program) 2022/09/29 03:27:31 fetching corpus: 2053, signal 136873/158476 (executing program) 2022/09/29 03:27:32 fetching corpus: 2102, signal 138466/159799 (executing program) 2022/09/29 03:27:32 fetching corpus: 2152, signal 140750/161434 (executing program) 2022/09/29 03:27:32 fetching corpus: 2202, signal 142060/162565 (executing program) 2022/09/29 03:27:32 fetching corpus: 2252, signal 143225/163613 (executing program) 2022/09/29 03:27:32 fetching corpus: 2302, signal 144094/164481 (executing program) 2022/09/29 03:27:32 fetching corpus: 2352, signal 145260/165412 (executing program) 2022/09/29 03:27:32 fetching corpus: 2402, signal 146038/166200 (executing program) 2022/09/29 03:27:32 fetching corpus: 2452, signal 146897/166966 (executing program) 2022/09/29 03:27:33 fetching corpus: 2499, signal 147834/167743 (executing program) 2022/09/29 03:27:33 fetching corpus: 2549, signal 148578/168458 (executing program) 2022/09/29 03:27:33 fetching corpus: 2599, signal 149857/169413 (executing program) 2022/09/29 03:27:33 fetching corpus: 2649, signal 150622/170101 (executing program) 2022/09/29 03:27:33 fetching corpus: 2699, signal 151579/170846 (executing program) 2022/09/29 03:27:33 fetching corpus: 2749, signal 152999/171770 (executing program) 2022/09/29 03:27:33 fetching corpus: 2799, signal 153430/172281 (executing program) 2022/09/29 03:27:33 fetching corpus: 2849, signal 154192/172915 (executing program) 2022/09/29 03:27:33 fetching corpus: 2899, signal 154600/173453 (executing program) 2022/09/29 03:27:34 fetching corpus: 2948, signal 155537/174083 (executing program) 2022/09/29 03:27:34 fetching corpus: 2998, signal 156650/174749 (executing program) 2022/09/29 03:27:34 fetching corpus: 3048, signal 157524/175311 (executing program) 2022/09/29 03:27:34 fetching corpus: 3098, signal 158338/175869 (executing program) 2022/09/29 03:27:34 fetching corpus: 3148, signal 159066/176325 (executing program) 2022/09/29 03:27:34 fetching corpus: 3198, signal 160310/176938 (executing program) 2022/09/29 03:27:34 fetching corpus: 3248, signal 161381/177470 (executing program) 2022/09/29 03:27:34 fetching corpus: 3298, signal 161887/177818 (executing program) 2022/09/29 03:27:34 fetching corpus: 3348, signal 163007/178360 (executing program) 2022/09/29 03:27:35 fetching corpus: 3398, signal 163725/178743 (executing program) 2022/09/29 03:27:35 fetching corpus: 3447, signal 164452/179124 (executing program) 2022/09/29 03:27:35 fetching corpus: 3496, signal 164743/179365 (executing program) 2022/09/29 03:27:35 fetching corpus: 3546, signal 166023/179810 (executing program) 2022/09/29 03:27:35 fetching corpus: 3596, signal 166939/180176 (executing program) 2022/09/29 03:27:35 fetching corpus: 3645, signal 167624/180526 (executing program) 2022/09/29 03:27:35 fetching corpus: 3695, signal 168647/180850 (executing program) 2022/09/29 03:27:35 fetching corpus: 3745, signal 169154/181090 (executing program) 2022/09/29 03:27:35 fetching corpus: 3795, signal 170606/181500 (executing program) 2022/09/29 03:27:36 fetching corpus: 3845, signal 171174/181707 (executing program) 2022/09/29 03:27:36 fetching corpus: 3895, signal 171925/181950 (executing program) 2022/09/29 03:27:36 fetching corpus: 3945, signal 173206/182305 (executing program) 2022/09/29 03:27:36 fetching corpus: 3993, signal 174253/182514 (executing program) 2022/09/29 03:27:36 fetching corpus: 4043, signal 175608/182846 (executing program) 2022/09/29 03:27:36 fetching corpus: 4093, signal 176391/182976 (executing program) 2022/09/29 03:27:36 fetching corpus: 4143, signal 177319/183096 (executing program) 2022/09/29 03:27:37 fetching corpus: 4184, signal 177946/183191 (executing program) 2022/09/29 03:27:37 fetching corpus: 4184, signal 177946/183255 (executing program) 2022/09/29 03:27:37 fetching corpus: 4184, signal 177946/183322 (executing program) 2022/09/29 03:27:37 fetching corpus: 4184, signal 177946/183384 (executing program) 2022/09/29 03:27:37 fetching corpus: 4184, signal 177946/183447 (executing program) 2022/09/29 03:27:37 fetching corpus: 4184, signal 177946/183477 (executing program) 2022/09/29 03:27:37 fetching corpus: 4184, signal 177946/183477 (executing program) 2022/09/29 03:27:39 starting 8 fuzzer processes 03:27:39 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_opts(r0, 0x0, 0xd, &(0x7f0000000080)=""/55, &(0x7f00000000c0)=0x37) 03:27:39 executing program 1: syz_io_uring_setup(0x7969, &(0x7f00000001c0)={0x0, 0xfc32, 0x0, 0x3, 0x109}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000240)) syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000140)='./file0\x00', 0x0, 0x4, &(0x7f0000001340)=[{&(0x7f0000001180)="260c2227cc437779885af489d4c96d7c33f81078333dedbe09a04d71b843f33fab3a34c080", 0x25, 0x9}, {&(0x7f0000001200)="817ca19976c7e9a8c231ef907c816e5da8153d72", 0x14, 0x7}, {&(0x7f0000001240)="be3ce4cd8f11413c3d4a1f720d4a36101faa959f79888c6d6590a0ae4f9d9094eb8467313d5ffe7c9d021dcedadb6d6b1658ee233355fca5a4b5e48819b3e286c48b9520f8616fb670f05d42fe4326ca3a9f91a8e7c3a52e337f90e91851f85ae35a87cc1d3185d0882e6975222ded3ed5da5bc7758f07b4975fbe0ac49791431a2a03584d515c87bad0913fd58d69502e1345a320eec56b11da12aa44af696e0739f2c9f0e22d018f", 0xa9, 0x1}, {&(0x7f0000001300), 0x0, 0x2}], 0x1a41012, &(0x7f00000013c0)={[{@mpol={'mpol', 0x3d, {'interleave', '', @void}}}, {@mpol={'mpol', 0x3d, {'interleave', '=relative', @val={0x3a, [0x39, 0x3a, 0x2c, 0x2d, 0x35, 0x15, 0x38]}}}}], [{@fsuuid={'fsuuid', 0x3d, {[0x31, 0x63, 0x37, 0x37, 0x64, 0x64, 0x65, 0x35], 0x2d, [0x1, 0x63, 0x62, 0x32], 0x2d, [0x61, 0x38, 0x30, 0x64], 0x2d, [0x64, 0x65, 0x31, 0x34], 0x2d, [0x39, 0x65, 0x37, 0x32, 0x33, 0x35, 0x62, 0x64]}}}]}) perf_event_open(0x0, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sysvipc/msg\x00', 0x0, 0x0) preadv(r0, &(0x7f00000011c0)=[{&(0x7f0000000180)=""/4096, 0x1000}], 0x1, 0x7, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x531081, 0x0) r2 = inotify_init1(0x0) dup2(r2, r1) 03:27:39 executing program 2: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000080), 0x1c3c00, 0x0) ioctl$CDROM_DISC_STATUS(r0, 0x1263) 03:27:39 executing program 3: mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1000003, 0x6d032, 0xffffffffffffffff, 0x0) 03:27:39 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000080)={'gretap0\x00', &(0x7f0000000000)={'tunl0\x00', 0x0, 0x8000, 0x0, 0x0, 0x0, {{0x6, 0x4, 0x0, 0x4, 0x18, 0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr, @loopback, {[@rr={0x7, 0x3}]}}}}}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000280), 0x4) 03:27:39 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f00000003c0)='./file1/../file0\x00', 0x101042, 0x40) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = gettid() perf_event_open(&(0x7f0000000400)={0x2, 0x80, 0x4, 0x0, 0x20, 0x0, 0x0, 0x800, 0x2000, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x5, 0x0, @perf_bp={&(0x7f0000000340), 0x2}, 0x10000, 0x0, 0x9, 0x7, 0x80000000, 0x1, 0x4006, 0x0, 0x2}, r1, 0x0, r0, 0x0) io_setup(0x7, &(0x7f0000000000)) syz_open_procfs(0x0, &(0x7f0000000040)='personality\x00') perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') clock_gettime(0x0, 0x0) timer_create(0x6, &(0x7f0000000380)={0x0, 0x1c, 0x1, @thr={&(0x7f00000001c0)="7b54d93735e580da4d4b2b1e5b24a25a8bcaf2bc41f8356ec6fa12c71614249af8fe1716f91df35223852725637e0bd619f0a83761463849c1941d2e8e5d3cd891ff19e667251cf607586223f573de3c87e5bcfc1b0efdc1170f8b091408913297abe8ae0133b2ac2e9d432e7e4284ea931c2f138bcda97300df764704007edce14f397f8338c2da279f6640d7c262142c8a996a16d4fb4d5f51d4e5423e0d355e2c2c6fcd182ca6e9f884a4332012c3a1fae0b6fe4c1e5ca7834b10477ce1f489e414b3f293504e6bbbf8a633e5918331f89f9fd30d030b", &(0x7f00000002c0)="e8688df451238387d527607ff86f50345f9daa5b2393bc2ee69dad33498d331e4521010841f5c772701aa08d344c122aee2fcb69cb53d9c4a3e4f4385e483af1f93949b6b0c52b5d2a7660371ea32859657afa5a48652841b683aec70010ae4ebce053ab6b3e521c2cd89875319b74a5ac5863cf475383afccbf06b87b93028341c6fedb1e0937cc4b5cba4b8de113999f3e3542f4391f71ce74c6c3b250f243843e1a8d54dfd0419af205f03fc3fe7407d6c4bd7808"}}, &(0x7f00000003c0)=0x0) timer_gettime(r2, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) timer_settime(0x0, 0x0, &(0x7f0000000100)={{}, {r3, r4+60000000}}, &(0x7f0000000180)) timer_delete(0x0) pselect6(0x40, &(0x7f0000000480)={0x2, 0x0, 0x800, 0x7, 0x7, 0x3, 0x0, 0xffffffffffffff0b}, &(0x7f00000004c0)={0x40, 0x0, 0x9, 0x80000001, 0x0, 0x8, 0xeb7, 0x40}, &(0x7f0000000500)={0x7, 0x2, 0x9, 0x9, 0x2, 0x5dc, 0x1, 0x29a}, &(0x7f0000000580), &(0x7f0000000600)={&(0x7f00000005c0)={[0x9]}, 0x8}) [ 71.228007] audit: type=1400 audit(1664422059.268:6): avc: denied { execmem } for pid=288 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 03:27:39 executing program 6: mq_open(&(0x7f00000001c0)='%$(\\\x00', 0x0, 0x0, &(0x7f0000000200)) 03:27:39 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000002240), 0x0, 0x0) ioctl$SG_NEXT_CMD_LEN(r0, 0x1274, 0x0) [ 72.599737] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 72.604949] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 72.605682] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 72.608995] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 72.609037] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 72.612614] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 72.616370] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 72.618096] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 72.620818] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 72.623763] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 72.628837] Bluetooth: hci1: HCI_REQ-0x0c1a [ 72.659239] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 72.673093] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 72.674681] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 72.680605] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 72.682161] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 72.683912] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 72.685445] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 72.686808] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 72.688338] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 72.689577] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 72.690739] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 72.691953] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 72.693581] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 72.695635] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 72.699631] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 72.701053] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 72.705655] Bluetooth: hci0: HCI_REQ-0x0c1a [ 72.705714] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 72.707600] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 72.710343] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 72.711869] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 72.713359] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 72.714901] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 72.716281] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 72.718101] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 72.721099] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 72.725092] Bluetooth: hci4: HCI_REQ-0x0c1a [ 72.728795] Bluetooth: hci7: HCI_REQ-0x0c1a [ 72.729287] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 72.732602] Bluetooth: hci3: HCI_REQ-0x0c1a [ 72.745134] Bluetooth: hci6: HCI_REQ-0x0c1a [ 72.791027] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 72.796807] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 72.798081] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 72.800166] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 72.802975] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 72.804325] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 72.806976] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 72.810470] Bluetooth: hci5: HCI_REQ-0x0c1a [ 72.811171] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 72.826141] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 72.829356] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 72.831257] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 72.833166] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 72.837163] Bluetooth: hci2: HCI_REQ-0x0c1a [ 74.681228] Bluetooth: hci1: command 0x0409 tx timeout [ 74.744730] Bluetooth: hci4: command 0x0409 tx timeout [ 74.745861] Bluetooth: hci3: command 0x0409 tx timeout [ 74.746844] Bluetooth: hci7: command 0x0409 tx timeout [ 74.747837] Bluetooth: hci0: command 0x0409 tx timeout [ 74.808609] Bluetooth: hci6: command 0x0409 tx timeout [ 74.872733] Bluetooth: hci2: command 0x0409 tx timeout [ 74.873900] Bluetooth: hci5: command 0x0409 tx timeout [ 76.729269] Bluetooth: hci1: command 0x041b tx timeout [ 76.792808] Bluetooth: hci0: command 0x041b tx timeout [ 76.793722] Bluetooth: hci7: command 0x041b tx timeout [ 76.794596] Bluetooth: hci3: command 0x041b tx timeout [ 76.795428] Bluetooth: hci4: command 0x041b tx timeout [ 76.856614] Bluetooth: hci6: command 0x041b tx timeout [ 76.920619] Bluetooth: hci5: command 0x041b tx timeout [ 76.921387] Bluetooth: hci2: command 0x041b tx timeout [ 78.776996] Bluetooth: hci1: command 0x040f tx timeout [ 78.840744] Bluetooth: hci4: command 0x040f tx timeout [ 78.841640] Bluetooth: hci3: command 0x040f tx timeout [ 78.842427] Bluetooth: hci7: command 0x040f tx timeout [ 78.843283] Bluetooth: hci0: command 0x040f tx timeout [ 78.905704] Bluetooth: hci6: command 0x040f tx timeout [ 78.968623] Bluetooth: hci2: command 0x040f tx timeout [ 78.969976] Bluetooth: hci5: command 0x040f tx timeout [ 80.825831] Bluetooth: hci1: command 0x0419 tx timeout [ 80.889635] Bluetooth: hci0: command 0x0419 tx timeout [ 80.890384] Bluetooth: hci7: command 0x0419 tx timeout [ 80.891132] Bluetooth: hci3: command 0x0419 tx timeout [ 80.891855] Bluetooth: hci4: command 0x0419 tx timeout [ 80.953611] Bluetooth: hci6: command 0x0419 tx timeout [ 81.017625] Bluetooth: hci5: command 0x0419 tx timeout [ 81.018352] Bluetooth: hci2: command 0x0419 tx timeout [ 129.170193] audit: type=1400 audit(1664422117.210:7): avc: denied { open } for pid=3770 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 129.171677] audit: type=1400 audit(1664422117.210:8): avc: denied { kernel } for pid=3770 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 129.191023] ------------[ cut here ]------------ [ 129.191044] [ 129.191048] ====================================================== [ 129.191051] WARNING: possible circular locking dependency detected [ 129.191056] 6.0.0-rc7-next-20220928 #1 Not tainted [ 129.191062] ------------------------------------------------------ [ 129.191066] syz-executor.5/3771 is trying to acquire lock: [ 129.191073] ffffffff853faab8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 129.191119] [ 129.191119] but task is already holding lock: [ 129.191122] ffff88800de97420 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 129.191152] [ 129.191152] which lock already depends on the new lock. [ 129.191152] [ 129.191155] [ 129.191155] the existing dependency chain (in reverse order) is: [ 129.191159] [ 129.191159] -> #3 (&ctx->lock){....}-{2:2}: [ 129.191173] _raw_spin_lock+0x2a/0x40 [ 129.191187] __perf_event_task_sched_out+0x53b/0x18d0 [ 129.191201] __schedule+0xedd/0x2470 [ 129.191219] schedule+0xda/0x1b0 [ 129.191235] exit_to_user_mode_prepare+0x114/0x1a0 [ 129.191249] syscall_exit_to_user_mode+0x19/0x40 [ 129.191265] do_syscall_64+0x48/0x90 [ 129.191277] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 129.191292] [ 129.191292] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 129.191307] _raw_spin_lock_nested+0x30/0x40 [ 129.191320] raw_spin_rq_lock_nested+0x1e/0x30 [ 129.191334] task_fork_fair+0x63/0x4d0 [ 129.191353] sched_cgroup_fork+0x3d0/0x540 [ 129.191368] copy_process+0x4183/0x6e20 [ 129.191380] kernel_clone+0xe7/0x890 [ 129.191390] user_mode_thread+0xad/0xf0 [ 129.191401] rest_init+0x24/0x250 [ 129.191416] arch_call_rest_init+0xf/0x14 [ 129.191437] start_kernel+0x4c6/0x4eb [ 129.191455] secondary_startup_64_no_verify+0xe0/0xeb [ 129.191471] [ 129.191471] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 129.191488] _raw_spin_lock_irqsave+0x39/0x60 [ 129.191501] try_to_wake_up+0xab/0x1930 [ 129.191515] up+0x75/0xb0 [ 129.191533] __up_console_sem+0x6e/0x80 [ 129.191551] console_unlock+0x46a/0x590 [ 129.191569] do_con_write+0xc05/0x1d50 [ 129.191583] con_write+0x21/0x40 [ 129.191594] n_tty_write+0x4d4/0xfe0 [ 129.191610] file_tty_write.constprop.0+0x455/0x8a0 [ 129.191624] vfs_write+0x9c3/0xd90 [ 129.191644] ksys_write+0x127/0x250 [ 129.191654] do_syscall_64+0x3b/0x90 [ 129.191664] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 129.191680] [ 129.191680] -> #0 ((console_sem).lock){....}-{2:2}: [ 129.191694] __lock_acquire+0x2a02/0x5e70 [ 129.191713] lock_acquire+0x1a2/0x530 [ 129.191731] _raw_spin_lock_irqsave+0x39/0x60 [ 129.191744] down_trylock+0xe/0x70 [ 129.191762] __down_trylock_console_sem+0x3b/0xd0 [ 129.191781] vprintk_emit+0x16b/0x560 [ 129.191799] vprintk+0x84/0xa0 [ 129.191817] _printk+0xba/0xf1 [ 129.191831] report_bug.cold+0x72/0xab [ 129.191841] handle_bug+0x3c/0x70 [ 129.191852] exc_invalid_op+0x14/0x50 [ 129.191863] asm_exc_invalid_op+0x16/0x20 [ 129.191878] group_sched_out.part.0+0x2c7/0x460 [ 129.191889] ctx_sched_out+0x8f1/0xc10 [ 129.191900] __perf_event_task_sched_out+0x6d0/0x18d0 [ 129.191914] __schedule+0xedd/0x2470 [ 129.191931] schedule+0xda/0x1b0 [ 129.191947] exit_to_user_mode_prepare+0x114/0x1a0 [ 129.191959] syscall_exit_to_user_mode+0x19/0x40 [ 129.191974] do_syscall_64+0x48/0x90 [ 129.191984] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 129.192000] [ 129.192000] other info that might help us debug this: [ 129.192000] [ 129.192003] Chain exists of: [ 129.192003] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 129.192003] [ 129.192018] Possible unsafe locking scenario: [ 129.192018] [ 129.192021] CPU0 CPU1 [ 129.192023] ---- ---- [ 129.192026] lock(&ctx->lock); [ 129.192032] lock(&rq->__lock); [ 129.192039] lock(&ctx->lock); [ 129.192045] lock((console_sem).lock); [ 129.192051] [ 129.192051] *** DEADLOCK *** [ 129.192051] [ 129.192053] 2 locks held by syz-executor.5/3771: [ 129.192061] #0: ffff88806cf37d18 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 129.192099] #1: ffff88800de97420 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 129.192129] [ 129.192129] stack backtrace: [ 129.192132] CPU: 1 PID: 3771 Comm: syz-executor.5 Not tainted 6.0.0-rc7-next-20220928 #1 [ 129.192146] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 129.192154] Call Trace: [ 129.192157] [ 129.192161] dump_stack_lvl+0x8b/0xb3 [ 129.192174] check_noncircular+0x263/0x2e0 [ 129.192193] ? format_decode+0x26c/0xb50 [ 129.192213] ? print_circular_bug+0x450/0x450 [ 129.192231] ? enable_ptr_key_workfn+0x20/0x20 [ 129.192252] ? format_decode+0x26c/0xb50 [ 129.192273] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 129.192292] __lock_acquire+0x2a02/0x5e70 [ 129.192316] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 129.192340] lock_acquire+0x1a2/0x530 [ 129.192359] ? down_trylock+0xe/0x70 [ 129.192380] ? lock_release+0x750/0x750 [ 129.192403] ? vprintk+0x84/0xa0 [ 129.192423] _raw_spin_lock_irqsave+0x39/0x60 [ 129.192436] ? down_trylock+0xe/0x70 [ 129.192456] down_trylock+0xe/0x70 [ 129.192476] ? vprintk+0x84/0xa0 [ 129.192495] __down_trylock_console_sem+0x3b/0xd0 [ 129.192514] vprintk_emit+0x16b/0x560 [ 129.192535] vprintk+0x84/0xa0 [ 129.192554] _printk+0xba/0xf1 [ 129.192568] ? record_print_text.cold+0x16/0x16 [ 129.192587] ? report_bug.cold+0x66/0xab [ 129.192599] ? group_sched_out.part.0+0x2c7/0x460 [ 129.192612] report_bug.cold+0x72/0xab [ 129.192624] handle_bug+0x3c/0x70 [ 129.192636] exc_invalid_op+0x14/0x50 [ 129.192648] asm_exc_invalid_op+0x16/0x20 [ 129.192664] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 129.192679] Code: 5e 41 5f e9 cb a9 ef ff e8 c6 a9 ef ff 65 8b 1d db 12 ac 7e 31 ff 89 de e8 66 a6 ef ff 85 db 0f 84 8a 00 00 00 e8 a9 a9 ef ff <0f> 0b e9 a5 fe ff ff e8 9d a9 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 129.192691] RSP: 0018:ffff88800eb2fc48 EFLAGS: 00010006 [ 129.192700] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 129.192708] RDX: ffff88801841d040 RSI: ffffffff815662f7 RDI: 0000000000000005 [ 129.192716] RBP: ffff88801d5d8000 R08: 0000000000000005 R09: 0000000000000001 [ 129.192724] R10: 0000000000000000 R11: ffffffff865b405b R12: ffff88800de97400 [ 129.192732] R13: ffff88806cf3d140 R14: ffffffff8547cf00 R15: 0000000000000002 [ 129.192744] ? group_sched_out.part.0+0x2c7/0x460 [ 129.192758] ? group_sched_out.part.0+0x2c7/0x460 [ 129.192773] ctx_sched_out+0x8f1/0xc10 [ 129.192786] __perf_event_task_sched_out+0x6d0/0x18d0 [ 129.192803] ? lock_is_held_type+0xd7/0x130 [ 129.192820] ? __perf_cgroup_move+0x160/0x160 [ 129.192833] ? set_next_entity+0x304/0x550 [ 129.192853] ? update_curr+0x267/0x740 [ 129.192873] ? lock_is_held_type+0xd7/0x130 [ 129.192890] __schedule+0xedd/0x2470 [ 129.192911] ? io_schedule_timeout+0x150/0x150 [ 129.192931] ? rcu_read_lock_sched_held+0x3e/0x80 [ 129.192954] schedule+0xda/0x1b0 [ 129.192972] exit_to_user_mode_prepare+0x114/0x1a0 [ 129.192985] syscall_exit_to_user_mode+0x19/0x40 [ 129.193002] do_syscall_64+0x48/0x90 [ 129.193014] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 129.193030] RIP: 0033:0x7f5fe2178b19 [ 129.193038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 129.193050] RSP: 002b:00007f5fdf6ee218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 129.193061] RAX: 0000000000000001 RBX: 00007f5fe228bf68 RCX: 00007f5fe2178b19 [ 129.193069] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f5fe228bf6c [ 129.193077] RBP: 00007f5fe228bf60 R08: 000000000000000e R09: 0000000000000000 [ 129.193084] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f5fe228bf6c [ 129.193092] R13: 00007ffd2cece30f R14: 00007f5fdf6ee300 R15: 0000000000022000 [ 129.193105] [ 129.248748] WARNING: CPU: 1 PID: 3771 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 129.249430] Modules linked in: [ 129.249676] CPU: 1 PID: 3771 Comm: syz-executor.5 Not tainted 6.0.0-rc7-next-20220928 #1 [ 129.250285] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 129.251096] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 129.251498] Code: 5e 41 5f e9 cb a9 ef ff e8 c6 a9 ef ff 65 8b 1d db 12 ac 7e 31 ff 89 de e8 66 a6 ef ff 85 db 0f 84 8a 00 00 00 e8 a9 a9 ef ff <0f> 0b e9 a5 fe ff ff e8 9d a9 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 129.252826] RSP: 0018:ffff88800eb2fc48 EFLAGS: 00010006 [ 129.253216] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 129.253739] RDX: ffff88801841d040 RSI: ffffffff815662f7 RDI: 0000000000000005 [ 129.254268] RBP: ffff88801d5d8000 R08: 0000000000000005 R09: 0000000000000001 [ 129.254791] R10: 0000000000000000 R11: ffffffff865b405b R12: ffff88800de97400 [ 129.255307] R13: ffff88806cf3d140 R14: ffffffff8547cf00 R15: 0000000000000002 [ 129.255836] FS: 00007f5fdf6ee700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 129.256436] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 129.256872] CR2: 00007f6637e341f0 CR3: 000000002070e000 CR4: 0000000000350ee0 [ 129.257402] Call Trace: [ 129.257595] [ 129.257767] ctx_sched_out+0x8f1/0xc10 [ 129.258060] __perf_event_task_sched_out+0x6d0/0x18d0 [ 129.258462] ? lock_is_held_type+0xd7/0x130 [ 129.258790] ? __perf_cgroup_move+0x160/0x160 [ 129.259121] ? set_next_entity+0x304/0x550 [ 129.259447] ? update_curr+0x267/0x740 [ 129.259750] ? lock_is_held_type+0xd7/0x130 [ 129.260074] __schedule+0xedd/0x2470 [ 129.260362] ? io_schedule_timeout+0x150/0x150 [ 129.260716] ? rcu_read_lock_sched_held+0x3e/0x80 [ 129.261087] schedule+0xda/0x1b0 [ 129.261349] exit_to_user_mode_prepare+0x114/0x1a0 [ 129.261713] syscall_exit_to_user_mode+0x19/0x40 [ 129.262062] do_syscall_64+0x48/0x90 [ 129.262346] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 129.262727] RIP: 0033:0x7f5fe2178b19 [ 129.263006] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 129.264319] RSP: 002b:00007f5fdf6ee218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 129.264873] RAX: 0000000000000001 RBX: 00007f5fe228bf68 RCX: 00007f5fe2178b19 [ 129.265398] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f5fe228bf6c [ 129.265927] RBP: 00007f5fe228bf60 R08: 000000000000000e R09: 0000000000000000 [ 129.266453] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f5fe228bf6c [ 129.266972] R13: 00007ffd2cece30f R14: 00007f5fdf6ee300 R15: 0000000000022000 [ 129.267498] [ 129.267673] irq event stamp: 800 [ 129.267917] hardirqs last enabled at (799): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 129.268592] hardirqs last disabled at (800): [] __schedule+0x1225/0x2470 [ 129.269205] softirqs last enabled at (506): [] __irq_exit_rcu+0x11b/0x180 [ 129.269835] softirqs last disabled at (497): [] __irq_exit_rcu+0x11b/0x180 [ 129.270456] ---[ end trace 0000000000000000 ]--- 03:28:37 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f00000003c0)='./file1/../file0\x00', 0x101042, 0x40) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = gettid() perf_event_open(&(0x7f0000000400)={0x2, 0x80, 0x4, 0x0, 0x20, 0x0, 0x0, 0x800, 0x2000, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x5, 0x0, @perf_bp={&(0x7f0000000340), 0x2}, 0x10000, 0x0, 0x9, 0x7, 0x80000000, 0x1, 0x4006, 0x0, 0x2}, r1, 0x0, r0, 0x0) io_setup(0x7, &(0x7f0000000000)) syz_open_procfs(0x0, &(0x7f0000000040)='personality\x00') perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') clock_gettime(0x0, 0x0) timer_create(0x6, &(0x7f0000000380)={0x0, 0x1c, 0x1, @thr={&(0x7f00000001c0)="7b54d93735e580da4d4b2b1e5b24a25a8bcaf2bc41f8356ec6fa12c71614249af8fe1716f91df35223852725637e0bd619f0a83761463849c1941d2e8e5d3cd891ff19e667251cf607586223f573de3c87e5bcfc1b0efdc1170f8b091408913297abe8ae0133b2ac2e9d432e7e4284ea931c2f138bcda97300df764704007edce14f397f8338c2da279f6640d7c262142c8a996a16d4fb4d5f51d4e5423e0d355e2c2c6fcd182ca6e9f884a4332012c3a1fae0b6fe4c1e5ca7834b10477ce1f489e414b3f293504e6bbbf8a633e5918331f89f9fd30d030b", &(0x7f00000002c0)="e8688df451238387d527607ff86f50345f9daa5b2393bc2ee69dad33498d331e4521010841f5c772701aa08d344c122aee2fcb69cb53d9c4a3e4f4385e483af1f93949b6b0c52b5d2a7660371ea32859657afa5a48652841b683aec70010ae4ebce053ab6b3e521c2cd89875319b74a5ac5863cf475383afccbf06b87b93028341c6fedb1e0937cc4b5cba4b8de113999f3e3542f4391f71ce74c6c3b250f243843e1a8d54dfd0419af205f03fc3fe7407d6c4bd7808"}}, &(0x7f00000003c0)=0x0) timer_gettime(r2, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) timer_settime(0x0, 0x0, &(0x7f0000000100)={{}, {r3, r4+60000000}}, &(0x7f0000000180)) timer_delete(0x0) pselect6(0x40, &(0x7f0000000480)={0x2, 0x0, 0x800, 0x7, 0x7, 0x3, 0x0, 0xffffffffffffff0b}, &(0x7f00000004c0)={0x40, 0x0, 0x9, 0x80000001, 0x0, 0x8, 0xeb7, 0x40}, &(0x7f0000000500)={0x7, 0x2, 0x9, 0x9, 0x2, 0x5dc, 0x1, 0x29a}, &(0x7f0000000580), &(0x7f0000000600)={&(0x7f00000005c0)={[0x9]}, 0x8}) 03:28:37 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f00000003c0)='./file1/../file0\x00', 0x101042, 0x40) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = gettid() perf_event_open(&(0x7f0000000400)={0x2, 0x80, 0x4, 0x0, 0x20, 0x0, 0x0, 0x800, 0x2000, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x5, 0x0, @perf_bp={&(0x7f0000000340), 0x2}, 0x10000, 0x0, 0x9, 0x7, 0x80000000, 0x1, 0x4006, 0x0, 0x2}, r1, 0x0, r0, 0x0) io_setup(0x7, &(0x7f0000000000)) syz_open_procfs(0x0, &(0x7f0000000040)='personality\x00') perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') clock_gettime(0x0, 0x0) timer_create(0x6, &(0x7f0000000380)={0x0, 0x1c, 0x1, @thr={&(0x7f00000001c0)="7b54d93735e580da4d4b2b1e5b24a25a8bcaf2bc41f8356ec6fa12c71614249af8fe1716f91df35223852725637e0bd619f0a83761463849c1941d2e8e5d3cd891ff19e667251cf607586223f573de3c87e5bcfc1b0efdc1170f8b091408913297abe8ae0133b2ac2e9d432e7e4284ea931c2f138bcda97300df764704007edce14f397f8338c2da279f6640d7c262142c8a996a16d4fb4d5f51d4e5423e0d355e2c2c6fcd182ca6e9f884a4332012c3a1fae0b6fe4c1e5ca7834b10477ce1f489e414b3f293504e6bbbf8a633e5918331f89f9fd30d030b", &(0x7f00000002c0)="e8688df451238387d527607ff86f50345f9daa5b2393bc2ee69dad33498d331e4521010841f5c772701aa08d344c122aee2fcb69cb53d9c4a3e4f4385e483af1f93949b6b0c52b5d2a7660371ea32859657afa5a48652841b683aec70010ae4ebce053ab6b3e521c2cd89875319b74a5ac5863cf475383afccbf06b87b93028341c6fedb1e0937cc4b5cba4b8de113999f3e3542f4391f71ce74c6c3b250f243843e1a8d54dfd0419af205f03fc3fe7407d6c4bd7808"}}, &(0x7f00000003c0)=0x0) timer_gettime(r2, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) timer_settime(0x0, 0x0, &(0x7f0000000100)={{}, {r3, r4+60000000}}, &(0x7f0000000180)) timer_delete(0x0) pselect6(0x40, &(0x7f0000000480)={0x2, 0x0, 0x800, 0x7, 0x7, 0x3, 0x0, 0xffffffffffffff0b}, &(0x7f00000004c0)={0x40, 0x0, 0x9, 0x80000001, 0x0, 0x8, 0xeb7, 0x40}, &(0x7f0000000500)={0x7, 0x2, 0x9, 0x9, 0x2, 0x5dc, 0x1, 0x29a}, &(0x7f0000000580), &(0x7f0000000600)={&(0x7f00000005c0)={[0x9]}, 0x8}) 03:28:37 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f00000003c0)='./file1/../file0\x00', 0x101042, 0x40) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = gettid() perf_event_open(&(0x7f0000000400)={0x2, 0x80, 0x4, 0x0, 0x20, 0x0, 0x0, 0x800, 0x2000, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x5, 0x0, @perf_bp={&(0x7f0000000340), 0x2}, 0x10000, 0x0, 0x9, 0x7, 0x80000000, 0x1, 0x4006, 0x0, 0x2}, r1, 0x0, r0, 0x0) io_setup(0x7, &(0x7f0000000000)) syz_open_procfs(0x0, &(0x7f0000000040)='personality\x00') perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') clock_gettime(0x0, 0x0) timer_create(0x6, &(0x7f0000000380)={0x0, 0x1c, 0x1, @thr={&(0x7f00000001c0)="7b54d93735e580da4d4b2b1e5b24a25a8bcaf2bc41f8356ec6fa12c71614249af8fe1716f91df35223852725637e0bd619f0a83761463849c1941d2e8e5d3cd891ff19e667251cf607586223f573de3c87e5bcfc1b0efdc1170f8b091408913297abe8ae0133b2ac2e9d432e7e4284ea931c2f138bcda97300df764704007edce14f397f8338c2da279f6640d7c262142c8a996a16d4fb4d5f51d4e5423e0d355e2c2c6fcd182ca6e9f884a4332012c3a1fae0b6fe4c1e5ca7834b10477ce1f489e414b3f293504e6bbbf8a633e5918331f89f9fd30d030b", &(0x7f00000002c0)="e8688df451238387d527607ff86f50345f9daa5b2393bc2ee69dad33498d331e4521010841f5c772701aa08d344c122aee2fcb69cb53d9c4a3e4f4385e483af1f93949b6b0c52b5d2a7660371ea32859657afa5a48652841b683aec70010ae4ebce053ab6b3e521c2cd89875319b74a5ac5863cf475383afccbf06b87b93028341c6fedb1e0937cc4b5cba4b8de113999f3e3542f4391f71ce74c6c3b250f243843e1a8d54dfd0419af205f03fc3fe7407d6c4bd7808"}}, &(0x7f00000003c0)=0x0) timer_gettime(r2, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) timer_settime(0x0, 0x0, &(0x7f0000000100)={{}, {r3, r4+60000000}}, &(0x7f0000000180)) timer_delete(0x0) pselect6(0x40, &(0x7f0000000480)={0x2, 0x0, 0x800, 0x7, 0x7, 0x3, 0x0, 0xffffffffffffff0b}, &(0x7f00000004c0)={0x40, 0x0, 0x9, 0x80000001, 0x0, 0x8, 0xeb7, 0x40}, &(0x7f0000000500)={0x7, 0x2, 0x9, 0x9, 0x2, 0x5dc, 0x1, 0x29a}, &(0x7f0000000580), &(0x7f0000000600)={&(0x7f00000005c0)={[0x9]}, 0x8}) [ 135.608695] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 135.609793] Bluetooth: hci0: Opcode 0x c03 failed: -110 VM DIAGNOSIS: 03:28:37 Registers: info registers vcpu 0 RAX=0000000080000000 RBX=ffffea0001b3fa80 RCX=0000000080000000 RDX=ffff88803dad1ac0 RSI=ffffffff81740db5 RDI=0000000000000001 RBP=0000000000000000 RSP=ffff88803da97b78 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=0000000000000000 R13=ffff88800f4f4000 R14=dffffc0000000000 R15=0000000000000000 RIP=ffffffff81460cad RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f4b8f6e5540 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f4b8fba4000 CR3=000000003e352000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 ffff00ffffffffff ffffffffffff00ff YMM02=0000000000000000 0000000000000000 4c4700362e322e32 5f4342494c470035 YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000470035 YMM04=0000000000000000 0000000000000000 4342494c4700362e 322e325f4342494c YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff823ba0ac RDI=ffffffff8765a980 RBP=ffffffff8765a940 RSP=ffff88800eb2f638 R8 =0000000000000004 R9 =0000000000000010 R10=0000000000000010 R11=0000000000000001 R12=0000000000002710 R13=0000000000000020 R14=fffffbfff0ecb580 R15=dffffc0000000000 RIP=ffffffff823ba101 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f5fdf6ee700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f6637e341f0 CR3=000000002070e000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007f5fe225f7c0 00007f5fe225f7c8 YMM02=0000000000000000 0000000000000000 00007f5fe225f7e0 00007f5fe225f7c0 YMM03=0000000000000000 0000000000000000 00007f5fe225f7c8 00007f5fe225f7c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000