Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:37836' (ECDSA) to the list of known hosts. 2022/09/13 12:53:26 fuzzer started 2022/09/13 12:53:26 dialing manager at localhost:36597 syzkaller login: [ 36.534504] cgroup: Unknown subsys name 'net' [ 36.628282] cgroup: Unknown subsys name 'rlimit' 2022/09/13 12:53:40 syscalls: 2215 2022/09/13 12:53:40 code coverage: enabled 2022/09/13 12:53:40 comparison tracing: enabled 2022/09/13 12:53:40 extra coverage: enabled 2022/09/13 12:53:40 setuid sandbox: enabled 2022/09/13 12:53:40 namespace sandbox: enabled 2022/09/13 12:53:40 Android sandbox: enabled 2022/09/13 12:53:40 fault injection: enabled 2022/09/13 12:53:40 leak checking: enabled 2022/09/13 12:53:40 net packet injection: enabled 2022/09/13 12:53:40 net device setup: enabled 2022/09/13 12:53:40 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/13 12:53:40 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/13 12:53:40 USB emulation: enabled 2022/09/13 12:53:40 hci packet injection: enabled 2022/09/13 12:53:40 wifi device emulation: failed to parse kernel version (6.0.0-rc5-next-20220913) 2022/09/13 12:53:40 802.15.4 emulation: enabled 2022/09/13 12:53:40 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/13 12:53:40 fetching corpus: 50, signal 33737/34089 (executing program) 2022/09/13 12:53:40 fetching corpus: 53, signal 34672/35039 (executing program) 2022/09/13 12:53:40 fetching corpus: 53, signal 34672/35177 (executing program) 2022/09/13 12:53:40 fetching corpus: 53, signal 34672/35289 (executing program) 2022/09/13 12:53:40 fetching corpus: 53, signal 34672/35424 (executing program) 2022/09/13 12:53:40 fetching corpus: 53, signal 34672/35574 (executing program) 2022/09/13 12:53:40 fetching corpus: 53, signal 34672/35678 (executing program) 2022/09/13 12:53:40 fetching corpus: 53, signal 34672/35810 (executing program) 2022/09/13 12:53:40 fetching corpus: 53, signal 34672/35935 (executing program) 2022/09/13 12:53:40 fetching corpus: 53, signal 34672/36054 (executing program) 2022/09/13 12:53:40 fetching corpus: 53, signal 34672/36174 (executing program) 2022/09/13 12:53:40 fetching corpus: 53, signal 34672/36298 (executing program) 2022/09/13 12:53:40 fetching corpus: 53, signal 34672/36410 (executing program) 2022/09/13 12:53:40 fetching corpus: 53, signal 34672/36544 (executing program) 2022/09/13 12:53:40 fetching corpus: 53, signal 34672/36673 (executing program) 2022/09/13 12:53:40 fetching corpus: 53, signal 34672/36805 (executing program) 2022/09/13 12:53:40 fetching corpus: 53, signal 34672/36913 (executing program) 2022/09/13 12:53:40 fetching corpus: 53, signal 34672/36976 (executing program) 2022/09/13 12:53:40 fetching corpus: 53, signal 34672/36976 (executing program) 2022/09/13 12:53:43 starting 8 fuzzer processes 12:53:43 executing program 0: r0 = socket$inet(0x2, 0xa, 0x0) getpeername(r0, 0x0, 0x0) 12:53:43 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) close_range(r0, 0xffffffffffffffff, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) syncfs(r0) 12:53:43 executing program 2: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x1000, 0x7ff, 0x0, 0x0, 0x10001}, 0x0, 0x3, 0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000340), 0x9}, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffd}, 0x0, 0xffffff7fffffffff, 0xffffffffffffffff, 0x0) finit_module(0xffffffffffffffff, 0x0, 0x3) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) perf_event_open(&(0x7f00000001c0)={0x4, 0x80, 0x81, 0x4, 0x10, 0x3, 0x0, 0x100000000, 0xc, 0x2, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x3, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x7fffffff, 0x1}, 0x10000, 0x6, 0x8001, 0x1, 0x7fffffff, 0xfffffffc, 0x20, 0x0, 0x4, 0x0, 0xffffffffacb78b28}, 0xffffffffffffffff, 0xffffffffffffffff, r1, 0x8) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000300)={0x0, 0x21}, 0x18) r4 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4) r5 = openat$cgroup_ro(r3, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x0, 0x0) r6 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, r6) mremap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000ffa000/0x2000)=nil) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) bind$unix(r7, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) bind$unix(r8, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) ioctl$F2FS_IOC_MOVE_RANGE(r7, 0xc020f509, &(0x7f0000000100)={r0, 0x5, 0x7fff}) [ 52.924524] audit: type=1400 audit(1663073623.301:6): avc: denied { execmem } for pid=285 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 12:53:43 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0xbbf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x200000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x44142, 0x0) fallocate(r0, 0x0, 0x0, 0x87ffffc) r1 = openat$ptp0(0xffffffffffffff9c, 0x0, 0x800, 0x0) readv(r1, &(0x7f0000000300)=[{&(0x7f0000000140)=""/147, 0x93}, {&(0x7f0000000200)=""/116, 0x74}], 0x2) r2 = syz_open_dev$tty20(0xc, 0x4, 0x1) io_setup(0x20, &(0x7f0000000000)=0x0) r4 = openat$sr(0xffffffffffffff9c, &(0x7f0000000140), 0xd40, 0x0) io_submit(r3, 0x1, &(0x7f0000000080)=[&(0x7f0000000040)={0x0, 0x0, 0x8, 0x0, 0x0, r4, 0x0, 0x7ffffffff000}]) fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x1f, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x1, 0x40008}, 0x0, 0x0, 0x41, 0x0, 0x2, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) read$hiddev(0xffffffffffffffff, &(0x7f0000000040)=""/169, 0x200000e9) 12:53:43 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000340)={0x2, 0x4, 0x1, 0x8000, 0x5, [{0x7fff, 0xffff, 0x7f, '\x00', 0x800}, {0x1, 0xee16, 0x86, '\x00', 0x48a}, {0x8, 0x9, 0x9, '\x00', 0x3000}, {0x3, 0x10000, 0x7, '\x00', 0x3080}, {0x9, 0x8, 0x10000, '\x00', 0x3105}]}) sendmsg$nl_xfrm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)=@newspdinfo={0x1c, 0x24, 0x1, 0x0, 0x0, 0x0, [@XFRMA_SPD_IPV6_HTHRESH={0x6, 0x4, {0x83}}]}, 0x1c}}, 0x0) bind$netlink(r1, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfc, 0x20}, 0xc) io_submit(0x0, 0x2, &(0x7f0000000480)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x3, 0x8, 0xffffffffffffffff, &(0x7f0000000000)="aee60b9d3a16bf3a0d8f84f70adfb0d08dabbd09704165008be1315c6ce97074b640dda589f635ce9b68e9fb11261eb08eebe7583173caf4f348a65a57f974619ac98150491b3f637856cc6ba82696ed7f5e64b960518203f82de637e0a3d943372f48f716ae5f47a0d23a", 0x6b, 0x0, 0x0, 0x2}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x2, 0x3, r0, &(0x7f0000000240)="35883ddb17a16d0a79de2b26aa8d9dea022651", 0x13, 0x7f}]) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000080)={@loopback}, &(0x7f00000001c0)=0x14) fcntl$getown(0xffffffffffffffff, 0x9) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4000, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) fallocate(r2, 0x3f, 0x2, 0x2) 12:53:43 executing program 5: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0xb) 12:53:43 executing program 6: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}}, 0x1c) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x22, 0x0, 0x0) 12:53:43 executing program 7: ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r0, 0xc0709411, &(0x7f0000000580)={{0x0, 0x100000001, 0x0, 0x2, 0x1, 0x2, 0x0, 0x3, 0x7c0000, 0x3, 0x4, 0xb65d, 0x8, 0x0, 0x6}}) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000140)="02b2dccad213e1e6cf54b7a797f8f22a47f25b7658fb110b2e76f95b0f318b8fa745e6ffba4414d29a42bfab524bc5bffb17decc4540a6f00b9772f5f9789a9525790df8d989b23530d0a1398f2ad734c7ff47961be476ffeec81efa3d3aa64b8ea329261dfc2e1047a68670f0e5950d6a5414956bddd09e101b5b66e5742fe843413e065e3b86a242b37bc58c68153a45015f6f1ea67762c302e461e0c84bbb7f8d464f5a72d9fad56dac0c5028a4012a93dbc7da640786e3c9898cdd8fe091b166bfcd66e6257abc923ceaf90e994deded3fe8a59c2105f5caf366d32170ef51299dbf441bc3cddda352a2e07375fb44e75fed8082f3e960015d9bcddb0c834feda68d113a9a9fc0d1c30153685caf43b176219b666d74e67b6192cfd8a561c6c4aadcc80ed8c469bc41b028f1db515d699e45ad3379f9b1edb8de4bb2f8615d6716297baac7e45073fcecf31e51ec78c40edd78f245bced04414f849fb961fbbe79ff2ed7c48ec1b5331f9755d7094986fc8da198ce4a12f9ddfb43e565bc4fed618da9a693d03c3e7ec4b3014dfc022103e277c1b12efb03ef8b197f3a931f6cbe238cf8a4e7639b409b4586f66da41b94eed69d52ba9fde5aa1ee774d4e626932dc3511b10ae3bc3e8688a7a83b0467dfbf92951747396735c9f47ad4552e7bdf4f8e7998a1266a360beb2ec1527390452139f9ab91ee250efcf3413e72a6b2688d8b6a4748ccc165bbf886573ccdd03bd93f32a866cd878ec246e06f31d4d7f7ec9836b7305ee0c1b9fa75cd6e4ca5cc2f107b654f15a2442cd9c8eaf581d093639fe35e0da49394c5ed66ad29bc2b863649e16c1951d0d3dd6f1048539e558ee1f059d91510a5acd84777ca01545635d2fb40e2f205bb11435023e47e4e2f85b6d1b56b688dd1a4304708a561d32dbaa6cd4f969e67af33773d4e9772751019dc6c2af7e2fe9d3c7eb6f1b401926603d90802f792b081957dd5ebd18410cd42b2ea05ae9a61254e4b878384b8a376fe9eba06afc1253f2224fab88feb7c426e3dfb19385afbb42cc13209b419568eeafdf505dc5ca30acc17d337e941e0badf9f9413f381fe9a315e2597426805827943f193f02a12554d434bd91708a28d9da1bf64ad64f80a7287d1e02d5d1f14bf9d89ba3badfa524694db6a651e97", 0x341}], 0x1) [ 54.205168] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 54.206882] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 54.209010] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 54.212132] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 54.214069] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 54.215430] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 54.220811] Bluetooth: hci0: HCI_REQ-0x0c1a [ 54.273376] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 54.283155] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 54.284604] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 54.285985] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 54.287332] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 54.288997] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 54.290822] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 54.292878] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 54.294053] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 54.295133] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 54.296324] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 54.297765] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 54.301210] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 54.302404] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 54.303625] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 54.304573] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 54.304786] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 54.306076] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 54.307208] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 54.309696] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 54.311508] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 54.314832] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 54.316486] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 54.318897] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 54.320346] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 54.322913] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 54.324372] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 54.335158] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 54.335394] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 54.337896] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 54.339532] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 54.341803] Bluetooth: hci1: HCI_REQ-0x0c1a [ 54.342632] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 54.344610] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 54.345996] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 54.347430] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 54.348977] Bluetooth: hci3: HCI_REQ-0x0c1a [ 54.349052] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 54.352133] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 54.353955] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 54.355358] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 54.374040] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 54.379287] Bluetooth: hci4: HCI_REQ-0x0c1a [ 54.381588] Bluetooth: hci2: HCI_REQ-0x0c1a [ 54.383827] Bluetooth: hci7: HCI_REQ-0x0c1a [ 54.387982] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 54.390581] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 54.410624] Bluetooth: hci6: HCI_REQ-0x0c1a [ 54.415104] Bluetooth: hci5: HCI_REQ-0x0c1a [ 56.282390] Bluetooth: hci0: command 0x0409 tx timeout [ 56.409938] Bluetooth: hci2: command 0x0409 tx timeout [ 56.410759] Bluetooth: hci7: command 0x0409 tx timeout [ 56.411030] Bluetooth: hci4: command 0x0409 tx timeout [ 56.411268] Bluetooth: hci1: command 0x0409 tx timeout [ 56.412475] Bluetooth: hci3: command 0x0409 tx timeout [ 56.474774] Bluetooth: hci5: command 0x0409 tx timeout [ 56.475270] Bluetooth: hci6: command 0x0409 tx timeout [ 58.329771] Bluetooth: hci0: command 0x041b tx timeout [ 58.457816] Bluetooth: hci4: command 0x041b tx timeout [ 58.458254] Bluetooth: hci7: command 0x041b tx timeout [ 58.458646] Bluetooth: hci2: command 0x041b tx timeout [ 58.458752] Bluetooth: hci3: command 0x041b tx timeout [ 58.459681] Bluetooth: hci1: command 0x041b tx timeout [ 58.522879] Bluetooth: hci6: command 0x041b tx timeout [ 58.523349] Bluetooth: hci5: command 0x041b tx timeout [ 60.377845] Bluetooth: hci0: command 0x040f tx timeout [ 60.505796] Bluetooth: hci2: command 0x040f tx timeout [ 60.505799] Bluetooth: hci1: command 0x040f tx timeout [ 60.505878] Bluetooth: hci3: command 0x040f tx timeout [ 60.506273] Bluetooth: hci7: command 0x040f tx timeout [ 60.507969] Bluetooth: hci4: command 0x040f tx timeout [ 60.569754] Bluetooth: hci5: command 0x040f tx timeout [ 60.570186] Bluetooth: hci6: command 0x040f tx timeout [ 62.425796] Bluetooth: hci0: command 0x0419 tx timeout [ 62.553796] Bluetooth: hci4: command 0x0419 tx timeout [ 62.553886] Bluetooth: hci3: command 0x0419 tx timeout [ 62.554656] Bluetooth: hci7: command 0x0419 tx timeout [ 62.555335] Bluetooth: hci2: command 0x0419 tx timeout [ 62.557417] Bluetooth: hci1: command 0x0419 tx timeout [ 62.617855] Bluetooth: hci6: command 0x0419 tx timeout [ 62.618648] Bluetooth: hci5: command 0x0419 tx timeout [ 110.252836] audit: type=1400 audit(1663073680.629:7): avc: denied { open } for pid=3707 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 110.254421] audit: type=1400 audit(1663073680.630:8): avc: denied { kernel } for pid=3707 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 110.282754] ------------[ cut here ]------------ [ 110.282777] [ 110.282781] ====================================================== [ 110.282784] WARNING: possible circular locking dependency detected [ 110.282789] 6.0.0-rc5-next-20220913 #1 Not tainted [ 110.282797] ------------------------------------------------------ [ 110.282800] syz-executor.3/3709 is trying to acquire lock: [ 110.282807] ffffffff853fa878 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 110.282844] [ 110.282844] but task is already holding lock: [ 110.282846] ffff88803c1f9420 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 110.282873] [ 110.282873] which lock already depends on the new lock. [ 110.282873] [ 110.282876] [ 110.282876] the existing dependency chain (in reverse order) is: [ 110.282879] [ 110.282879] -> #3 (&ctx->lock){....}-{2:2}: [ 110.282893] _raw_spin_lock+0x2a/0x40 [ 110.282909] __perf_event_task_sched_out+0x53b/0x18d0 [ 110.282922] __schedule+0xedd/0x2470 [ 110.282932] schedule+0xda/0x1b0 [ 110.282941] futex_wait_queue+0xf5/0x1e0 [ 110.282952] futex_wait+0x28e/0x690 [ 110.282962] do_futex+0x2ff/0x380 [ 110.282971] __x64_sys_futex+0x1c6/0x4d0 [ 110.282980] do_syscall_64+0x3b/0x90 [ 110.282994] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 110.283011] [ 110.283011] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 110.283024] _raw_spin_lock_nested+0x30/0x40 [ 110.283039] raw_spin_rq_lock_nested+0x1e/0x30 [ 110.283052] task_fork_fair+0x63/0x4d0 [ 110.283069] sched_cgroup_fork+0x3d0/0x540 [ 110.283083] copy_process+0x3f9e/0x6df0 [ 110.283093] kernel_clone+0xe7/0x890 [ 110.283102] user_mode_thread+0xad/0xf0 [ 110.283112] rest_init+0x24/0x250 [ 110.283129] arch_call_rest_init+0xf/0x14 [ 110.283148] start_kernel+0x4c1/0x4e6 [ 110.283165] secondary_startup_64_no_verify+0xe0/0xeb [ 110.283179] [ 110.283179] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 110.283192] _raw_spin_lock_irqsave+0x39/0x60 [ 110.283207] try_to_wake_up+0xab/0x1920 [ 110.283221] up+0x75/0xb0 [ 110.283232] __up_console_sem+0x6e/0x80 [ 110.283248] console_unlock+0x46a/0x590 [ 110.283264] do_con_write+0xc05/0x1d50 [ 110.283275] con_write+0x21/0x40 [ 110.283284] n_tty_write+0x4d4/0xfe0 [ 110.283296] file_tty_write.constprop.0+0x49c/0x8f0 [ 110.283309] vfs_write+0x9c3/0xd90 [ 110.283326] ksys_write+0x127/0x250 [ 110.283344] do_syscall_64+0x3b/0x90 [ 110.283356] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 110.283373] [ 110.283373] -> #0 ((console_sem).lock){....}-{2:2}: [ 110.283387] __lock_acquire+0x2a02/0x5e70 [ 110.283404] lock_acquire+0x1a2/0x530 [ 110.283420] _raw_spin_lock_irqsave+0x39/0x60 [ 110.283435] down_trylock+0xe/0x70 [ 110.283447] __down_trylock_console_sem+0x3b/0xd0 [ 110.283464] vprintk_emit+0x16b/0x560 [ 110.283480] vprintk+0x84/0xa0 [ 110.283496] _printk+0xba/0xf1 [ 110.283514] report_bug.cold+0x72/0xab [ 110.283526] handle_bug+0x3c/0x70 [ 110.283539] exc_invalid_op+0x14/0x50 [ 110.283552] asm_exc_invalid_op+0x16/0x20 [ 110.283568] group_sched_out.part.0+0x2c7/0x460 [ 110.283578] ctx_sched_out+0x8f1/0xc10 [ 110.283588] __perf_event_task_sched_out+0x6d0/0x18d0 [ 110.283600] __schedule+0xedd/0x2470 [ 110.283609] schedule+0xda/0x1b0 [ 110.283619] futex_wait_queue+0xf5/0x1e0 [ 110.283629] futex_wait+0x28e/0x690 [ 110.283639] do_futex+0x2ff/0x380 [ 110.283647] __x64_sys_futex+0x1c6/0x4d0 [ 110.283657] do_syscall_64+0x3b/0x90 [ 110.283670] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 110.283687] [ 110.283687] other info that might help us debug this: [ 110.283687] [ 110.283689] Chain exists of: [ 110.283689] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 110.283689] [ 110.283704] Possible unsafe locking scenario: [ 110.283704] [ 110.283707] CPU0 CPU1 [ 110.283709] ---- ---- [ 110.283711] lock(&ctx->lock); [ 110.283716] lock(&rq->__lock); [ 110.283723] lock(&ctx->lock); [ 110.283729] lock((console_sem).lock); [ 110.283735] [ 110.283735] *** DEADLOCK *** [ 110.283735] [ 110.283736] 2 locks held by syz-executor.3/3709: [ 110.283743] #0: ffff88806ce37cd8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 110.283769] #1: ffff88803c1f9420 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 110.283796] [ 110.283796] stack backtrace: [ 110.283799] CPU: 0 PID: 3709 Comm: syz-executor.3 Not tainted 6.0.0-rc5-next-20220913 #1 [ 110.283812] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 110.283820] Call Trace: [ 110.283823] [ 110.283828] dump_stack_lvl+0x8b/0xb3 [ 110.283842] check_noncircular+0x263/0x2e0 [ 110.283859] ? format_decode+0x26c/0xb50 [ 110.283874] ? print_circular_bug+0x450/0x450 [ 110.283891] ? enable_ptr_key_workfn+0x20/0x20 [ 110.283906] ? lock_chain_count+0x20/0x20 [ 110.283923] ? format_decode+0x26c/0xb50 [ 110.283938] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 110.283956] __lock_acquire+0x2a02/0x5e70 [ 110.283978] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 110.284001] lock_acquire+0x1a2/0x530 [ 110.284018] ? down_trylock+0xe/0x70 [ 110.284032] ? rcu_read_unlock+0x40/0x40 [ 110.284054] ? vprintk+0x84/0xa0 [ 110.284072] _raw_spin_lock_irqsave+0x39/0x60 [ 110.284087] ? down_trylock+0xe/0x70 [ 110.284101] down_trylock+0xe/0x70 [ 110.284114] ? vprintk+0x84/0xa0 [ 110.284132] __down_trylock_console_sem+0x3b/0xd0 [ 110.284149] vprintk_emit+0x16b/0x560 [ 110.284169] vprintk+0x84/0xa0 [ 110.284205] _printk+0xba/0xf1 [ 110.284225] ? record_print_text.cold+0x16/0x16 [ 110.284248] ? report_bug.cold+0x66/0xab [ 110.284262] ? group_sched_out.part.0+0x2c7/0x460 [ 110.284274] report_bug.cold+0x72/0xab [ 110.284289] handle_bug+0x3c/0x70 [ 110.284302] exc_invalid_op+0x14/0x50 [ 110.284317] asm_exc_invalid_op+0x16/0x20 [ 110.284334] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 110.284348] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 110.284360] RSP: 0018:ffff88803afa78f8 EFLAGS: 00010006 [ 110.284369] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 110.284377] RDX: ffff888010035040 RSI: ffffffff81566027 RDI: 0000000000000005 [ 110.284385] RBP: ffff8880086605c8 R08: 0000000000000005 R09: 0000000000000001 [ 110.284392] R10: 0000000000000000 R11: ffffffff865aa01b R12: ffff88803c1f9400 [ 110.284400] R13: ffff88806ce3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 110.284411] ? group_sched_out.part.0+0x2c7/0x460 [ 110.284423] ? group_sched_out.part.0+0x2c7/0x460 [ 110.284436] ctx_sched_out+0x8f1/0xc10 [ 110.284449] __perf_event_task_sched_out+0x6d0/0x18d0 [ 110.284464] ? lock_is_held_type+0xd7/0x130 [ 110.284482] ? __perf_cgroup_move+0x160/0x160 [ 110.284494] ? set_next_entity+0x304/0x550 [ 110.284514] ? lock_is_held_type+0xd7/0x130 [ 110.284533] __schedule+0xedd/0x2470 [ 110.284546] ? io_schedule_timeout+0x150/0x150 [ 110.284557] ? futex_wait_setup+0x166/0x230 [ 110.284571] schedule+0xda/0x1b0 [ 110.284582] futex_wait_queue+0xf5/0x1e0 [ 110.284594] futex_wait+0x28e/0x690 [ 110.284606] ? futex_wait_setup+0x230/0x230 [ 110.284619] ? wake_up_q+0x8b/0xf0 [ 110.284633] ? do_raw_spin_unlock+0x4f/0x220 [ 110.284652] ? futex_wake+0x158/0x490 [ 110.284668] ? fd_install+0x1f9/0x640 [ 110.284684] do_futex+0x2ff/0x380 [ 110.284695] ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0 [ 110.284711] __x64_sys_futex+0x1c6/0x4d0 [ 110.284723] ? __x64_sys_futex_time32+0x480/0x480 [ 110.284735] ? syscall_enter_from_user_mode+0x1d/0x50 [ 110.284754] ? syscall_enter_from_user_mode+0x1d/0x50 [ 110.284774] do_syscall_64+0x3b/0x90 [ 110.284788] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 110.284806] RIP: 0033:0x7fdee3437b19 [ 110.284815] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 110.284826] RSP: 002b:00007fdee09ad218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 110.284837] RAX: ffffffffffffffda RBX: 00007fdee354af68 RCX: 00007fdee3437b19 [ 110.284845] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fdee354af68 [ 110.284852] RBP: 00007fdee354af60 R08: 0000000000000000 R09: 0000000000000000 [ 110.284859] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdee354af6c [ 110.284866] R13: 00007ffed7f4dc1f R14: 00007fdee09ad300 R15: 0000000000022000 [ 110.284879] [ 110.344530] WARNING: CPU: 0 PID: 3709 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 110.345212] Modules linked in: [ 110.345456] CPU: 0 PID: 3709 Comm: syz-executor.3 Not tainted 6.0.0-rc5-next-20220913 #1 [ 110.346050] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 110.346872] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 110.347276] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 110.348603] RSP: 0018:ffff88803afa78f8 EFLAGS: 00010006 [ 110.348994] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 110.349520] RDX: ffff888010035040 RSI: ffffffff81566027 RDI: 0000000000000005 [ 110.350040] RBP: ffff8880086605c8 R08: 0000000000000005 R09: 0000000000000001 [ 110.350560] R10: 0000000000000000 R11: ffffffff865aa01b R12: ffff88803c1f9400 [ 110.351081] R13: ffff88806ce3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 110.351605] FS: 00007fdee09ad700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 110.352204] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 110.352695] CR2: 00007f75bcf04010 CR3: 000000003c6fc000 CR4: 0000000000350ef0 [ 110.353190] Call Trace: [ 110.353379] [ 110.353543] ctx_sched_out+0x8f1/0xc10 [ 110.353816] __perf_event_task_sched_out+0x6d0/0x18d0 [ 110.354167] ? lock_is_held_type+0xd7/0x130 [ 110.354470] ? __perf_cgroup_move+0x160/0x160 [ 110.354779] ? set_next_entity+0x304/0x550 [ 110.355074] ? lock_is_held_type+0xd7/0x130 [ 110.355373] __schedule+0xedd/0x2470 [ 110.355630] ? io_schedule_timeout+0x150/0x150 [ 110.355943] ? futex_wait_setup+0x166/0x230 [ 110.356244] schedule+0xda/0x1b0 [ 110.356482] futex_wait_queue+0xf5/0x1e0 [ 110.356759] futex_wait+0x28e/0x690 [ 110.357012] ? futex_wait_setup+0x230/0x230 [ 110.357302] ? wake_up_q+0x8b/0xf0 [ 110.357554] ? do_raw_spin_unlock+0x4f/0x220 [ 110.357868] ? futex_wake+0x158/0x490 [ 110.358133] ? fd_install+0x1f9/0x640 [ 110.358399] do_futex+0x2ff/0x380 [ 110.358643] ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0 [ 110.359032] __x64_sys_futex+0x1c6/0x4d0 [ 110.359309] ? __x64_sys_futex_time32+0x480/0x480 [ 110.359665] ? syscall_enter_from_user_mode+0x1d/0x50 [ 110.360023] ? syscall_enter_from_user_mode+0x1d/0x50 [ 110.360399] do_syscall_64+0x3b/0x90 [ 110.360657] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 110.361013] RIP: 0033:0x7fdee3437b19 [ 110.361265] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 110.362440] RSP: 002b:00007fdee09ad218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 110.362937] RAX: ffffffffffffffda RBX: 00007fdee354af68 RCX: 00007fdee3437b19 [ 110.363410] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fdee354af68 [ 110.363880] RBP: 00007fdee354af60 R08: 0000000000000000 R09: 0000000000000000 [ 110.364353] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdee354af6c [ 110.364821] R13: 00007ffed7f4dc1f R14: 00007fdee09ad300 R15: 0000000000022000 [ 110.365298] [ 110.365463] irq event stamp: 642 [ 110.365698] hardirqs last enabled at (641): [] syscall_enter_from_user_mode+0x1d/0x50 [ 110.366320] hardirqs last disabled at (642): [] __schedule+0x1225/0x2470 [ 110.366978] softirqs last enabled at (320): [] __irq_exit_rcu+0x11b/0x180 [ 110.367601] softirqs last disabled at (311): [] __irq_exit_rcu+0x11b/0x180 [ 110.368153] ---[ end trace 0000000000000000 ]--- 12:54:41 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0xbbf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x200000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x44142, 0x0) fallocate(r0, 0x0, 0x0, 0x87ffffc) r1 = openat$ptp0(0xffffffffffffff9c, 0x0, 0x800, 0x0) readv(r1, &(0x7f0000000300)=[{&(0x7f0000000140)=""/147, 0x93}, {&(0x7f0000000200)=""/116, 0x74}], 0x2) r2 = syz_open_dev$tty20(0xc, 0x4, 0x1) io_setup(0x20, &(0x7f0000000000)=0x0) r4 = openat$sr(0xffffffffffffff9c, &(0x7f0000000140), 0xd40, 0x0) io_submit(r3, 0x1, &(0x7f0000000080)=[&(0x7f0000000040)={0x0, 0x0, 0x8, 0x0, 0x0, r4, 0x0, 0x7ffffffff000}]) fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x1f, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x1, 0x40008}, 0x0, 0x0, 0x41, 0x0, 0x2, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) read$hiddev(0xffffffffffffffff, &(0x7f0000000040)=""/169, 0x200000e9) 12:54:41 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0xbbf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x200000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x44142, 0x0) fallocate(r0, 0x0, 0x0, 0x87ffffc) r1 = openat$ptp0(0xffffffffffffff9c, 0x0, 0x800, 0x0) readv(r1, &(0x7f0000000300)=[{&(0x7f0000000140)=""/147, 0x93}, {&(0x7f0000000200)=""/116, 0x74}], 0x2) r2 = syz_open_dev$tty20(0xc, 0x4, 0x1) io_setup(0x20, &(0x7f0000000000)=0x0) r4 = openat$sr(0xffffffffffffff9c, &(0x7f0000000140), 0xd40, 0x0) io_submit(r3, 0x1, &(0x7f0000000080)=[&(0x7f0000000040)={0x0, 0x0, 0x8, 0x0, 0x0, r4, 0x0, 0x7ffffffff000}]) fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x1f, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x1, 0x40008}, 0x0, 0x0, 0x41, 0x0, 0x2, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) read$hiddev(0xffffffffffffffff, &(0x7f0000000040)=""/169, 0x200000e9) 12:54:41 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0xbbf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x200000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x44142, 0x0) fallocate(r0, 0x0, 0x0, 0x87ffffc) r1 = openat$ptp0(0xffffffffffffff9c, 0x0, 0x800, 0x0) readv(r1, &(0x7f0000000300)=[{&(0x7f0000000140)=""/147, 0x93}, {&(0x7f0000000200)=""/116, 0x74}], 0x2) r2 = syz_open_dev$tty20(0xc, 0x4, 0x1) io_setup(0x20, &(0x7f0000000000)=0x0) r4 = openat$sr(0xffffffffffffff9c, &(0x7f0000000140), 0xd40, 0x0) io_submit(r3, 0x1, &(0x7f0000000080)=[&(0x7f0000000040)={0x0, 0x0, 0x8, 0x0, 0x0, r4, 0x0, 0x7ffffffff000}]) fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x1f, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x1, 0x40008}, 0x0, 0x0, 0x41, 0x0, 0x2, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) read$hiddev(0xffffffffffffffff, &(0x7f0000000040)=""/169, 0x200000e9) 12:54:41 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) close_range(r0, 0xffffffffffffffff, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) syncfs(r0) 12:54:41 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) close_range(r0, 0xffffffffffffffff, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) syncfs(r0) 12:54:41 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) close_range(r0, 0xffffffffffffffff, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) syncfs(r0) 12:54:41 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) close_range(r0, 0xffffffffffffffff, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) syncfs(r0) 12:54:42 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) close_range(r0, 0xffffffffffffffff, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) syncfs(r0) [ 115.519598] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 115.520545] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 115.522301] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 115.524577] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 115.525683] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 115.527726] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 115.530968] Bluetooth: hci2: HCI_REQ-0x0c1a [ 117.529778] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 117.530335] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 117.593786] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 117.594347] Bluetooth: hci2: command 0x0409 tx timeout [ 119.641755] Bluetooth: hci2: command 0x041b tx timeout VM DIAGNOSIS: 12:54:40 Registers: info registers vcpu 0 RAX=0000000000000038 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822b25c1 RDI=ffffffff8763fae0 RBP=ffffffff8763faa0 RSP=ffff88803afa7348 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000038 R11=0000000000000001 R12=0000000000000038 R13=ffffffff8763faa0 R14=0000000000000010 R15=ffffffff822b25b0 RIP=ffffffff822b2619 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fdee09ad700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f75bcf04010 CR3=000000003c6fc000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007fdee351e7c0 00007fdee351e7c8 YMM02=0000000000000000 0000000000000000 00007fdee351e7e0 00007fdee351e7c0 YMM03=0000000000000000 0000000000000000 00007fdee351e7c8 00007fdee351e7c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=ffff88806ce3eda0 RCX=0000000000000000 RDX=ffff888015fbd040 RSI=ffffffff813bccdb RDI=0000000000000005 RBP=0000000000000003 RSP=ffff88803af1f960 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=ffffed100d9c7db5 R13=ffff88806ce3eda8 R14=0000000000000001 R15=dffffc0000000000 RIP=ffffffff813bccdd RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555556aa0400 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fdee35406dc CR3=000000003c6fc000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007fdee351e7c0 00007fdee351e7c8 YMM02=0000000000000000 0000000000000000 00007fdee351e7e0 00007fdee351e7c0 YMM03=0000000000000000 0000000000000000 00007fdee351e7c8 00007fdee351e7c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000