Warning: Permanently added '[localhost]:62919' (ECDSA) to the list of known hosts. 2022/11/30 10:48:36 fuzzer started 2022/11/30 10:48:36 dialing manager at localhost:35581 2022/11/30 10:48:36 checking machine... 2022/11/30 10:48:36 checking revisions... syzkaller login: [ 43.938268] kmemleak: Automatic memory scanning thread ended 2022/11/30 10:48:36 testing simple program... [ 44.007281] cgroup: Unknown subsys name 'net' [ 44.150440] cgroup: Unknown subsys name 'rlimit' executing program executing program executing program executing program [ 56.573948] audit: type=1400 audit(1669805329.230:6): avc: denied { execmem } for pid=260 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 57.680529] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 57.692616] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 57.698945] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 57.702287] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 57.704571] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 57.706029] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 executing program [ 59.762493] Bluetooth: hci0: command 0x0409 tx timeout executing program [ 61.809753] Bluetooth: hci0: command 0x041b tx timeout [ 63.857780] Bluetooth: hci0: command 0x040f tx timeout executing program [ 65.905782] Bluetooth: hci0: command 0x0419 tx timeout executing program executing program executing program executing program [ 78.982228] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.983518] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.985658] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 79.040114] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.041178] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.043162] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2022/11/30 10:49:12 building call list... executing program executing program [ 82.973894] audit: type=1400 audit(1669805355.629:7): avc: denied { create } for pid=239 comm="syz-fuzzer" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1 executing program 2022/11/30 10:49:19 syscalls: 2217 2022/11/30 10:49:19 code coverage: enabled 2022/11/30 10:49:19 comparison tracing: enabled 2022/11/30 10:49:19 extra coverage: enabled 2022/11/30 10:49:19 setuid sandbox: enabled 2022/11/30 10:49:19 namespace sandbox: enabled 2022/11/30 10:49:19 Android sandbox: enabled 2022/11/30 10:49:19 fault injection: enabled 2022/11/30 10:49:19 leak checking: enabled 2022/11/30 10:49:19 net packet injection: enabled 2022/11/30 10:49:19 net device setup: enabled 2022/11/30 10:49:19 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/11/30 10:49:19 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/11/30 10:49:19 USB emulation: enabled 2022/11/30 10:49:19 hci packet injection: enabled 2022/11/30 10:49:19 wifi device emulation: enabled 2022/11/30 10:49:19 802.15.4 emulation: enabled 2022/11/30 10:49:19 fetching corpus: 0, signal 0/0 (executing program) 2022/11/30 10:49:19 fetching corpus: 0, signal 0/0 (executing program) 2022/11/30 10:49:21 starting 8 fuzzer processes 10:49:21 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) inotify_add_watch(0xffffffffffffffff, 0x0, 0x0) 10:49:21 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') preadv(r1, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) write$bt_hci(r1, &(0x7f0000000000)={0x1, @io_capability_reply={{0x42b, 0x9}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x5b, 0x80, 0x4}}}, 0xd) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 10:49:21 executing program 2: socket(0xa, 0x1, 0x6) 10:49:21 executing program 3: syz_mount_image$tmpfs(&(0x7f00000006c0), &(0x7f0000000700)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80)) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r0, 0x0) lchown(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) 10:49:21 executing program 4: r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000100)={'fscrypt:', @desc3}, &(0x7f0000000080)={0x0, "be52c58e23fffc8e3137f5652f08ad0fbc860ffdef5764ecc2babdf4532bd3481826cf6eef3eda8fb88f66cf58d882bd67f6b5830b6a36cb74fe0fd62f8aea60"}, 0x48, 0xfffffffffffffffd) keyctl$invalidate(0x15, r0) keyctl$invalidate(0x15, r0) 10:49:21 executing program 5: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TIOCSWINSZ(r0, 0x5423, &(0x7f0000000000)={0x800}) 10:49:21 executing program 6: socket$packet(0x11, 0xa, 0x300) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$inet(r0, &(0x7f0000000780)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000300)="6fb9", 0xffeb}], 0x1, &(0x7f0000000700)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @remote, @broadcast}}}], 0x20}, 0x0) 10:49:21 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x2) write$binfmt_aout(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200050000000e"], 0x125) close_range(r1, 0xffffffffffffffff, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) readv(r0, &(0x7f0000000140)=[{&(0x7f0000000400)=""/85, 0x55}, {&(0x7f0000000480)=""/250, 0xfa}, {&(0x7f0000000580)=""/127, 0x7f}], 0x3) r2 = io_uring_setup(0x62db, &(0x7f0000001040)) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000001140)=[{&(0x7f00000010c0)=""/69, 0x45}], 0x1) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000001140)=[{&(0x7f00000010c0)=""/69, 0x45}], 0x1) close_range(r2, 0xffffffffffffffff, 0x2) [ 89.733752] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 89.735789] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 89.738178] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 89.739256] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 89.741222] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 89.742270] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 89.752288] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 89.752600] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 89.753753] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 89.757717] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 89.758927] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 89.761634] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 89.762907] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 89.763935] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 89.765074] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 89.790933] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 89.802945] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 89.804513] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 89.808796] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 89.810536] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 89.815534] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 89.818169] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 89.822318] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 89.824052] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 89.825239] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 89.848973] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 89.850555] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 89.866901] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 89.868126] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 89.873311] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 89.874803] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 89.885030] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 89.888087] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 89.890572] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 89.900221] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 89.922013] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 89.963264] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 89.986509] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 89.986600] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 89.989806] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 90.005913] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 90.013046] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 91.825803] Bluetooth: hci2: command 0x0409 tx timeout [ 91.826022] Bluetooth: hci1: command 0x0409 tx timeout [ 91.826592] Bluetooth: hci0: command 0x0409 tx timeout [ 91.889833] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 91.891638] Bluetooth: hci4: command 0x0409 tx timeout [ 91.953909] Bluetooth: hci3: command 0x0409 tx timeout [ 92.082774] Bluetooth: hci6: command 0x0409 tx timeout [ 92.083461] Bluetooth: hci7: command 0x0409 tx timeout [ 93.873832] Bluetooth: hci1: command 0x041b tx timeout [ 93.874257] Bluetooth: hci2: command 0x041b tx timeout [ 93.875365] Bluetooth: hci0: command 0x041b tx timeout [ 93.938721] Bluetooth: hci4: command 0x041b tx timeout [ 94.002809] Bluetooth: hci3: command 0x041b tx timeout [ 94.130784] Bluetooth: hci7: command 0x041b tx timeout [ 94.131179] Bluetooth: hci6: command 0x041b tx timeout [ 94.581069] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 94.582834] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 94.583582] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 94.586470] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 94.587469] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 94.589606] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 95.922805] Bluetooth: hci0: command 0x040f tx timeout [ 95.922850] Bluetooth: hci2: command 0x040f tx timeout [ 95.923227] Bluetooth: hci1: command 0x040f tx timeout [ 95.986820] Bluetooth: hci4: command 0x040f tx timeout [ 96.050717] Bluetooth: hci3: command 0x040f tx timeout [ 96.178805] Bluetooth: hci6: command 0x040f tx timeout [ 96.179234] Bluetooth: hci7: command 0x040f tx timeout [ 96.626761] Bluetooth: hci5: command 0x0409 tx timeout [ 97.969810] Bluetooth: hci2: command 0x0419 tx timeout [ 97.970565] Bluetooth: hci0: command 0x0419 tx timeout [ 97.971884] Bluetooth: hci1: command 0x0419 tx timeout [ 98.033796] Bluetooth: hci4: command 0x0419 tx timeout [ 98.097767] Bluetooth: hci3: command 0x0419 tx timeout [ 98.225788] Bluetooth: hci7: command 0x0419 tx timeout [ 98.226507] Bluetooth: hci6: command 0x0419 tx timeout [ 98.673834] Bluetooth: hci5: command 0x041b tx timeout [ 100.722733] Bluetooth: hci5: command 0x040f tx timeout [ 102.769816] Bluetooth: hci5: command 0x0419 tx timeout [ 141.349648] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 141.350274] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 141.351707] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 141.530077] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 141.530746] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 141.532263] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 143.118373] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 143.119037] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 143.120517] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 143.293551] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 143.294885] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 143.297726] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready 10:50:16 executing program 4: r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000100)={'fscrypt:', @desc3}, &(0x7f0000000080)={0x0, "be52c58e23fffc8e3137f5652f08ad0fbc860ffdef5764ecc2babdf4532bd3481826cf6eef3eda8fb88f66cf58d882bd67f6b5830b6a36cb74fe0fd62f8aea60"}, 0x48, 0xfffffffffffffffd) keyctl$invalidate(0x15, r0) keyctl$invalidate(0x15, r0) [ 143.451690] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 143.452322] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 143.453804] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 143.525518] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 143.526170] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 143.527556] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 10:50:16 executing program 4: r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000100)={'fscrypt:', @desc3}, &(0x7f0000000080)={0x0, "be52c58e23fffc8e3137f5652f08ad0fbc860ffdef5764ecc2babdf4532bd3481826cf6eef3eda8fb88f66cf58d882bd67f6b5830b6a36cb74fe0fd62f8aea60"}, 0x48, 0xfffffffffffffffd) keyctl$invalidate(0x15, r0) keyctl$invalidate(0x15, r0) 10:50:16 executing program 4: r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000100)={'fscrypt:', @desc3}, &(0x7f0000000080)={0x0, "be52c58e23fffc8e3137f5652f08ad0fbc860ffdef5764ecc2babdf4532bd3481826cf6eef3eda8fb88f66cf58d882bd67f6b5830b6a36cb74fe0fd62f8aea60"}, 0x48, 0xfffffffffffffffd) keyctl$invalidate(0x15, r0) keyctl$invalidate(0x15, r0) 10:50:16 executing program 4: r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000100)={'fscrypt:', @desc3}, &(0x7f0000000080)={0x0, "be52c58e23fffc8e3137f5652f08ad0fbc860ffdef5764ecc2babdf4532bd3481826cf6eef3eda8fb88f66cf58d882bd67f6b5830b6a36cb74fe0fd62f8aea60"}, 0x48, 0xfffffffffffffffd) keyctl$invalidate(0x15, r0) keyctl$invalidate(0x15, r0) 10:50:16 executing program 4: r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000100)={'fscrypt:', @desc3}, &(0x7f0000000080)={0x0, "be52c58e23fffc8e3137f5652f08ad0fbc860ffdef5764ecc2babdf4532bd3481826cf6eef3eda8fb88f66cf58d882bd67f6b5830b6a36cb74fe0fd62f8aea60"}, 0x48, 0xfffffffffffffffd) keyctl$invalidate(0x15, r0) keyctl$invalidate(0x15, r0) 10:50:16 executing program 4: r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000100)={'fscrypt:', @desc3}, &(0x7f0000000080)={0x0, "be52c58e23fffc8e3137f5652f08ad0fbc860ffdef5764ecc2babdf4532bd3481826cf6eef3eda8fb88f66cf58d882bd67f6b5830b6a36cb74fe0fd62f8aea60"}, 0x48, 0xfffffffffffffffd) keyctl$invalidate(0x15, r0) keyctl$invalidate(0x15, r0) 10:50:17 executing program 4: r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000100)={'fscrypt:', @desc3}, &(0x7f0000000080)={0x0, "be52c58e23fffc8e3137f5652f08ad0fbc860ffdef5764ecc2babdf4532bd3481826cf6eef3eda8fb88f66cf58d882bd67f6b5830b6a36cb74fe0fd62f8aea60"}, 0x48, 0xfffffffffffffffd) keyctl$invalidate(0x15, r0) keyctl$invalidate(0x15, r0) [ 144.493383] audit: type=1400 audit(1669805417.149:8): avc: denied { open } for pid=4372 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 144.494732] audit: type=1400 audit(1669805417.149:9): avc: denied { kernel } for pid=4372 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 10:50:17 executing program 4: r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000100)={'fscrypt:', @desc3}, &(0x7f0000000080)={0x0, "be52c58e23fffc8e3137f5652f08ad0fbc860ffdef5764ecc2babdf4532bd3481826cf6eef3eda8fb88f66cf58d882bd67f6b5830b6a36cb74fe0fd62f8aea60"}, 0x48, 0xfffffffffffffffd) keyctl$invalidate(0x15, r0) keyctl$invalidate(0x15, r0) [ 145.266968] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 145.267590] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 145.269507] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 145.354257] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 145.354924] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 145.356609] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 145.650210] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 145.651056] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 145.652456] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 145.708366] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 145.709003] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 145.710626] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 145.822317] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 145.822970] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 145.824308] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 145.914440] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 145.915449] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 145.916754] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 146.158130] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 146.158987] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 146.160415] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 146.232306] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 146.233190] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 146.234617] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 146.253361] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 146.254079] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 146.255788] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 146.327329] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 146.328589] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 146.330213] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 146.341432] sg_write: data in/out 917468/251 bytes for SCSI command 0x0-- guessing data in; [ 146.341432] program syz-executor.7 not setting count and/or reply_len properly [ 146.351929] ------------[ cut here ]------------ [ 146.352503] WARNING: CPU: 1 PID: 4481 at lib/iov_iter.c:629 _copy_from_iter+0x2f1/0x1130 [ 146.353342] Modules linked in: [ 146.353840] CPU: 1 PID: 4481 Comm: syz-executor.7 Not tainted 6.1.0-rc7-next-20221130 #1 [ 146.354570] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 146.358920] RIP: 0010:_copy_from_iter+0x2f1/0x1130 [ 146.359443] Code: 37 ff 44 89 f3 e9 2f ff ff ff e8 4a 2f 37 ff be 79 02 00 00 48 c7 c7 80 b9 9e 84 e8 29 97 5a ff e9 13 fe ff ff e8 2f 2f 37 ff <0f> 0b 45 31 f6 e9 77 ff ff ff e8 20 2f 37 ff 31 ff 89 ee e8 e7 2a [ 146.360832] RSP: 0018:ffff88803bb475e8 EFLAGS: 00010216 [ 146.361480] RAX: 00000000000067ca RBX: 0000000000000000 RCX: ffffc900007e3000 [ 146.362212] RDX: 0000000000040000 RSI: ffffffff8211e9c1 RDI: 0000000000000001 [ 146.362892] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 146.363560] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000001000 [ 146.364262] R13: ffffea0000eedc00 R14: 0000000000001000 R15: ffff88803bb47818 [ 146.364969] FS: 00007ff45cba3700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 146.366534] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 146.368893] CR2: 00005583bf1b2080 CR3: 0000000022ffa000 CR4: 0000000000350ee0 [ 146.371675] Call Trace: [ 146.373612] [ 146.374012] ? lockdep_hardirqs_on+0x7d/0x100 [ 146.374560] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 146.375182] ? __pfx__copy_from_iter+0x10/0x10 [ 146.375733] ? page_copy_sane+0x1f/0x390 [ 146.376202] ? page_copy_sane+0x1f/0x390 [ 146.376701] ? page_copy_sane+0xd3/0x390 [ 146.377263] copy_page_from_iter+0xe3/0x180 [ 146.377812] blk_rq_map_user_iov+0xb0c/0x1650 [ 146.378472] ? __pfx_blk_rq_map_user_iov+0x10/0x10 [ 146.379102] ? import_single_range+0x26/0x400 [ 146.379632] ? import_single_range+0x47/0x400 [ 146.380210] ? import_single_range+0x333/0x400 [ 146.380823] blk_rq_map_user_io+0x1ee/0x220 [ 146.381283] ? __pfx_blk_rq_map_user_io+0x10/0x10 [ 146.381880] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 146.382473] ? sg_build_indirect.isra.0+0x3b2/0x640 [ 146.383142] sg_common_write.constprop.0+0xd84/0x15e0 [ 146.383873] ? __pfx_sg_common_write.constprop.0+0x10/0x10 [ 146.384490] ? _raw_spin_unlock_irqrestore+0x37/0x60 [ 146.385120] sg_write.part.0+0x706/0xb20 [ 146.385612] ? __pfx_sg_write.part.0+0x10/0x10 [ 146.386212] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 146.386970] ? lock_is_held_type+0xdb/0x130 [ 146.387543] ? inode_security+0x105/0x140 [ 146.388072] ? avc_policy_seqno+0xd/0x70 [ 146.388553] ? selinux_file_permission+0x3a/0x510 [ 146.389170] sg_write+0x88/0xe0 [ 146.389663] vfs_write+0x358/0xe40 [ 146.390122] ? __pfx_sg_write+0x10/0x10 [ 146.390563] ? __pfx_vfs_write+0x10/0x10 [ 146.391122] ? __fget_files+0x270/0x450 [ 146.391710] ? __fget_light+0xe5/0x280 [ 146.392220] ksys_write+0x12b/0x260 [ 146.392732] ? __pfx_ksys_write+0x10/0x10 [ 146.393222] ? syscall_enter_from_user_mode+0x21/0x50 [ 146.393753] ? syscall_enter_from_user_mode+0x21/0x50 [ 146.394322] do_syscall_64+0x3f/0x90 [ 146.394763] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 146.395283] RIP: 0033:0x7ff45f62db19 [ 146.395750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 146.397212] RSP: 002b:00007ff45cba3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 146.398012] RAX: ffffffffffffffda RBX: 00007ff45f740f60 RCX: 00007ff45f62db19 [ 146.398710] RDX: 0000000000000125 RSI: 00000000200003c0 RDI: 0000000000000005 [ 146.399370] RBP: 00007ff45f687f6d R08: 0000000000000000 R09: 0000000000000000 [ 146.400062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 146.400742] R13: 00007ffc8ac4a99f R14: 00007ff45cba3300 R15: 0000000000022000 [ 146.401603] [ 146.401983] irq event stamp: 7021 [ 146.402400] hardirqs last enabled at (7067): [] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 146.403282] hardirqs last disabled at (7112): [] sysvec_apic_timer_interrupt+0xf/0xc0 [ 146.404112] softirqs last enabled at (2342): [] __irq_exit_rcu+0x11b/0x180 [ 146.404882] softirqs last disabled at (2095): [] __irq_exit_rcu+0x11b/0x180 [ 146.405722] ---[ end trace 0000000000000000 ]--- [ 146.448480] audit: type=1400 audit(1669805419.104:10): avc: denied { read } for pid=4479 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 146.463628] sg_write: data in/out 917468/251 bytes for SCSI command 0x0-- guessing data in; [ 146.463628] program syz-executor.7 not setting count and/or reply_len properly [ 146.476085] hrtimer: interrupt took 13075 ns [ 147.323604] Bluetooth: hci0: Opcode 0x c03 failed: -4 [ 147.333964] Bluetooth: hci0: Opcode 0x c03 failed: -4 10:50:20 executing program 6: socket$packet(0x11, 0xa, 0x300) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$inet(r0, &(0x7f0000000780)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000300)="6fb9", 0xffeb}], 0x1, &(0x7f0000000700)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @remote, @broadcast}}}], 0x20}, 0x0) 10:50:20 executing program 4: r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000100)={'fscrypt:', @desc3}, &(0x7f0000000080)={0x0, "be52c58e23fffc8e3137f5652f08ad0fbc860ffdef5764ecc2babdf4532bd3481826cf6eef3eda8fb88f66cf58d882bd67f6b5830b6a36cb74fe0fd62f8aea60"}, 0x48, 0xfffffffffffffffd) keyctl$invalidate(0x15, r0) keyctl$invalidate(0x15, r0) 10:50:20 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x2) write$binfmt_aout(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200050000000e"], 0x125) close_range(r1, 0xffffffffffffffff, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) readv(r0, &(0x7f0000000140)=[{&(0x7f0000000400)=""/85, 0x55}, {&(0x7f0000000480)=""/250, 0xfa}, {&(0x7f0000000580)=""/127, 0x7f}], 0x3) r2 = io_uring_setup(0x62db, &(0x7f0000001040)) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000001140)=[{&(0x7f00000010c0)=""/69, 0x45}], 0x1) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000001140)=[{&(0x7f00000010c0)=""/69, 0x45}], 0x1) close_range(r2, 0xffffffffffffffff, 0x2) 10:50:20 executing program 5: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TIOCSWINSZ(r0, 0x5423, &(0x7f0000000000)={0x800}) 10:50:20 executing program 2: socket(0xa, 0x1, 0x6) 10:50:20 executing program 3: syz_mount_image$tmpfs(&(0x7f00000006c0), &(0x7f0000000700)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80)) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r0, 0x0) lchown(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) 10:50:20 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) inotify_add_watch(0xffffffffffffffff, 0x0, 0x0) 10:50:20 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') preadv(r1, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) write$bt_hci(r1, &(0x7f0000000000)={0x1, @io_capability_reply={{0x42b, 0x9}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x5b, 0x80, 0x4}}}, 0xd) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 10:50:20 executing program 2: socket(0xa, 0x1, 0x6) 10:50:20 executing program 3: syz_mount_image$tmpfs(&(0x7f00000006c0), &(0x7f0000000700)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80)) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r0, 0x0) lchown(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) 10:50:20 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) inotify_add_watch(0xffffffffffffffff, 0x0, 0x0) 10:50:20 executing program 5: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TIOCSWINSZ(r0, 0x5423, &(0x7f0000000000)={0x800}) 10:50:20 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') preadv(r1, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) write$bt_hci(r1, &(0x7f0000000000)={0x1, @io_capability_reply={{0x42b, 0x9}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x5b, 0x80, 0x4}}}, 0xd) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 148.366948] Bluetooth: hci0: Opcode 0x c03 failed: -4 [ 148.765743] Bluetooth: hci0: Opcode 0x c03 failed: -4 10:50:21 executing program 6: socket$packet(0x11, 0xa, 0x300) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$inet(r0, &(0x7f0000000780)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000300)="6fb9", 0xffeb}], 0x1, &(0x7f0000000700)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @remote, @broadcast}}}], 0x20}, 0x0) 10:50:21 executing program 2: socket(0xa, 0x1, 0x6) 10:50:21 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) inotify_add_watch(0xffffffffffffffff, 0x0, 0x0) 10:50:21 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') preadv(r1, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) write$bt_hci(r1, &(0x7f0000000000)={0x1, @io_capability_reply={{0x42b, 0x9}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x5b, 0x80, 0x4}}}, 0xd) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 10:50:21 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') preadv(r1, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) write$bt_hci(r1, &(0x7f0000000000)={0x1, @io_capability_reply={{0x42b, 0x9}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x5b, 0x80, 0x4}}}, 0xd) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 10:50:21 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x2) write$binfmt_aout(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200050000000e"], 0x125) close_range(r1, 0xffffffffffffffff, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) readv(r0, &(0x7f0000000140)=[{&(0x7f0000000400)=""/85, 0x55}, {&(0x7f0000000480)=""/250, 0xfa}, {&(0x7f0000000580)=""/127, 0x7f}], 0x3) r2 = io_uring_setup(0x62db, &(0x7f0000001040)) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000001140)=[{&(0x7f00000010c0)=""/69, 0x45}], 0x1) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000001140)=[{&(0x7f00000010c0)=""/69, 0x45}], 0x1) close_range(r2, 0xffffffffffffffff, 0x2) 10:50:21 executing program 5: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$TIOCSWINSZ(r0, 0x5423, &(0x7f0000000000)={0x800}) 10:50:21 executing program 3: syz_mount_image$tmpfs(&(0x7f00000006c0), &(0x7f0000000700)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80)) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r0, 0x0) lchown(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) [ 149.255410] sg_write: data in/out 917468/251 bytes for SCSI command 0x0-- guessing data in; [ 149.255410] program syz-executor.7 not setting count and/or reply_len properly 10:50:21 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') preadv(r1, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) write$bt_hci(r1, &(0x7f0000000000)={0x1, @io_capability_reply={{0x42b, 0x9}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x5b, 0x80, 0x4}}}, 0xd) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 10:50:21 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') preadv(r1, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) write$bt_hci(r1, &(0x7f0000000000)={0x1, @io_capability_reply={{0x42b, 0x9}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x5b, 0x80, 0x4}}}, 0xd) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 10:50:22 executing program 0: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') preadv(r1, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) write$bt_hci(r1, &(0x7f0000000000)={0x1, @io_capability_reply={{0x42b, 0x9}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x5b, 0x80, 0x4}}}, 0xd) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 10:50:22 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') preadv(r1, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) write$bt_hci(r1, &(0x7f0000000000)={0x1, @io_capability_reply={{0x42b, 0x9}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x5b, 0x80, 0x4}}}, 0xd) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 10:50:22 executing program 6: socket$packet(0x11, 0xa, 0x300) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$inet(r0, &(0x7f0000000780)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000300)="6fb9", 0xffeb}], 0x1, &(0x7f0000000700)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @remote, @broadcast}}}], 0x20}, 0x0) 10:50:22 executing program 6: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') preadv(r1, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) write$bt_hci(r1, &(0x7f0000000000)={0x1, @io_capability_reply={{0x42b, 0x9}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x5b, 0x80, 0x4}}}, 0xd) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 10:50:22 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x2) write$binfmt_aout(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200050000000e"], 0x125) close_range(r1, 0xffffffffffffffff, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) readv(r0, &(0x7f0000000140)=[{&(0x7f0000000400)=""/85, 0x55}, {&(0x7f0000000480)=""/250, 0xfa}, {&(0x7f0000000580)=""/127, 0x7f}], 0x3) r2 = io_uring_setup(0x62db, &(0x7f0000001040)) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000001140)=[{&(0x7f00000010c0)=""/69, 0x45}], 0x1) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000001140)=[{&(0x7f00000010c0)=""/69, 0x45}], 0x1) close_range(r2, 0xffffffffffffffff, 0x2) [ 149.664120] sg_write: data in/out 917468/251 bytes for SCSI command 0x0-- guessing data in; [ 149.664120] program syz-executor.7 not setting count and/or reply_len properly [ 150.176654] Bluetooth: hci0: Opcode 0x c03 failed: -4 [ 150.210635] Bluetooth: hci0: Opcode 0x c03 failed: -4 [ 150.221821] Bluetooth: hci0: Opcode 0x c03 failed: -4 [ 150.230010] Bluetooth: hci0: Opcode 0x c03 failed: -4 [ 150.268002] Bluetooth: hci0: Opcode 0x c03 failed: -4 [ 150.276238] Bluetooth: hci0: Opcode 0x c03 failed: -4 [ 150.459978] Bluetooth: hci0: Opcode 0x c03 failed: -4 10:50:23 executing program 7: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') preadv(r1, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) write$bt_hci(r1, &(0x7f0000000000)={0x1, @io_capability_reply={{0x42b, 0x9}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x5b, 0x80, 0x4}}}, 0xd) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 10:50:24 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') preadv(r1, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) write$bt_hci(r1, &(0x7f0000000000)={0x1, @io_capability_reply={{0x42b, 0x9}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x5b, 0x80, 0x4}}}, 0xd) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 10:50:24 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') preadv(r1, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) write$bt_hci(r1, &(0x7f0000000000)={0x1, @io_capability_reply={{0x42b, 0x9}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x5b, 0x80, 0x4}}}, 0xd) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 10:50:24 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') preadv(r1, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) write$bt_hci(r1, &(0x7f0000000000)={0x1, @io_capability_reply={{0x42b, 0x9}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x5b, 0x80, 0x4}}}, 0xd) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 10:50:24 executing program 0: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') preadv(r1, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) write$bt_hci(r1, &(0x7f0000000000)={0x1, @io_capability_reply={{0x42b, 0x9}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x5b, 0x80, 0x4}}}, 0xd) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 10:50:24 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') preadv(r1, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) write$bt_hci(r1, &(0x7f0000000000)={0x1, @io_capability_reply={{0x42b, 0x9}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x5b, 0x80, 0x4}}}, 0xd) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 10:50:24 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') preadv(r1, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) write$bt_hci(r1, &(0x7f0000000000)={0x1, @io_capability_reply={{0x42b, 0x9}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x5b, 0x80, 0x4}}}, 0xd) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 10:50:24 executing program 7: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') preadv(r1, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) write$bt_hci(r1, &(0x7f0000000000)={0x1, @io_capability_reply={{0x42b, 0x9}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x5b, 0x80, 0x4}}}, 0xd) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 10:50:24 executing program 6: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') preadv(r1, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) write$bt_hci(r1, &(0x7f0000000000)={0x1, @io_capability_reply={{0x42b, 0x9}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x5b, 0x80, 0x4}}}, 0xd) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 152.525644] Bluetooth: hci0: Opcode 0x c03 failed: -4 [ 152.539624] Bluetooth: hci0: Opcode 0x c03 failed: -4 [ 152.551481] Bluetooth: hci0: Opcode 0x c03 failed: -4 [ 152.568413] Bluetooth: hci0: Opcode 0x c03 failed: -4 [ 152.582243] Bluetooth: hci0: Opcode 0x c03 failed: -4 [ 152.597245] Bluetooth: hci0: Opcode 0x c03 failed: -4 [ 152.611745] Bluetooth: hci0: Opcode 0x c03 failed: -4 [ 152.618806] Bluetooth: hci0: Opcode 0x c03 failed: -4 10:50:26 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') preadv(r1, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) write$bt_hci(r1, &(0x7f0000000000)={0x1, @io_capability_reply={{0x42b, 0x9}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x5b, 0x80, 0x4}}}, 0xd) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 10:50:26 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') preadv(r1, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) write$bt_hci(r1, &(0x7f0000000000)={0x1, @io_capability_reply={{0x42b, 0x9}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x5b, 0x80, 0x4}}}, 0xd) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 10:50:26 executing program 0: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') preadv(r1, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) write$bt_hci(r1, &(0x7f0000000000)={0x1, @io_capability_reply={{0x42b, 0x9}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x5b, 0x80, 0x4}}}, 0xd) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 10:50:26 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') preadv(r1, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) write$bt_hci(r1, &(0x7f0000000000)={0x1, @io_capability_reply={{0x42b, 0x9}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x5b, 0x80, 0x4}}}, 0xd) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 10:50:26 executing program 4: syz_mount_image$tmpfs(&(0x7f00000006c0), &(0x7f0000000700)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80)) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r0, 0x0) lchown(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) 10:50:26 executing program 6: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') preadv(r1, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) write$bt_hci(r1, &(0x7f0000000000)={0x1, @io_capability_reply={{0x42b, 0x9}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x5b, 0x80, 0x4}}}, 0xd) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 10:50:26 executing program 7: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') preadv(r1, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x0, 0x0) write$bt_hci(r1, &(0x7f0000000000)={0x1, @io_capability_reply={{0x42b, 0x9}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x5b, 0x80, 0x4}}}, 0xd) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 10:50:26 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) inotify_add_watch(0xffffffffffffffff, 0x0, 0x0) 10:50:26 executing program 4: syz_mount_image$tmpfs(&(0x7f00000006c0), &(0x7f0000000700)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80)) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r0, 0x0) lchown(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) 10:50:26 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) inotify_add_watch(0xffffffffffffffff, 0x0, 0x0) 10:50:26 executing program 4: syz_mount_image$tmpfs(&(0x7f00000006c0), &(0x7f0000000700)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80)) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r0, 0x0) lchown(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) 10:50:26 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) inotify_add_watch(0xffffffffffffffff, 0x0, 0x0) 10:50:26 executing program 4: syz_mount_image$tmpfs(&(0x7f00000006c0), &(0x7f0000000700)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80)) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r0, 0x0) lchown(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) [ 154.585957] Bluetooth: hci0: Opcode 0x c03 failed: -4 [ 154.603557] Bluetooth: hci0: Opcode 0x c03 failed: -4 [ 154.612802] Bluetooth: hci0: Opcode 0x c03 failed: -4 [ 154.665891] Bluetooth: hci0: Opcode 0x c03 failed: -4 [ 154.705229] Bluetooth: hci0: Opcode 0x c03 failed: -4 [ 154.712589] Bluetooth: hci0: Opcode 0x c03 failed: -4 VM DIAGNOSIS: 10:50:19 Registers: info registers vcpu 0 RAX=0000000000000007 RBX=4145593095bf426b RCX=0000000000001f97 RDX=0000000000000000 RSI=0000000000000008 RDI=0000000000000001 RBP=ffffffff875ee458 RSP=ffff88800fe476d0 R8 =0000000000000000 R9 =ffffffff8762a8af R10=fffffbfff0ec5515 R11=0000000000000001 R12=ffff88800e5e1ac0 R13=ffff88800e5e2420 R14=dffffc0000000000 R15=0000000000000001 RIP=ffffffff812bba7e RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f0c859df900 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe6355ed3000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe6355ed1000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f0c84e6d070 CR3=000000000dce6000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ffffffffffffffffffffffffffffffff XMM01=30306234386136303638616663356134 XMM02=38303062343861363036386166633561 XMM03=2f6c616e72756f6a2f676f6c2f6e7572 XMM04=b4af6df0042e8b8600000000001409b0 XMM05=d3fdd5f48436fbd700000000000aead0 XMM06=7fb0a692323ddc5a00000000000ae988 XMM07=00000000000000000000000000000000 XMM08=44495f474f4c5359530069253d595449 XMM09=00000000000000000000000000000000 XMM10=00000000000000000020000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff82483d55 RDI=ffffffff87fb1ae0 RBP=ffffffff87fb1aa0 RSP=ffff88803bb46f48 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000030 R11=0000000000000001 R12=0000000000000030 R13=ffffffff87fb1aa0 R14=0000000000000010 R15=ffffffff82483d40 RIP=ffffffff82483dad RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007ff45cba3700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe1831545000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe1831543000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00005583bf1b2080 CR3=0000000022ffa000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff XMM02=00524f52524500400000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000