Warning: Permanently added '[localhost]:25985' (ECDSA) to the list of known hosts.
2022/08/06 01:53:20 fuzzer started
2022/08/06 01:53:21 dialing manager at localhost:33251
2022/08/06 01:53:21 checking machine...
2022/08/06 01:53:21 checking revisions...
syzkaller login: [ 36.417975] kmemleak: Automatic memory scanning thread ended
2022/08/06 01:53:21 testing simple program...
[ 36.494979] cgroup: Unknown subsys name 'net'
[ 36.622724] cgroup: Unknown subsys name 'rlimit'
executing program
executing program
executing program
executing program
executing program
[ 51.510351] audit: type=1400 audit(1659750816.412:6): avc: denied { execmem } for pid=284 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[ 52.629120] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 52.631131] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 52.633317] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 52.637119] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 52.639055] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 52.640572] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
executing program
[ 54.703686] Bluetooth: hci0: command 0x0409 tx timeout
[ 56.752554] Bluetooth: hci0: command 0x041b tx timeout
executing program
[ 58.799098] Bluetooth: hci0: command 0x040f tx timeout
executing program
[ 60.847010] Bluetooth: hci0: command 0x0419 tx timeout
[ 61.469207] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 61.470477] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 61.475883] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 61.509666] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 61.510735] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 61.512782] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
2022/08/06 01:53:46 building call list...
[ 61.864263] ------------[ cut here ]------------
[ 61.865116] WARNING: CPU: 0 PID: 285 at kernel/workqueue.c:3066 __flush_work+0xaaa/0xd20
[ 61.866286] Modules linked in:
[ 61.866737] CPU: 0 PID: 285 Comm: syz-executor.0 Not tainted 5.19.0-next-20220805 #1
[ 61.867852] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[ 61.869991] RIP: 0010:__flush_work+0xaaa/0xd20
[ 61.870985] Code: 00 48 c7 c6 af 73 1c 81 48 c7 c7 60 52 40 85 e8 5c 78 0d 00 e9 11 fc ff ff e8 62 3c 29 00 0f 0b e9 05 fc ff ff e8 56 3c 29 00 <0f> 0b 45 31 ed e9 f6 fb ff ff e8 47 3c 29 00 4c 89 e7 e8 7f d5 03
[ 61.873693] RSP: 0018:ffff88800f5276e8 EFLAGS: 00010293
[ 61.874477] RAX: 0000000000000000 RBX: ffff8880185bc988 RCX: 0000000000000000
[ 61.875499] RDX: ffff88800ff23600 RSI: ffffffff811c73ea RDI: 0000000000000001
[ 61.876513] RBP: ffff88800f527890 R08: 0000000000000001 R09: 0000000000000000
[ 61.877544] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8880185bc988
[ 61.878559] R13: 0000000000000001 R14: ffff8880185bc9a0 R15: ffff88800ff23600
[ 61.879573] FS: 0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
[ 61.880722] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 61.881580] CR2: 000056261a9b93a8 CR3: 000000001d9e2000 CR4: 0000000000350ef0
[ 61.882613] Call Trace:
[ 61.883019]
[ 61.883354] ? lock_chain_count+0x20/0x20
[ 61.884000] ? queue_delayed_work_on+0xd0/0xd0
[ 61.884669] ? lock_release+0x3b2/0x750
[ 61.885300] ? mark_held_locks+0x9e/0xe0
[ 61.885939] ? del_timer+0xb6/0x100
[ 61.886486] ? mark_held_locks+0x9e/0xe0
[ 61.887110] ? __cancel_work_timer+0x30f/0x4e0
[ 61.887781] __cancel_work_timer+0x39c/0x4e0
[ 61.888457] ? cancel_delayed_work+0x20/0x20
[ 61.889144] ? mgmt_send_event_skb+0x2ed/0x460
[ 61.889816] ? mgmt_send_event+0x13c/0x180
[ 61.890466] mgmt_index_removed+0x187/0x2f0
[ 61.891118] ? mgmt_index_added+0x290/0x290
[ 61.891734] ? hci_dev_open_sync+0x1fa0/0x1fa0
[ 61.892437] ? blocking_notifier_chain_unregister+0xef/0x290
[ 61.893308] hci_unregister_dev+0x2e2/0x380
[ 61.893986] vhci_release+0x7c/0xf0
[ 61.894528] __fput+0x272/0x9d0
[ 61.895059] ? vhci_close_dev+0x50/0x50
[ 61.895652] task_work_run+0xe2/0x1a0
[ 61.896245] do_exit+0xc31/0x2940
[ 61.896759] ? lock_release+0x3b2/0x750
[ 61.897379] ? get_signal+0x93f/0x24b0
[ 61.897989] ? mm_update_next_owner+0x7d0/0x7d0
[ 61.898665] ? lock_is_held_type+0xd7/0x130
[ 61.899338] do_group_exit+0xd0/0x2a0
[ 61.899883] get_signal+0x2205/0x24b0
[ 61.900714] ? pipe_ioctl+0x260/0x260
[ 61.901717] ? exit_signals+0x8b0/0x8b0
[ 61.902400] ? security_file_permission+0xb1/0xe0
[ 61.903147] arch_do_signal_or_restart+0x89/0x1be0
[ 61.903850] ? vfs_read+0x2b4/0x930
[ 61.904425] ? kernel_read+0x1c0/0x1c0
[ 61.905026] ? lockdep_hardirqs_on+0x79/0x100
[ 61.905698] ? get_sigframe_size+0x10/0x10
[ 61.906404] ? exit_to_user_mode_prepare+0x109/0x1a0
[ 61.907178] exit_to_user_mode_prepare+0x131/0x1a0
[ 61.907890] syscall_exit_to_user_mode+0x19/0x40
[ 61.908607] do_syscall_64+0x48/0x90
[ 61.909188] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.909977] RIP: 0033:0x7fe779f7f69c
[ 61.910500] Code: Unable to access opcode bytes at RIP 0x7fe779f7f672.
[ 61.911429] RSP: 002b:00007ffe8f2b4a30 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 61.912526] RAX: fffffffffffffe00 RBX: 00007ffe8f2b4ae0 RCX: 00007fe779f7f69c
[ 61.913578] RDX: 0000000000000040 RSI: 00007fe77a0dc020 RDI: 00000000000000f9
[ 61.914606] RBP: 0000000000000003 R08: 0000000000000000 R09: fefefefeff646b66
[ 61.915633] R10: 0000000000000010 R11: 0000000000000246 R12: 0000000000000032
[ 61.916653] R13: 0000000000000000 R14: 0000000000000003 R15: 00007ffe8f2b4b20
[ 61.917718]
[ 61.918094] irq event stamp: 143143
[ 61.918600] hardirqs last enabled at (143153): [] __up_console_sem+0x78/0x80
[ 61.919841] hardirqs last disabled at (143164): [] __up_console_sem+0x5d/0x80
[ 61.921091] softirqs last enabled at (142900): [] __irq_exit_rcu+0x11b/0x180
[ 61.922347] softirqs last disabled at (142879): [] __irq_exit_rcu+0x11b/0x180
[ 61.923588] ---[ end trace 0000000000000000 ]---
[ 61.924296] ------------[ cut here ]------------
[ 61.924992] WARNING: CPU: 0 PID: 285 at kernel/workqueue.c:3066 __flush_work+0xaaa/0xd20
[ 61.926178] Modules linked in:
[ 61.926632] CPU: 0 PID: 285 Comm: syz-executor.0 Tainted: G W 5.19.0-next-20220805 #1
[ 61.927943] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[ 61.929540] RIP: 0010:__flush_work+0xaaa/0xd20
[ 61.930257] Code: 00 48 c7 c6 af 73 1c 81 48 c7 c7 60 52 40 85 e8 5c 78 0d 00 e9 11 fc ff ff e8 62 3c 29 00 0f 0b e9 05 fc ff ff e8 56 3c 29 00 <0f> 0b 45 31 ed e9 f6 fb ff ff e8 47 3c 29 00 4c 89 e7 e8 7f d5 03
[ 61.932812] RSP: 0018:ffff88800f5276e8 EFLAGS: 00010293
[ 61.933614] RAX: 0000000000000000 RBX: ffff8880185bca30 RCX: 0000000000000000
[ 61.934652] RDX: ffff88800ff23600 RSI: ffffffff811c73ea RDI: 0000000000000001
[ 61.935683] RBP: ffff88800f527890 R08: 0000000000000001 R09: 0000000000000000
[ 61.936702] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8880185bca30
[ 61.937747] R13: 0000000000000001 R14: ffff8880185bca48 R15: ffff88800ff23600
[ 61.938779] FS: 0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
[ 61.939952] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 61.940763] CR2: 000056261a9b93a8 CR3: 000000001d9e2000 CR4: 0000000000350ef0
[ 61.941790] Call Trace:
[ 61.942203]
[ 61.942542] ? lock_chain_count+0x20/0x20
[ 61.943177] ? queue_delayed_work_on+0xd0/0xd0
[ 61.943849] ? lock_release+0x3b2/0x750
[ 61.944471] ? mark_held_locks+0x9e/0xe0
[ 61.945089] ? del_timer+0xb6/0x100
[ 61.945652] ? mark_held_locks+0x9e/0xe0
[ 61.946283] ? __cancel_work_timer+0x30f/0x4e0
[ 61.947001] __cancel_work_timer+0x39c/0x4e0
[ 61.947659] ? cancel_delayed_work+0x20/0x20
[ 61.948358] ? mgmt_send_event_skb+0x2ed/0x460
[ 61.949091] ? mgmt_send_event+0x13c/0x180
[ 61.949719] mgmt_index_removed+0x193/0x2f0
[ 61.950397] ? mgmt_index_added+0x290/0x290
[ 61.951054] ? hci_dev_open_sync+0x1fa0/0x1fa0
[ 61.951732] ? blocking_notifier_chain_unregister+0xef/0x290
[ 61.952605] hci_unregister_dev+0x2e2/0x380
[ 61.953269] vhci_release+0x7c/0xf0
[ 61.953825] __fput+0x272/0x9d0
[ 61.954363] ? vhci_close_dev+0x50/0x50
[ 61.955000] task_work_run+0xe2/0x1a0
[ 61.955555] do_exit+0xc31/0x2940
[ 61.956117] ? lock_release+0x3b2/0x750
[ 61.956695] ? get_signal+0x93f/0x24b0
[ 61.957294] ? mm_update_next_owner+0x7d0/0x7d0
[ 61.958001] ? lock_is_held_type+0xd7/0x130
[ 61.958635] do_group_exit+0xd0/0x2a0
[ 61.959228] get_signal+0x2205/0x24b0
[ 61.959804] ? pipe_ioctl+0x260/0x260
[ 61.960389] ? exit_signals+0x8b0/0x8b0
[ 61.960999] ? security_file_permission+0xb1/0xe0
[ 61.961698] arch_do_signal_or_restart+0x89/0x1be0
[ 61.962435] ? vfs_read+0x2b4/0x930
[ 61.963006] ? kernel_read+0x1c0/0x1c0
[ 61.963567] ? lockdep_hardirqs_on+0x79/0x100
[ 61.964259] ? get_sigframe_size+0x10/0x10
[ 61.964948] ? exit_to_user_mode_prepare+0x109/0x1a0
[ 61.965707] exit_to_user_mode_prepare+0x131/0x1a0
[ 61.966455] syscall_exit_to_user_mode+0x19/0x40
[ 61.967176] do_syscall_64+0x48/0x90
[ 61.967726] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.968502] RIP: 0033:0x7fe779f7f69c
[ 61.969062] Code: Unable to access opcode bytes at RIP 0x7fe779f7f672.
[ 61.970015] RSP: 002b:00007ffe8f2b4a30 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 61.971098] RAX: fffffffffffffe00 RBX: 00007ffe8f2b4ae0 RCX: 00007fe779f7f69c
[ 61.972123] RDX: 0000000000000040 RSI: 00007fe77a0dc020 RDI: 00000000000000f9
[ 61.973159] RBP: 0000000000000003 R08: 0000000000000000 R09: fefefefeff646b66
[ 61.974186] R10: 0000000000000010 R11: 0000000000000246 R12: 0000000000000032
[ 61.975208] R13: 0000000000000000 R14: 0000000000000003 R15: 00007ffe8f2b4b20
[ 61.976281]
[ 61.976622] irq event stamp: 144001
[ 61.977165] hardirqs last enabled at (144013): [] __up_console_sem+0x78/0x80
[ 61.978440] hardirqs last disabled at (144024): [] __up_console_sem+0x5d/0x80
[ 61.979718] softirqs last enabled at (142900): [] __irq_exit_rcu+0x11b/0x180
[ 61.980973] softirqs last disabled at (142879): [] __irq_exit_rcu+0x11b/0x180
[ 61.982227] ---[ end trace 0000000000000000 ]---
[ 61.982964] ------------[ cut here ]------------
[ 61.983617] WARNING: CPU: 0 PID: 285 at kernel/workqueue.c:3066 __flush_work+0xaaa/0xd20
[ 61.984793] Modules linked in:
[ 61.985285] CPU: 0 PID: 285 Comm: syz-executor.0 Tainted: G W 5.19.0-next-20220805 #1
[ 61.986602] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[ 61.988224] RIP: 0010:__flush_work+0xaaa/0xd20
[ 61.988951] Code: 00 48 c7 c6 af 73 1c 81 48 c7 c7 60 52 40 85 e8 5c 78 0d 00 e9 11 fc ff ff e8 62 3c 29 00 0f 0b e9 05 fc ff ff e8 56 3c 29 00 <0f> 0b 45 31 ed e9 f6 fb ff ff e8 47 3c 29 00 4c 89 e7 e8 7f d5 03
[ 61.991510] RSP: 0018:ffff88800f5276e8 EFLAGS: 00010293
[ 61.992304] RAX: 0000000000000000 RBX: ffff8880185bdb30 RCX: 0000000000000000
[ 61.993362] RDX: ffff88800ff23600 RSI: ffffffff811c73ea RDI: 0000000000000001
[ 61.994444] RBP: ffff88800f527890 R08: 0000000000000001 R09: 0000000000000000
[ 61.995497] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8880185bdb30
[ 61.996554] R13: 0000000000000001 R14: ffff8880185bdb48 R15: ffff88800ff23600
[ 61.997599] FS: 0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
[ 61.998745] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 61.999597] CR2: 000056261a9b93a8 CR3: 000000001d9e2000 CR4: 0000000000350ef0
[ 62.000638] Call Trace:
[ 62.001053]
[ 62.001388] ? lock_chain_count+0x20/0x20
[ 62.002062] ? queue_delayed_work_on+0xd0/0xd0
[ 62.002749] ? lock_release+0x3b2/0x750
[ 62.003378] ? mark_held_locks+0x9e/0xe0
[ 62.004021] ? del_timer+0xb6/0x100
[ 62.004563] ? mark_held_locks+0x9e/0xe0
[ 62.005193] ? __cancel_work_timer+0x30f/0x4e0
[ 62.005872] __cancel_work_timer+0x39c/0x4e0
[ 62.006573] ? cancel_delayed_work+0x20/0x20
[ 62.007283] ? mgmt_send_event_skb+0x2ed/0x460
[ 62.007991] ? mgmt_send_event+0x13c/0x180
[ 62.008631] mgmt_index_removed+0x19f/0x2f0
[ 62.009309] ? mgmt_index_added+0x290/0x290
[ 62.009989] ? hci_dev_open_sync+0x1fa0/0x1fa0
[ 62.010648] ? blocking_notifier_chain_unregister+0xef/0x290
[ 62.011525] hci_unregister_dev+0x2e2/0x380
[ 62.012187] vhci_release+0x7c/0xf0
[ 62.012721] __fput+0x272/0x9d0
[ 62.013249] ? vhci_close_dev+0x50/0x50
[ 62.013867] task_work_run+0xe2/0x1a0
[ 62.014467] do_exit+0xc31/0x2940
[ 62.015017] ? lock_release+0x3b2/0x750
[ 62.015592] ? get_signal+0x93f/0x24b0
[ 62.016192] ? mm_update_next_owner+0x7d0/0x7d0
[ 62.016866] ? lock_is_held_type+0xd7/0x130
[ 62.017553] do_group_exit+0xd0/0x2a0
[ 62.018156] get_signal+0x2205/0x24b0
[ 62.018722] ? pipe_ioctl+0x260/0x260
[ 62.019314] ? exit_signals+0x8b0/0x8b0
[ 62.019946] ? security_file_permission+0xb1/0xe0
[ 62.020645] arch_do_signal_or_restart+0x89/0x1be0
[ 62.021386] ? vfs_read+0x2b4/0x930
[ 62.022031] ? kernel_read+0x1c0/0x1c0
[ 62.022592] ? lockdep_hardirqs_on+0x79/0x100
[ 62.023280] ? get_sigframe_size+0x10/0x10
[ 62.023957] ? exit_to_user_mode_prepare+0x109/0x1a0
[ 62.024699] exit_to_user_mode_prepare+0x131/0x1a0
[ 62.025428] syscall_exit_to_user_mode+0x19/0x40
[ 62.026140] do_syscall_64+0x48/0x90
[ 62.026689] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 62.027461] RIP: 0033:0x7fe779f7f69c
[ 62.028017] Code: Unable to access opcode bytes at RIP 0x7fe779f7f672.
[ 62.028952] RSP: 002b:00007ffe8f2b4a30 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 62.030062] RAX: fffffffffffffe00 RBX: 00007ffe8f2b4ae0 RCX: 00007fe779f7f69c
[ 62.031084] RDX: 0000000000000040 RSI: 00007fe77a0dc020 RDI: 00000000000000f9
[ 62.032097] RBP: 0000000000000003 R08: 0000000000000000 R09: fefefefeff646b66
[ 62.033108] R10: 0000000000000010 R11: 0000000000000246 R12: 0000000000000032
[ 62.034141] R13: 0000000000000000 R14: 0000000000000003 R15: 00007ffe8f2b4b20
[ 62.035188]
[ 62.035532] irq event stamp: 144865
[ 62.036072] hardirqs last enabled at (144877): [] __up_console_sem+0x78/0x80
[ 62.037330] hardirqs last disabled at (144888): [] __up_console_sem+0x5d/0x80
[ 62.038593] softirqs last enabled at (142900): [] __irq_exit_rcu+0x11b/0x180
[ 62.039844] softirqs last disabled at (142879): [] __irq_exit_rcu+0x11b/0x180
[ 62.041094] ---[ end trace 0000000000000000 ]---
executing program
[ 64.006757] audit: type=1400 audit(1659750828.908:7): avc: denied { create } for pid=264 comm="syz-fuzzer" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1
2022/08/06 01:53:50 syscalls: 2217
2022/08/06 01:53:50 code coverage: enabled
2022/08/06 01:53:50 comparison tracing: enabled
2022/08/06 01:53:50 extra coverage: enabled
2022/08/06 01:53:50 setuid sandbox: enabled
2022/08/06 01:53:50 namespace sandbox: enabled
2022/08/06 01:53:50 Android sandbox: enabled
2022/08/06 01:53:50 fault injection: enabled
2022/08/06 01:53:50 leak checking: enabled
2022/08/06 01:53:50 net packet injection: enabled
2022/08/06 01:53:50 net device setup: enabled
2022/08/06 01:53:50 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2022/08/06 01:53:50 devlink PCI setup: PCI device 0000:00:10.0 is not available
2022/08/06 01:53:50 USB emulation: enabled
2022/08/06 01:53:50 hci packet injection: enabled
2022/08/06 01:53:50 wifi device emulation: enabled
2022/08/06 01:53:50 802.15.4 emulation: enabled
2022/08/06 01:53:50 fetching corpus: 0, signal 0/0 (executing program)
2022/08/06 01:53:50 fetching corpus: 0, signal 0/0 (executing program)
2022/08/06 01:53:52 starting 8 fuzzer processes
01:53:52 executing program 0:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3}, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000480)}}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0)
r1 = epoll_create(0x4)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000080), 0x109201, 0x0)
r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000200), 0x8, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000240)={0xa0002000})
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f00000008c0)={0x0, 0x8, 0x10001})
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TIOCSPTLCK(r4, 0x40045431, &(0x7f0000000040))
epoll_pwait2(0xffffffffffffffff, &(0x7f0000000100)=[{}, {}], 0x2, &(0x7f0000000140)={0x77359400}, &(0x7f0000000180), 0x8)
ioctl$TIOCGPTPEER(r4, 0x5441, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x6, 0x10, r2, 0x0)
getpid()
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f00000003c0)=0x0)
perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x5, 0x4, 0x7, 0x0, 0x0, 0x8, 0x40001, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x2, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x5, 0x2, @perf_bp={&(0x7f0000000000), 0x7}, 0x801, 0x4c28ce23, 0x2, 0x3, 0x80000001, 0x8, 0x57, 0x0, 0x7fffffff, 0x0, 0x3}, r5, 0xb, 0xffffffffffffffff, 0xd)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = memfd_create(&(0x7f00000001c0)='\x00', 0x4)
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r0, &(0x7f0000000300)={0xffffffffffffffff, r6, 0x6})
01:53:52 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
write$binfmt_script(r0, &(0x7f0000000140)=ANY=[@ANYBLOB='#! .o \n'], 0xb)
close(r0)
execveat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x0, 0x0, 0x0)
01:53:52 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000080)={0xffffffff, 0x0, 0x0, 0x0, 0x0, "042100"})
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040))
01:53:52 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
pwritev(r0, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1}], 0x1, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0xf, 0x11, r2, 0x0)
ioctl$FIBMAP(r1, 0x1, &(0x7f0000000040))
01:53:52 executing program 4:
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)
sendmsg$ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, 0x0, 0xc040)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)
sigaltstack(&(0x7f0000000000/0x3000)=nil, &(0x7f0000000880))
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(0xffffffffffffffff, 0x80083314, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a00)}, 0x800)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000ac0), 0x40, 0x0)
01:53:52 executing program 7:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000100)=[{0x6c}, {0x6}]})
syz_open_procfs(0x0, 0x0)
01:53:52 executing program 5:
r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000480)}}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0)
r1 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000240))
syz_open_procfs(0x0, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f00000004c0)=ANY=[@ANYBLOB="cc0009074d010000ef0200000100000061030000000800000000000000000000903dd53642e3f7eba2d0762251d24a15ff5e7253466cc4b3bdfaf46d9368f05f"], 0xfe)
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
kcmp$KCMP_EPOLL_TFD(0x0, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, &(0x7f00000003c0)={0xffffffffffffffff, r0, 0x9bd8})
move_pages(0x0, 0x205f, &(0x7f0000000000), &(0x7f00000011c0), &(0x7f0000000040)=[0x0, 0x0], 0x0)
01:53:52 executing program 6:
mkdir(&(0x7f0000003b80)='./file0\x00', 0x0)
stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0})
setresuid(0x0, r0, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
[ 68.618419] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 68.620304] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 68.621673] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 68.623396] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 68.625714] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 68.627425] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 68.628967] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 68.630374] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 68.631514] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 68.641432] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 68.649984] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 68.651351] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 68.759560] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 68.761731] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 68.765876] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 68.768755] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 68.768804] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 68.771151] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 68.771828] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 68.780323] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 68.781618] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 68.786104] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 68.786185] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 68.789136] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 68.791819] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 68.794324] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 68.796369] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 68.798351] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 68.799704] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 68.808427] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[ 68.816105] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 68.817745] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 68.828878] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 68.844879] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 68.846684] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 68.856438] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 68.865191] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 68.866828] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[ 68.868267] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 68.877315] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 68.924238] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[ 68.935346] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 70.703008] Bluetooth: hci0: command 0x0409 tx timeout
[ 70.703063] Bluetooth: hci1: command 0x0409 tx timeout
[ 70.767311] Bluetooth: hci3: Opcode 0x c03 failed: -110
[ 70.831017] Bluetooth: hci4: command 0x0409 tx timeout
[ 70.831497] Bluetooth: hci2: command 0x0409 tx timeout
[ 70.895007] Bluetooth: hci5: command 0x0409 tx timeout
[ 70.896035] Bluetooth: hci7: command 0x0409 tx timeout
[ 71.022991] Bluetooth: hci6: command 0x0409 tx timeout
VM DIAGNOSIS:
01:53:47 Registers:
info registers vcpu 0
RAX=0000000000000031 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff82409281 RDI=ffffffff8762a640 RBP=ffffffff8762a600 RSP=ffff88800f5270a8
R8 =0000000000000001 R9 =000000000000000a R10=0000000000000031 R11=0000000000000001
R12=0000000000000031 R13=ffffffff8762a600 R14=0000000000000010 R15=ffffffff82409270
RIP=ffffffff824092d9 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=000056261a9b93a8 CR3=000000001d9e2000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 ffffffffffffffff 000056261a9af370
YMM02=0000000000000000 0000000000000000 ffffff0f0e0d0c0b 0a09080706050403
YMM03=0000000000000000 0000000000000000 696e656420737365 636341002f737973
YMM04=0000000000000000 0000000000000000 00373d524f4a414d 0031333337313333
YMM05=0000000000000000 0000000000000000 535500333536313d 4d554e5145530031
YMM06=0000000000000000 0000000000000000 5954564544003070 6f6f6c2f7665642f
YMM07=0000000000000000 0000000000000000 48544e5953006b63 6f6c623d4d455453
YMM08=0000000000000000 0000000000000000 49006d756e203c20 69000a313a56000a
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1
RAX=0000000000000000 RBX=1ffff11003301f91 RCX=0000000000000001 RDX=dffffc0000000000
RSI=0000000000000000 RDI=ffff88800ff2e438 RBP=0000000000000000 RSP=ffff88801980fb10
R8 =0000000000000001 R9 =0000000000000000 R10=fffffbfff0b5dc6a R11=0000000000000001
R12=ffff88800fecd100 R13=0000000000000000 R14=ffff88800ff2e438 R15=0000000000000001
RIP=ffffffff81298244 RFL=00000082 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fc4fc8f2700 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=000056261a98bf70 CR3=0000000017064000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 2036343a33353a31 3020362020677541
YMM01=0000000000000000 0000000000000000 5d3139393936382e 31362020205b203a
YMM02=0000000000000000 0000000000000000 775f6873756c665f 5f3a30313030203a
YMM03=0000000000000000 0000000000000000 205b203a6c656e72 656b2072656c6c61
YMM04=0000000000000000 0000000000000000 756d65712e746c69 75626572702d6230
YMM05=0000000000000000 0000000000000000 34312e312d6c6572 20534f4942202c29
YMM06=0000000000000000 0000000000000000 3434692820435020 647261646e617453
YMM07=0000000000000000 0000000000000000 64726148205d3235 383736382e313620
YMM08=0000000000000000 0000000000000000 7475636578652d7a 7973223d6d6d6f63
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000