Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:1569' (ECDSA) to the list of known hosts. 2022/09/08 12:49:44 fuzzer started 2022/09/08 12:49:44 dialing manager at localhost:33461 2022/09/08 12:49:44 checking machine... 2022/09/08 12:49:44 checking revisions... syzkaller login: [ 28.541911] kmemleak: Automatic memory scanning thread ended 2022/09/08 12:49:44 testing simple program... [ 28.591490] cgroup: Unknown subsys name 'net' [ 28.637384] cgroup: Unknown subsys name 'rlimit' executing program executing program executing program executing program [ 40.440633] audit: type=1400 audit(1662641396.357:6): avc: denied { execmem } for pid=285 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 41.548239] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 41.550356] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 41.552316] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 41.555437] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 41.557484] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 41.559363] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 41.563142] Bluetooth: hci0: HCI_REQ-0x0c1a executing program [ 43.574759] Bluetooth: hci0: command 0x0409 tx timeout [ 45.622755] Bluetooth: hci0: command 0x041b tx timeout executing program [ 47.671040] Bluetooth: hci0: command 0x040f tx timeout executing program [ 49.718736] Bluetooth: hci0: command 0x0419 tx timeout executing program 2022/09/08 12:50:11 building call list... executing program [ 57.368322] audit: type=1400 audit(1662641413.285:7): avc: denied { create } for pid=263 comm="syz-fuzzer" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1 executing program 2022/09/08 12:50:19 syscalls: 2215 2022/09/08 12:50:19 code coverage: enabled 2022/09/08 12:50:19 comparison tracing: enabled 2022/09/08 12:50:19 extra coverage: enabled 2022/09/08 12:50:19 setuid sandbox: enabled 2022/09/08 12:50:19 namespace sandbox: enabled 2022/09/08 12:50:19 Android sandbox: enabled 2022/09/08 12:50:19 fault injection: enabled 2022/09/08 12:50:19 leak checking: enabled 2022/09/08 12:50:19 net packet injection: enabled 2022/09/08 12:50:19 net device setup: enabled 2022/09/08 12:50:19 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/08 12:50:19 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/08 12:50:19 USB emulation: enabled 2022/09/08 12:50:19 hci packet injection: enabled 2022/09/08 12:50:19 wifi device emulation: failed to parse kernel version (6.0.0-rc4-next-20220908) 2022/09/08 12:50:19 802.15.4 emulation: enabled 2022/09/08 12:50:19 fetching corpus: 0, signal 0/0 (executing program) 2022/09/08 12:50:19 fetching corpus: 0, signal 0/0 (executing program) 2022/09/08 12:50:21 starting 8 fuzzer processes 12:50:21 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = gettid() r1 = gettid() kcmp(r0, r1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff) 12:50:21 executing program 1: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000340), 0x9}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000ffa000/0x2000)=nil) 12:50:21 executing program 2: syz_emit_ethernet(0x6e, &(0x7f0000000000)={@local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "2ddc20", 0x38, 0x3a, 0x0, @dev, @local, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "f2e2a6", 0x0, 0x0, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @loopback}, [@hopopts={0x3c}]}}}}}}}, 0x0) 12:50:21 executing program 3: r0 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000380)={r0, 0x8, 0x1, 0x400}) ioctl$PERF_EVENT_IOC_ID(r1, 0x80082407, &(0x7f00000003c0)) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x32261, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001800), 0xd}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) write(r2, &(0x7f0000000080)="01", 0x292e9) 12:50:21 executing program 4: mount(&(0x7f00000019c0)=ANY=[@ANYBLOB], 0x0, &(0x7f00000003c0)='cramfs\x00', 0x1000, &(0x7f0000000400)='\x00') pwritev(0xffffffffffffffff, 0x0, 0x0, 0x8001, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x40) syz_io_uring_setup(0x0, &(0x7f0000000180)={0x0, 0x4494, 0x2, 0x1, 0x254}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000200)) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000005c0)) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_config_ext={0x203}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x3, 0x0, 0x0, 0x0, 0x3800000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r0, 0x0, 0x100000) 12:50:21 executing program 5: mlock2(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0) munlock(&(0x7f0000ffb000/0x4000)=nil, 0x4000) munmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000) madvise(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x4) 12:50:21 executing program 6: r0 = epoll_create(0x7fffffff) r1 = socket$inet6(0xa, 0x1, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000000000)) 12:50:21 executing program 7: syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f00000010c0)=[{0x0, 0x0, 0x7ff}], 0x0, &(0x7f0000001100)) [ 66.760426] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 66.763203] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 66.764391] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 66.766395] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 66.768151] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 66.769461] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 66.773330] Bluetooth: hci0: HCI_REQ-0x0c1a [ 66.824821] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 66.825827] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 66.829983] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 66.831914] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 66.832889] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 66.835190] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 66.836169] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 66.837137] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 66.838658] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 66.842619] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 66.843617] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 66.849243] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 66.850300] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 66.851247] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 66.858982] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 66.859978] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 66.861636] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 66.864270] Bluetooth: hci2: HCI_REQ-0x0c1a [ 66.865336] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 66.867924] Bluetooth: hci3: HCI_REQ-0x0c1a [ 66.869607] Bluetooth: hci4: HCI_REQ-0x0c1a [ 68.791728] Bluetooth: hci0: command 0x0409 tx timeout [ 68.854754] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 68.918731] Bluetooth: hci4: command 0x0409 tx timeout [ 68.919258] Bluetooth: hci2: command 0x0409 tx timeout [ 68.919793] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 68.920319] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 68.920808] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 68.921254] Bluetooth: hci3: command 0x0409 tx timeout [ 70.838741] Bluetooth: hci0: command 0x041b tx timeout [ 70.966734] Bluetooth: hci3: command 0x041b tx timeout [ 70.967206] Bluetooth: hci2: command 0x041b tx timeout [ 70.967625] Bluetooth: hci4: command 0x041b tx timeout [ 71.402819] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 71.407218] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 71.408683] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 71.409809] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 71.410803] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 71.411437] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 71.419759] Bluetooth: hci5: HCI_REQ-0x0c1a [ 72.887764] Bluetooth: hci0: command 0x040f tx timeout [ 73.014775] Bluetooth: hci4: command 0x040f tx timeout [ 73.015366] Bluetooth: hci2: command 0x040f tx timeout [ 73.016582] Bluetooth: hci3: command 0x040f tx timeout [ 73.142924] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 73.398738] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 73.399746] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 73.463717] Bluetooth: hci5: command 0x0409 tx timeout [ 74.935752] Bluetooth: hci0: command 0x0419 tx timeout [ 75.063771] Bluetooth: hci3: command 0x0419 tx timeout [ 75.064212] Bluetooth: hci2: command 0x0419 tx timeout [ 75.064616] Bluetooth: hci4: command 0x0419 tx timeout [ 75.511730] Bluetooth: hci5: command 0x041b tx timeout [ 77.431803] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 77.558765] Bluetooth: hci5: command 0x040f tx timeout [ 77.750818] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 77.814761] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 79.606827] Bluetooth: hci5: command 0x0419 tx timeout [ 81.719719] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 82.230739] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 82.294725] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 84.544506] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 84.545564] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 84.551118] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 84.552292] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 84.561868] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 84.563199] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 84.565583] Bluetooth: hci7: HCI_REQ-0x0c1a [ 85.942762] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 86.518780] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 86.582748] Bluetooth: hci7: command 0x0409 tx timeout [ 88.630756] Bluetooth: hci7: command 0x041b tx timeout [ 89.405226] loop7: detected capacity change from 0 to 7 [ 89.420040] FAT-fs (loop7): bogus number of reserved sectors [ 89.420455] FAT-fs (loop7): Can't find a valid FAT filesystem 12:50:45 executing program 7: syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f00000010c0)=[{0x0, 0x0, 0x7ff}], 0x0, &(0x7f0000001100)) [ 89.484905] loop7: detected capacity change from 0 to 7 [ 89.487069] FAT-fs (loop7): bogus number of reserved sectors [ 89.487482] FAT-fs (loop7): Can't find a valid FAT filesystem 12:50:45 executing program 7: syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f00000010c0)=[{0x0, 0x0, 0x7ff}], 0x0, &(0x7f0000001100)) [ 89.559861] loop7: detected capacity change from 0 to 7 [ 89.562784] FAT-fs (loop7): bogus number of reserved sectors [ 89.563196] FAT-fs (loop7): Can't find a valid FAT filesystem [ 89.579010] I/O error, dev loop7, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 89.579717] Buffer I/O error on dev loop7, logical block 1, async page read [ 89.580272] I/O error, dev loop7, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 89.580947] Buffer I/O error on dev loop7, logical block 2, async page read [ 89.582748] I/O error, dev loop7, sector 3 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 89.583375] Buffer I/O error on dev loop7, logical block 3, async page read [ 89.586348] I/O error, dev loop7, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 89.586997] Buffer I/O error on dev loop7, logical block 4, async page read [ 89.588678] I/O error, dev loop7, sector 5 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 89.589317] Buffer I/O error on dev loop7, logical block 5, async page read [ 89.591240] I/O error, dev loop7, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 89.592108] Buffer I/O error on dev loop7, logical block 6, async page read 12:50:45 executing program 7: syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f00000010c0)=[{0x0, 0x0, 0x7ff}], 0x0, &(0x7f0000001100)) [ 89.664662] loop7: detected capacity change from 0 to 7 [ 89.671108] FAT-fs (loop7): bogus number of reserved sectors [ 89.671514] FAT-fs (loop7): Can't find a valid FAT filesystem [ 89.744988] audit: type=1400 audit(1662641445.662:8): avc: denied { open } for pid=3174 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 89.746398] audit: type=1400 audit(1662641445.662:9): avc: denied { kernel } for pid=3174 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 89.859740] syz-executor.4 (3175) used greatest stack depth: 25336 bytes left 12:50:45 executing program 1: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000340), 0x9}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000ffa000/0x2000)=nil) 12:50:45 executing program 4: mount(&(0x7f00000019c0)=ANY=[@ANYBLOB], 0x0, &(0x7f00000003c0)='cramfs\x00', 0x1000, &(0x7f0000000400)='\x00') pwritev(0xffffffffffffffff, 0x0, 0x0, 0x8001, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x40) syz_io_uring_setup(0x0, &(0x7f0000000180)={0x0, 0x4494, 0x2, 0x1, 0x254}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000200)) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000005c0)) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_config_ext={0x203}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x3, 0x0, 0x0, 0x0, 0x3800000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r0, 0x0, 0x100000) 12:50:45 executing program 7: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000340), 0x9}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000ffa000/0x2000)=nil) 12:50:45 executing program 1: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000340), 0x9}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000ffa000/0x2000)=nil) 12:50:45 executing program 7: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000340), 0x9}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000ffa000/0x2000)=nil) [ 90.080805] syz-executor.4 (3193) used greatest stack depth: 25224 bytes left [ 90.230738] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 90.678722] Bluetooth: hci7: command 0x040f tx timeout [ 90.806766] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 91.689124] syz-executor.3 (3365) used greatest stack depth: 24856 bytes left [ 92.349302] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 92.350168] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 92.351658] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 92.353176] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 92.354274] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 92.355163] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 92.358767] Bluetooth: hci1: HCI_REQ-0x0c1a [ 92.726782] Bluetooth: hci7: command 0x0419 tx timeout [ 94.390765] Bluetooth: hci1: command 0x0409 tx timeout [ 94.966734] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 96.438743] Bluetooth: hci1: command 0x041b tx timeout [ 98.486747] Bluetooth: hci1: command 0x040f tx timeout [ 99.190782] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 100.534770] Bluetooth: hci1: command 0x0419 tx timeout [ 103.350859] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 107.510835] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 111.734854] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 115.894865] Bluetooth: hci6: Opcode 0x c03 failed: -110 2022/09/08 12:51:11 executor 6 failed 11 times: executor 6: exit status 67 SYZFAIL: wrong response packet (errno 2: No such file or directory) loop exited with status 67 VM DIAGNOSIS: 12:51:12 Registers: info registers vcpu 0 RAX=0000000080000001 RBX=0000000000000001 RCX=ffffffff81692ff3 RDX=0000000000000001 RSI=0000000000000000 RDI=0000000000000001 RBP=ffff88802e729c78 RSP=ffff8880224d7640 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=ffff8880224d7a30 R13=ffffea0000b96bc0 R14=dffffc0000000000 R15=0000000000000001 RIP=ffffffff81461f80 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fb6425b8a60 CR3=000000000de06000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 636578650a3a7365 6d69742031312064 YMM02=0000000000000000 0000000000000000 6174732074697865 203a3620726f7475 YMM03=0000000000000000 0000000000000000 203a4c4941465a59 530a373620737574 YMM04=0000000000000000 0000000000000000 702065736e6f7073 657220676e6f7277 YMM05=0000000000000000 0000000000000000 3a32206f6e727265 28200a74656b6361 YMM06=0000000000000000 0000000000000000 726f20656c696620 68637573206f4e20 YMM07=0000000000000000 0000000000000000 706f6f6c0a297972 6f74636572696420 YMM08=0000000000000000 0000000000000000 3a3620726f747563 6578650a3a73656d YMM09=0000000000000000 0000000000000000 0a37362073757461 7473207469786520 YMM10=0000000000000000 0000000000000000 7220676e6f727720 3a4c4941465a5953 YMM11=0000000000000000 0000000000000000 200a74656b636170 2065736e6f707365 YMM12=0000000000000000 0000000000000000 637573206f4e203a 32206f6e72726528 YMM13=0000000000000000 0000000000000000 7463657269642072 6f20656c69662068 YMM14=0000000000000000 0000000000000000 6465746978652070 6f6f6c0a2979726f YMM15=0000000000000000 0000000000000000 0a37362073757461 7473206874697720 info registers vcpu 1 RAX=0000000000000001 RBX=0000000000000001 RCX=ffffffff812a4308 RDX=fffffbfff0b6025b RSI=0000000000000008 RDI=ffffffff85b012d0 RBP=1ffff1100415deac RSP=ffff888020aef550 R8 =0000000000000000 R9 =ffffffff85b012d7 R10=fffffbfff0b6025a R11=0000000000000001 R12=ffffffff85406ca0 R13=ffff88800f5b6c30 R14=0000000000000000 R15=ffffea0000c32c40 RIP=ffffffff812a4310 RFL=00000247 [---Z-PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f73a0251fb8 CR3=000000001b538000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM02=0000000000000000 0000000000000000 0000000000000000 416e7e1800000000 YMM03=0000000000000000 0000000000000000 0000ff0000000000 0000000000000000 YMM04=0000000000000000 0000000000000000 732f6c61636f6c2f 7273752f3d485441 YMM05=0000000000000000 0000000000000000 622f6c61636f6c2f 7273752f3a6e6962 YMM06=0000000000000000 0000000000000000 73752f3a6e696273 2f7273752f3a6e69 YMM07=0000000000000000 0000000000000000 6e69622f3a6e6962 732f3a6e69622f72 YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000