Warning: Permanently added '[localhost]:4838' (ECDSA) to the list of known hosts. 2022/10/31 11:19:57 fuzzer started 2022/10/31 11:19:57 dialing manager at localhost:40945 syzkaller login: [ 46.512419] cgroup: Unknown subsys name 'net' [ 46.623065] cgroup: Unknown subsys name 'rlimit' 2022/10/31 11:20:14 syscalls: 2217 2022/10/31 11:20:14 code coverage: enabled 2022/10/31 11:20:14 comparison tracing: enabled 2022/10/31 11:20:14 extra coverage: enabled 2022/10/31 11:20:14 setuid sandbox: enabled 2022/10/31 11:20:14 namespace sandbox: enabled 2022/10/31 11:20:14 Android sandbox: enabled 2022/10/31 11:20:14 fault injection: enabled 2022/10/31 11:20:14 leak checking: enabled 2022/10/31 11:20:14 net packet injection: enabled 2022/10/31 11:20:14 net device setup: enabled 2022/10/31 11:20:14 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/10/31 11:20:14 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/10/31 11:20:14 USB emulation: enabled 2022/10/31 11:20:14 hci packet injection: enabled 2022/10/31 11:20:14 wifi device emulation: enabled 2022/10/31 11:20:14 802.15.4 emulation: enabled 2022/10/31 11:20:14 fetching corpus: 0, signal 0/2000 (executing program) 2022/10/31 11:20:14 fetching corpus: 49, signal 22971/26494 (executing program) 2022/10/31 11:20:15 fetching corpus: 99, signal 41187/45890 (executing program) 2022/10/31 11:20:15 fetching corpus: 149, signal 48583/54587 (executing program) 2022/10/31 11:20:15 fetching corpus: 199, signal 57211/64300 (executing program) 2022/10/31 11:20:15 fetching corpus: 249, signal 63822/71837 (executing program) 2022/10/31 11:20:15 fetching corpus: 299, signal 72524/81229 (executing program) 2022/10/31 11:20:15 fetching corpus: 349, signal 75835/85522 (executing program) 2022/10/31 11:20:15 fetching corpus: 399, signal 80271/90771 (executing program) 2022/10/31 11:20:16 fetching corpus: 449, signal 83014/94384 (executing program) 2022/10/31 11:20:16 fetching corpus: 499, signal 87679/99671 (executing program) 2022/10/31 11:20:16 fetching corpus: 549, signal 90513/103180 (executing program) 2022/10/31 11:20:16 fetching corpus: 599, signal 93240/106615 (executing program) 2022/10/31 11:20:16 fetching corpus: 649, signal 96847/110714 (executing program) 2022/10/31 11:20:16 fetching corpus: 699, signal 99242/113709 (executing program) 2022/10/31 11:20:16 fetching corpus: 749, signal 103139/117932 (executing program) 2022/10/31 11:20:16 fetching corpus: 799, signal 105185/120552 (executing program) 2022/10/31 11:20:17 fetching corpus: 849, signal 109289/124767 (executing program) 2022/10/31 11:20:17 fetching corpus: 899, signal 111120/127098 (executing program) 2022/10/31 11:20:17 fetching corpus: 949, signal 112923/129386 (executing program) 2022/10/31 11:20:17 fetching corpus: 999, signal 114703/131588 (executing program) 2022/10/31 11:20:17 fetching corpus: 1049, signal 116515/133812 (executing program) 2022/10/31 11:20:17 fetching corpus: 1099, signal 118297/135976 (executing program) 2022/10/31 11:20:17 fetching corpus: 1149, signal 121676/139267 (executing program) 2022/10/31 11:20:18 fetching corpus: 1199, signal 123646/141394 (executing program) 2022/10/31 11:20:18 fetching corpus: 1249, signal 125203/143238 (executing program) 2022/10/31 11:20:18 fetching corpus: 1299, signal 126637/144960 (executing program) 2022/10/31 11:20:18 fetching corpus: 1349, signal 128040/146632 (executing program) 2022/10/31 11:20:18 fetching corpus: 1399, signal 129432/148298 (executing program) 2022/10/31 11:20:18 fetching corpus: 1449, signal 130822/149896 (executing program) 2022/10/31 11:20:18 fetching corpus: 1499, signal 132656/151731 (executing program) 2022/10/31 11:20:18 fetching corpus: 1549, signal 134593/153615 (executing program) 2022/10/31 11:20:19 fetching corpus: 1599, signal 136222/155294 (executing program) 2022/10/31 11:20:19 fetching corpus: 1649, signal 137698/156784 (executing program) 2022/10/31 11:20:19 fetching corpus: 1699, signal 139051/158214 (executing program) 2022/10/31 11:20:19 fetching corpus: 1749, signal 140421/159659 (executing program) 2022/10/31 11:20:19 fetching corpus: 1799, signal 141888/161127 (executing program) 2022/10/31 11:20:19 fetching corpus: 1849, signal 143433/162625 (executing program) 2022/10/31 11:20:19 fetching corpus: 1899, signal 145127/164269 (executing program) 2022/10/31 11:20:20 fetching corpus: 1949, signal 146434/165608 (executing program) 2022/10/31 11:20:20 fetching corpus: 1999, signal 147498/166676 (executing program) 2022/10/31 11:20:20 fetching corpus: 2049, signal 148652/167812 (executing program) 2022/10/31 11:20:20 fetching corpus: 2099, signal 149495/168775 (executing program) 2022/10/31 11:20:20 fetching corpus: 2149, signal 150442/169729 (executing program) 2022/10/31 11:20:20 fetching corpus: 2199, signal 151813/170932 (executing program) 2022/10/31 11:20:20 fetching corpus: 2249, signal 153282/172127 (executing program) 2022/10/31 11:20:20 fetching corpus: 2299, signal 154217/173040 (executing program) 2022/10/31 11:20:21 fetching corpus: 2349, signal 155067/173845 (executing program) 2022/10/31 11:20:21 fetching corpus: 2399, signal 156051/174689 (executing program) 2022/10/31 11:20:21 fetching corpus: 2449, signal 157157/175592 (executing program) 2022/10/31 11:20:21 fetching corpus: 2499, signal 158360/176492 (executing program) 2022/10/31 11:20:21 fetching corpus: 2549, signal 159730/177467 (executing program) 2022/10/31 11:20:21 fetching corpus: 2599, signal 161354/178503 (executing program) 2022/10/31 11:20:21 fetching corpus: 2649, signal 162300/179245 (executing program) 2022/10/31 11:20:22 fetching corpus: 2699, signal 162966/179815 (executing program) 2022/10/31 11:20:22 fetching corpus: 2749, signal 164730/180866 (executing program) 2022/10/31 11:20:22 fetching corpus: 2799, signal 166532/181889 (executing program) 2022/10/31 11:20:22 fetching corpus: 2849, signal 167276/182474 (executing program) 2022/10/31 11:20:22 fetching corpus: 2899, signal 167799/182935 (executing program) 2022/10/31 11:20:22 fetching corpus: 2949, signal 168720/183523 (executing program) 2022/10/31 11:20:22 fetching corpus: 2999, signal 170183/184309 (executing program) 2022/10/31 11:20:22 fetching corpus: 3049, signal 171014/184845 (executing program) 2022/10/31 11:20:23 fetching corpus: 3099, signal 171935/185382 (executing program) 2022/10/31 11:20:23 fetching corpus: 3149, signal 172915/185922 (executing program) 2022/10/31 11:20:23 fetching corpus: 3199, signal 173681/186446 (executing program) 2022/10/31 11:20:23 fetching corpus: 3249, signal 174483/186877 (executing program) 2022/10/31 11:20:23 fetching corpus: 3299, signal 175146/187264 (executing program) 2022/10/31 11:20:23 fetching corpus: 3349, signal 175769/187636 (executing program) 2022/10/31 11:20:23 fetching corpus: 3399, signal 176878/188217 (executing program) 2022/10/31 11:20:24 fetching corpus: 3449, signal 177538/188547 (executing program) 2022/10/31 11:20:24 fetching corpus: 3499, signal 178613/188952 (executing program) 2022/10/31 11:20:24 fetching corpus: 3549, signal 179300/189290 (executing program) 2022/10/31 11:20:24 fetching corpus: 3599, signal 179921/189543 (executing program) 2022/10/31 11:20:24 fetching corpus: 3649, signal 180848/189900 (executing program) 2022/10/31 11:20:24 fetching corpus: 3699, signal 181608/190177 (executing program) 2022/10/31 11:20:24 fetching corpus: 3749, signal 182551/190481 (executing program) 2022/10/31 11:20:25 fetching corpus: 3799, signal 183244/190761 (executing program) 2022/10/31 11:20:25 fetching corpus: 3849, signal 184340/191036 (executing program) 2022/10/31 11:20:25 fetching corpus: 3899, signal 185099/191252 (executing program) 2022/10/31 11:20:25 fetching corpus: 3949, signal 185802/191451 (executing program) 2022/10/31 11:20:25 fetching corpus: 3999, signal 186585/191630 (executing program) 2022/10/31 11:20:25 fetching corpus: 4049, signal 187389/191826 (executing program) 2022/10/31 11:20:25 fetching corpus: 4072, signal 188222/191980 (executing program) 2022/10/31 11:20:26 fetching corpus: 4072, signal 188222/192022 (executing program) 2022/10/31 11:20:26 fetching corpus: 4072, signal 188222/192068 (executing program) 2022/10/31 11:20:26 fetching corpus: 4072, signal 188222/192115 (executing program) 2022/10/31 11:20:26 fetching corpus: 4072, signal 188222/192166 (executing program) 2022/10/31 11:20:26 fetching corpus: 4072, signal 188222/192213 (executing program) 2022/10/31 11:20:26 fetching corpus: 4072, signal 188222/192259 (executing program) 2022/10/31 11:20:26 fetching corpus: 4072, signal 188222/192296 (executing program) 2022/10/31 11:20:26 fetching corpus: 4072, signal 188222/192326 (executing program) 2022/10/31 11:20:26 fetching corpus: 4072, signal 188222/192366 (executing program) 2022/10/31 11:20:26 fetching corpus: 4072, signal 188222/192406 (executing program) 2022/10/31 11:20:26 fetching corpus: 4072, signal 188222/192457 (executing program) 2022/10/31 11:20:26 fetching corpus: 4072, signal 188222/192513 (executing program) 2022/10/31 11:20:26 fetching corpus: 4072, signal 188222/192539 (executing program) 2022/10/31 11:20:26 fetching corpus: 4072, signal 188222/192539 (executing program) 2022/10/31 11:20:29 starting 8 fuzzer processes 11:20:29 executing program 0: set_mempolicy(0x1, &(0x7f0000000040)=0x8, 0x8) 11:20:29 executing program 1: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000940)='setgroups\x00') write$P9_RREADLINK(r0, &(0x7f0000000140)={0x16, 0x17, 0x0, {0xd, './file0/file0'}}, 0x16) [ 75.360030] audit: type=1400 audit(1667215229.068:6): avc: denied { execmem } for pid=285 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:20:29 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) pwrite64(r0, 0x0, 0x0, 0x20006) 11:20:29 executing program 3: r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_RESET(r0, 0x2403, 0x0) 11:20:29 executing program 4: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={&(0x7f0000000200), 0x1}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r3, 0x29, 0x24, 0x0, 0xfffffffffffffffd) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000480)=ANY=[@ANYBLOB="01000000010000001800000073b1f31f4937300ba1168e534b647fdaf73a177c7e933395a93d48ef810431eff847626f48d4812b937924db43c5193bf49598b47ea936223e4d3ff43d78e59733aa7ffc0b68fda55267cbcf0849f7c5dd4ba0c0b6b520727ed2491674854f2185c9", @ANYRES32=r0, @ANYRESOCT=r3]) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4, 0x5, 0xd8, 0x1, 0x0, 0x7, 0x1141a, 0x4, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x800, 0x1, @perf_config_ext={0xff, 0x9}, 0x200, 0x1, 0xfffffeff, 0x9, 0x200, 0x7586800, 0x7f, 0x0, 0x8, 0x0, 0x101}, 0xffffffffffffffff, 0x3, r4, 0x9) shmat(r2, &(0x7f0000ff0000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r5 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) shmctl$IPC_INFO(r2, 0x3, &(0x7f0000000300)=""/156) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r5) 11:20:29 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6b1e}, 0x0, 0x6, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x7}, 0x18292}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x1c, 0x0, 0x1, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) preadv(r1, &(0x7f0000000400), 0x0, 0xfffffffc, 0x4) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_SET(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="18000000", @ANYRES16=r3, @ANYBLOB="0103004d34ecc09716cf1c00000004000180"], 0x18}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, &(0x7f0000000400)={'syztnl0\x00', &(0x7f0000000480)={'syztnl2\x00', 0x0, 0x29, 0x0, 0x0, 0x9a, 0x30, @private0={0xfc, 0x0, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x700, 0x10, 0x4c3, 0x14000}}) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r6 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$inet(r5, &(0x7f0000000780)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000300)="6fb9", 0xffeb}], 0x1, &(0x7f0000000700)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r7, @remote, @broadcast}}}], 0x20}, 0x0) sendmsg$ETHTOOL_MSG_LINKINFO_GET(r0, &(0x7f0000000900)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000780)={0x13c, r3, 0x10, 0x70bd28, 0x25dfdbfb, {}, [@HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vcan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vcan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bond\x00'}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x60, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x13c}, 0x1, 0x0, 0x0, 0x10000}, 0x4000) 11:20:29 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000480), 0x1}, 0x603}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000040)=[{&(0x7f0000010000)="601c6d6b646f736689254300080120000400004000f8000020004000030000000000000001", 0x25}, {0x0, 0x0, 0x10000}], 0x0, &(0x7f0000000040)=ANY=[]) 11:20:29 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0) r1 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x105802, 0x0) dup3(r0, r1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x2811, r1, 0x0) [ 76.624388] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.626196] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.628538] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.636163] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.638801] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 76.640891] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.648772] Bluetooth: hci0: HCI_REQ-0x0c1a [ 76.749801] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 76.751802] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 76.753193] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 76.757555] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 76.761657] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 76.765605] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 76.774222] Bluetooth: hci2: HCI_REQ-0x0c1a [ 76.804994] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 76.808052] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 76.809787] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 76.813341] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 76.815130] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 76.816872] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 76.821181] Bluetooth: hci3: HCI_REQ-0x0c1a [ 76.878772] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 76.881200] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 76.884065] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 76.887645] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 76.890785] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 76.892319] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 76.896867] Bluetooth: hci4: HCI_REQ-0x0c1a [ 76.942271] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 76.943770] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 76.945890] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 76.946577] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 76.948244] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 76.949044] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 76.950215] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 76.955569] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 76.956521] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 76.959651] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 76.963495] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 76.972535] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 76.980137] Bluetooth: hci5: HCI_REQ-0x0c1a [ 77.027685] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 77.029480] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 77.054894] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 77.056548] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 77.066398] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 77.088306] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 77.133908] Bluetooth: hci7: HCI_REQ-0x0c1a [ 77.136478] Bluetooth: hci6: HCI_REQ-0x0c1a [ 78.709745] Bluetooth: hci0: command 0x0409 tx timeout [ 78.774179] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 78.837440] Bluetooth: hci3: command 0x0409 tx timeout [ 78.837486] Bluetooth: hci2: command 0x0409 tx timeout [ 78.966231] Bluetooth: hci4: command 0x0409 tx timeout [ 79.030205] Bluetooth: hci5: command 0x0409 tx timeout [ 79.157735] Bluetooth: hci6: command 0x0409 tx timeout [ 79.158708] Bluetooth: hci7: command 0x0409 tx timeout [ 80.757135] Bluetooth: hci0: command 0x041b tx timeout [ 80.885228] Bluetooth: hci2: command 0x041b tx timeout [ 80.885660] Bluetooth: hci3: command 0x041b tx timeout [ 81.013170] Bluetooth: hci4: command 0x041b tx timeout [ 81.077202] Bluetooth: hci5: command 0x041b tx timeout [ 81.205197] Bluetooth: hci7: command 0x041b tx timeout [ 81.205639] Bluetooth: hci6: command 0x041b tx timeout [ 82.805179] Bluetooth: hci0: command 0x040f tx timeout [ 82.933209] Bluetooth: hci3: command 0x040f tx timeout [ 82.933271] Bluetooth: hci2: command 0x040f tx timeout [ 83.061161] Bluetooth: hci4: command 0x040f tx timeout [ 83.125133] Bluetooth: hci5: command 0x040f tx timeout [ 83.253172] Bluetooth: hci6: command 0x040f tx timeout [ 83.253600] Bluetooth: hci7: command 0x040f tx timeout [ 83.957156] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 84.853162] Bluetooth: hci0: command 0x0419 tx timeout [ 84.981342] Bluetooth: hci3: command 0x0419 tx timeout [ 84.981515] Bluetooth: hci2: command 0x0419 tx timeout [ 85.109222] Bluetooth: hci4: command 0x0419 tx timeout [ 85.173160] Bluetooth: hci5: command 0x0419 tx timeout [ 85.301183] Bluetooth: hci7: command 0x0419 tx timeout [ 85.301208] Bluetooth: hci6: command 0x0419 tx timeout [ 86.521204] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 86.523879] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 86.525214] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 86.527994] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 86.529017] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 86.531561] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 86.539188] Bluetooth: hci1: HCI_REQ-0x0c1a [ 88.629180] Bluetooth: hci1: command 0x0409 tx timeout [ 90.677139] Bluetooth: hci1: command 0x041b tx timeout [ 92.725159] Bluetooth: hci1: command 0x040f tx timeout [ 94.773175] Bluetooth: hci1: command 0x0419 tx timeout [ 134.382410] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 134.383032] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 134.384371] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 134.551800] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 134.552400] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 134.553868] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 134.718473] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 134.719215] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 134.720614] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 134.886967] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 134.887651] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 134.889166] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 135.804905] syz-executor.1 (296) used greatest stack depth: 24568 bytes left [ 138.489883] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 138.491211] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 138.492163] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 138.496116] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 138.497997] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 138.499446] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 138.503901] Bluetooth: hci3: HCI_REQ-0x0c1a [ 138.591651] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 138.592734] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 138.593670] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 138.595456] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 138.595987] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 138.596549] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 138.597663] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 138.601362] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 138.603300] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 138.604598] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 138.608897] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 138.618633] Bluetooth: hci5: HCI_REQ-0x0c1a [ 138.627489] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 138.632469] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 138.637210] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 138.639562] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 138.645919] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 138.650163] Bluetooth: hci6: HCI_REQ-0x0c1a [ 138.672344] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 138.675988] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 138.686623] Bluetooth: hci7: HCI_REQ-0x0c1a [ 140.213388] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 140.469558] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 140.534149] Bluetooth: hci3: command 0x0409 tx timeout [ 140.535274] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 140.658258] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 140.658890] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 140.660662] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 140.662180] Bluetooth: hci6: command 0x0409 tx timeout [ 140.662687] Bluetooth: hci5: command 0x0409 tx timeout [ 140.725166] Bluetooth: hci7: command 0x0409 tx timeout [ 140.754773] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 140.755410] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 140.756970] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 141.558323] audit: type=1400 audit(1667215295.266:7): avc: denied { open } for pid=4046 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 141.559920] audit: type=1400 audit(1667215295.267:8): avc: denied { kernel } for pid=4046 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 141.699093] hrtimer: interrupt took 19897 ns [ 141.923224] BUG: unable to handle page fault for address: ffffed100fffc000 [ 141.923789] #PF: supervisor write access in kernel mode [ 141.924141] #PF: error_code(0x0002) - not-present page [ 141.924479] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 141.925325] Oops: 0002 [#1] PREEMPT SMP KASAN NOPTI [ 141.927842] CPU: 1 PID: 4047 Comm: syz-executor.4 Not tainted 6.1.0-rc3-next-20221031 #1 [ 141.928401] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 141.928976] RIP: 0010:__memset+0x24/0x50 [ 141.929285] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 141.930543] RSP: 0018:ffff88802f1f7cc0 EFLAGS: 00010216 [ 141.930913] RAX: 0000000000000000 RBX: ffff88800bfa10c0 RCX: 1ffffe21fe5fdf6b [ 141.931399] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 141.931893] RBP: ffff88800bfbca00 R08: 0000000000000005 R09: ffffed10017f4218 [ 141.932391] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bfbca00 [ 141.932882] R13: ffff88800bfa10c0 R14: ffffffff815f27a0 R15: 1ffff1100112321f [ 141.933384] FS: 00007f0482082700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 141.933941] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 141.934344] CR2: ffffed100fffc000 CR3: 000000001a340000 CR4: 0000000000350ee0 [ 141.934836] Call Trace: [ 141.935023] [ 141.935185] kasan_unpoison+0x23/0x60 [ 141.935467] mempool_exit+0x1c2/0x330 [ 141.935750] bioset_exit+0x2c9/0x630 [ 141.936024] disk_release+0x143/0x490 [ 141.936303] ? disk_release+0x0/0x490 [ 141.936581] ? device_release+0x0/0x250 [ 141.936868] device_release+0xa2/0x250 [ 141.937176] ? device_release+0x0/0x250 [ 141.937457] kobject_put+0x173/0x280 [ 141.937734] put_device+0x1b/0x40 [ 141.937985] put_disk+0x41/0x60 [ 141.938226] loop_control_ioctl+0x4d1/0x630 [ 141.938542] ? loop_control_ioctl+0x0/0x630 [ 141.938847] ? selinux_file_ioctl+0xb1/0x270 [ 141.939171] ? loop_control_ioctl+0x0/0x630 [ 141.939483] __x64_sys_ioctl+0x19a/0x220 [ 141.939778] do_syscall_64+0x3b/0xa0 [ 141.940052] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 141.940416] RIP: 0033:0x7f0484b0cb19 [ 141.940684] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 141.941942] RSP: 002b:00007f0482082188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 141.942467] RAX: ffffffffffffffda RBX: 00007f0484c1ff60 RCX: 00007f0484b0cb19 [ 141.942961] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000004 [ 141.943453] RBP: 00007f0484b66f6d R08: 0000000000000000 R09: 0000000000000000 [ 141.943952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 141.944443] R13: 00007ffc1f11815f R14: 00007f0482082300 R15: 0000000000022000 [ 141.944949] [ 141.945116] Modules linked in: [ 141.945349] CR2: ffffed100fffc000 [ 141.945592] ---[ end trace 0000000000000000 ]--- [ 141.945921] RIP: 0010:__memset+0x24/0x50 [ 141.946219] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 141.947480] RSP: 0018:ffff88802f1f7cc0 EFLAGS: 00010216 [ 141.947848] RAX: 0000000000000000 RBX: ffff88800bfa10c0 RCX: 1ffffe21fe5fdf6b [ 141.948343] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 141.948838] RBP: ffff88800bfbca00 R08: 0000000000000005 R09: ffffed10017f4218 [ 141.949346] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bfbca00 [ 141.949840] R13: ffff88800bfa10c0 R14: ffffffff815f27a0 R15: 1ffff1100112321f [ 141.950337] FS: 00007f0482082700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 141.950893] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 141.951298] CR2: ffffed100fffc000 CR3: 000000001a340000 CR4: 0000000000350ee0 11:21:36 executing program 4: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={&(0x7f0000000200), 0x1}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r3, 0x29, 0x24, 0x0, 0xfffffffffffffffd) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000480)=ANY=[@ANYBLOB="01000000010000001800000073b1f31f4937300ba1168e534b647fdaf73a177c7e933395a93d48ef810431eff847626f48d4812b937924db43c5193bf49598b47ea936223e4d3ff43d78e59733aa7ffc0b68fda55267cbcf0849f7c5dd4ba0c0b6b520727ed2491674854f2185c9", @ANYRES32=r0, @ANYRESOCT=r3]) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4, 0x5, 0xd8, 0x1, 0x0, 0x7, 0x1141a, 0x4, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x800, 0x1, @perf_config_ext={0xff, 0x9}, 0x200, 0x1, 0xfffffeff, 0x9, 0x200, 0x7586800, 0x7f, 0x0, 0x8, 0x0, 0x101}, 0xffffffffffffffff, 0x3, r4, 0x9) shmat(r2, &(0x7f0000ff0000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r5 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) shmctl$IPC_INFO(r2, 0x3, &(0x7f0000000300)=""/156) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r5) [ 142.553017] BUG: unable to handle page fault for address: ffffed100fffc000 [ 142.553512] #PF: supervisor write access in kernel mode [ 142.553875] #PF: error_code(0x0002) - not-present page [ 142.554214] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 142.554657] Oops: 0002 [#2] PREEMPT SMP KASAN NOPTI [ 142.554986] CPU: 0 PID: 4118 Comm: syz-executor.4 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 142.555605] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 142.556137] RIP: 0010:__memset+0x24/0x50 [ 142.556423] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 142.557591] RSP: 0018:ffff888035c77cc0 EFLAGS: 00010216 [ 142.557942] RAX: 0000000000000000 RBX: ffff88800bfa1240 RCX: 1ffffe21fe5fdf71 [ 142.558406] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 142.558869] RBP: ffff88800bfbca00 R08: 0000000000000005 R09: ffffed10017f4248 [ 142.559339] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bfbca00 [ 142.559806] R13: ffff88800bfa1240 R14: ffffffff815f27a0 R15: 1ffff110010e5c1f [ 142.560273] FS: 00007f0482082700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 142.560792] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 142.561178] CR2: ffffed100fffc000 CR3: 000000003a57a000 CR4: 0000000000350ef0 [ 142.561644] Call Trace: [ 142.561821] [ 142.561973] kasan_unpoison+0x23/0x60 [ 142.562235] mempool_exit+0x1c2/0x330 [ 142.562499] bioset_exit+0x2c9/0x630 [ 142.562759] disk_release+0x143/0x490 [ 142.563019] ? disk_release+0x0/0x490 [ 142.563282] ? device_release+0x0/0x250 [ 142.563548] device_release+0xa2/0x250 [ 142.563814] ? device_release+0x0/0x250 [ 142.564079] kobject_put+0x173/0x280 [ 142.564335] put_device+0x1b/0x40 [ 142.564569] put_disk+0x41/0x60 [ 142.564797] loop_control_ioctl+0x4d1/0x630 [ 142.565104] ? loop_control_ioctl+0x0/0x630 [ 142.565395] ? selinux_file_ioctl+0xb1/0x270 [ 142.565701] ? loop_control_ioctl+0x0/0x630 [ 142.565995] __x64_sys_ioctl+0x19a/0x220 [ 142.566273] do_syscall_64+0x3b/0xa0 [ 142.566533] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 142.566875] RIP: 0033:0x7f0484b0cb19 [ 142.567125] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 142.568287] RSP: 002b:00007f0482082188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 142.568786] RAX: ffffffffffffffda RBX: 00007f0484c1ff60 RCX: 00007f0484b0cb19 [ 142.569253] RDX: 0000000000000001 RSI: 0000000000004c81 RDI: 0000000000000004 [ 142.569719] RBP: 00007f0484b66f6d R08: 0000000000000000 R09: 0000000000000000 [ 142.570182] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 142.570641] R13: 00007ffc1f11815f R14: 00007f0482082300 R15: 0000000000022000 [ 142.571108] [ 142.571266] Modules linked in: [ 142.571482] CR2: ffffed100fffc000 [ 142.571712] ---[ end trace 0000000000000000 ]--- [ 142.572021] RIP: 0010:__memset+0x24/0x50 [ 142.572304] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 142.573479] RSP: 0018:ffff88802f1f7cc0 EFLAGS: 00010216 [ 142.573828] RAX: 0000000000000000 RBX: ffff88800bfa10c0 RCX: 1ffffe21fe5fdf6b [ 142.574297] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 142.574764] RBP: ffff88800bfbca00 R08: 0000000000000005 R09: ffffed10017f4218 [ 142.575227] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bfbca00 [ 142.575688] R13: ffff88800bfa10c0 R14: ffffffff815f27a0 R15: 1ffff1100112321f [ 142.576156] FS: 00007f0482082700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 142.576678] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 142.577063] CR2: ffffed100fffc000 CR3: 000000003a57a000 CR4: 0000000000350ef0 [ 142.581162] Bluetooth: hci3: command 0x041b tx timeout [ 142.709287] Bluetooth: hci5: command 0x041b tx timeout [ 142.709719] Bluetooth: hci6: command 0x041b tx timeout [ 142.773104] Bluetooth: hci7: command 0x041b tx timeout [ 143.165733] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 143.171673] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 143.172647] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 143.174040] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 143.174976] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 143.175774] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 143.179401] Bluetooth: hci2: HCI_REQ-0x0c1a 11:21:37 executing program 4: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={&(0x7f0000000200), 0x1}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r3, 0x29, 0x24, 0x0, 0xfffffffffffffffd) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000480)=ANY=[@ANYBLOB="01000000010000001800000073b1f31f4937300ba1168e534b647fdaf73a177c7e933395a93d48ef810431eff847626f48d4812b937924db43c5193bf49598b47ea936223e4d3ff43d78e59733aa7ffc0b68fda55267cbcf0849f7c5dd4ba0c0b6b520727ed2491674854f2185c9", @ANYRES32=r0, @ANYRESOCT=r3]) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4, 0x5, 0xd8, 0x1, 0x0, 0x7, 0x1141a, 0x4, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x800, 0x1, @perf_config_ext={0xff, 0x9}, 0x200, 0x1, 0xfffffeff, 0x9, 0x200, 0x7586800, 0x7f, 0x0, 0x8, 0x0, 0x101}, 0xffffffffffffffff, 0x3, r4, 0x9) shmat(r2, &(0x7f0000ff0000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r5 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) shmctl$IPC_INFO(r2, 0x3, &(0x7f0000000300)=""/156) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r5) [ 143.538201] BUG: unable to handle page fault for address: ffffed100fffc000 [ 143.538763] #PF: supervisor write access in kernel mode [ 143.539131] #PF: error_code(0x0002) - not-present page [ 143.539496] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 143.539969] Oops: 0002 [#3] PREEMPT SMP KASAN NOPTI [ 143.540319] CPU: 0 PID: 4203 Comm: syz-executor.4 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 143.540999] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 143.541569] RIP: 0010:__memset+0x24/0x50 [ 143.541878] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 143.543129] RSP: 0018:ffff88801e07fcc0 EFLAGS: 00010216 [ 143.543510] RAX: 0000000000000000 RBX: ffff88800bfa13c0 RCX: 1ffffe21fe5fdf77 [ 143.544006] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 143.544501] RBP: ffff88800bfbca00 R08: 0000000000000005 R09: ffffed10017f4278 [ 143.545007] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bfbca00 [ 143.545505] R13: ffff88800bfa13c0 R14: ffffffff815f27a0 R15: 1ffff1100119901f [ 143.545992] FS: 00007f0482082700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 143.546551] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 143.546963] CR2: ffffed100fffc000 CR3: 000000002f0c2000 CR4: 0000000000350ef0 [ 143.547471] Call Trace: [ 143.547655] [ 143.547816] kasan_unpoison+0x23/0x60 [ 143.548096] mempool_exit+0x1c2/0x330 [ 143.548383] bioset_exit+0x2c9/0x630 [ 143.548663] disk_release+0x143/0x490 [ 143.548956] ? disk_release+0x0/0x490 [ 143.549228] ? device_release+0x0/0x250 [ 143.549523] device_release+0xa2/0x250 [ 143.549805] ? device_release+0x0/0x250 [ 143.550087] kobject_put+0x173/0x280 [ 143.550353] put_device+0x1b/0x40 [ 143.550612] put_disk+0x41/0x60 [ 143.550854] loop_control_ioctl+0x4d1/0x630 [ 143.551162] ? loop_control_ioctl+0x0/0x630 [ 143.551484] ? selinux_file_ioctl+0xb1/0x270 [ 143.551808] ? loop_control_ioctl+0x0/0x630 [ 143.552115] __x64_sys_ioctl+0x19a/0x220 [ 143.552426] do_syscall_64+0x3b/0xa0 [ 143.552708] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 143.553087] RIP: 0033:0x7f0484b0cb19 [ 143.553345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 143.554601] RSP: 002b:00007f0482082188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 143.555129] RAX: ffffffffffffffda RBX: 00007f0484c1ff60 RCX: 00007f0484b0cb19 [ 143.555635] RDX: 0000000000000002 RSI: 0000000000004c81 RDI: 0000000000000004 [ 143.556127] RBP: 00007f0484b66f6d R08: 0000000000000000 R09: 0000000000000000 [ 143.556627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 143.557129] R13: 00007ffc1f11815f R14: 00007f0482082300 R15: 0000000000022000 [ 143.557630] [ 143.557795] Modules linked in: [ 143.558028] CR2: ffffed100fffc000 [ 143.558270] ---[ end trace 0000000000000000 ]--- [ 143.558603] RIP: 0010:__memset+0x24/0x50 [ 143.558900] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 143.560146] RSP: 0018:ffff88802f1f7cc0 EFLAGS: 00010216 [ 143.560525] RAX: 0000000000000000 RBX: ffff88800bfa10c0 RCX: 1ffffe21fe5fdf6b [ 143.561038] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 143.561533] RBP: ffff88800bfbca00 R08: 0000000000000005 R09: ffffed10017f4218 [ 143.562023] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bfbca00 [ 143.562515] R13: ffff88800bfa10c0 R14: ffffffff815f27a0 R15: 1ffff1100112321f [ 143.563007] FS: 00007f0482082700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 143.563562] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 143.563968] CR2: ffffed100fffc000 CR3: 000000002f0c2000 CR4: 0000000000350ef0 11:21:38 executing program 4: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={&(0x7f0000000200), 0x1}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r3, 0x29, 0x24, 0x0, 0xfffffffffffffffd) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000480)=ANY=[@ANYBLOB="01000000010000001800000073b1f31f4937300ba1168e534b647fdaf73a177c7e933395a93d48ef810431eff847626f48d4812b937924db43c5193bf49598b47ea936223e4d3ff43d78e59733aa7ffc0b68fda55267cbcf0849f7c5dd4ba0c0b6b520727ed2491674854f2185c9", @ANYRES32=r0, @ANYRESOCT=r3]) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4, 0x5, 0xd8, 0x1, 0x0, 0x7, 0x1141a, 0x4, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x800, 0x1, @perf_config_ext={0xff, 0x9}, 0x200, 0x1, 0xfffffeff, 0x9, 0x200, 0x7586800, 0x7f, 0x0, 0x8, 0x0, 0x101}, 0xffffffffffffffff, 0x3, r4, 0x9) shmat(r2, &(0x7f0000ff0000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r5 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) shmctl$IPC_INFO(r2, 0x3, &(0x7f0000000300)=""/156) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r5) [ 144.413568] BUG: unable to handle page fault for address: ffffed100fffc000 [ 144.414047] #PF: supervisor write access in kernel mode [ 144.414378] #PF: error_code(0x0002) - not-present page [ 144.414709] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 144.415149] Oops: 0002 [#4] PREEMPT SMP KASAN NOPTI [ 144.415490] CPU: 0 PID: 4271 Comm: syz-executor.4 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 144.416064] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 144.416583] RIP: 0010:__memset+0x24/0x50 [ 144.416859] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 144.418027] RSP: 0018:ffff88801835fcc0 EFLAGS: 00010216 [ 144.418364] RAX: 0000000000000000 RBX: ffff88800bfa1540 RCX: 1ffffe21fe5fdf7d [ 144.418808] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 144.419257] RBP: ffff88800bfbca00 R08: 0000000000000005 R09: ffffed10017f42a8 [ 144.419697] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bfbca00 [ 144.420128] R13: ffff88800bfa1540 R14: ffffffff815f27a0 R15: 1ffff110011ad41f [ 144.420572] FS: 00007f0482082700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 144.421079] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 144.421446] CR2: ffffed100fffc000 CR3: 0000000038e56000 CR4: 0000000000350ef0 [ 144.421884] Call Trace: [ 144.422048] [ 144.422196] kasan_unpoison+0x23/0x60 [ 144.422453] mempool_exit+0x1c2/0x330 [ 144.422706] bioset_exit+0x2c9/0x630 [ 144.422953] disk_release+0x143/0x490 [ 144.423198] ? disk_release+0x0/0x490 [ 144.423458] ? device_release+0x0/0x250 [ 144.423714] device_release+0xa2/0x250 [ 144.423963] ? device_release+0x0/0x250 [ 144.424216] kobject_put+0x173/0x280 [ 144.424475] put_device+0x1b/0x40 [ 144.424704] put_disk+0x41/0x60 [ 144.424921] loop_control_ioctl+0x4d1/0x630 [ 144.425215] ? loop_control_ioctl+0x0/0x630 [ 144.425498] ? selinux_file_ioctl+0xb1/0x270 [ 144.425787] ? loop_control_ioctl+0x0/0x630 [ 144.426063] __x64_sys_ioctl+0x19a/0x220 [ 144.426327] do_syscall_64+0x3b/0xa0 [ 144.426582] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 144.426903] RIP: 0033:0x7f0484b0cb19 [ 144.427144] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 144.428227] RSP: 002b:00007f0482082188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 144.428704] RAX: ffffffffffffffda RBX: 00007f0484c1ff60 RCX: 00007f0484b0cb19 [ 144.429152] RDX: 0000000000000003 RSI: 0000000000004c81 RDI: 0000000000000004 [ 144.429595] RBP: 00007f0484b66f6d R08: 0000000000000000 R09: 0000000000000000 [ 144.430031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 144.430468] R13: 00007ffc1f11815f R14: 00007f0482082300 R15: 0000000000022000 [ 144.430911] [ 144.431064] Modules linked in: [ 144.431270] CR2: ffffed100fffc000 [ 144.431497] ---[ end trace 0000000000000000 ]--- [ 144.431792] RIP: 0010:__memset+0x24/0x50 [ 144.432059] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 144.433164] RSP: 0018:ffff88802f1f7cc0 EFLAGS: 00010216 [ 144.433502] RAX: 0000000000000000 RBX: ffff88800bfa10c0 RCX: 1ffffe21fe5fdf6b [ 144.433931] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 144.434365] RBP: ffff88800bfbca00 R08: 0000000000000005 R09: ffffed10017f4218 [ 144.434808] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bfbca00 [ 144.435240] R13: ffff88800bfa10c0 R14: ffffffff815f27a0 R15: 1ffff1100112321f [ 144.435685] FS: 00007f0482082700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 144.436178] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 144.436549] CR2: ffffed100fffc000 CR3: 0000000038e56000 CR4: 0000000000350ef0 [ 144.629200] Bluetooth: hci3: command 0x040f tx timeout [ 144.757188] Bluetooth: hci6: command 0x040f tx timeout [ 144.757643] Bluetooth: hci5: command 0x040f tx timeout [ 144.821108] Bluetooth: hci7: command 0x040f tx timeout [ 144.949109] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 145.205113] Bluetooth: hci2: command 0x0409 tx timeout [ 145.333137] Bluetooth: hci4: Opcode 0x c03 failed: -110 11:21:39 executing program 4: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={&(0x7f0000000200), 0x1}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r3, 0x29, 0x24, 0x0, 0xfffffffffffffffd) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000480)=ANY=[@ANYBLOB="01000000010000001800000073b1f31f4937300ba1168e534b647fdaf73a177c7e933395a93d48ef810431eff847626f48d4812b937924db43c5193bf49598b47ea936223e4d3ff43d78e59733aa7ffc0b68fda55267cbcf0849f7c5dd4ba0c0b6b520727ed2491674854f2185c9", @ANYRES32=r0, @ANYRESOCT=r3]) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4, 0x5, 0xd8, 0x1, 0x0, 0x7, 0x1141a, 0x4, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x800, 0x1, @perf_config_ext={0xff, 0x9}, 0x200, 0x1, 0xfffffeff, 0x9, 0x200, 0x7586800, 0x7f, 0x0, 0x8, 0x0, 0x101}, 0xffffffffffffffff, 0x3, r4, 0x9) shmat(r2, &(0x7f0000ff0000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r5 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) shmctl$IPC_INFO(r2, 0x3, &(0x7f0000000300)=""/156) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r5) [ 145.753587] BUG: unable to handle page fault for address: ffffed100fffc000 [ 145.754050] #PF: supervisor write access in kernel mode [ 145.754377] #PF: error_code(0x0002) - not-present page [ 145.754719] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 145.755134] Oops: 0002 [#5] PREEMPT SMP KASAN NOPTI [ 145.755448] CPU: 0 PID: 4367 Comm: syz-executor.4 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 145.756027] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 145.756527] RIP: 0010:__memset+0x24/0x50 [ 145.756797] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 145.757910] RSP: 0018:ffff88801a3e7cc0 EFLAGS: 00010216 [ 145.758239] RAX: 0000000000000000 RBX: ffff88800bfa16c0 RCX: 1ffffe21fe5fdf83 [ 145.758683] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 145.759117] RBP: ffff88800bfbca00 R08: 0000000000000005 R09: ffffed10017f42d8 [ 145.759555] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bfbca00 [ 145.759986] R13: ffff88800bfa16c0 R14: ffffffff815f27a0 R15: 1ffff110011dfe1f [ 145.760422] FS: 00007f0482082700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 145.760918] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 145.761284] CR2: ffffed100fffc000 CR3: 000000003a4b2000 CR4: 0000000000350ef0 [ 145.761725] Call Trace: [ 145.761896] [ 145.762043] kasan_unpoison+0x23/0x60 [ 145.762290] mempool_exit+0x1c2/0x330 [ 145.762555] bioset_exit+0x2c9/0x630 [ 145.762802] disk_release+0x143/0x490 [ 145.763055] ? disk_release+0x0/0x490 [ 145.763300] ? device_release+0x0/0x250 [ 145.763562] device_release+0xa2/0x250 [ 145.763813] ? device_release+0x0/0x250 [ 145.764065] kobject_put+0x173/0x280 [ 145.764306] put_device+0x1b/0x40 [ 145.764543] put_disk+0x41/0x60 [ 145.764763] loop_control_ioctl+0x4d1/0x630 [ 145.765051] ? loop_control_ioctl+0x0/0x630 [ 145.765327] ? selinux_file_ioctl+0xb1/0x270 [ 145.765624] ? loop_control_ioctl+0x0/0x630 [ 145.765900] __x64_sys_ioctl+0x19a/0x220 [ 145.766167] do_syscall_64+0x3b/0xa0 [ 145.766415] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 145.766751] RIP: 0033:0x7f0484b0cb19 [ 145.766986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 145.768072] RSP: 002b:00007f0482082188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 145.768541] RAX: ffffffffffffffda RBX: 00007f0484c1ff60 RCX: 00007f0484b0cb19 [ 145.768993] RDX: 0000000000000004 RSI: 0000000000004c81 RDI: 0000000000000004 [ 145.769427] RBP: 00007f0484b66f6d R08: 0000000000000000 R09: 0000000000000000 [ 145.769866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 145.770297] R13: 00007ffc1f11815f R14: 00007f0482082300 R15: 0000000000022000 [ 145.770753] [ 145.770905] Modules linked in: [ 145.771112] CR2: ffffed100fffc000 [ 145.771331] ---[ end trace 0000000000000000 ]--- [ 145.771626] RIP: 0010:__memset+0x24/0x50 [ 145.771895] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 145.772981] RSP: 0018:ffff88802f1f7cc0 EFLAGS: 00010216 [ 145.773310] RAX: 0000000000000000 RBX: ffff88800bfa10c0 RCX: 1ffffe21fe5fdf6b [ 145.773751] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 145.774188] RBP: ffff88800bfbca00 R08: 0000000000000005 R09: ffffed10017f4218 [ 145.774635] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bfbca00 [ 145.775067] R13: ffff88800bfa10c0 R14: ffffffff815f27a0 R15: 1ffff1100112321f [ 145.775506] FS: 00007f0482082700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 145.775995] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 145.776350] CR2: ffffed100fffc000 CR3: 000000003a4b2000 CR4: 0000000000350ef0 11:21:40 executing program 4: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={&(0x7f0000000200), 0x1}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r3, 0x29, 0x24, 0x0, 0xfffffffffffffffd) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000480)=ANY=[@ANYBLOB="01000000010000001800000073b1f31f4937300ba1168e534b647fdaf73a177c7e933395a93d48ef810431eff847626f48d4812b937924db43c5193bf49598b47ea936223e4d3ff43d78e59733aa7ffc0b68fda55267cbcf0849f7c5dd4ba0c0b6b520727ed2491674854f2185c9", @ANYRES32=r0, @ANYRESOCT=r3]) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4, 0x5, 0xd8, 0x1, 0x0, 0x7, 0x1141a, 0x4, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x800, 0x1, @perf_config_ext={0xff, 0x9}, 0x200, 0x1, 0xfffffeff, 0x9, 0x200, 0x7586800, 0x7f, 0x0, 0x8, 0x0, 0x101}, 0xffffffffffffffff, 0x3, r4, 0x9) shmat(r2, &(0x7f0000ff0000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r5 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) shmctl$IPC_INFO(r2, 0x3, &(0x7f0000000300)=""/156) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r5) [ 146.677117] Bluetooth: hci3: command 0x0419 tx timeout [ 146.685453] BUG: unable to handle page fault for address: ffffed100fffc000 [ 146.685951] #PF: supervisor write access in kernel mode [ 146.686283] #PF: error_code(0x0002) - not-present page [ 146.686611] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 146.687026] Oops: 0002 [#6] PREEMPT SMP KASAN NOPTI [ 146.687337] CPU: 1 PID: 4442 Comm: syz-executor.4 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 146.687910] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 146.688407] RIP: 0010:__memset+0x24/0x50 [ 146.688681] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 146.689761] RSP: 0018:ffff88803010fcc0 EFLAGS: 00010216 [ 146.690094] RAX: 0000000000000000 RBX: ffff88800bfa1840 RCX: 1ffffe21fe5fdf89 [ 146.690534] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 146.690969] RBP: ffff88800bfbca00 R08: 0000000000000005 R09: ffffed10017f4308 [ 146.691404] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bfbca00 [ 146.691844] R13: ffff88800bfa1840 R14: ffffffff815f27a0 R15: 1ffff110011dfa1f [ 146.692278] FS: 00007f0482082700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 146.692764] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 146.693136] CR2: ffffed100fffc000 CR3: 000000002f23a000 CR4: 0000000000350ee0 [ 146.693578] Call Trace: [ 146.693747] [ 146.693895] kasan_unpoison+0x23/0x60 [ 146.694145] mempool_exit+0x1c2/0x330 [ 146.694396] bioset_exit+0x2c9/0x630 [ 146.694643] disk_release+0x143/0x490 [ 146.694892] ? disk_release+0x0/0x490 [ 146.695139] ? device_release+0x0/0x250 [ 146.695395] device_release+0xa2/0x250 [ 146.695643] ? device_release+0x0/0x250 [ 146.695894] kobject_put+0x173/0x280 [ 146.696136] put_device+0x1b/0x40 [ 146.696360] put_disk+0x41/0x60 [ 146.696584] loop_control_ioctl+0x4d1/0x630 [ 146.696860] ? loop_control_ioctl+0x0/0x630 [ 146.697141] ? selinux_file_ioctl+0xb1/0x270 [ 146.697433] ? loop_control_ioctl+0x0/0x630 [ 146.697710] __x64_sys_ioctl+0x19a/0x220 [ 146.697975] do_syscall_64+0x3b/0xa0 [ 146.698220] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 146.698541] RIP: 0033:0x7f0484b0cb19 [ 146.698776] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 146.699852] RSP: 002b:00007f0482082188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 146.700315] RAX: ffffffffffffffda RBX: 00007f0484c1ff60 RCX: 00007f0484b0cb19 [ 146.700746] RDX: 0000000000000005 RSI: 0000000000004c81 RDI: 0000000000000004 [ 146.701193] RBP: 00007f0484b66f6d R08: 0000000000000000 R09: 0000000000000000 [ 146.701633] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 146.702063] R13: 00007ffc1f11815f R14: 00007f0482082300 R15: 0000000000022000 [ 146.702503] [ 146.702656] Modules linked in: [ 146.702862] CR2: ffffed100fffc000 [ 146.703081] ---[ end trace 0000000000000000 ]--- [ 146.703371] RIP: 0010:__memset+0x24/0x50 [ 146.703638] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 146.704717] RSP: 0018:ffff88802f1f7cc0 EFLAGS: 00010216 [ 146.705050] RAX: 0000000000000000 RBX: ffff88800bfa10c0 RCX: 1ffffe21fe5fdf6b [ 146.705484] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 146.705919] RBP: ffff88800bfbca00 R08: 0000000000000005 R09: ffffed10017f4218 [ 146.706350] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bfbca00 [ 146.706784] R13: ffff88800bfa10c0 R14: ffffffff815f27a0 R15: 1ffff1100112321f [ 146.707221] FS: 00007f0482082700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 146.707708] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 146.708065] CR2: ffffed100fffc000 CR3: 000000002f23a000 CR4: 0000000000350ee0 [ 146.805157] Bluetooth: hci5: command 0x0419 tx timeout [ 146.805583] Bluetooth: hci6: command 0x0419 tx timeout [ 146.869121] Bluetooth: hci7: command 0x0419 tx timeout [ 147.253144] Bluetooth: hci2: command 0x041b tx timeout 11:21:41 executing program 4: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={&(0x7f0000000200), 0x1}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r3, 0x29, 0x24, 0x0, 0xfffffffffffffffd) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000480)=ANY=[@ANYBLOB="01000000010000001800000073b1f31f4937300ba1168e534b647fdaf73a177c7e933395a93d48ef810431eff847626f48d4812b937924db43c5193bf49598b47ea936223e4d3ff43d78e59733aa7ffc0b68fda55267cbcf0849f7c5dd4ba0c0b6b520727ed2491674854f2185c9", @ANYRES32=r0, @ANYRESOCT=r3]) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4, 0x5, 0xd8, 0x1, 0x0, 0x7, 0x1141a, 0x4, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x800, 0x1, @perf_config_ext={0xff, 0x9}, 0x200, 0x1, 0xfffffeff, 0x9, 0x200, 0x7586800, 0x7f, 0x0, 0x8, 0x0, 0x101}, 0xffffffffffffffff, 0x3, r4, 0x9) shmat(r2, &(0x7f0000ff0000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r5 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) shmctl$IPC_INFO(r2, 0x3, &(0x7f0000000300)=""/156) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r5) [ 147.593704] BUG: unable to handle page fault for address: ffffed100fffc000 [ 147.594222] #PF: supervisor write access in kernel mode [ 147.594587] #PF: error_code(0x0002) - not-present page [ 147.594954] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 147.595421] Oops: 0002 [#7] PREEMPT SMP KASAN NOPTI [ 147.595733] CPU: 0 PID: 4529 Comm: syz-executor.4 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 147.596334] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 147.596895] RIP: 0010:__memset+0x24/0x50 [ 147.597189] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 147.598477] RSP: 0018:ffff8880180ffcc0 EFLAGS: 00010216 [ 147.598808] RAX: 0000000000000000 RBX: ffff88800bfa19c0 RCX: 1ffffe21fe5fdf8f [ 147.599237] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 147.599664] RBP: ffff88800bfbca00 R08: 0000000000000005 R09: ffffed10017f4338 [ 147.600090] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bfbca00 [ 147.600523] R13: ffff88800bfa19c0 R14: ffffffff815f27a0 R15: 1ffff110011df61f [ 147.600957] FS: 00007f0482082700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 147.601445] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 147.601805] CR2: ffffed100fffc000 CR3: 000000003a81e000 CR4: 0000000000350ef0 [ 147.602245] Call Trace: [ 147.602409] [ 147.602557] kasan_unpoison+0x23/0x60 [ 147.602809] mempool_exit+0x1c2/0x330 [ 147.603058] bioset_exit+0x2c9/0x630 [ 147.603309] disk_release+0x143/0x490 [ 147.603558] ? disk_release+0x0/0x490 [ 147.603806] ? device_release+0x0/0x250 [ 147.604062] device_release+0xa2/0x250 [ 147.604311] ? device_release+0x0/0x250 [ 147.604567] kobject_put+0x173/0x280 [ 147.604813] put_device+0x1b/0x40 [ 147.605045] put_disk+0x41/0x60 [ 147.605267] loop_control_ioctl+0x4d1/0x630 [ 147.605546] ? loop_control_ioctl+0x0/0x630 [ 147.605878] ? selinux_file_ioctl+0xb1/0x270 [ 147.606250] ? loop_control_ioctl+0x0/0x630 [ 147.606637] __x64_sys_ioctl+0x19a/0x220 [ 147.606998] do_syscall_64+0x3b/0xa0 [ 147.607341] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 147.607754] RIP: 0033:0x7f0484b0cb19 [ 147.608074] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 147.609584] RSP: 002b:00007f0482082188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 147.610184] RAX: ffffffffffffffda RBX: 00007f0484c1ff60 RCX: 00007f0484b0cb19 [ 147.610734] RDX: 0000000000000006 RSI: 0000000000004c81 RDI: 0000000000000004 [ 147.611328] RBP: 00007f0484b66f6d R08: 0000000000000000 R09: 0000000000000000 [ 147.611935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 147.612544] R13: 00007ffc1f11815f R14: 00007f0482082300 R15: 0000000000022000 [ 147.613151] [ 147.613355] Modules linked in: [ 147.613632] CR2: ffffed100fffc000 [ 147.613926] ---[ end trace 0000000000000000 ]--- [ 147.614328] RIP: 0010:__memset+0x24/0x50 [ 147.614689] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 147.616177] RSP: 0018:ffff88802f1f7cc0 EFLAGS: 00010216 [ 147.616627] RAX: 0000000000000000 RBX: ffff88800bfa10c0 RCX: 1ffffe21fe5fdf6b [ 147.617234] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 147.617824] RBP: ffff88800bfbca00 R08: 0000000000000005 R09: ffffed10017f4218 [ 147.618416] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bfbca00 [ 147.619012] R13: ffff88800bfa10c0 R14: ffffffff815f27a0 R15: 1ffff1100112321f [ 147.619618] FS: 00007f0482082700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 147.620284] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 147.620778] CR2: ffffed100fffc000 CR3: 000000003a81e000 CR4: 0000000000350ef0 11:21:42 executing program 4: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={&(0x7f0000000200), 0x1}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r3, 0x29, 0x24, 0x0, 0xfffffffffffffffd) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000480)=ANY=[@ANYBLOB="01000000010000001800000073b1f31f4937300ba1168e534b647fdaf73a177c7e933395a93d48ef810431eff847626f48d4812b937924db43c5193bf49598b47ea936223e4d3ff43d78e59733aa7ffc0b68fda55267cbcf0849f7c5dd4ba0c0b6b520727ed2491674854f2185c9", @ANYRES32=r0, @ANYRESOCT=r3]) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4, 0x5, 0xd8, 0x1, 0x0, 0x7, 0x1141a, 0x4, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x800, 0x1, @perf_config_ext={0xff, 0x9}, 0x200, 0x1, 0xfffffeff, 0x9, 0x200, 0x7586800, 0x7f, 0x0, 0x8, 0x0, 0x101}, 0xffffffffffffffff, 0x3, r4, 0x9) shmat(r2, &(0x7f0000ff0000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r5 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) shmctl$IPC_INFO(r2, 0x3, &(0x7f0000000300)=""/156) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r5) 11:21:42 executing program 4: shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={&(0x7f0000000200), 0x1}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) shmat(r2, &(0x7f0000ffe000/0x2000)=nil, 0x2000) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r3, 0x29, 0x24, 0x0, 0xfffffffffffffffd) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000480)=ANY=[@ANYBLOB="01000000010000001800000073b1f31f4937300ba1168e534b647fdaf73a177c7e933395a93d48ef810431eff847626f48d4812b937924db43c5193bf49598b47ea936223e4d3ff43d78e59733aa7ffc0b68fda55267cbcf0849f7c5dd4ba0c0b6b520727ed2491674854f2185c9", @ANYRES32=r0, @ANYRESOCT=r3]) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4, 0x5, 0xd8, 0x1, 0x0, 0x7, 0x1141a, 0x4, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x800, 0x1, @perf_config_ext={0xff, 0x9}, 0x200, 0x1, 0xfffffeff, 0x9, 0x200, 0x7586800, 0x7f, 0x0, 0x8, 0x0, 0x101}, 0xffffffffffffffff, 0x3, r4, 0x9) shmat(r2, &(0x7f0000ff0000/0x2000)=nil, 0x0) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r5 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) shmctl$IPC_INFO(r2, 0x3, &(0x7f0000000300)=""/156) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r5) [ 148.737536] BUG: unable to handle page fault for address: ffffed100fffc000 [ 148.738014] #PF: supervisor write access in kernel mode [ 148.738343] #PF: error_code(0x0002) - not-present page [ 148.738672] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 148.739095] Oops: 0002 [#8] PREEMPT SMP KASAN NOPTI [ 148.739410] CPU: 0 PID: 4599 Comm: syz-executor.4 Tainted: G D 6.1.0-rc3-next-20221031 #1 [ 148.739994] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 148.740503] RIP: 0010:__memset+0x24/0x50 [ 148.740781] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 148.741908] RSP: 0018:ffff8880180ffcc0 EFLAGS: 00010216 [ 148.742245] RAX: 0000000000000000 RBX: ffff88800bfa1b40 RCX: 1ffffe21fe5fdf95 [ 148.742685] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 148.743127] RBP: ffff88800bfbca00 R08: 0000000000000005 R09: ffffed10017f4368 [ 148.743567] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bfbca00 [ 148.744008] R13: ffff88800bfa1b40 R14: ffffffff815f27a0 R15: 1ffff11001201e1f [ 148.744451] FS: 00007f0482082700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 148.744950] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 148.745321] CR2: ffffed100fffc000 CR3: 00000000360a4000 CR4: 0000000000350ef0 [ 148.745763] Call Trace: [ 148.745935] [ 148.746089] kasan_unpoison+0x23/0x60 [ 148.746343] mempool_exit+0x1c2/0x330 [ 148.746606] bioset_exit+0x2c9/0x630 [ 148.746859] disk_release+0x143/0x490 [ 148.747114] ? disk_release+0x0/0x490 [ 148.747368] ? device_release+0x0/0x250 [ 148.747630] device_release+0xa2/0x250 [ 148.747889] ? device_release+0x0/0x250 [ 148.748151] kobject_put+0x173/0x280 [ 148.748406] put_device+0x1b/0x40 [ 148.748639] put_disk+0x41/0x60 [ 148.748869] loop_control_ioctl+0x4d1/0x630 [ 148.749173] ? loop_control_ioctl+0x0/0x630 [ 148.749459] ? selinux_file_ioctl+0xb1/0x270 [ 148.749764] ? loop_control_ioctl+0x0/0x630 [ 148.750075] __x64_sys_ioctl+0x19a/0x220 [ 148.750350] do_syscall_64+0x3b/0xa0 [ 148.750604] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 148.750943] RIP: 0033:0x7f0484b0cb19 [ 148.751194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 148.752336] RSP: 002b:00007f0482082188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 148.752821] RAX: ffffffffffffffda RBX: 00007f0484c1ff60 RCX: 00007f0484b0cb19 [ 148.753278] RDX: 0000000000000007 RSI: 0000000000004c81 RDI: 0000000000000004 [ 148.753726] RBP: 00007f0484b66f6d R08: 0000000000000000 R09: 0000000000000000 [ 148.754185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 148.754638] R13: 00007ffc1f11815f R14: 00007f0482082300 R15: 0000000000022000 [ 148.755106] [ 148.755263] Modules linked in: [ 148.755478] CR2: ffffed100fffc000 [ 148.755702] ---[ end trace 0000000000000000 ]--- [ 148.756006] RIP: 0010:__memset+0x24/0x50 [ 148.756283] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 4d d4 12 00 66 66 2e 0f 1f 84 00 [ 148.757431] RSP: 0018:ffff88802f1f7cc0 EFLAGS: 00010216 [ 148.757771] RAX: 0000000000000000 RBX: ffff88800bfa10c0 RCX: 1ffffe21fe5fdf6b [ 148.758223] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 148.758668] RBP: ffff88800bfbca00 R08: 0000000000000005 R09: ffffed10017f4218 [ 148.759117] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bfbca00 [ 148.759563] R13: ffff88800bfa10c0 R14: ffffffff815f27a0 R15: 1ffff1100112321f [ 148.760011] FS: 00007f0482082700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 148.760518] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 148.760886] CR2: ffffed100fffc000 CR3: 00000000360a4000 CR4: 0000000000350ef0 [ 149.301133] Bluetooth: hci2: command 0x040f tx timeout [ 149.685197] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 150.005161] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 151.349117] Bluetooth: hci2: command 0x0419 tx timeout VM DIAGNOSIS: 11:21:35 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=ffff88803815f4c0 RCX=000000000000000d RDX=0000000000000000 RSI=0000000000000000 RDI=ffff88803815f430 RBP=ffff88803a445040 RSP=ffff88803815f3d0 R8 =0000000000000001 R9 =ffff88803815f428 R10=ffffed100702be92 R11=0000000000000001 R12=0000000000000000 R13=ffff88803815f450 R14=ffff88803a445040 R15=ffff88803815f428 RIP=ffffffff84265564 RFL=00000212 [----A--] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806d000000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe6c1b0f1000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe6c1b0ef000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f2c7a11b1f0 CR3=0000000030fee000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=6461657268747062696c2f756e672d78 XMM02=00302e6f732e6461657268747062696c XMM03=2f756e672d78756e696c2d34365f3638 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000032 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff82451091 RDI=ffffffff879a19e0 RBP=ffffffff879a19a0 RSP=ffff88802f1f7548 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000032 R11=0000000000000001 R12=0000000000000032 R13=ffffffff879a19a0 R14=0000000000000010 R15=ffffffff82451080 RIP=ffffffff824510e9 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f0482082700 00000000 00000000 GS =0000 ffff88806d100000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe6abe203000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe6abe201000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=ffffed100fffc000 CR3=000000001a340000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=7465677261742e79636e656772656d65 XMM02=ffffffffff0f0e0d0c0b0a0908070605 XMM03=30706f6f6c2f6b636f6c622f6c617574 XMM04=000055906fb9b420000055906fb5c130 XMM05=0100ffff000102010000000300000006 XMM06=0000000600000007000055906fb182a0 XMM07=00000000000000000000000000000000 XMM08=0000000000000000000055906fbe6f00 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000200000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000