Warning: Permanently added '[localhost]:28072' (ECDSA) to the list of known hosts. 2022/11/01 10:51:16 fuzzer started 2022/11/01 10:51:16 dialing manager at localhost:42881 syzkaller login: [ 45.413450] cgroup: Unknown subsys name 'net' [ 45.519279] cgroup: Unknown subsys name 'rlimit' 2022/11/01 10:51:30 syscalls: 2217 2022/11/01 10:51:30 code coverage: enabled 2022/11/01 10:51:30 comparison tracing: enabled 2022/11/01 10:51:30 extra coverage: enabled 2022/11/01 10:51:30 setuid sandbox: enabled 2022/11/01 10:51:30 namespace sandbox: enabled 2022/11/01 10:51:30 Android sandbox: enabled 2022/11/01 10:51:30 fault injection: enabled 2022/11/01 10:51:30 leak checking: enabled 2022/11/01 10:51:30 net packet injection: enabled 2022/11/01 10:51:30 net device setup: enabled 2022/11/01 10:51:30 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/11/01 10:51:30 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/11/01 10:51:30 USB emulation: enabled 2022/11/01 10:51:30 hci packet injection: enabled 2022/11/01 10:51:30 wifi device emulation: enabled 2022/11/01 10:51:30 802.15.4 emulation: enabled 2022/11/01 10:51:30 fetching corpus: 0, signal 0/2000 (executing program) 2022/11/01 10:51:30 fetching corpus: 50, signal 29957/33040 (executing program) 2022/11/01 10:51:30 fetching corpus: 100, signal 43646/47635 (executing program) 2022/11/01 10:51:30 fetching corpus: 150, signal 53280/58019 (executing program) 2022/11/01 10:51:30 fetching corpus: 200, signal 61869/67179 (executing program) 2022/11/01 10:51:31 fetching corpus: 250, signal 68739/74496 (executing program) 2022/11/01 10:51:31 fetching corpus: 300, signal 77971/83739 (executing program) 2022/11/01 10:51:31 fetching corpus: 350, signal 82483/88441 (executing program) 2022/11/01 10:51:31 fetching corpus: 400, signal 87258/93357 (executing program) 2022/11/01 10:51:31 fetching corpus: 450, signal 91517/97628 (executing program) 2022/11/01 10:51:32 fetching corpus: 500, signal 94838/101002 (executing program) 2022/11/01 10:51:32 fetching corpus: 550, signal 98542/104559 (executing program) 2022/11/01 10:51:32 fetching corpus: 600, signal 101735/107697 (executing program) 2022/11/01 10:51:32 fetching corpus: 650, signal 104472/110345 (executing program) 2022/11/01 10:51:32 fetching corpus: 700, signal 107088/112796 (executing program) 2022/11/01 10:51:32 fetching corpus: 750, signal 111952/116847 (executing program) 2022/11/01 10:51:33 fetching corpus: 800, signal 114962/119357 (executing program) 2022/11/01 10:51:33 fetching corpus: 850, signal 118043/121827 (executing program) 2022/11/01 10:51:33 fetching corpus: 900, signal 121089/124192 (executing program) 2022/11/01 10:51:33 fetching corpus: 950, signal 123474/126056 (executing program) 2022/11/01 10:51:33 fetching corpus: 1000, signal 126401/128155 (executing program) 2022/11/01 10:51:34 fetching corpus: 1050, signal 127999/129324 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/130739 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/130764 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/130806 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/130833 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/130862 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/130891 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/130918 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/130947 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/130981 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131003 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131028 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131052 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131080 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131106 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131132 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131159 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131187 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131217 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131251 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131285 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131314 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131348 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131380 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131425 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131443 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131468 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131503 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131538 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131564 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131593 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131622 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131652 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131681 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131706 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131732 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131761 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131791 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131819 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131844 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131883 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131913 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131944 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131968 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131992 (executing program) 2022/11/01 10:51:34 fetching corpus: 1094, signal 130074/131992 (executing program) 2022/11/01 10:51:37 starting 8 fuzzer processes 10:51:37 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000100)=0x9) 10:51:37 executing program 1: mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x4d031, 0xffffffffffffffff, 0x0) mount_setattr(0xffffffffffffff9c, 0x0, 0x0, &(0x7f00000001c0), 0x20) [ 66.014111] audit: type=1400 audit(1667299897.279:6): avc: denied { execmem } for pid=284 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 10:51:37 executing program 2: r0 = epoll_create(0x5) r1 = eventfd2(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)) 10:51:37 executing program 3: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) perf_event_open(0x0, 0x0, 0xfffffffffffffffc, r0, 0x8) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, 0x0) fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f0000000380)=']p\"\xae\x06\xc40\x1a\x1a\\\x9e\x8a\x17@)#\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004I\x1c4P\x0e\xc4!\xc9\xece\x84\x85\xf2\xdb\xd3\xa7_\xe5\x95\x04\xdae\xca\xfd\xe2\xd1\xc5\x13\xf3u\xea\xc0\xb5b[\x9adH~\n\xe1\x86\x1f\xe7s\x04\xe8\xf2$\xae\xa8\xe7\xbd\x05\xb0B\xf2\x9cp\xc73\x9db\xc4\xe8EC\xbd\xc9\xf8\x0e\xd7\x1b\x11\xaf\xbf0xffffffffffffffff, {0x7f}}, './file0\x00'}) sendmsg$BATADV_CMD_GET_HARDIF(r2, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x28, 0x0, 0x100, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x43}}]}, 0x28}, 0x1, 0x0, 0x0, 0x4004045}, 0x184) keyctl$setperm(0x5, r1, 0x200) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r2, 0xc0189374, &(0x7f0000000380)={{0x1, 0x1, 0x18, r2, {0x8}}, '.\x00'}) fsconfig$FSCONFIG_SET_PATH_EMPTY(r3, 0x4, &(0x7f00000003c0)='*\x00', &(0x7f0000000400)='./file0\x00', r2) keyctl$reject(0x13, 0x0, 0x7b, 0x4, r1) keyctl$invalidate(0x15, r0) syz_mount_image$ext4(&(0x7f0000004000)='ext4\x00', &(0x7f0000004040)='./file0\x00', 0xfffffffffffffffb, 0x4, &(0x7f00000042c0)=[{&(0x7f0000004080), 0x0, 0xbec3}, {&(0x7f0000004100)="8e7e145f84dc7b27f23184e9a32ad9", 0xf, 0x2}, {&(0x7f0000004140)="97038c3bda56532d3583f00462e224eab5632822056b76ce9185d77f70ad02b6a67a242b1b297236e529bae845358924d37c6577de98f75c6c091147b45863a810a401c5f6846a765000b8b56568d864b1f155ff58146d32954801bb37dd00b51e987e8a20f6f621b83bc3db5538cc3fffe55f7ce4e95ec9dd02043b243dda00379cc1729e8d423714c53714d126f4e62333219d1d696d9a8623", 0x9a}, {&(0x7f0000004240)="75876ca8f65ea1c340a289a5a3c17f8d739b2cdb8a721793ba892eb0ec57757d6a", 0x21, 0x1}], 0x8000, &(0x7f0000004340)={[{@min_batch_time={'min_batch_time', 0x3d, 0x9}}, {@delalloc}, {@journal_checksum}, {@data_ordered}, {@lazytime}, {@grpid}, {@grpjquota_path={'grpjquota', 0x3d, './file0/file0'}}, {@nobarrier}], [{@fowner_lt}, {@subj_type={'subj_type', 0x3d, '#'}}]}) execveat(0xffffffffffffffff, &(0x7f0000005900)='./file0/file0\x00', &(0x7f0000005a80)=[&(0x7f0000005940)='(\x00', &(0x7f0000005980)='ext4\x00', &(0x7f00000059c0)='-.g#]\'+:[{\'\x00', &(0x7f0000005a00)='\x00', 0x0], &(0x7f0000005b80)=[&(0x7f0000005ac0)='min_batch_time', 0x0], 0x1000) 10:51:37 executing program 6: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r0, 0x5410, &(0x7f0000000000)) 10:51:37 executing program 7: getgroups(0x2, &(0x7f0000000140)=[0x0, 0xee00]) setgid(r0) socket$inet6_icmp(0xa, 0x2, 0x3a) [ 67.358081] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 67.359756] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 67.361197] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 67.363930] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 67.365612] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 67.366978] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 67.371938] Bluetooth: hci0: HCI_REQ-0x0c1a [ 67.411388] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 67.415748] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 67.416843] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 67.422838] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 67.427929] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 67.429596] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 67.430925] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 67.433060] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 67.435325] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 67.436520] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 67.437478] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 67.438897] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 67.440627] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 67.441802] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 67.443680] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 67.447152] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 67.449175] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 67.450369] Bluetooth: hci2: HCI_REQ-0x0c1a [ 67.450391] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 67.484469] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 67.497970] Bluetooth: hci1: HCI_REQ-0x0c1a [ 67.507344] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 67.509184] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 67.523570] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 67.528250] Bluetooth: hci4: HCI_REQ-0x0c1a [ 67.535907] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 67.543169] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 67.544385] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 67.546370] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 67.548184] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 67.553590] Bluetooth: hci3: HCI_REQ-0x0c1a [ 67.592319] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 67.601896] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 67.609274] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 67.627973] Bluetooth: hci6: HCI_REQ-0x0c1a [ 69.444525] Bluetooth: hci0: command 0x0409 tx timeout [ 69.508180] Bluetooth: hci2: command 0x0409 tx timeout [ 69.508211] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 69.509462] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 69.573559] Bluetooth: hci3: command 0x0409 tx timeout [ 69.573603] Bluetooth: hci4: command 0x0409 tx timeout [ 69.574643] Bluetooth: hci1: command 0x0409 tx timeout [ 69.636260] Bluetooth: hci6: command 0x0409 tx timeout [ 71.492325] Bluetooth: hci0: command 0x041b tx timeout [ 71.556123] Bluetooth: hci2: command 0x041b tx timeout [ 71.620228] Bluetooth: hci4: command 0x041b tx timeout [ 71.620296] Bluetooth: hci3: command 0x041b tx timeout [ 71.621055] Bluetooth: hci1: command 0x041b tx timeout [ 71.684171] Bluetooth: hci6: command 0x041b tx timeout [ 73.317484] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 73.318573] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 73.320774] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 73.326799] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 73.333792] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 73.334542] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 73.346569] Bluetooth: hci5: HCI_REQ-0x0c1a [ 73.540199] Bluetooth: hci0: command 0x040f tx timeout [ 73.604089] Bluetooth: hci2: command 0x040f tx timeout [ 73.668133] Bluetooth: hci3: command 0x040f tx timeout [ 73.668593] Bluetooth: hci4: command 0x040f tx timeout [ 73.669089] Bluetooth: hci1: command 0x040f tx timeout [ 73.732064] Bluetooth: hci6: command 0x040f tx timeout [ 75.397103] Bluetooth: hci5: command 0x0409 tx timeout [ 75.460100] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 75.588136] Bluetooth: hci0: command 0x0419 tx timeout [ 75.652149] Bluetooth: hci2: command 0x0419 tx timeout [ 75.716081] Bluetooth: hci1: command 0x0419 tx timeout [ 75.716119] Bluetooth: hci4: command 0x0419 tx timeout [ 75.716498] Bluetooth: hci3: command 0x0419 tx timeout [ 75.780098] Bluetooth: hci6: command 0x0419 tx timeout [ 77.444077] Bluetooth: hci5: command 0x041b tx timeout [ 77.839225] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 77.843148] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 77.846145] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 77.851132] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 77.857159] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 77.861149] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 77.866049] Bluetooth: hci7: HCI_REQ-0x0c1a [ 79.493198] Bluetooth: hci5: command 0x040f tx timeout [ 79.877222] Bluetooth: hci7: command 0x0409 tx timeout [ 81.540165] Bluetooth: hci5: command 0x0419 tx timeout [ 81.924105] Bluetooth: hci7: command 0x041b tx timeout [ 83.972160] Bluetooth: hci7: command 0x040f tx timeout [ 86.021179] Bluetooth: hci7: command 0x0419 tx timeout [ 123.181727] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.182364] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.183579] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 123.409987] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.410650] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.412349] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 124.711804] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.712870] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.750109] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 124.831857] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.832666] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.834079] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 124.887894] loop5: detected capacity change from 0 to 264192 [ 124.903997] EXT4-fs: quotafile must be on filesystem root [ 124.947636] loop5: detected capacity change from 0 to 264192 [ 124.958703] EXT4-fs: quotafile must be on filesystem root 10:52:36 executing program 5: r0 = add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)={0x1, 0x0, @auto=[0x13, 0x34, 0x2e]}, 0xb, 0xffffffffffffffff) keyctl$instantiate_iov(0x14, r0, &(0x7f0000000180)=[{0x0}], 0x1, 0x0) r1 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$chown(0x4, r0, 0xffffffffffffffff, 0x0) keyctl$negate(0xd, r1, 0x6, r1) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000240)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x7f}}, './file0\x00'}) sendmsg$BATADV_CMD_GET_HARDIF(r2, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x28, 0x0, 0x100, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x43}}]}, 0x28}, 0x1, 0x0, 0x0, 0x4004045}, 0x184) keyctl$setperm(0x5, r1, 0x200) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r2, 0xc0189374, &(0x7f0000000380)={{0x1, 0x1, 0x18, r2, {0x8}}, '.\x00'}) fsconfig$FSCONFIG_SET_PATH_EMPTY(r3, 0x4, &(0x7f00000003c0)='*\x00', &(0x7f0000000400)='./file0\x00', r2) keyctl$reject(0x13, 0x0, 0x7b, 0x4, r1) keyctl$invalidate(0x15, r0) syz_mount_image$ext4(&(0x7f0000004000)='ext4\x00', &(0x7f0000004040)='./file0\x00', 0xfffffffffffffffb, 0x4, &(0x7f00000042c0)=[{&(0x7f0000004080), 0x0, 0xbec3}, {&(0x7f0000004100)="8e7e145f84dc7b27f23184e9a32ad9", 0xf, 0x2}, {&(0x7f0000004140)="97038c3bda56532d3583f00462e224eab5632822056b76ce9185d77f70ad02b6a67a242b1b297236e529bae845358924d37c6577de98f75c6c091147b45863a810a401c5f6846a765000b8b56568d864b1f155ff58146d32954801bb37dd00b51e987e8a20f6f621b83bc3db5538cc3fffe55f7ce4e95ec9dd02043b243dda00379cc1729e8d423714c53714d126f4e62333219d1d696d9a8623", 0x9a}, {&(0x7f0000004240)="75876ca8f65ea1c340a289a5a3c17f8d739b2cdb8a721793ba892eb0ec57757d6a", 0x21, 0x1}], 0x8000, &(0x7f0000004340)={[{@min_batch_time={'min_batch_time', 0x3d, 0x9}}, {@delalloc}, {@journal_checksum}, {@data_ordered}, {@lazytime}, {@grpid}, {@grpjquota_path={'grpjquota', 0x3d, './file0/file0'}}, {@nobarrier}], [{@fowner_lt}, {@subj_type={'subj_type', 0x3d, '#'}}]}) execveat(0xffffffffffffffff, &(0x7f0000005900)='./file0/file0\x00', &(0x7f0000005a80)=[&(0x7f0000005940)='(\x00', &(0x7f0000005980)='ext4\x00', &(0x7f00000059c0)='-.g#]\'+:[{\'\x00', &(0x7f0000005a00)='\x00', 0x0], &(0x7f0000005b80)=[&(0x7f0000005ac0)='min_batch_time', 0x0], 0x1000) [ 125.152224] loop5: detected capacity change from 0 to 264192 [ 125.164835] EXT4-fs: quotafile must be on filesystem root 10:52:36 executing program 5: r0 = add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)={0x1, 0x0, @auto=[0x13, 0x34, 0x2e]}, 0xb, 0xffffffffffffffff) keyctl$instantiate_iov(0x14, r0, &(0x7f0000000180)=[{0x0}], 0x1, 0x0) r1 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$chown(0x4, r0, 0xffffffffffffffff, 0x0) keyctl$negate(0xd, r1, 0x6, r1) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000240)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x7f}}, './file0\x00'}) sendmsg$BATADV_CMD_GET_HARDIF(r2, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x28, 0x0, 0x100, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x43}}]}, 0x28}, 0x1, 0x0, 0x0, 0x4004045}, 0x184) keyctl$setperm(0x5, r1, 0x200) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r2, 0xc0189374, &(0x7f0000000380)={{0x1, 0x1, 0x18, r2, {0x8}}, '.\x00'}) fsconfig$FSCONFIG_SET_PATH_EMPTY(r3, 0x4, &(0x7f00000003c0)='*\x00', &(0x7f0000000400)='./file0\x00', r2) keyctl$reject(0x13, 0x0, 0x7b, 0x4, r1) keyctl$invalidate(0x15, r0) syz_mount_image$ext4(&(0x7f0000004000)='ext4\x00', &(0x7f0000004040)='./file0\x00', 0xfffffffffffffffb, 0x4, &(0x7f00000042c0)=[{&(0x7f0000004080), 0x0, 0xbec3}, {&(0x7f0000004100)="8e7e145f84dc7b27f23184e9a32ad9", 0xf, 0x2}, {&(0x7f0000004140)="97038c3bda56532d3583f00462e224eab5632822056b76ce9185d77f70ad02b6a67a242b1b297236e529bae845358924d37c6577de98f75c6c091147b45863a810a401c5f6846a765000b8b56568d864b1f155ff58146d32954801bb37dd00b51e987e8a20f6f621b83bc3db5538cc3fffe55f7ce4e95ec9dd02043b243dda00379cc1729e8d423714c53714d126f4e62333219d1d696d9a8623", 0x9a}, {&(0x7f0000004240)="75876ca8f65ea1c340a289a5a3c17f8d739b2cdb8a721793ba892eb0ec57757d6a", 0x21, 0x1}], 0x8000, &(0x7f0000004340)={[{@min_batch_time={'min_batch_time', 0x3d, 0x9}}, {@delalloc}, {@journal_checksum}, {@data_ordered}, {@lazytime}, {@grpid}, {@grpjquota_path={'grpjquota', 0x3d, './file0/file0'}}, {@nobarrier}], [{@fowner_lt}, {@subj_type={'subj_type', 0x3d, '#'}}]}) execveat(0xffffffffffffffff, &(0x7f0000005900)='./file0/file0\x00', &(0x7f0000005a80)=[&(0x7f0000005940)='(\x00', &(0x7f0000005980)='ext4\x00', &(0x7f00000059c0)='-.g#]\'+:[{\'\x00', &(0x7f0000005a00)='\x00', 0x0], &(0x7f0000005b80)=[&(0x7f0000005ac0)='min_batch_time', 0x0], 0x1000) [ 125.429737] loop5: detected capacity change from 0 to 264192 [ 125.443849] EXT4-fs: quotafile must be on filesystem root 10:52:36 executing program 5: r0 = add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)={0x1, 0x0, @auto=[0x13, 0x34, 0x2e]}, 0xb, 0xffffffffffffffff) keyctl$instantiate_iov(0x14, r0, &(0x7f0000000180)=[{0x0}], 0x1, 0x0) r1 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$chown(0x4, r0, 0xffffffffffffffff, 0x0) keyctl$negate(0xd, r1, 0x6, r1) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000240)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x7f}}, './file0\x00'}) sendmsg$BATADV_CMD_GET_HARDIF(r2, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x28, 0x0, 0x100, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x43}}]}, 0x28}, 0x1, 0x0, 0x0, 0x4004045}, 0x184) keyctl$setperm(0x5, r1, 0x200) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r2, 0xc0189374, &(0x7f0000000380)={{0x1, 0x1, 0x18, r2, {0x8}}, '.\x00'}) fsconfig$FSCONFIG_SET_PATH_EMPTY(r3, 0x4, &(0x7f00000003c0)='*\x00', &(0x7f0000000400)='./file0\x00', r2) keyctl$reject(0x13, 0x0, 0x7b, 0x4, r1) keyctl$invalidate(0x15, r0) syz_mount_image$ext4(&(0x7f0000004000)='ext4\x00', &(0x7f0000004040)='./file0\x00', 0xfffffffffffffffb, 0x4, &(0x7f00000042c0)=[{&(0x7f0000004080), 0x0, 0xbec3}, {&(0x7f0000004100)="8e7e145f84dc7b27f23184e9a32ad9", 0xf, 0x2}, {&(0x7f0000004140)="97038c3bda56532d3583f00462e224eab5632822056b76ce9185d77f70ad02b6a67a242b1b297236e529bae845358924d37c6577de98f75c6c091147b45863a810a401c5f6846a765000b8b56568d864b1f155ff58146d32954801bb37dd00b51e987e8a20f6f621b83bc3db5538cc3fffe55f7ce4e95ec9dd02043b243dda00379cc1729e8d423714c53714d126f4e62333219d1d696d9a8623", 0x9a}, {&(0x7f0000004240)="75876ca8f65ea1c340a289a5a3c17f8d739b2cdb8a721793ba892eb0ec57757d6a", 0x21, 0x1}], 0x8000, &(0x7f0000004340)={[{@min_batch_time={'min_batch_time', 0x3d, 0x9}}, {@delalloc}, {@journal_checksum}, {@data_ordered}, {@lazytime}, {@grpid}, {@grpjquota_path={'grpjquota', 0x3d, './file0/file0'}}, {@nobarrier}], [{@fowner_lt}, {@subj_type={'subj_type', 0x3d, '#'}}]}) execveat(0xffffffffffffffff, &(0x7f0000005900)='./file0/file0\x00', &(0x7f0000005a80)=[&(0x7f0000005940)='(\x00', &(0x7f0000005980)='ext4\x00', &(0x7f00000059c0)='-.g#]\'+:[{\'\x00', &(0x7f0000005a00)='\x00', 0x0], &(0x7f0000005b80)=[&(0x7f0000005ac0)='min_batch_time', 0x0], 0x1000) [ 125.655984] loop5: detected capacity change from 0 to 264192 [ 125.675382] EXT4-fs: quotafile must be on filesystem root 10:52:37 executing program 5: r0 = add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)={0x1, 0x0, @auto=[0x13, 0x34, 0x2e]}, 0xb, 0xffffffffffffffff) keyctl$instantiate_iov(0x14, r0, &(0x7f0000000180)=[{0x0}], 0x1, 0x0) r1 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$chown(0x4, r0, 0xffffffffffffffff, 0x0) keyctl$negate(0xd, r1, 0x6, r1) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000240)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x7f}}, './file0\x00'}) sendmsg$BATADV_CMD_GET_HARDIF(r2, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x28, 0x0, 0x100, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x43}}]}, 0x28}, 0x1, 0x0, 0x0, 0x4004045}, 0x184) keyctl$setperm(0x5, r1, 0x200) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r2, 0xc0189374, &(0x7f0000000380)={{0x1, 0x1, 0x18, r2, {0x8}}, '.\x00'}) fsconfig$FSCONFIG_SET_PATH_EMPTY(r3, 0x4, &(0x7f00000003c0)='*\x00', &(0x7f0000000400)='./file0\x00', r2) keyctl$reject(0x13, 0x0, 0x7b, 0x4, r1) keyctl$invalidate(0x15, r0) syz_mount_image$ext4(&(0x7f0000004000)='ext4\x00', &(0x7f0000004040)='./file0\x00', 0xfffffffffffffffb, 0x4, &(0x7f00000042c0)=[{&(0x7f0000004080), 0x0, 0xbec3}, {&(0x7f0000004100)="8e7e145f84dc7b27f23184e9a32ad9", 0xf, 0x2}, {&(0x7f0000004140)="97038c3bda56532d3583f00462e224eab5632822056b76ce9185d77f70ad02b6a67a242b1b297236e529bae845358924d37c6577de98f75c6c091147b45863a810a401c5f6846a765000b8b56568d864b1f155ff58146d32954801bb37dd00b51e987e8a20f6f621b83bc3db5538cc3fffe55f7ce4e95ec9dd02043b243dda00379cc1729e8d423714c53714d126f4e62333219d1d696d9a8623", 0x9a}, {&(0x7f0000004240)="75876ca8f65ea1c340a289a5a3c17f8d739b2cdb8a721793ba892eb0ec57757d6a", 0x21, 0x1}], 0x8000, &(0x7f0000004340)={[{@min_batch_time={'min_batch_time', 0x3d, 0x9}}, {@delalloc}, {@journal_checksum}, {@data_ordered}, {@lazytime}, {@grpid}, {@grpjquota_path={'grpjquota', 0x3d, './file0/file0'}}, {@nobarrier}], [{@fowner_lt}, {@subj_type={'subj_type', 0x3d, '#'}}]}) execveat(0xffffffffffffffff, &(0x7f0000005900)='./file0/file0\x00', &(0x7f0000005a80)=[&(0x7f0000005940)='(\x00', &(0x7f0000005980)='ext4\x00', &(0x7f00000059c0)='-.g#]\'+:[{\'\x00', &(0x7f0000005a00)='\x00', 0x0], &(0x7f0000005b80)=[&(0x7f0000005ac0)='min_batch_time', 0x0], 0x1000) [ 125.902061] loop5: detected capacity change from 0 to 264192 [ 125.905452] EXT4-fs: quotafile must be on filesystem root [ 128.842303] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 128.843897] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 128.844798] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 128.846983] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 128.848808] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 128.849910] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 128.856071] Bluetooth: hci1: HCI_REQ-0x0c1a [ 129.054419] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 129.055910] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 129.057943] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 129.067659] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 129.070122] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 129.079422] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 129.084573] Bluetooth: hci2: HCI_REQ-0x0c1a [ 129.784176] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.784866] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.786709] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 129.833322] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.833933] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.835061] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 129.947303] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.947969] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.949393] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 129.997211] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.997797] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.999701] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 130.469253] audit: type=1400 audit(1667299961.734:7): avc: denied { open } for pid=3937 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 130.470781] audit: type=1400 audit(1667299961.734:8): avc: denied { kernel } for pid=3937 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 130.481319] audit: type=1400 audit(1667299961.747:9): avc: denied { read } for pid=3937 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 130.495021] hrtimer: interrupt took 19487 ns [ 130.718493] BUG: unable to handle page fault for address: ffffed100fffc000 [ 130.719041] #PF: supervisor write access in kernel mode [ 130.719408] #PF: error_code(0x0002) - not-present page [ 130.719773] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 130.720256] Oops: 0002 [#1] PREEMPT SMP KASAN NOPTI [ 130.724401] CPU: 1 PID: 3938 Comm: syz-executor.4 Not tainted 6.1.0-rc3-next-20221101 #1 [ 130.725735] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 130.727102] RIP: 0010:__memset+0x24/0x50 [ 130.727857] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 130.730949] RSP: 0018:ffff88803267fcc0 EFLAGS: 00010212 [ 130.731883] RAX: 0000000000000000 RBX: ffff88800bfc90c0 RCX: 1ffffe21fe5fed92 [ 130.733140] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 130.734387] RBP: ffff88800bfcd3c0 R08: 0000000000000005 R09: ffffed10017f9218 [ 130.735618] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bfcd3c0 [ 130.736839] R13: ffff88800bfc90c0 R14: ffffffff815f2620 R15: 1ffff1100112301f [ 130.737879] FS: 00007f3fd553c700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 130.739061] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 130.739927] CR2: ffffed100fffc000 CR3: 00000000310a0000 CR4: 0000000000350ee0 [ 130.740961] Call Trace: [ 130.741354] [ 130.741695] kasan_unpoison+0x23/0x60 [ 130.742279] mempool_exit+0x1c2/0x330 [ 130.742874] bioset_exit+0x2c9/0x630 [ 130.743461] disk_release+0x143/0x490 [ 130.744064] ? disk_release+0x0/0x490 [ 130.744662] ? device_release+0x0/0x250 [ 130.745261] device_release+0xa2/0x250 [ 130.745854] ? device_release+0x0/0x250 [ 130.746449] kobject_put+0x173/0x280 [ 130.747020] put_device+0x1b/0x40 [ 130.747552] put_disk+0x41/0x60 [ 130.748086] loop_control_ioctl+0x4d1/0x630 [ 130.748745] ? loop_control_ioctl+0x0/0x630 [ 130.749389] ? selinux_file_ioctl+0xb1/0x270 [ 130.750067] ? loop_control_ioctl+0x0/0x630 [ 130.750723] __x64_sys_ioctl+0x19a/0x220 [ 130.751346] do_syscall_64+0x3b/0xa0 [ 130.751936] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 130.752703] RIP: 0033:0x7f3fd7fc6b19 [ 130.753264] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 130.755885] RSP: 002b:00007f3fd553c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 130.756907] RAX: ffffffffffffffda RBX: 00007f3fd80d9f60 RCX: 00007f3fd7fc6b19 [ 130.757956] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000005 [ 130.759001] RBP: 00007f3fd8020f6d R08: 0000000000000000 R09: 0000000000000000 [ 130.760060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 130.761091] R13: 00007fff8b3260ff R14: 00007f3fd553c300 R15: 0000000000022000 [ 130.762138] [ 130.762496] Modules linked in: [ 130.762983] CR2: ffffed100fffc000 [ 130.763496] ---[ end trace 0000000000000000 ]--- [ 130.764189] RIP: 0010:__memset+0x24/0x50 [ 130.764819] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 130.767372] RSP: 0018:ffff88803267fcc0 EFLAGS: 00010212 [ 130.768091] RAX: 0000000000000000 RBX: ffff88800bfc90c0 RCX: 1ffffe21fe5fed92 [ 130.769058] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 130.770120] RBP: ffff88800bfcd3c0 R08: 0000000000000005 R09: ffffed10017f9218 [ 130.771167] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bfcd3c0 [ 130.772218] R13: ffff88800bfc90c0 R14: ffffffff815f2620 R15: 1ffff1100112301f [ 130.773259] FS: 00007f3fd553c700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 130.774437] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 130.775299] CR2: ffffed100fffc000 CR3: 00000000310a0000 CR4: 0000000000350ee0 [ 130.884169] Bluetooth: hci1: command 0x0409 tx timeout [ 131.012042] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 131.012571] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 131.140063] Bluetooth: hci2: command 0x0409 tx timeout [ 131.447402] BUG: unable to handle page fault for address: ffffed100fffc000 [ 131.448306] #PF: supervisor write access in kernel mode [ 131.448929] #PF: error_code(0x0002) - not-present page [ 131.449543] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 131.450354] Oops: 0002 [#2] PREEMPT SMP KASAN NOPTI [ 131.450954] CPU: 1 PID: 3975 Comm: syz-executor.4 Tainted: G D 6.1.0-rc3-next-20221101 #1 [ 131.452104] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 131.453076] RIP: 0010:__memset+0x24/0x50 [ 131.453602] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 131.455743] RSP: 0018:ffff88803b61fcc0 EFLAGS: 00010212 [ 131.456405] RAX: 0000000000000000 RBX: ffff88800bfc9240 RCX: 1ffffe21fe5fed98 [ 131.457286] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 131.458172] RBP: ffff88800bfcd3c0 R08: 0000000000000005 R09: ffffed10017f9248 [ 131.459062] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bfcd3c0 [ 131.459966] R13: ffff88800bfc9240 R14: ffffffff815f2620 R15: 1ffff1100119941f [ 131.460861] FS: 00007f3fd551b700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 131.461855] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 131.462582] CR2: ffffed100fffc000 CR3: 00000000310a0000 CR4: 0000000000350ee0 [ 131.463464] Call Trace: [ 131.463809] [ 131.464109] kasan_unpoison+0x23/0x60 [ 131.464605] mempool_exit+0x1c2/0x330 [ 131.465104] bioset_exit+0x2c9/0x630 [ 131.465589] ? _raw_spin_unlock+0x24/0x50 [ 131.466136] ? blkg_destroy_all.isra.0+0x157/0x230 [ 131.466779] disk_release+0x143/0x490 [ 131.467278] ? disk_release+0x0/0x490 [ 131.467780] ? device_release+0x0/0x250 [ 131.468295] device_release+0xa2/0x250 [ 131.468800] ? device_release+0x0/0x250 [ 131.469316] kobject_put+0x173/0x280 [ 131.469798] put_device+0x1b/0x40 [ 131.470248] put_disk+0x41/0x60 [ 131.470681] loop_control_ioctl+0x4d1/0x630 [ 131.471239] ? loop_control_ioctl+0x0/0x630 [ 131.471809] ? selinux_file_ioctl+0xb1/0x270 [ 131.472397] ? loop_control_ioctl+0x0/0x630 [ 131.472956] __x64_sys_ioctl+0x19a/0x220 [ 131.473491] do_syscall_64+0x3b/0xa0 [ 131.473980] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 131.474633] RIP: 0033:0x7f3fd7fc6b19 [ 131.475109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 131.477355] RSP: 002b:00007f3fd551b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 131.478297] RAX: ffffffffffffffda RBX: 00007f3fd80da020 RCX: 00007f3fd7fc6b19 [ 131.479179] RDX: 0000000000000001 RSI: 0000000000004c81 RDI: 0000000000000005 [ 131.480091] RBP: 00007f3fd8020f6d R08: 0000000000000000 R09: 0000000000000000 [ 131.480979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 131.481873] R13: 00007fff8b3260ff R14: 00007f3fd551b300 R15: 0000000000022000 [ 131.482784] [ 131.483094] Modules linked in: [ 131.483508] CR2: ffffed100fffc000 [ 131.483962] ---[ end trace 0000000000000000 ]--- [ 131.484554] RIP: 0010:__memset+0x24/0x50 [ 131.485100] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 131.487338] RSP: 0018:ffff88803267fcc0 EFLAGS: 00010212 [ 131.488016] RAX: 0000000000000000 RBX: ffff88800bfc90c0 RCX: 1ffffe21fe5fed92 [ 131.488872] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 131.489745] RBP: ffff88800bfcd3c0 R08: 0000000000000005 R09: ffffed10017f9218 [ 131.490610] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bfcd3c0 [ 131.491477] R13: ffff88800bfc90c0 R14: ffffffff815f2620 R15: 1ffff1100112301f [ 131.492347] FS: 00007f3fd551b700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 131.493317] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 131.494035] CR2: ffffed100fffc000 CR3: 00000000310a0000 CR4: 0000000000350ee0 [ 132.933054] Bluetooth: hci1: command 0x041b tx timeout [ 133.191971] Bluetooth: hci2: command 0x041b tx timeout [ 133.202668] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 133.203768] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 133.204462] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 133.206250] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 133.207175] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 133.207813] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 133.209670] Bluetooth: hci4: HCI_REQ-0x0c1a [ 133.272833] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 133.274159] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 133.274723] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 133.275578] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 133.276283] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 133.276842] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 133.278245] Bluetooth: hci6: HCI_REQ-0x0c1a [ 134.980068] Bluetooth: hci1: command 0x040f tx timeout [ 135.236092] Bluetooth: hci2: command 0x040f tx timeout [ 135.236512] Bluetooth: hci4: command 0x0409 tx timeout [ 135.300336] Bluetooth: hci6: command 0x0409 tx timeout [ 137.028055] Bluetooth: hci1: command 0x0419 tx timeout [ 137.284107] Bluetooth: hci4: command 0x041b tx timeout [ 137.284535] Bluetooth: hci2: command 0x0419 tx timeout [ 137.348394] Bluetooth: hci6: command 0x041b tx timeout [ 139.332201] Bluetooth: hci4: command 0x040f tx timeout [ 139.396349] Bluetooth: hci6: command 0x040f tx timeout VM DIAGNOSIS: 10:52:42 Registers: info registers vcpu 0 RAX=1ffff11000fec517 RBX=ffff888007f628b8 RCX=ffffffff811ea5f7 RDX=1ffff110016df640 RSI=0000000000000008 RDI=ffff888007f628b8 RBP=dffffc0000000000 RSP=ffff88800c76fda8 R8 =0000000000000000 R9 =ffff88800b6fb207 R10=ffffed10016df640 R11=0000000000000001 R12=ffff888007f628b9 R13=ffff88800f159ac0 R14=0000000000000004 R15=0000000000000092 RIP=ffffffff817f2340 RFL=00000086 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806d000000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe5d522ef000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe5d522ed000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055c51f7c0080 CR3=0000000036cb6000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff XMM02=00524f52524500400000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff824513fc RDI=ffffffff879a19e0 RBP=ffffffff879a19a0 RSP=ffff88803267f4f0 R8 =0000000000000004 R9 =0000000000000010 R10=0000000000000010 R11=0000000000000001 R12=0000000000002710 R13=0000000000000020 R14=fffffbfff0f3438c R15=dffffc0000000000 RIP=ffffffff82451451 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f3fd553c700 00000000 00000000 GS =0000 ffff88806d100000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe381b0b5000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe381b0b3000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=ffffed100fffc000 CR3=00000000310a0000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff XMM02=00524f52524500400000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000