Warning: Permanently added '[localhost]:19924' (ECDSA) to the list of known hosts. 2022/11/01 10:59:54 fuzzer started 2022/11/01 10:59:55 dialing manager at localhost:42881 syzkaller login: [ 35.571606] cgroup: Unknown subsys name 'net' [ 35.686520] cgroup: Unknown subsys name 'rlimit' 2022/11/01 11:00:10 syscalls: 2217 2022/11/01 11:00:10 code coverage: enabled 2022/11/01 11:00:10 comparison tracing: enabled 2022/11/01 11:00:10 extra coverage: enabled 2022/11/01 11:00:10 setuid sandbox: enabled 2022/11/01 11:00:10 namespace sandbox: enabled 2022/11/01 11:00:10 Android sandbox: enabled 2022/11/01 11:00:10 fault injection: enabled 2022/11/01 11:00:10 leak checking: enabled 2022/11/01 11:00:10 net packet injection: enabled 2022/11/01 11:00:10 net device setup: enabled 2022/11/01 11:00:10 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/11/01 11:00:10 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/11/01 11:00:10 USB emulation: enabled 2022/11/01 11:00:10 hci packet injection: enabled 2022/11/01 11:00:10 wifi device emulation: enabled 2022/11/01 11:00:10 802.15.4 emulation: enabled 2022/11/01 11:00:10 fetching corpus: 0, signal 0/2000 (executing program) 2022/11/01 11:00:10 fetching corpus: 49, signal 27708/30985 (executing program) 2022/11/01 11:00:10 fetching corpus: 99, signal 42073/46514 (executing program) 2022/11/01 11:00:10 fetching corpus: 149, signal 54033/59346 (executing program) 2022/11/01 11:00:11 fetching corpus: 199, signal 61590/67735 (executing program) 2022/11/01 11:00:11 fetching corpus: 249, signal 70320/77029 (executing program) 2022/11/01 11:00:11 fetching corpus: 298, signal 80683/87573 (executing program) 2022/11/01 11:00:11 fetching corpus: 348, signal 84875/92324 (executing program) 2022/11/01 11:00:11 fetching corpus: 398, signal 90062/97834 (executing program) 2022/11/01 11:00:12 fetching corpus: 448, signal 94356/102486 (executing program) 2022/11/01 11:00:12 fetching corpus: 498, signal 99000/107239 (executing program) 2022/11/01 11:00:12 fetching corpus: 548, signal 102741/111190 (executing program) 2022/11/01 11:00:12 fetching corpus: 598, signal 107185/115597 (executing program) 2022/11/01 11:00:12 fetching corpus: 648, signal 109432/118093 (executing program) 2022/11/01 11:00:12 fetching corpus: 698, signal 112117/120904 (executing program) 2022/11/01 11:00:13 fetching corpus: 748, signal 114596/123458 (executing program) 2022/11/01 11:00:13 fetching corpus: 798, signal 116506/125490 (executing program) 2022/11/01 11:00:13 fetching corpus: 848, signal 117872/127097 (executing program) 2022/11/01 11:00:13 fetching corpus: 898, signal 120532/129633 (executing program) 2022/11/01 11:00:13 fetching corpus: 948, signal 123508/132329 (executing program) 2022/11/01 11:00:13 fetching corpus: 998, signal 126175/134735 (executing program) 2022/11/01 11:00:14 fetching corpus: 1048, signal 128104/136526 (executing program) 2022/11/01 11:00:14 fetching corpus: 1098, signal 129408/137829 (executing program) 2022/11/01 11:00:14 fetching corpus: 1148, signal 131799/139857 (executing program) 2022/11/01 11:00:14 fetching corpus: 1198, signal 133908/141635 (executing program) 2022/11/01 11:00:14 fetching corpus: 1248, signal 135181/142792 (executing program) 2022/11/01 11:00:14 fetching corpus: 1298, signal 137335/144483 (executing program) 2022/11/01 11:00:15 fetching corpus: 1348, signal 139031/145816 (executing program) 2022/11/01 11:00:15 fetching corpus: 1398, signal 140576/147027 (executing program) 2022/11/01 11:00:15 fetching corpus: 1448, signal 142356/148390 (executing program) 2022/11/01 11:00:15 fetching corpus: 1498, signal 143693/149358 (executing program) 2022/11/01 11:00:15 fetching corpus: 1548, signal 145237/150445 (executing program) 2022/11/01 11:00:15 fetching corpus: 1598, signal 146547/151373 (executing program) 2022/11/01 11:00:16 fetching corpus: 1648, signal 148065/152389 (executing program) 2022/11/01 11:00:16 fetching corpus: 1698, signal 150280/153776 (executing program) 2022/11/01 11:00:16 fetching corpus: 1748, signal 152128/154882 (executing program) 2022/11/01 11:00:16 fetching corpus: 1798, signal 153151/155481 (executing program) 2022/11/01 11:00:16 fetching corpus: 1839, signal 154358/156195 (executing program) 2022/11/01 11:00:16 fetching corpus: 1839, signal 154358/156263 (executing program) 2022/11/01 11:00:16 fetching corpus: 1839, signal 154358/156327 (executing program) 2022/11/01 11:00:16 fetching corpus: 1839, signal 154358/156379 (executing program) 2022/11/01 11:00:16 fetching corpus: 1839, signal 154358/156429 (executing program) 2022/11/01 11:00:16 fetching corpus: 1839, signal 154358/156495 (executing program) 2022/11/01 11:00:16 fetching corpus: 1839, signal 154358/156549 (executing program) 2022/11/01 11:00:16 fetching corpus: 1839, signal 154358/156601 (executing program) 2022/11/01 11:00:16 fetching corpus: 1840, signal 154372/156658 (executing program) 2022/11/01 11:00:16 fetching corpus: 1840, signal 154372/156731 (executing program) 2022/11/01 11:00:16 fetching corpus: 1840, signal 154372/156782 (executing program) 2022/11/01 11:00:16 fetching corpus: 1841, signal 154473/156911 (executing program) 2022/11/01 11:00:16 fetching corpus: 1841, signal 154473/156961 (executing program) 2022/11/01 11:00:16 fetching corpus: 1841, signal 154473/157021 (executing program) 2022/11/01 11:00:16 fetching corpus: 1841, signal 154473/157081 (executing program) 2022/11/01 11:00:16 fetching corpus: 1842, signal 154479/157148 (executing program) 2022/11/01 11:00:16 fetching corpus: 1842, signal 154479/157220 (executing program) 2022/11/01 11:00:16 fetching corpus: 1843, signal 154483/157278 (executing program) 2022/11/01 11:00:16 fetching corpus: 1843, signal 154483/157341 (executing program) 2022/11/01 11:00:16 fetching corpus: 1843, signal 154483/157401 (executing program) 2022/11/01 11:00:16 fetching corpus: 1843, signal 154483/157466 (executing program) 2022/11/01 11:00:16 fetching corpus: 1843, signal 154483/157527 (executing program) 2022/11/01 11:00:16 fetching corpus: 1843, signal 154483/157576 (executing program) 2022/11/01 11:00:16 fetching corpus: 1843, signal 154483/157620 (executing program) 2022/11/01 11:00:16 fetching corpus: 1843, signal 154483/157678 (executing program) 2022/11/01 11:00:16 fetching corpus: 1843, signal 154483/157736 (executing program) 2022/11/01 11:00:16 fetching corpus: 1843, signal 154483/157791 (executing program) 2022/11/01 11:00:16 fetching corpus: 1843, signal 154483/157833 (executing program) 2022/11/01 11:00:16 fetching corpus: 1843, signal 154483/157875 (executing program) 2022/11/01 11:00:16 fetching corpus: 1843, signal 154483/157933 (executing program) 2022/11/01 11:00:16 fetching corpus: 1843, signal 154483/157974 (executing program) 2022/11/01 11:00:16 fetching corpus: 1843, signal 154483/158037 (executing program) 2022/11/01 11:00:17 fetching corpus: 1843, signal 154483/158108 (executing program) 2022/11/01 11:00:17 fetching corpus: 1843, signal 154483/158167 (executing program) 2022/11/01 11:00:17 fetching corpus: 1843, signal 154483/158219 (executing program) 2022/11/01 11:00:17 fetching corpus: 1843, signal 154483/158272 (executing program) 2022/11/01 11:00:17 fetching corpus: 1843, signal 154483/158322 (executing program) 2022/11/01 11:00:17 fetching corpus: 1843, signal 154483/158379 (executing program) 2022/11/01 11:00:17 fetching corpus: 1844, signal 154548/158437 (executing program) 2022/11/01 11:00:17 fetching corpus: 1844, signal 154548/158484 (executing program) 2022/11/01 11:00:17 fetching corpus: 1844, signal 154548/158538 (executing program) 2022/11/01 11:00:17 fetching corpus: 1844, signal 154548/158588 (executing program) 2022/11/01 11:00:17 fetching corpus: 1844, signal 154548/158600 (executing program) 2022/11/01 11:00:17 fetching corpus: 1844, signal 154548/158600 (executing program) 2022/11/01 11:00:19 starting 8 fuzzer processes 11:00:19 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x4, &(0x7f0000000540)={0x0, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108) 11:00:19 executing program 1: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$lock(r0, 0x6, &(0x7f00000002c0)) r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$lock(r1, 0x6, &(0x7f00000002c0)) 11:00:19 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$BTRFS_IOC_LOGICAL_INO(r0, 0xc0389424, &(0x7f0000000380)={0xd9c8, 0x8, '\x00', 0x1, &(0x7f0000000280)=[0x0]}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) pwritev(r1, &(0x7f0000000140)=[{&(0x7f0000000000)='%', 0x1}], 0x1, 0x0, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000002, 0x12, r1, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/locks\x00', 0x0, 0x0) fcntl$setlease(r3, 0x400, 0x0) read$hiddev(r3, &(0x7f00000002c0)=""/174, 0xae) fchmod(r3, 0x289) syz_io_uring_setup(0x46ac, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r4, &(0x7f00000000c0)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5f4c, &(0x7f00000001c0)={0x0, 0x7cd1, 0x8, 0x0, 0x2b4}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000040), &(0x7f0000000240)) 11:00:19 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_int(r0, 0x6, 0xa, 0x0, &(0x7f0000000040)) 11:00:19 executing program 3: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) 11:00:19 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) ioctl$LOOP_SET_FD(r0, 0x4c06, 0xffffffffffffffff) 11:00:19 executing program 6: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r0, &(0x7f0000000080)={0x24, @short}, 0x14) [ 59.442558] audit: type=1400 audit(1667300419.264:6): avc: denied { execmem } for pid=283 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:00:19 executing program 7: perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_config_ext, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000000580)={0x0, 0x0, {0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup/syz0\x00', 0x1ff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz1\x00', 0x1ff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz0\x00', 0x1ff) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f0000000480)=ANY=[@ANYBLOB="26909bff000000000700000000a857000000000000f200b9ca65a481d37a3f000000bafecaddf88c11e2fa8af08e9bc8bf1f7a78dd01b67ba20000000000000000000040e6aaf842b51f0572c7a30000000000000000010000000017339d754195234c002c9b6b5855f01810d6342740fec30fb235cc5b8ce24b9a731d623fb060d5ab0d8810d4eec8a4170f2d92c3d61b4c17ec21f8d5b0282087e70b307331f8caf43ff71688010dddddb8bcb89d1ba2cf16367777416160921b5b730456d0c0fd9f5cc6e0a72e6c4e6e74f3f5491dfda800"/230], 0x48) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000300)='net/vlan/vlan0\x00') mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz1\x00', 0x1ff) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$IP_VS_SO_SET_ZERO(r1, 0x0, 0x48f, &(0x7f0000000340)={0x2c, @private=0xa010102, 0x5e23, 0x4, 'wlc\x00', 0x17, 0x1, 0x5a}, 0x2c) getsockopt$inet_udp_int(r1, 0x11, 0x66, &(0x7f0000000140), &(0x7f0000000180)=0x4) ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r1, 0x8040942d, &(0x7f0000000280)) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup/syz0\x00', 0x200002, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x490000, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN(0xffffffffffffffff, 0x4040942c, &(0x7f0000000240)={0x0, 0x8, [0x1, 0xebb, 0x7fffffff, 0x6, 0x0, 0x3]}) ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, &(0x7f00000000c0)={0xcd, 0x101, 0x8f, 0x6186, 0x8}) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) [ 60.743365] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 60.744750] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 60.745921] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 60.747505] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 60.748436] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 60.749329] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 60.752772] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 60.753650] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 60.754932] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 60.785101] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 60.788185] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 60.788522] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 60.792506] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 60.794176] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 60.794367] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 60.796773] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 60.796940] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 60.798838] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 60.800027] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 60.800623] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 60.801117] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 60.802964] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 60.803347] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 60.804936] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 60.805918] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 60.806555] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 60.808076] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 60.810100] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 60.812041] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 60.813993] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 60.814050] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 60.816601] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 60.821869] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 60.822881] Bluetooth: hci3: HCI_REQ-0x0c1a [ 60.826733] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 60.827774] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 60.828932] Bluetooth: hci2: HCI_REQ-0x0c1a [ 60.830504] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 60.831722] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 60.833509] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 60.834739] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 60.835761] Bluetooth: hci0: HCI_REQ-0x0c1a [ 60.840982] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 60.842450] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 60.844461] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 60.849736] Bluetooth: hci7: HCI_REQ-0x0c1a [ 60.850480] Bluetooth: hci6: HCI_REQ-0x0c1a [ 60.851918] Bluetooth: hci5: HCI_REQ-0x0c1a [ 60.866178] Bluetooth: hci4: HCI_REQ-0x0c1a [ 60.889184] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 60.891011] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 60.899987] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 60.905289] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 60.907932] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 60.909791] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 60.914327] Bluetooth: hci1: HCI_REQ-0x0c1a [ 62.869108] Bluetooth: hci2: command 0x0409 tx timeout [ 62.869125] Bluetooth: hci7: command 0x0409 tx timeout [ 62.869924] Bluetooth: hci6: command 0x0409 tx timeout [ 62.870716] Bluetooth: hci0: command 0x0409 tx timeout [ 62.871221] Bluetooth: hci3: command 0x0409 tx timeout [ 62.933190] Bluetooth: hci1: command 0x0409 tx timeout [ 62.933240] Bluetooth: hci5: command 0x0409 tx timeout [ 62.933821] Bluetooth: hci4: command 0x0409 tx timeout [ 64.916743] Bluetooth: hci3: command 0x041b tx timeout [ 64.917870] Bluetooth: hci0: command 0x041b tx timeout [ 64.918047] Bluetooth: hci6: command 0x041b tx timeout [ 64.918279] Bluetooth: hci7: command 0x041b tx timeout [ 64.918767] Bluetooth: hci2: command 0x041b tx timeout [ 64.980728] Bluetooth: hci5: command 0x041b tx timeout [ 64.981229] Bluetooth: hci4: command 0x041b tx timeout [ 64.981699] Bluetooth: hci1: command 0x041b tx timeout [ 66.964737] Bluetooth: hci7: command 0x040f tx timeout [ 66.965169] Bluetooth: hci6: command 0x040f tx timeout [ 66.965529] Bluetooth: hci0: command 0x040f tx timeout [ 66.965936] Bluetooth: hci3: command 0x040f tx timeout [ 66.966375] Bluetooth: hci2: command 0x040f tx timeout [ 67.029779] Bluetooth: hci1: command 0x040f tx timeout [ 67.030207] Bluetooth: hci4: command 0x040f tx timeout [ 67.030606] Bluetooth: hci5: command 0x040f tx timeout [ 69.013803] Bluetooth: hci2: command 0x0419 tx timeout [ 69.014226] Bluetooth: hci3: command 0x0419 tx timeout [ 69.014591] Bluetooth: hci0: command 0x0419 tx timeout [ 69.014983] Bluetooth: hci6: command 0x0419 tx timeout [ 69.015332] Bluetooth: hci7: command 0x0419 tx timeout [ 69.077766] Bluetooth: hci5: command 0x0419 tx timeout [ 69.078143] Bluetooth: hci4: command 0x0419 tx timeout [ 69.078497] Bluetooth: hci1: command 0x0419 tx timeout [ 118.232257] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.233047] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.234741] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 118.412323] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.413054] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.414464] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 118.810194] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.811162] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.812767] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 119.017338] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.018342] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.019744] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 119.034190] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.034877] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.036229] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 11:01:19 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) ioctl$LOOP_SET_FD(r0, 0x4c06, 0xffffffffffffffff) 11:01:19 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) ioctl$LOOP_SET_FD(r0, 0x4c06, 0xffffffffffffffff) [ 119.414925] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.416183] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.417848] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 11:01:19 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) ioctl$LOOP_SET_FD(r0, 0x4c06, 0xffffffffffffffff) 11:01:19 executing program 5: ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000100)) mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) read(r0, &(0x7f00000003c0)=""/4096, 0x1000) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x5}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, &(0x7f0000000000)=0x35, 0x1000, 0x1) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) [ 119.708288] audit: type=1400 audit(1667300479.529:7): avc: denied { open } for pid=3868 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 119.709846] audit: type=1400 audit(1667300479.529:8): avc: denied { kernel } for pid=3868 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 119.728075] audit: type=1400 audit(1667300479.550:9): avc: denied { read } for pid=3868 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 119.789357] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.790132] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.792150] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 119.819663] hrtimer: interrupt took 18014 ns [ 120.120916] BUG: unable to handle page fault for address: ffffed100fffc000 [ 120.121459] #PF: supervisor write access in kernel mode [ 120.121841] #PF: error_code(0x0002) - not-present page [ 120.122207] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 120.122709] Oops: 0002 [#1] PREEMPT SMP KASAN NOPTI [ 120.126668] CPU: 1 PID: 3869 Comm: syz-executor.5 Not tainted 6.1.0-rc3-next-20221101 #1 [ 120.127236] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 120.127787] RIP: 0010:__memset+0x24/0x50 [ 120.128085] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 120.129276] RSP: 0018:ffff88803d5d7cc0 EFLAGS: 00010212 [ 120.129622] RAX: 0000000000000000 RBX: ffff88800bfbd0c0 RCX: 1ffffe21fe5feed2 [ 120.130110] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 120.130596] RBP: ffff88800bfde3c0 R08: 0000000000000005 R09: ffffed10017f7a18 [ 120.131111] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bfde3c0 [ 120.131641] R13: ffff88800bfbd0c0 R14: ffffffff815f2620 R15: 1ffff1100112361f [ 120.132166] FS: 00007f79c0c54700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 120.132691] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.133074] CR2: ffffed100fffc000 CR3: 0000000016890000 CR4: 0000000000350ee0 [ 120.133542] Call Trace: [ 120.133722] [ 120.133876] kasan_unpoison+0x23/0x60 [ 120.134139] mempool_exit+0x1c2/0x330 [ 120.134407] bioset_exit+0x2c9/0x630 [ 120.134671] disk_release+0x143/0x490 [ 120.134935] ? disk_release+0x0/0x490 [ 120.135198] ? device_release+0x0/0x250 [ 120.135471] device_release+0xa2/0x250 [ 120.135745] ? device_release+0x0/0x250 [ 120.136019] kobject_put+0x173/0x280 [ 120.136300] put_device+0x1b/0x40 [ 120.136563] put_disk+0x41/0x60 [ 120.136818] loop_control_ioctl+0x4d1/0x630 [ 120.137135] ? loop_control_ioctl+0x0/0x630 [ 120.137451] ? selinux_file_ioctl+0xb1/0x270 [ 120.137781] ? loop_control_ioctl+0x0/0x630 [ 120.138097] __x64_sys_ioctl+0x19a/0x220 [ 120.138403] do_syscall_64+0x3b/0xa0 [ 120.138692] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 120.139082] RIP: 0033:0x7f79c36deb19 [ 120.139365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 120.140680] RSP: 002b:00007f79c0c54188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 120.141186] RAX: ffffffffffffffda RBX: 00007f79c37f1f60 RCX: 00007f79c36deb19 [ 120.141649] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000005 [ 120.142114] RBP: 00007f79c3738f6d R08: 0000000000000000 R09: 0000000000000000 [ 120.142630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 120.143137] R13: 00007ffc682e072f R14: 00007f79c0c54300 R15: 0000000000022000 [ 120.143650] [ 120.143831] Modules linked in: [ 120.144082] CR2: ffffed100fffc000 [ 120.144324] ---[ end trace 0000000000000000 ]--- [ 120.144655] RIP: 0010:__memset+0x24/0x50 [ 120.144958] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 120.146219] RSP: 0018:ffff88803d5d7cc0 EFLAGS: 00010212 [ 120.146594] RAX: 0000000000000000 RBX: ffff88800bfbd0c0 RCX: 1ffffe21fe5feed2 [ 120.147087] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 120.147563] RBP: ffff88800bfde3c0 R08: 0000000000000005 R09: ffffed10017f7a18 [ 120.148028] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bfde3c0 [ 120.148487] R13: ffff88800bfbd0c0 R14: ffffffff815f2620 R15: 1ffff1100112361f [ 120.148958] FS: 00007f79c0c54700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 120.149475] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.149861] CR2: ffffed100fffc000 CR3: 0000000016890000 CR4: 0000000000350ee0 [ 120.561250] BUG: unable to handle page fault for address: ffffed100fffc000 [ 120.561751] #PF: supervisor write access in kernel mode [ 120.562089] #PF: error_code(0x0002) - not-present page [ 120.562421] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 120.562856] Oops: 0002 [#2] PREEMPT SMP KASAN NOPTI [ 120.563178] CPU: 1 PID: 3886 Comm: syz-executor.5 Tainted: G D 6.1.0-rc3-next-20221101 #1 [ 120.563799] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 120.564324] RIP: 0010:__memset+0x24/0x50 [ 120.564606] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 120.565778] RSP: 0018:ffff88803a46fcc0 EFLAGS: 00010212 [ 120.566126] RAX: 0000000000000000 RBX: ffff88800bfbd240 RCX: 1ffffe21fe5feed8 [ 120.566593] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 120.567061] RBP: ffff88800bfde3c0 R08: 0000000000000005 R09: ffffed10017f7a48 [ 120.567546] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bfde3c0 [ 120.568015] R13: ffff88800bfbd240 R14: ffffffff815f2620 R15: 1ffff1100112321f [ 120.568467] FS: 00007f79c0c12700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 120.568980] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.569349] CR2: ffffed100fffc000 CR3: 0000000016890000 CR4: 0000000000350ee0 [ 120.569803] Call Trace: [ 120.569975] [ 120.570128] kasan_unpoison+0x23/0x60 [ 120.570381] mempool_exit+0x1c2/0x330 [ 120.570639] bioset_exit+0x2c9/0x630 [ 120.570891] disk_release+0x143/0x490 [ 120.571145] ? disk_release+0x0/0x490 [ 120.571399] ? device_release+0x0/0x250 [ 120.571669] device_release+0xa2/0x250 [ 120.571928] ? device_release+0x0/0x250 [ 120.572190] kobject_put+0x173/0x280 [ 120.572439] put_device+0x1b/0x40 [ 120.572677] put_disk+0x41/0x60 [ 120.572907] loop_control_ioctl+0x4d1/0x630 [ 120.573206] ? loop_control_ioctl+0x0/0x630 [ 120.573496] ? selinux_file_ioctl+0xb1/0x270 [ 120.573810] ? loop_control_ioctl+0x0/0x630 [ 120.574109] __x64_sys_ioctl+0x19a/0x220 [ 120.574399] do_syscall_64+0x3b/0xa0 [ 120.574657] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 120.575004] RIP: 0033:0x7f79c36deb19 [ 120.575261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 120.576454] RSP: 002b:00007f79c0c12188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 120.576956] RAX: ffffffffffffffda RBX: 00007f79c37f20e0 RCX: 00007f79c36deb19 [ 120.577428] RDX: 0000000000000001 RSI: 0000000000004c81 RDI: 0000000000000005 [ 120.577902] RBP: 00007f79c3738f6d R08: 0000000000000000 R09: 0000000000000000 [ 120.578374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 120.578847] R13: 00007ffc682e072f R14: 00007f79c0c12300 R15: 0000000000022000 [ 120.579328] [ 120.579491] Modules linked in: [ 120.579716] CR2: ffffed100fffc000 [ 120.579954] ---[ end trace 0000000000000000 ]--- [ 120.580276] RIP: 0010:__memset+0x24/0x50 [ 120.580567] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 120.581749] RSP: 0018:ffff88803d5d7cc0 EFLAGS: 00010212 [ 120.582111] RAX: 0000000000000000 RBX: ffff88800bfbd0c0 RCX: 1ffffe21fe5feed2 [ 120.582589] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 120.583054] RBP: ffff88800bfde3c0 R08: 0000000000000005 R09: ffffed10017f7a18 [ 120.583537] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bfde3c0 [ 120.584011] R13: ffff88800bfbd0c0 R14: ffffffff815f2620 R15: 1ffff1100112361f [ 120.584497] FS: 00007f79c0c12700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 [ 120.585045] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.585434] CR2: ffffed100fffc000 CR3: 0000000016890000 CR4: 0000000000350ee0 11:01:20 executing program 5: ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000100)) mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) read(r0, &(0x7f00000003c0)=""/4096, 0x1000) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x5}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, &(0x7f0000000000)=0x35, 0x1000, 0x1) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) [ 120.790585] BUG: unable to handle page fault for address: ffffed100fffc000 [ 120.791083] #PF: supervisor write access in kernel mode [ 120.791410] #PF: error_code(0x0002) - not-present page [ 120.791736] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 120.792151] Oops: 0002 [#3] PREEMPT SMP KASAN NOPTI [ 120.792462] CPU: 0 PID: 3890 Comm: syz-executor.5 Tainted: G D 6.1.0-rc3-next-20221101 #1 [ 120.793029] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 120.793522] RIP: 0010:__memset+0x24/0x50 [ 120.793799] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 120.795010] RSP: 0018:ffff8880184efcc0 EFLAGS: 00010212 [ 120.795428] RAX: 0000000000000000 RBX: ffff88800bfbd3c0 RCX: 1ffffe21fe5feede [ 120.795971] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 120.796401] RBP: ffff88800bfde3c0 R08: 0000000000000005 R09: ffffed10017f7a78 [ 120.796825] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bfde3c0 [ 120.797250] R13: ffff88800bfbd3c0 R14: ffffffff815f2620 R15: 1ffff110010e5c1f [ 120.797679] FS: 00007f79c0c54700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 120.798215] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.798628] CR2: ffffed100fffc000 CR3: 000000003c870000 CR4: 0000000000350ef0 [ 120.799053] Call Trace: [ 120.799218] [ 120.799363] kasan_unpoison+0x23/0x60 [ 120.799618] mempool_exit+0x1c2/0x330 [ 120.799871] bioset_exit+0x2c9/0x630 [ 120.800116] disk_release+0x143/0x490 [ 120.800367] ? disk_release+0x0/0x490 [ 120.800618] ? device_release+0x0/0x250 [ 120.800878] device_release+0xa2/0x250 [ 120.801134] ? device_release+0x0/0x250 [ 120.801395] kobject_put+0x173/0x280 [ 120.801648] put_device+0x1b/0x40 [ 120.801878] put_disk+0x41/0x60 [ 120.802100] loop_control_ioctl+0x4d1/0x630 [ 120.802419] ? loop_control_ioctl+0x0/0x630 [ 120.802755] ? selinux_file_ioctl+0xb1/0x270 [ 120.803108] ? loop_control_ioctl+0x0/0x630 [ 120.803391] __x64_sys_ioctl+0x19a/0x220 [ 120.803662] do_syscall_64+0x3b/0xa0 [ 120.803907] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 120.804233] RIP: 0033:0x7f79c36deb19 [ 120.804501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 120.805585] RSP: 002b:00007f79c0c54188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 120.806052] RAX: ffffffffffffffda RBX: 00007f79c37f1f60 RCX: 00007f79c36deb19 [ 120.806482] RDX: 0000000000000002 RSI: 0000000000004c81 RDI: 0000000000000005 [ 120.806914] RBP: 00007f79c3738f6d R08: 0000000000000000 R09: 0000000000000000 [ 120.807346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 120.807786] R13: 00007ffc682e072f R14: 00007f79c0c54300 R15: 0000000000022000 [ 120.808226] [ 120.808374] Modules linked in: [ 120.808579] CR2: ffffed100fffc000 [ 120.808795] ---[ end trace 0000000000000000 ]--- [ 120.809079] RIP: 0010:__memset+0x24/0x50 [ 120.809344] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 120.810418] RSP: 0018:ffff88803d5d7cc0 EFLAGS: 00010212 [ 120.810743] RAX: 0000000000000000 RBX: ffff88800bfbd0c0 RCX: 1ffffe21fe5feed2 [ 120.811171] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 120.811612] RBP: ffff88800bfde3c0 R08: 0000000000000005 R09: ffffed10017f7a18 [ 120.812040] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bfde3c0 [ 120.812470] R13: ffff88800bfbd0c0 R14: ffffffff815f2620 R15: 1ffff1100112361f [ 120.812896] FS: 00007f79c0c54700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 120.813377] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.813730] CR2: ffffed100fffc000 CR3: 000000003c870000 CR4: 0000000000350ef0 11:01:21 executing program 5: ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000100)) mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) read(r0, &(0x7f00000003c0)=""/4096, 0x1000) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x5}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, &(0x7f0000000000)=0x35, 0x1000, 0x1) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) 11:01:21 executing program 5: ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000100)) mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) read(r0, &(0x7f00000003c0)=""/4096, 0x1000) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x5}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, &(0x7f0000000000)=0x35, 0x1000, 0x1) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) [ 121.936525] BUG: unable to handle page fault for address: ffffed100fffc000 [ 121.937062] #PF: supervisor write access in kernel mode [ 121.937436] #PF: error_code(0x0002) - not-present page [ 121.937787] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 121.938224] Oops: 0002 [#4] PREEMPT SMP KASAN NOPTI [ 121.938551] CPU: 0 PID: 3913 Comm: syz-executor.5 Tainted: G D 6.1.0-rc3-next-20221101 #1 [ 121.939151] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 121.939688] RIP: 0010:__memset+0x24/0x50 [ 121.939975] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 121.941111] RSP: 0018:ffff888031bffcc0 EFLAGS: 00010212 [ 121.941455] RAX: 0000000000000000 RBX: ffff88800bfbd540 RCX: 1ffffe21fe5feee4 [ 121.941961] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 121.942458] RBP: ffff88800bfde3c0 R08: 0000000000000005 R09: ffffed10017f7aa8 [ 121.942961] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bfde3c0 [ 121.943456] R13: ffff88800bfbd540 R14: ffffffff815f2620 R15: 1ffff1100119901f [ 121.943957] FS: 00007f79c0c54700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 121.944525] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.944932] CR2: ffffed100fffc000 CR3: 000000001521c000 CR4: 0000000000350ef0 [ 121.945426] Call Trace: [ 121.945620] [ 121.945785] kasan_unpoison+0x23/0x60 [ 121.946062] mempool_exit+0x1c2/0x330 [ 121.946347] bioset_exit+0x2c9/0x630 [ 121.946633] disk_release+0x143/0x490 [ 121.946913] ? disk_release+0x0/0x490 [ 121.947193] ? device_release+0x0/0x250 [ 121.947497] device_release+0xa2/0x250 [ 121.947806] ? device_release+0x0/0x250 [ 121.948114] kobject_put+0x173/0x280 [ 121.948407] put_device+0x1b/0x40 [ 121.948685] put_disk+0x41/0x60 [ 121.948953] loop_control_ioctl+0x4d1/0x630 [ 121.949291] ? loop_control_ioctl+0x0/0x630 [ 121.949636] ? selinux_file_ioctl+0xb1/0x270 [ 121.949981] ? loop_control_ioctl+0x0/0x630 [ 121.950324] __x64_sys_ioctl+0x19a/0x220 [ 121.950663] do_syscall_64+0x3b/0xa0 [ 121.950965] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 121.951366] RIP: 0033:0x7f79c36deb19 [ 121.951676] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 121.953021] RSP: 002b:00007f79c0c54188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 121.953592] RAX: ffffffffffffffda RBX: 00007f79c37f1f60 RCX: 00007f79c36deb19 [ 121.954130] RDX: 0000000000000003 RSI: 0000000000004c81 RDI: 0000000000000005 [ 121.954665] RBP: 00007f79c3738f6d R08: 0000000000000000 R09: 0000000000000000 [ 121.955207] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 121.955746] R13: 00007ffc682e072f R14: 00007f79c0c54300 R15: 0000000000022000 [ 121.956294] [ 121.956474] Modules linked in: [ 121.956719] CR2: ffffed100fffc000 [ 121.956980] ---[ end trace 0000000000000000 ]--- [ 121.957330] RIP: 0010:__memset+0x24/0x50 [ 121.957657] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 121.958986] RSP: 0018:ffff88803d5d7cc0 EFLAGS: 00010212 [ 121.959386] RAX: 0000000000000000 RBX: ffff88800bfbd0c0 RCX: 1ffffe21fe5feed2 [ 121.959927] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 121.960466] RBP: ffff88800bfde3c0 R08: 0000000000000005 R09: ffffed10017f7a18 [ 121.960997] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bfde3c0 [ 121.961534] R13: ffff88800bfbd0c0 R14: ffffffff815f2620 R15: 1ffff1100112361f [ 121.962071] FS: 00007f79c0c54700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 121.962677] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.963122] CR2: ffffed100fffc000 CR3: 000000001521c000 CR4: 0000000000350ef0 11:01:22 executing program 5: ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000100)) mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) read(r0, &(0x7f00000003c0)=""/4096, 0x1000) shmat(0x0, &(0x7f0000ff6000/0x1000)=nil, 0x0) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) shmat(0xffffffffffffffff, &(0x7f0000ff2000/0xe000)=nil, 0x5000) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x5}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/69) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, &(0x7f0000000000)=0x35, 0x1000, 0x1) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) [ 123.759316] BUG: unable to handle page fault for address: ffffed100fffc000 [ 123.760231] #PF: supervisor write access in kernel mode [ 123.760886] #PF: error_code(0x0002) - not-present page [ 123.761516] PGD 7ffd3067 P4D 7ffd3067 PUD 7ffd2067 PMD 7ffd1067 PTE 0 [ 123.762309] Oops: 0002 [#5] PREEMPT SMP KASAN NOPTI [ 123.762898] CPU: 0 PID: 3918 Comm: syz-executor.5 Tainted: G D 6.1.0-rc3-next-20221101 #1 [ 123.764010] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 123.764973] RIP: 0010:__memset+0x24/0x50 [ 123.765493] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 123.767607] RSP: 0018:ffff888037d97cc0 EFLAGS: 00010212 [ 123.768233] RAX: 0000000000000000 RBX: ffff88800bfbd6c0 RCX: 1ffffe21fe5feeea [ 123.769072] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 123.769925] RBP: ffff88800bfde3c0 R08: 0000000000000005 R09: ffffed10017f7ad8 [ 123.770783] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bfde3c0 [ 123.771648] R13: ffff88800bfbd6c0 R14: ffffffff815f2620 R15: 1ffff110011ad41f [ 123.772506] FS: 00007f79c0c54700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 123.773464] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.774170] CR2: ffffed100fffc000 CR3: 000000001d10a000 CR4: 0000000000350ef0 [ 123.775022] Call Trace: [ 123.775338] [ 123.775618] kasan_unpoison+0x23/0x60 [ 123.776083] mempool_exit+0x1c2/0x330 [ 123.776552] bioset_exit+0x2c9/0x630 [ 123.777015] ? _raw_spin_unlock+0x24/0x50 [ 123.777528] ? blkg_destroy_all.isra.0+0x157/0x230 [ 123.778143] disk_release+0x143/0x490 [ 123.778605] ? disk_release+0x0/0x490 [ 123.779067] ? device_release+0x0/0x250 [ 123.779557] device_release+0xa2/0x250 [ 123.780046] ? device_release+0x0/0x250 [ 123.780541] kobject_put+0x173/0x280 [ 123.781016] put_device+0x1b/0x40 [ 123.781450] put_disk+0x41/0x60 [ 123.781873] loop_control_ioctl+0x4d1/0x630 [ 123.782423] ? loop_control_ioctl+0x0/0x630 [ 123.782960] ? selinux_file_ioctl+0xb1/0x270 [ 123.783524] ? loop_control_ioctl+0x0/0x630 [ 123.784073] __x64_sys_ioctl+0x19a/0x220 [ 123.784575] do_syscall_64+0x3b/0xa0 [ 123.785060] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 123.785687] RIP: 0033:0x7f79c36deb19 [ 123.786146] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 123.788244] RSP: 002b:00007f79c0c54188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 123.789138] RAX: ffffffffffffffda RBX: 00007f79c37f1f60 RCX: 00007f79c36deb19 [ 123.789980] RDX: 0000000000000004 RSI: 0000000000004c81 RDI: 0000000000000005 [ 123.790815] RBP: 00007f79c3738f6d R08: 0000000000000000 R09: 0000000000000000 [ 123.791667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 123.792498] R13: 00007ffc682e072f R14: 00007f79c0c54300 R15: 0000000000022000 [ 123.793342] [ 123.793625] Modules linked in: [ 123.794012] CR2: ffffed100fffc000 [ 123.794427] ---[ end trace 0000000000000000 ]--- [ 123.794978] RIP: 0010:__memset+0x24/0x50 [ 123.795489] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 48 ab 89 d1 f3 aa 4c 89 c8 e9 0d d4 12 00 66 66 2e 0f 1f 84 00 [ 123.797590] RSP: 0018:ffff88803d5d7cc0 EFLAGS: 00010212 [ 123.798217] RAX: 0000000000000000 RBX: ffff88800bfbd0c0 RCX: 1ffffe21fe5feed2 [ 123.799043] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed100fffc000 [ 123.799894] RBP: ffff88800bfde3c0 R08: 0000000000000005 R09: ffffed10017f7a18 [ 123.800761] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800bfde3c0 [ 123.801628] R13: ffff88800bfbd0c0 R14: ffffffff815f2620 R15: 1ffff1100112361f [ 123.802482] FS: 00007f79c0c54700(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 [ 123.803436] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.804129] CR2: ffffed100fffc000 CR3: 000000001d10a000 CR4: 0000000000350ef0 [ 124.564733] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 124.565780] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 124.693684] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 124.756760] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 124.756810] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 124.757705] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 124.820703] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 126.769824] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 126.771366] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 126.774089] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 126.775965] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 126.777495] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 126.778847] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 126.782027] Bluetooth: hci0: HCI_REQ-0x0c1a [ 127.021942] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 127.023249] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 127.024391] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 127.027344] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 127.028714] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 127.029871] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 127.039024] Bluetooth: hci7: HCI_REQ-0x0c1a [ 128.788718] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 128.789711] Bluetooth: hci0: command 0x0409 tx timeout [ 128.917674] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 128.980705] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 128.980762] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 129.044711] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 129.045704] Bluetooth: hci7: command 0x0409 tx timeout VM DIAGNOSIS: 11:01:20 Registers: info registers vcpu 0 RAX=0000000000000007 RBX=ffff88800f140000 RCX=ffffffff811ea5bc RDX=0000000000000000 RSI=0000000000200000 RDI=0000000000000000 RBP=0000000000200000 RSP=ffff88800f14fd88 R8 =0000000000000000 R9 =ffff88800866f807 R10=ffffed10010cdf00 R11=0000000000000001 R12=ffff88807bb6bff9 R13=ffff88800f140000 R14=0000000000000000 R15=0000000000000092 RIP=ffffffff814825f4 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806d000000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe5b6c898000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe5b6c896000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f6cf74db6f0 CR3=0000000016890000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000ff0000 XMM01=6a6e695f31313230385f7a7973006273 XMM02=00000000000000000000000000000000 XMM03=00007f79c37c57c800007f79c37c57c0 XMM04=ffffffffffffffffffffffff00000000 XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000050 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff82451491 RDI=ffffffff879a19e0 RBP=ffffffff879a19a0 RSP=ffff88803d5d7548 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000050 R11=0000000000000001 R12=0000000000000050 R13=ffffffff879a19a0 R14=0000000000000010 R15=ffffffff82451480 RIP=ffffffff824514e9 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f79c0c54700 00000000 00000000 GS =0000 ffff88806d100000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe4449269000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe4449267000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=ffffed100fffc000 CR3=0000000016890000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000