Warning: Permanently added '[localhost]:51668' (ED25519) to the list of known hosts. syzkaller login: [ 86.510519][ T9] cfg80211: failed to load regulatory.db [ 86.687148][ T5095] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 86.690664][ T5095] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.694887][ T5095] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.698043][ T5095] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.700756][ T5095] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 86.703394][ T5095] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.831069][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.833862][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.862892][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.867338][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 executing program [ 87.308321][ T5099] loop0: detected capacity change from 0 to 32768 [ 87.366014][ T5099] JBD2: Ignoring recovery information on journal [ 87.408255][ T5099] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode. [ 87.425741][ T5102] syz-executor420[5102]: segfault at ffffffffffffffe0 ip 00007f3c3fb37661 sp ffffffffffffffe0 error 5 in syz-executor4205633652[4b661,7f3c3faf5000+8f000] likely on CPU 0 (core 0, socket 0) executing program [ 87.452692][ T5102] Code: c4 28 c3 e8 71 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 87.496068][ T5102] [ 87.497061][ T5102] ====================================================== [ 87.499530][ T5102] WARNING: possible circular locking dependency detected [ 87.501574][ T5102] 6.11.0-rc3-syzkaller-00066-g1fb918967b56 #0 Not tainted [ 87.504845][ T5102] ------------------------------------------------------ [ 87.507339][ T5102] syz-executor420/5102 is trying to acquire lock: [ 87.509590][ T5102] ffff88803bafbf60 (&oi->ip_alloc_sem){+.+.}-{3:3}, at: ocfs2_try_remove_refcount_tree+0xb6/0x330 [ 87.513474][ T5102] [ 87.513474][ T5102] but task is already holding lock: [ 87.516045][ T5102] ffff88803bafbff8 (&oi->ip_xattr_sem){++++}-{3:3}, at: ocfs2_try_remove_refcount_tree+0xa5/0x330 [ 87.519791][ T5102] [ 87.519791][ T5102] which lock already depends on the new lock. [ 87.519791][ T5102] [ 87.523344][ T5102] [ 87.523344][ T5102] the existing dependency chain (in reverse order) is: [ 87.526683][ T5102] [ 87.526683][ T5102] -> #4 (&oi->ip_xattr_sem){++++}-{3:3}: [ 87.529485][ T5102] lock_acquire+0x1ed/0x550 [ 87.531388][ T5102] down_read+0xb1/0xa40 [ 87.533246][ T5102] ocfs2_init_acl+0x397/0x930 [ 87.535230][ T5102] ocfs2_mknod+0x1c05/0x2b40 [ 87.537258][ T5102] ocfs2_create+0x1ab/0x480 [ 87.539159][ T5102] path_openat+0x1a9a/0x3470 [ 87.541088][ T5102] do_filp_open+0x235/0x490 [ 87.543037][ T5102] filp_open+0x261/0x2d0 [ 87.544893][ T5102] do_coredump+0x2259/0x2a30 [ 87.546911][ T5102] get_signal+0x13fa/0x1740 [ 87.548768][ T5102] arch_do_signal_or_restart+0x96/0x860 [ 87.550876][ T5102] irqentry_exit_to_user_mode+0x79/0x280 [ 87.553043][ T5102] exc_page_fault+0x590/0x8c0 [ 87.554858][ T5102] asm_exc_page_fault+0x26/0x30 [ 87.556786][ T5102] [ 87.556786][ T5102] -> #3 (jbd2_handle){.+.+}-{0:0}: [ 87.559346][ T5102] lock_acquire+0x1ed/0x550 [ 87.561112][ T5102] start_this_handle+0x1eb4/0x2110 [ 87.563081][ T5102] jbd2__journal_start+0x2da/0x5d0 [ 87.565254][ T5102] jbd2_journal_start+0x29/0x40 [ 87.567336][ T5102] ocfs2_start_trans+0x3c9/0x700 [ 87.569423][ T5102] ocfs2_mknod+0x150c/0x2b40 [ 87.571398][ T5102] ocfs2_create+0x1ab/0x480 [ 87.573335][ T5102] path_openat+0x1a9a/0x3470 [ 87.575324][ T5102] do_filp_open+0x235/0x490 [ 87.577252][ T5102] filp_open+0x261/0x2d0 [ 87.578798][ T5102] do_coredump+0x2259/0x2a30 [ 87.580483][ T5102] get_signal+0x13fa/0x1740 [ 87.582138][ T5102] arch_do_signal_or_restart+0x96/0x860 [ 87.584191][ T5102] irqentry_exit_to_user_mode+0x79/0x280 [ 87.586252][ T5102] exc_page_fault+0x590/0x8c0 [ 87.588035][ T5102] asm_exc_page_fault+0x26/0x30 [ 87.589903][ T5102] [ 87.589903][ T5102] -> #2 (&journal->j_trans_barrier){.+.+}-{3:3}: [ 87.592963][ T5102] lock_acquire+0x1ed/0x550 [ 87.594928][ T5102] down_read+0xb1/0xa40 [ 87.596787][ T5102] ocfs2_start_trans+0x3be/0x700 [ 87.598913][ T5102] ocfs2_mknod+0x150c/0x2b40 [ 87.600935][ T5102] ocfs2_create+0x1ab/0x480 [ 87.602900][ T5102] path_openat+0x1a9a/0x3470 [ 87.604860][ T5102] do_filp_open+0x235/0x490 [ 87.606764][ T5102] filp_open+0x261/0x2d0 [ 87.608601][ T5102] do_coredump+0x2259/0x2a30 [ 87.610564][ T5102] get_signal+0x13fa/0x1740 [ 87.612588][ T5102] arch_do_signal_or_restart+0x96/0x860 [ 87.614975][ T5102] irqentry_exit_to_user_mode+0x79/0x280 [ 87.617411][ T5102] exc_page_fault+0x590/0x8c0 [ 87.619498][ T5102] asm_exc_page_fault+0x26/0x30 [ 87.621629][ T5102] [ 87.621629][ T5102] -> #1 (sb_internal#2){.+.+}-{0:0}: [ 87.624458][ T5102] lock_acquire+0x1ed/0x550 [ 87.626414][ T5102] ocfs2_start_trans+0x2b9/0x700 [ 87.628580][ T5102] ocfs2_truncate_file+0x68c/0x1560 [ 87.630790][ T5102] ocfs2_setattr+0x1217/0x1f50 [ 87.632885][ T5102] notify_change+0xb9d/0xe70 [ 87.634881][ T5102] do_truncate+0x220/0x310 [ 87.636842][ T5102] do_coredump+0x2702/0x2a30 [ 87.638727][ T5102] get_signal+0x13fa/0x1740 [ 87.640567][ T5102] arch_do_signal_or_restart+0x96/0x860 [ 87.642758][ T5102] irqentry_exit_to_user_mode+0x79/0x280 [ 87.644788][ T5102] exc_page_fault+0x590/0x8c0 [ 87.646479][ T5102] asm_exc_page_fault+0x26/0x30 [ 87.648241][ T5102] [ 87.648241][ T5102] -> #0 (&oi->ip_alloc_sem){+.+.}-{3:3}: [ 87.650837][ T5102] validate_chain+0x18e0/0x5900 [ 87.652770][ T5102] __lock_acquire+0x137a/0x2040 [ 87.654653][ T5102] lock_acquire+0x1ed/0x550 [ 87.656438][ T5102] down_write+0x99/0x220 [ 87.658117][ T5102] ocfs2_try_remove_refcount_tree+0xb6/0x330 [ 87.660658][ T5102] ocfs2_truncate_file+0xe08/0x1560 [ 87.662874][ T5102] ocfs2_setattr+0x1217/0x1f50 [ 87.664943][ T5102] notify_change+0xb9d/0xe70 [ 87.666925][ T5102] do_truncate+0x220/0x310 [ 87.668784][ T5102] do_coredump+0x2702/0x2a30 [ 87.670712][ T5102] get_signal+0x13fa/0x1740 [ 87.672648][ T5102] arch_do_signal_or_restart+0x96/0x860 [ 87.674877][ T5102] irqentry_exit_to_user_mode+0x79/0x280 [ 87.677248][ T5102] exc_page_fault+0x590/0x8c0 [ 87.679274][ T5102] asm_exc_page_fault+0x26/0x30 [ 87.681373][ T5102] [ 87.681373][ T5102] other info that might help us debug this: [ 87.681373][ T5102] [ 87.685279][ T5102] Chain exists of: [ 87.685279][ T5102] &oi->ip_alloc_sem --> jbd2_handle --> &oi->ip_xattr_sem [ 87.685279][ T5102] [ 87.690181][ T5102] Possible unsafe locking scenario: [ 87.690181][ T5102] [ 87.693057][ T5102] CPU0 CPU1 [ 87.695078][ T5102] ---- ---- [ 87.697177][ T5102] lock(&oi->ip_xattr_sem); [ 87.698978][ T5102] lock(jbd2_handle); [ 87.701398][ T5102] lock(&oi->ip_xattr_sem); [ 87.704134][ T5102] lock(&oi->ip_alloc_sem); [ 87.705936][ T5102] [ 87.705936][ T5102] *** DEADLOCK *** [ 87.705936][ T5102] [ 87.709029][ T5102] 2 locks held by syz-executor420/5102: [ 87.711123][ T5102] #0: ffff88803bafc2c0 (&sb->s_type->i_mutex_key#17){+.+.}-{3:3}, at: do_truncate+0x20c/0x310 [ 87.715022][ T5102] #1: ffff88803bafbff8 (&oi->ip_xattr_sem){++++}-{3:3}, at: ocfs2_try_remove_refcount_tree+0xa5/0x330 [ 87.719205][ T5102] [ 87.719205][ T5102] stack backtrace: [ 87.721491][ T5102] CPU: 0 UID: 0 PID: 5102 Comm: syz-executor420 Not tainted 6.11.0-rc3-syzkaller-00066-g1fb918967b56 #0 [ 87.725732][ T5102] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 87.729833][ T5102] Call Trace: [ 87.731149][ T5102] [ 87.732324][ T5102] dump_stack_lvl+0x241/0x360 [ 87.734160][ T5102] ? __pfx_dump_stack_lvl+0x10/0x10 [ 87.736215][ T5102] ? print_circular_bug+0x130/0x1a0 [ 87.738219][ T5102] check_noncircular+0x36a/0x4a0 [ 87.740162][ T5102] ? __pfx_check_noncircular+0x10/0x10 [ 87.742245][ T5102] ? lockdep_lock+0x123/0x2b0 [ 87.744093][ T5102] validate_chain+0x18e0/0x5900 [ 87.745996][ T5102] ? __pfx_validate_chain+0x10/0x10 [ 87.748013][ T5102] ? stack_trace_save+0x118/0x1d0 [ 87.749999][ T5102] ? __pfx_stack_trace_save+0x10/0x10 [ 87.752089][ T5102] ? lockdep_unlock+0x16a/0x300 [ 87.753987][ T5102] ? mark_lock+0x9a/0x350 [ 87.755688][ T5102] __lock_acquire+0x137a/0x2040 [ 87.757574][ T5102] lock_acquire+0x1ed/0x550 [ 87.759358][ T5102] ? ocfs2_try_remove_refcount_tree+0xb6/0x330 [ 87.761791][ T5102] ? __pfx_lock_acquire+0x10/0x10 [ 87.763749][ T5102] ? __pfx___might_resched+0x10/0x10 [ 87.765797][ T5102] ? ocfs2_truncate_file+0xd32/0x1560 [ 87.767880][ T5102] ? __pfx_lock_release+0x10/0x10 [ 87.769841][ T5102] down_write+0x99/0x220 [ 87.771511][ T5102] ? ocfs2_try_remove_refcount_tree+0xb6/0x330 [ 87.773879][ T5102] ? __pfx_down_write+0x10/0x10 [ 87.775843][ T5102] ocfs2_try_remove_refcount_tree+0xb6/0x330 [ 87.778164][ T5102] ? __pfx_ocfs2_try_remove_refcount_tree+0x10/0x10 [ 87.780711][ T5102] ocfs2_truncate_file+0xe08/0x1560 [ 87.782729][ T5102] ? ocfs2_inode_lock_tracker+0x45a/0x760 [ 87.784950][ T5102] ? __pfx_ocfs2_truncate_file+0x10/0x10 [ 87.787115][ T5102] ? do_raw_spin_unlock+0x58/0x8b0 [ 87.789121][ T5102] ? __asan_memset+0x23/0x50 [ 87.790922][ T5102] ? _raw_spin_unlock+0x28/0x50 [ 87.792825][ T5102] ? ocfs2_inode_lock_tracker+0x45a/0x760 [ 87.795054][ T5102] ? __pfx_ocfs2_inode_lock_tracker+0x10/0x10 [ 87.797431][ T5102] ? ocfs2_rw_lock+0x13e/0x260 [ 87.799323][ T5102] ? __pfx_ocfs2_rw_lock+0x10/0x10 [ 87.801368][ T5102] ? setattr_prepare+0x1f5/0xb20 [ 87.803318][ T5102] ? inode_newsize_ok+0x11a/0x1c0 [ 87.805273][ T5102] ocfs2_setattr+0x1217/0x1f50 [ 87.807143][ T5102] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 87.809482][ T5102] ? __pfx_ocfs2_setattr+0x10/0x10 [ 87.811503][ T5102] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 87.813924][ T5102] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 87.816248][ T5102] ? current_time+0x1be/0x2b0 [ 87.817945][ T5102] ? evm_inode_setattr+0x1b2/0x7d0 [ 87.819788][ T5102] ? security_inode_setattr+0xd7/0x120 [ 87.821695][ T5102] ? __pfx_ocfs2_setattr+0x10/0x10 [ 87.823509][ T5102] notify_change+0xb9d/0xe70 [ 87.825143][ T5102] do_truncate+0x220/0x310 [ 87.826888][ T5102] ? __pfx_do_truncate+0x10/0x10 [ 87.828858][ T5102] ? getname_kernel+0x140/0x2f0 [ 87.830793][ T5102] do_coredump+0x2702/0x2a30 [ 87.832670][ T5102] ? __pfx_do_coredump+0x10/0x10 [ 87.834644][ T5102] ? _raw_spin_unlock_irq+0x23/0x50 [ 87.836688][ T5102] ? lockdep_hardirqs_on+0x99/0x150 [ 87.838773][ T5102] get_signal+0x13fa/0x1740 [ 87.840481][ T5102] ? __pfx_get_signal+0x10/0x10 [ 87.842365][ T5102] ? __pfx_force_sig_fault+0x10/0x10 [ 87.844369][ T5102] arch_do_signal_or_restart+0x96/0x860 [ 87.846459][ T5102] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 87.848863][ T5102] ? irqentry_exit_to_user_mode+0x53/0x280 [ 87.851056][ T5102] irqentry_exit_to_user_mode+0x79/0x280 [ 87.853260][ T5102] exc_page_fault+0x590/0x8c0 [ 87.855101][ T5102] asm_exc_page_fault+0x26/0x30 [ 87.857020][ T5102] RIP: 0033:0x7f3c3fb37661 [ 87.858797][ T5102] Code: c4 28 c3 e8 71 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 87.866167][ T5102] RSP: 002b:ffffffffffffffe0 EFLAGS: 00010217 [ 87.868515][ T5102] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f3c3fb37659 [ 87.871543][ T5102] RDX: 0000000000000000 RSI: ffffffffffffffe0 RDI: 0000000004008011 [ 87.874632][ T5102] RBP: 65756e69746e6f63 R08: 0000000000000000 R09: 00007fffb103d2e0 [ 87.877782][ T5102] R10: 0000000000000000 R11: 0000000000000246 R12: 633d73726f727265 [ 87.880848][ T5102] R13: 00005555686b1370 R14: 000000000000000c R15: 00007f3c3fb8401d [ 87.883903][ T5102] [ 88.264638][ T5104] syz-executor420[5104]: segfault at ffffffffffffffe0 ip 00007f3c3fb37661 sp ffffffffffffffe0 error 5 in syz-executor4205633652[4b661,7f3c3faf5000+8f000] likely on CPU 0 (core 0, socket 0) [ 88.271818][ T5104] Code: c4 28 c3 e8 71 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f executing program [ 88.674736][ T5102] OCFS2: ERROR (device loop0): int ocfs2_claim_suballoc_bits(struct ocfs2_alloc_context *, handle_t *, u32, u32, struct ocfs2_suballoc_result *): Chain allocator dinode 23 has 4294967295 used bits but only 16777215 total [ 88.684995][ T5106] syz-executor420[5106]: segfault at ffffffffffffffe0 ip 00007f3c3fb37661 sp ffffffffffffffe0 error 5 in syz-executor4205633652[4b661,7f3c3faf5000+8f000] likely on CPU 0 (core 0, socket 0) executing program [ 88.704468][ T5102] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 88.708347][ T5102] OCFS2: Returning error to the calling process. [ 88.710812][ T5102] (syz-executor420,5102,0):ocfs2_claim_suballoc_bits:2038 ERROR: status = -5 [ 88.724817][ T5106] Code: c4 28 c3 e8 71 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 88.742963][ T5095] Bluetooth: hci0: command tx timeout [ 88.745304][ T5102] (syz-executor420,5102,0):__ocfs2_claim_clusters:2412 ERROR: status = -5 [ 88.748558][ T5102] (syz-executor420,5102,0):__ocfs2_claim_clusters:2420 ERROR: status = -5 [ 88.751541][ T5102] (syz-executor420,5102,0):ocfs2_local_alloc_new_window:1197 ERROR: status = -5 [ 88.786767][ T5102] (syz-executor420,5102,0):ocfs2_local_alloc_new_window:1222 ERROR: status = -5 [ 88.790316][ T5102] (syz-executor420,5102,0):ocfs2_local_alloc_slide_window:1296 ERROR: status = -5 [ 88.793937][ T5102] (syz-executor420,5102,0):ocfs2_local_alloc_slide_window:1315 ERROR: status = -5 [ 88.824510][ T5102] (syz-executor420,5102,0):ocfs2_reserve_local_alloc_bits:672 ERROR: status = -5 [ 88.828072][ T5102] (syz-executor420,5102,0):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -5 [ 88.845571][ T5102] (syz-executor420,5102,0):ocfs2_reserve_clusters_with_limit:1170 ERROR: status = -5 [ 88.849295][ T5102] (syz-executor420,5102,0):ocfs2_reserve_clusters_with_limit:1219 ERROR: status = -5 [ 88.873345][ T5102] (syz-executor420,5102,0):ocfs2_convert_inline_data_to_extents:7080 ERROR: status = -5 [ 88.883471][ T5102] (syz-executor420,5102,0):ocfs2_try_to_write_inline_data:1564 ERROR: status = -5 [ 88.893609][ T5102] (syz-executor420,5102,0):ocfs2_write_begin_nolock:1676 ERROR: status = -5 [ 88.903755][ T5102] (syz-executor420,5102,0):ocfs2_write_begin:1906 ERROR: status = -5 [ 88.915418][ T5102] syz-executor420 (5102) used greatest stack depth: 17712 bytes left [ 89.148577][ T5108] syz-executor420[5108]: segfault at ffffffffffffffe0 ip 00007f3c3fb37661 sp ffffffffffffffe0 error 5 in syz-executor4205633652[4b661,7f3c3faf5000+8f000] likely on CPU 0 (core 0, socket 0) executing program [ 89.178181][ T5108] Code: c4 28 c3 e8 71 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 89.496713][ T5110] syz-executor420[5110]: segfault at ffffffffffffffe0 ip 00007f3c3fb37661 sp ffffffffffffffe0 error 5 in syz-executor4205633652[4b661,7f3c3faf5000+8f000] likely on CPU 0 (core 0, socket 0) executing program [ 89.525513][ T5110] Code: c4 28 c3 e8 71 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 89.842054][ T5112] syz-executor420[5112]: segfault at ffffffffffffffe0 ip 00007f3c3fb37661 sp ffffffffffffffe0 error 5 in syz-executor4205633652[4b661,7f3c3faf5000+8f000] likely on CPU 0 (core 0, socket 0) executing program [ 89.869509][ T5112] Code: c4 28 c3 e8 71 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 90.186861][ T5114] syz-executor420[5114]: segfault at ffffffffffffffe0 ip 00007f3c3fb37661 sp ffffffffffffffe0 error 5 in syz-executor4205633652[4b661,7f3c3faf5000+8f000] likely on CPU 0 (core 0, socket 0) [ 90.194035][ T5114] Code: c4 28 c3 e8 71 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f executing program [ 90.537921][ T5116] syz-executor420[5116]: segfault at ffffffffffffffe0 ip 00007f3c3fb37661 sp ffffffffffffffe0 error 5 in syz-executor4205633652[4b661,7f3c3faf5000+8f000] likely on CPU 0 (core 0, socket 0) executing program [ 90.564407][ T5116] Code: c4 28 c3 e8 71 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 90.814721][ T5095] Bluetooth: hci0: command tx timeout [ 90.875565][ T5118] syz-executor420[5118]: segfault at ffffffffffffffe0 ip 00007f3c3fb37661 sp ffffffffffffffe0 error 5 in syz-executor4205633652[4b661,7f3c3faf5000+8f000] likely on CPU 0 (core 0, socket 0) executing program [ 90.903870][ T5118] Code: c4 28 c3 e8 71 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 91.226439][ T5120] syz-executor420[5120]: segfault at ffffffffffffffe0 ip 00007f3c3fb37661 sp ffffffffffffffe0 error 5 in syz-executor4205633652[4b661,7f3c3faf5000+8f000] likely on CPU 0 (core 0, socket 0) executing program [ 91.253753][ T5120] Code: c4 28 c3 e8 71 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f executing program executing program executing program [ 92.488028][ T5128] show_signal_msg: 3 callbacks suppressed [ 92.488041][ T5128] syz-executor420[5128]: segfault at ffffffffffffffe0 ip 00007f3c3fb37661 sp ffffffffffffffe0 error 5 in syz-executor4205633652[4b661,7f3c3faf5000+8f000] likely on CPU 0 (core 0, socket 0) executing program [ 92.514525][ T5128] Code: c4 28 c3 e8 71 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 92.786933][ T5130] syz-executor420[5130]: segfault at ffffffffffffffe0 ip 00007f3c3fb37661 sp ffffffffffffffe0 error 5 in syz-executor4205633652[4b661,7f3c3faf5000+8f000] likely on CPU 0 (core 0, socket 0) [ 92.793458][ T5130] Code: c4 28 c3 e8 71 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f executing program [ 92.894602][ T5095] Bluetooth: hci0: command tx timeout [ 93.147409][ T5133] syz-executor420[5133]: segfault at ffffffffffffffe0 ip 00007f3c3fb37661 sp ffffffffffffffe0 error 5 in syz-executor4205633652[4b661,7f3c3faf5000+8f000] likely on CPU 0 (core 0, socket 0) executing program [ 93.175004][ T5133] Code: c4 28 c3 e8 71 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 93.486777][ T5135] syz-executor420[5135]: segfault at ffffffffffffffe0 ip 00007f3c3fb37661 sp ffffffffffffffe0 error 5 in syz-executor4205633652[4b661,7f3c3faf5000+8f000] likely on CPU 0 (core 0, socket 0) [ 93.493538][ T5135] Code: c4 28 c3 e8 71 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f executing program [ 93.823858][ T5137] syz-executor420[5137]: segfault at ffffffffffffffe0 ip 00007f3c3fb37661 sp ffffffffffffffe0 error 5 in syz-executor4205633652[4b661,7f3c3faf5000+8f000] likely on CPU 0 (core 0, socket 0) executing program [ 93.854357][ T5137] Code: c4 28 c3 e8 71 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 94.166806][ T5139] syz-executor420[5139]: segfault at ffffffffffffffe0 ip 00007f3c3fb37661 sp ffffffffffffffe0 error 5 in syz-executor4205633652[4b661,7f3c3faf5000+8f000] likely on CPU 0 (core 0, socket 0) executing program [ 94.194369][ T5139] Code: c4 28 c3 e8 71 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 94.562287][ T5141] syz-executor420[5141]: segfault at ffffffffffffffe0 ip 00007f3c3fb37661 sp ffffffffffffffe0 error 5 in syz-executor4205633652[4b661,7f3c3faf5000+8f000] likely on CPU 0 (core 0, socket 0) executing program [ 94.592401][ T5141] Code: c4 28 c3 e8 71 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 94.966515][ T5143] syz-executor420[5143]: segfault at ffffffffffffffe0 ip 00007f3c3fb37661 sp ffffffffffffffe0 error 5 in syz-executor4205633652[4b661,7f3c3faf5000+8f000] likely on CPU 0 (core 0, socket 0) [ 94.975433][ T5095] Bluetooth: hci0: command tx timeout executing program [ 94.999507][ T5143] Code: c4 28 c3 e8 71 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 95.366592][ T5145] syz-executor420[5145]: segfault at ffffffffffffffe0 ip 00007f3c3fb37661 sp ffffffffffffffe0 error 5 in syz-executor4205633652[4b661,7f3c3faf5000+8f000] likely on CPU 0 (core 0, socket 0) executing program [ 95.394719][ T5145] Code: c4 28 c3 e8 71 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f executing program [ 95.755330][ T5147] syz-executor420[5147]: segfault at ffffffffffffffe0 ip 00007f3c3fb37661 sp ffffffffffffffe0 error 5 in syz-executor4205633652[4b661,7f3c3faf5000+8f000] likely on CPU 0 (core 0, socket 0) [ 95.774901][ T5147] Code: c4 28 c3 e8 71 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f executing program executing program executing program executing program executing program VM DIAGNOSIS: 17:17:37 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000074 RBX=ffffffff95254f80 RCX=0000000000000000 RDX=00000000000003f8 RSI=0000000000000000 RDI=0000000000000020 RBP=0000000000000000 RSP=ffffc9000b0d62f0 R8 =ffffffff853efc2b R9 =1ffff11003783046 R10=dffffc0000000000 R11=ffffffff853efbe0 R12=dffffc0000000000 R13=0000000000000074 R14=0000000000000074 R15=00000000000003f8 RIP=ffffffff853efc5e RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00005555686b13c0 ffffffff 00c00000 GS =0000 ffff888020800000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f3c37433000 CR3=0000000037ca2000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000440401 Opmask01=0000000000000001 Opmask02=00000000fff7ffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fffb103d240 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000800000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000c00000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000001000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000800000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fffb103d2f8 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 00007f3c3fb64a65 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 65723d73726f7272 6500747865003036 36396f7369007265 6c6c616b7a797300 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 40571856574a5757 4000515d40001513 131c4a564c005740 4949444e5f5c5600 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000