Warning: Permanently added '[localhost]:3062' (ECDSA) to the list of known hosts. 2023/02/24 11:04:49 fuzzer started 2023/02/24 11:04:50 dialing manager at localhost:41417 syzkaller login: [ 45.256513] cgroup: Unknown subsys name 'net' [ 45.348946] cgroup: Unknown subsys name 'rlimit' 2023/02/24 11:05:06 syscalls: 2217 2023/02/24 11:05:06 code coverage: enabled 2023/02/24 11:05:06 comparison tracing: enabled 2023/02/24 11:05:06 extra coverage: enabled 2023/02/24 11:05:06 setuid sandbox: enabled 2023/02/24 11:05:06 namespace sandbox: enabled 2023/02/24 11:05:06 Android sandbox: enabled 2023/02/24 11:05:06 fault injection: enabled 2023/02/24 11:05:06 leak checking: enabled 2023/02/24 11:05:06 net packet injection: enabled 2023/02/24 11:05:06 net device setup: enabled 2023/02/24 11:05:06 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2023/02/24 11:05:06 devlink PCI setup: PCI device 0000:00:10.0 is not available 2023/02/24 11:05:06 USB emulation: enabled 2023/02/24 11:05:06 hci packet injection: enabled 2023/02/24 11:05:06 wifi device emulation: enabled 2023/02/24 11:05:06 802.15.4 emulation: enabled 2023/02/24 11:05:06 fetching corpus: 0, signal 0/2000 (executing program) 2023/02/24 11:05:06 fetching corpus: 32, signal 22898/26398 (executing program) 2023/02/24 11:05:06 fetching corpus: 65, signal 32456/37409 (executing program) 2023/02/24 11:05:06 fetching corpus: 106, signal 40376/46653 (executing program) 2023/02/24 11:05:06 fetching corpus: 156, signal 53116/60357 (executing program) 2023/02/24 11:05:06 fetching corpus: 206, signal 61303/69462 (executing program) 2023/02/24 11:05:06 fetching corpus: 256, signal 70742/79604 (executing program) 2023/02/24 11:05:06 fetching corpus: 306, signal 77234/86811 (executing program) 2023/02/24 11:05:06 fetching corpus: 356, signal 81486/91856 (executing program) 2023/02/24 11:05:07 fetching corpus: 406, signal 90430/101010 (executing program) 2023/02/24 11:05:07 fetching corpus: 456, signal 93428/104760 (executing program) 2023/02/24 11:05:07 fetching corpus: 506, signal 96408/108393 (executing program) 2023/02/24 11:05:07 fetching corpus: 556, signal 100613/113022 (executing program) 2023/02/24 11:05:07 fetching corpus: 606, signal 104172/117104 (executing program) 2023/02/24 11:05:07 fetching corpus: 655, signal 107328/120707 (executing program) 2023/02/24 11:05:07 fetching corpus: 705, signal 110228/124020 (executing program) 2023/02/24 11:05:08 fetching corpus: 755, signal 114441/128399 (executing program) 2023/02/24 11:05:08 fetching corpus: 804, signal 116508/130884 (executing program) 2023/02/24 11:05:08 fetching corpus: 854, signal 118383/133210 (executing program) 2023/02/24 11:05:08 fetching corpus: 904, signal 120567/135687 (executing program) 2023/02/24 11:05:08 fetching corpus: 953, signal 123276/138596 (executing program) 2023/02/24 11:05:08 fetching corpus: 1003, signal 126344/141707 (executing program) 2023/02/24 11:05:08 fetching corpus: 1053, signal 128056/143645 (executing program) 2023/02/24 11:05:08 fetching corpus: 1103, signal 130508/146227 (executing program) 2023/02/24 11:05:09 fetching corpus: 1153, signal 131678/147756 (executing program) 2023/02/24 11:05:09 fetching corpus: 1203, signal 134172/150186 (executing program) 2023/02/24 11:05:09 fetching corpus: 1253, signal 137741/153411 (executing program) 2023/02/24 11:05:09 fetching corpus: 1303, signal 139607/155326 (executing program) 2023/02/24 11:05:09 fetching corpus: 1353, signal 141197/157030 (executing program) 2023/02/24 11:05:09 fetching corpus: 1403, signal 142627/158616 (executing program) 2023/02/24 11:05:09 fetching corpus: 1450, signal 144131/160148 (executing program) 2023/02/24 11:05:09 fetching corpus: 1500, signal 145467/161550 (executing program) 2023/02/24 11:05:10 fetching corpus: 1550, signal 147761/163552 (executing program) 2023/02/24 11:05:10 fetching corpus: 1598, signal 149357/165051 (executing program) 2023/02/24 11:05:10 fetching corpus: 1648, signal 151452/166815 (executing program) 2023/02/24 11:05:10 fetching corpus: 1698, signal 153354/168506 (executing program) 2023/02/24 11:05:10 fetching corpus: 1748, signal 154696/169777 (executing program) 2023/02/24 11:05:10 fetching corpus: 1797, signal 155689/170775 (executing program) 2023/02/24 11:05:10 fetching corpus: 1846, signal 157293/172104 (executing program) 2023/02/24 11:05:11 fetching corpus: 1896, signal 158686/173348 (executing program) 2023/02/24 11:05:11 fetching corpus: 1946, signal 160290/174637 (executing program) 2023/02/24 11:05:11 fetching corpus: 1994, signal 161132/175437 (executing program) 2023/02/24 11:05:11 fetching corpus: 2043, signal 162373/176430 (executing program) 2023/02/24 11:05:11 fetching corpus: 2093, signal 163216/177191 (executing program) 2023/02/24 11:05:11 fetching corpus: 2142, signal 164990/178459 (executing program) 2023/02/24 11:05:11 fetching corpus: 2191, signal 165865/179251 (executing program) 2023/02/24 11:05:11 fetching corpus: 2241, signal 167074/180176 (executing program) 2023/02/24 11:05:12 fetching corpus: 2291, signal 168643/181245 (executing program) 2023/02/24 11:05:12 fetching corpus: 2338, signal 169331/181871 (executing program) 2023/02/24 11:05:12 fetching corpus: 2388, signal 170713/182778 (executing program) 2023/02/24 11:05:12 fetching corpus: 2437, signal 171507/183397 (executing program) 2023/02/24 11:05:12 fetching corpus: 2487, signal 172598/184124 (executing program) 2023/02/24 11:05:12 fetching corpus: 2537, signal 173878/184935 (executing program) 2023/02/24 11:05:13 fetching corpus: 2587, signal 175040/185716 (executing program) 2023/02/24 11:05:13 fetching corpus: 2636, signal 176070/186393 (executing program) 2023/02/24 11:05:13 fetching corpus: 2686, signal 177375/187120 (executing program) 2023/02/24 11:05:13 fetching corpus: 2736, signal 178750/187841 (executing program) 2023/02/24 11:05:13 fetching corpus: 2786, signal 179728/188391 (executing program) 2023/02/24 11:05:13 fetching corpus: 2836, signal 180646/188883 (executing program) 2023/02/24 11:05:13 fetching corpus: 2885, signal 181588/189412 (executing program) 2023/02/24 11:05:15 fetching corpus: 2934, signal 182178/189747 (executing program) 2023/02/24 11:05:15 fetching corpus: 2979, signal 183404/190402 (executing program) 2023/02/24 11:05:15 fetching corpus: 3028, signal 184388/190864 (executing program) 2023/02/24 11:05:15 fetching corpus: 3078, signal 184960/191168 (executing program) 2023/02/24 11:05:15 fetching corpus: 3128, signal 185920/191587 (executing program) 2023/02/24 11:05:15 fetching corpus: 3178, signal 187291/192111 (executing program) 2023/02/24 11:05:15 fetching corpus: 3228, signal 188412/192532 (executing program) 2023/02/24 11:05:16 fetching corpus: 3278, signal 189311/192851 (executing program) 2023/02/24 11:05:16 fetching corpus: 3328, signal 190133/193163 (executing program) 2023/02/24 11:05:16 fetching corpus: 3346, signal 190338/193274 (executing program) 2023/02/24 11:05:16 fetching corpus: 3346, signal 190338/193319 (executing program) 2023/02/24 11:05:16 fetching corpus: 3346, signal 190338/193352 (executing program) 2023/02/24 11:05:16 fetching corpus: 3346, signal 190338/193396 (executing program) 2023/02/24 11:05:16 fetching corpus: 3346, signal 190338/193435 (executing program) 2023/02/24 11:05:16 fetching corpus: 3346, signal 190338/193482 (executing program) 2023/02/24 11:05:16 fetching corpus: 3346, signal 190338/193523 (executing program) 2023/02/24 11:05:16 fetching corpus: 3346, signal 190338/193566 (executing program) 2023/02/24 11:05:16 fetching corpus: 3346, signal 190338/193614 (executing program) 2023/02/24 11:05:16 fetching corpus: 3346, signal 190338/193663 (executing program) 2023/02/24 11:05:16 fetching corpus: 3346, signal 190338/193711 (executing program) 2023/02/24 11:05:16 fetching corpus: 3346, signal 190338/193756 (executing program) 2023/02/24 11:05:16 fetching corpus: 3346, signal 190338/193798 (executing program) 2023/02/24 11:05:16 fetching corpus: 3346, signal 190338/193857 (executing program) 2023/02/24 11:05:16 fetching corpus: 3346, signal 190338/193902 (executing program) 2023/02/24 11:05:16 fetching corpus: 3346, signal 190338/193947 (executing program) 2023/02/24 11:05:16 fetching corpus: 3346, signal 190338/193993 (executing program) 2023/02/24 11:05:16 fetching corpus: 3346, signal 190338/194032 (executing program) 2023/02/24 11:05:16 fetching corpus: 3346, signal 190338/194084 (executing program) 2023/02/24 11:05:16 fetching corpus: 3346, signal 190338/194131 (executing program) 2023/02/24 11:05:16 fetching corpus: 3346, signal 190338/194193 (executing program) 2023/02/24 11:05:16 fetching corpus: 3346, signal 190338/194245 (executing program) 2023/02/24 11:05:16 fetching corpus: 3346, signal 190338/194291 (executing program) 2023/02/24 11:05:16 fetching corpus: 3346, signal 190338/194348 (executing program) 2023/02/24 11:05:16 fetching corpus: 3346, signal 190338/194393 (executing program) 2023/02/24 11:05:16 fetching corpus: 3346, signal 190338/194437 (executing program) 2023/02/24 11:05:16 fetching corpus: 3346, signal 190338/194480 (executing program) 2023/02/24 11:05:16 fetching corpus: 3346, signal 190338/194533 (executing program) 2023/02/24 11:05:16 fetching corpus: 3346, signal 190338/194553 (executing program) 2023/02/24 11:05:16 fetching corpus: 3346, signal 190338/194553 (executing program) 2023/02/24 11:05:18 starting 8 fuzzer processes 11:05:18 executing program 0: mlock2(&(0x7f0000ff5000/0x3000)=nil, 0x3000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = shmget(0x3, 0xa000, 0x20, &(0x7f0000ff6000/0xa000)=nil) r1 = socket$inet_udp(0x2, 0x2, 0x0) mmap(&(0x7f0000ff3000/0x1000)=nil, 0x1000, 0x8, 0x4011, r1, 0x16038000) shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x2000) r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x81}, 0x8, 0x7ff, 0x0, 0x0, 0x0, 0x25}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) mincore(&(0x7f0000ffa000/0x3000)=nil, 0x3000, &(0x7f0000001700)=""/201) mlock(&(0x7f0000ff2000/0x3000)=nil, 0x3000) perf_event_open(&(0x7f00000001c0)={0x3, 0x80, 0x7, 0x2, 0x5, 0x80, 0x0, 0x3, 0x40, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x7fff, 0x0, @perf_config_ext={0x9, 0xffffffff}, 0x4154c, 0x412, 0x3, 0x2, 0x3, 0xc6e4, 0x9, 0x0, 0x9, 0x0, 0xff}, 0x0, 0xe, 0xffffffffffffffff, 0x1) mmap$perf(&(0x7f0000fed000/0x3000)=nil, 0x3000, 0x0, 0x13, r2, 0x4) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r4 = openat2(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x5c3342, 0x21, 0x1b}, 0x18) mincore(&(0x7f0000ff8000/0x2000)=nil, 0x2000, &(0x7f0000000700)=""/4096) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r1, 0x50009418, &(0x7f0000001800)={{r4}, 0x0, 0x6, @inherit={0x50, &(0x7f0000000100)=ANY=[@ANYBLOB="000000000000000001000000000000000200000000000000ff000028d5bf000000000027000000000000000101000000000000010000000000000000000000000003003f000000000000000100000000"]}, @subvolid}) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r3, 0x40089413, &(0x7f0000000180)=0xe65) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r5) socket$nl_xfrm(0x10, 0x3, 0x6) 11:05:18 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) epoll_create1(0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r0, &(0x7f0000000080)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) connect$802154_dgram(r0, &(0x7f00000005c0)={0x24, @long}, 0x14) sendmmsg(r0, &(0x7f00000000c0), 0x45d, 0x0) socket$nl_audit(0x10, 0x3, 0x9) r1 = epoll_create1(0x0) pselect6(0x40, &(0x7f0000000100)={0x5f}, 0x0, 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000040)={0x10000009}) 11:05:18 executing program 1: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x5, 0x6}) 11:05:18 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x8912, &(0x7f0000000080)={0x0, {0x2, 0x4e20, @local}, {0x2, 0x0, @private}, {0x2, 0x0, @broadcast}, 0x186, 0x0, 0x0, 0x0, 0x100}) sendmmsg$sock(0xffffffffffffffff, 0x0, 0x0, 0x0) 11:05:18 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_mreq(r0, 0x29, 0x15, 0x0, 0x0) 11:05:18 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0xc, &(0x7f0000000080)={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0xc) 11:05:18 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x1b, &(0x7f0000000000)={@dev}, 0x14) perf_event_open(0x0, 0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x521040, 0x0) r1 = signalfd4(r0, &(0x7f0000000100)={[0x5]}, 0x8, 0x100800) recvmsg$unix(r1, &(0x7f0000000180)={&(0x7f0000000480), 0x6e, &(0x7f0000000900)=[{&(0x7f0000000500)=""/220, 0xdc}, {&(0x7f0000000600)=""/124, 0x7c}, {&(0x7f0000000680)=""/110, 0x6e}, {&(0x7f0000000700)=""/99, 0x63}, {&(0x7f0000000780)=""/196, 0xc4}, {&(0x7f0000000880)=""/94, 0x5e}], 0x6, &(0x7f0000000980)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xa0}, 0x0) r2 = perf_event_open(&(0x7f0000019300)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = getpid() fcntl$setownex(r2, 0xf, &(0x7f00000001c0)={0x0, r3}) fcntl$getown(r2, 0x9) copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0) 11:05:18 executing program 6: r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/mnt\x00') ioctl$NS_GET_USERNS(r0, 0xb701, 0x0) [ 72.435641] audit: type=1400 audit(1677236718.753:6): avc: denied { execmem } for pid=261 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 73.736113] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 73.737957] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 73.739123] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 73.740117] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 73.741127] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 73.742273] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 73.746604] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 73.749076] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 73.751039] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 73.752366] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 73.753708] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 73.754871] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 73.792808] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 73.794994] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 73.796440] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 73.807807] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 73.813772] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 73.815590] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 73.835109] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 73.836698] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 73.838131] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 73.841109] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 73.842642] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 73.849262] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 73.909993] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 73.911621] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 73.914115] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 73.915933] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 73.916940] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 73.918291] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 73.919981] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 73.922172] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 73.923684] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 73.925118] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 73.930930] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 73.933050] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 75.812775] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 75.812785] Bluetooth: hci1: command 0x0409 tx timeout [ 75.814084] Bluetooth: hci0: command 0x0409 tx timeout [ 75.814814] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 75.815571] [ 75.815700] ====================================================== [ 75.816108] WARNING: possible circular locking dependency detected [ 75.816547] 6.2.0-next-20230224 #1 Not tainted [ 75.816856] ------------------------------------------------------ [ 75.817538] syz-executor.5/270 is trying to acquire lock: [ 75.821138] ffff8880187e4880 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: __flush_work+0xdd/0xd80 [ 75.821838] [ 75.821838] but task is already holding lock: [ 75.822220] ffff8880187e4920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 75.822858] [ 75.822858] which lock already depends on the new lock. [ 75.822858] [ 75.823391] [ 75.823391] the existing dependency chain (in reverse order) is: [ 75.823869] [ 75.823869] -> #1 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}: [ 75.824350] __mutex_lock+0x133/0x14a0 [ 75.824659] hci_cmd_sync_work+0x1e6/0x320 [ 75.825014] process_one_work+0xa0f/0x1790 [ 75.825363] worker_thread+0x63b/0x1260 [ 75.825691] kthread+0x2e9/0x3a0 [ 75.825974] ret_from_fork+0x2c/0x50 [ 75.826282] [ 75.826282] -> #0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}: [ 75.826837] __lock_acquire+0x2d56/0x6380 [ 75.827160] lock_acquire.part.0+0xea/0x320 [ 75.827499] __flush_work+0x109/0xd80 [ 75.827794] __cancel_work_timer+0x39c/0x4e0 [ 75.828137] hci_cmd_sync_clear+0x52/0x250 [ 75.828466] hci_unregister_dev+0xf9/0x410 [ 75.828839] vhci_release+0x80/0x100 [ 75.829251] __fput+0x263/0xa40 [ 75.829623] task_work_run+0x174/0x280 [ 75.830051] do_exit+0xad8/0x2800 [ 75.830435] do_group_exit+0xd4/0x2a0 [ 75.830842] __x64_sys_exit_group+0x3e/0x50 [ 75.831300] do_syscall_64+0x3f/0x90 [ 75.831697] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 75.832241] [ 75.832241] other info that might help us debug this: [ 75.832241] [ 75.832963] Possible unsafe locking scenario: [ 75.832963] [ 75.833506] CPU0 CPU1 [ 75.833925] ---- ---- [ 75.834348] lock(&hdev->cmd_sync_work_lock); [ 75.834784] lock((work_completion)(&hdev->cmd_sync_work)); [ 75.835522] lock(&hdev->cmd_sync_work_lock); [ 75.836165] lock((work_completion)(&hdev->cmd_sync_work)); [ 75.836687] [ 75.836687] *** DEADLOCK *** [ 75.836687] [ 75.837239] 1 lock held by syz-executor.5/270: [ 75.837672] #0: ffff8880187e4920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 75.838615] [ 75.838615] stack backtrace: [ 75.839029] CPU: 0 PID: 270 Comm: syz-executor.5 Not tainted 6.2.0-next-20230224 #1 [ 75.839738] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 75.840507] Call Trace: [ 75.840754] [ 75.840917] dump_stack_lvl+0x91/0xf0 [ 75.841196] check_noncircular+0x263/0x2e0 [ 75.841525] ? __pfx_check_noncircular+0x10/0x10 [ 75.841889] __lock_acquire+0x2d56/0x6380 [ 75.842208] ? lock_is_held_type+0x9f/0x120 [ 75.842524] ? __pfx___lock_acquire+0x10/0x10 [ 75.842864] ? __pfx_register_lock_class+0x10/0x10 [ 75.843223] ? __wait_for_common+0x394/0x550 [ 75.843558] ? __pfx_lock_release+0x10/0x10 [ 75.843893] lock_acquire.part.0+0xea/0x320 [ 75.844227] ? __flush_work+0xdd/0xd80 [ 75.844525] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 75.844894] ? __flush_work+0xdd/0xd80 [ 75.845191] ? rcu_read_lock_sched_held+0x42/0x80 [ 75.845544] ? trace_lock_acquire+0x170/0x1e0 [ 75.845889] ? __flush_work+0xdd/0xd80 [ 75.846190] ? lock_acquire+0x32/0xc0 [ 75.846479] ? __flush_work+0xdd/0xd80 [ 75.846779] __flush_work+0x109/0xd80 [ 75.847068] ? __flush_work+0xdd/0xd80 [ 75.847364] ? __pfx_mark_lock.part.0+0x10/0x10 [ 75.847705] ? __pfx___flush_work+0x10/0x10 [ 75.848038] ? lock_acquire.part.0+0xea/0x320 [ 75.848374] ? hci_cmd_sync_clear+0x45/0x250 [ 75.848701] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 75.849074] ? hci_cmd_sync_clear+0x45/0x250 [ 75.849395] ? rcu_read_lock_sched_held+0x42/0x80 [ 75.849756] ? trace_lock_acquire+0x170/0x1e0 [ 75.850090] ? lock_is_held_type+0x9f/0x120 [ 75.850400] ? mark_held_locks+0x9e/0xe0 [ 75.850709] __cancel_work_timer+0x39c/0x4e0 [ 75.851032] ? __pfx___cancel_work_timer+0x10/0x10 [ 75.851381] ? __cancel_work_timer+0x2aa/0x4e0 [ 75.851709] ? __pfx___cancel_work_timer+0x10/0x10 [ 75.852050] ? lock_release+0x1e3/0x710 [ 75.852329] ? __pfx_lock_release+0x10/0x10 [ 75.852629] ? do_raw_write_lock+0x11e/0x3b0 [ 75.852927] ? __pfx_vhci_release+0x10/0x10 [ 75.853227] hci_cmd_sync_clear+0x52/0x250 [ 75.853517] ? __pfx_vhci_release+0x10/0x10 [ 75.853813] hci_unregister_dev+0xf9/0x410 [ 75.854102] vhci_release+0x80/0x100 [ 75.854369] __fput+0x263/0xa40 [ 75.854601] task_work_run+0x174/0x280 [ 75.854869] ? __pfx_task_work_run+0x10/0x10 [ 75.855172] ? do_raw_spin_unlock+0x53/0x220 [ 75.855472] do_exit+0xad8/0x2800 [ 75.855710] ? lock_release+0x1e3/0x710 [ 75.855996] ? __pfx_lock_release+0x10/0x10 [ 75.856292] ? do_raw_spin_lock+0x125/0x270 [ 75.856582] ? __pfx_do_exit+0x10/0x10 [ 75.856854] do_group_exit+0xd4/0x2a0 [ 75.857116] __x64_sys_exit_group+0x3e/0x50 [ 75.857412] do_syscall_64+0x3f/0x90 [ 75.857670] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 75.858015] RIP: 0033:0x7f1749c50b19 [ 75.858268] Code: Unable to access opcode bytes at 0x7f1749c50aef. [ 75.858672] RSP: 002b:00007ffe4377c888 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 75.859176] RAX: ffffffffffffffda RBX: 00007ffe4377d068 RCX: 00007f1749c50b19 [ 75.859643] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 75.860122] RBP: 0000000000000000 R08: 0000000000000026 R09: 00007ffe4377d068 [ 75.860587] R10: 0000000000000020 R11: 0000000000000246 R12: 00007f1749caa233 [ 75.861090] R13: 0000000000000002 R14: 0000000000000000 R15: 00000000000000f8 [ 75.861609] [ 75.875348] Bluetooth: hci6: command 0x0409 tx timeout [ 75.875755] Bluetooth: hci2: command 0x0409 tx timeout [ 75.939348] Bluetooth: hci5: command 0x0409 tx timeout [ 75.939773] Bluetooth: hci7: command 0x0409 tx timeout [ 77.859362] Bluetooth: hci1: command 0x041b tx timeout [ 77.860345] Bluetooth: hci0: command 0x041b tx timeout [ 77.924380] Bluetooth: hci2: command 0x041b tx timeout [ 77.924786] Bluetooth: hci6: command 0x041b tx timeout [ 77.988398] Bluetooth: hci7: command 0x041b tx timeout [ 77.988794] Bluetooth: hci5: command 0x041b tx timeout [ 79.907374] Bluetooth: hci0: command 0x040f tx timeout [ 79.907800] Bluetooth: hci1: command 0x040f tx timeout [ 79.971616] Bluetooth: hci6: command 0x040f tx timeout [ 79.971999] Bluetooth: hci2: command 0x040f tx timeout [ 80.035395] Bluetooth: hci5: command 0x040f tx timeout [ 80.035766] Bluetooth: hci7: command 0x040f tx timeout [ 80.611396] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 80.740334] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 81.955427] Bluetooth: hci1: command 0x0419 tx timeout [ 81.955861] Bluetooth: hci0: command 0x0419 tx timeout [ 82.019631] Bluetooth: hci2: command 0x0419 tx timeout [ 82.020027] Bluetooth: hci6: command 0x0419 tx timeout [ 82.083390] Bluetooth: hci7: command 0x0419 tx timeout [ 82.083778] Bluetooth: hci5: command 0x0419 tx timeout [ 82.983966] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 82.985384] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 82.987161] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 82.989692] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 82.991192] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 82.992675] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 83.130532] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 83.134940] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 83.136481] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 83.140476] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 83.144501] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 83.146464] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 85.027383] Bluetooth: hci3: command 0x0409 tx timeout [ 85.156367] Bluetooth: hci4: command 0x0409 tx timeout VM DIAGNOSIS: 11:05:22 Registers: info registers vcpu 0 RAX=0000000000000037 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff82502865 RDI=ffffffff87f10da0 RBP=ffffffff87f10d60 RSP=ffff88803885f190 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000037 R11=0000000000000001 R12=0000000000000037 R13=ffffffff87f10d60 R14=0000000000000010 R15=ffffffff82502850 RIP=ffffffff825028bd RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe008fb78000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe008fb76000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f03527d96f4 CR3=000000001021a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007f03527e847000007f03527e7f20 XMM02=00000000000000000000000000000000 XMM03=756e20796d6d756420736e6f6974706f XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=73253d656d616e6c6165722073253d73 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=ffff88803cf9580c RCX=ffffffff84414004 RDX=ffff88800ec85040 RSI=0000000000000000 RDI=0000000000000005 RBP=0000000000000000 RSP=ffff8880144ffca0 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=0000000000000002 R13=ffff888008459200 R14=00007fdf62161000 R15=00007fdf6263ffff RIP=ffffffff814b6ffc RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fdf62138540 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe1d683ca000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe1d683c8000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fdf6260f000 CR3=000000003ccd0000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00ff00000000000000000000000000ff XMM01=ff00ffffffffffffffffffffffffff00 XMM02=ff00ffffffffffffffffffffff000000 XMM03=000000000000000042494c4700352e32 XMM04=312e325f4342494c470035312e325f43 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000