Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:54981' (ECDSA) to the list of known hosts. 2023/02/24 11:22:18 fuzzer started 2023/02/24 11:22:19 dialing manager at localhost:41417 syzkaller login: [ 35.971475] cgroup: Unknown subsys name 'net' [ 36.071440] cgroup: Unknown subsys name 'rlimit' 2023/02/24 11:22:33 syscalls: 2217 2023/02/24 11:22:33 code coverage: enabled 2023/02/24 11:22:33 comparison tracing: enabled 2023/02/24 11:22:33 extra coverage: enabled 2023/02/24 11:22:33 setuid sandbox: enabled 2023/02/24 11:22:33 namespace sandbox: enabled 2023/02/24 11:22:33 Android sandbox: enabled 2023/02/24 11:22:33 fault injection: enabled 2023/02/24 11:22:33 leak checking: enabled 2023/02/24 11:22:33 net packet injection: enabled 2023/02/24 11:22:33 net device setup: enabled 2023/02/24 11:22:33 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2023/02/24 11:22:33 devlink PCI setup: PCI device 0000:00:10.0 is not available 2023/02/24 11:22:33 USB emulation: enabled 2023/02/24 11:22:33 hci packet injection: enabled 2023/02/24 11:22:33 wifi device emulation: enabled 2023/02/24 11:22:33 802.15.4 emulation: enabled 2023/02/24 11:22:33 fetching corpus: 0, signal 0/2000 (executing program) 2023/02/24 11:22:33 fetching corpus: 31, signal 25018/28621 (executing program) 2023/02/24 11:22:33 fetching corpus: 81, signal 37438/42557 (executing program) 2023/02/24 11:22:33 fetching corpus: 131, signal 47640/54145 (executing program) 2023/02/24 11:22:33 fetching corpus: 181, signal 56287/64057 (executing program) 2023/02/24 11:22:33 fetching corpus: 231, signal 62107/71171 (executing program) 2023/02/24 11:22:33 fetching corpus: 281, signal 68786/78994 (executing program) 2023/02/24 11:22:33 fetching corpus: 331, signal 74424/85760 (executing program) 2023/02/24 11:22:34 fetching corpus: 381, signal 79985/92335 (executing program) 2023/02/24 11:22:34 fetching corpus: 431, signal 84820/98138 (executing program) 2023/02/24 11:22:34 fetching corpus: 481, signal 89162/103468 (executing program) 2023/02/24 11:22:34 fetching corpus: 531, signal 96415/111376 (executing program) 2023/02/24 11:22:34 fetching corpus: 581, signal 100214/116088 (executing program) 2023/02/24 11:22:34 fetching corpus: 631, signal 102730/119590 (executing program) 2023/02/24 11:22:34 fetching corpus: 681, signal 106848/124463 (executing program) 2023/02/24 11:22:34 fetching corpus: 731, signal 110963/129248 (executing program) 2023/02/24 11:22:35 fetching corpus: 781, signal 114826/133767 (executing program) 2023/02/24 11:22:35 fetching corpus: 831, signal 117659/137350 (executing program) 2023/02/24 11:22:35 fetching corpus: 881, signal 119823/140281 (executing program) 2023/02/24 11:22:35 fetching corpus: 931, signal 122109/143288 (executing program) 2023/02/24 11:22:35 fetching corpus: 981, signal 124440/146302 (executing program) 2023/02/24 11:22:35 fetching corpus: 1031, signal 127028/149504 (executing program) 2023/02/24 11:22:35 fetching corpus: 1081, signal 129426/152484 (executing program) 2023/02/24 11:22:35 fetching corpus: 1131, signal 131386/155082 (executing program) 2023/02/24 11:22:36 fetching corpus: 1180, signal 133630/157899 (executing program) 2023/02/24 11:22:36 fetching corpus: 1230, signal 135910/160698 (executing program) 2023/02/24 11:22:36 fetching corpus: 1280, signal 137964/163249 (executing program) 2023/02/24 11:22:36 fetching corpus: 1330, signal 139324/165287 (executing program) 2023/02/24 11:22:36 fetching corpus: 1380, signal 141327/167766 (executing program) 2023/02/24 11:22:36 fetching corpus: 1430, signal 142908/169915 (executing program) 2023/02/24 11:22:36 fetching corpus: 1480, signal 144939/172365 (executing program) 2023/02/24 11:22:36 fetching corpus: 1530, signal 146987/174810 (executing program) 2023/02/24 11:22:37 fetching corpus: 1580, signal 148248/176616 (executing program) 2023/02/24 11:22:37 fetching corpus: 1630, signal 150659/179210 (executing program) 2023/02/24 11:22:37 fetching corpus: 1680, signal 152244/181131 (executing program) 2023/02/24 11:22:37 fetching corpus: 1730, signal 153542/182917 (executing program) 2023/02/24 11:22:37 fetching corpus: 1780, signal 154829/184618 (executing program) 2023/02/24 11:22:37 fetching corpus: 1830, signal 156356/186482 (executing program) 2023/02/24 11:22:37 fetching corpus: 1880, signal 157592/188181 (executing program) 2023/02/24 11:22:37 fetching corpus: 1930, signal 158541/189666 (executing program) 2023/02/24 11:22:37 fetching corpus: 1980, signal 159970/191452 (executing program) 2023/02/24 11:22:37 fetching corpus: 2030, signal 162001/193594 (executing program) 2023/02/24 11:22:38 fetching corpus: 2080, signal 163403/195234 (executing program) 2023/02/24 11:22:38 fetching corpus: 2130, signal 164345/196603 (executing program) 2023/02/24 11:22:38 fetching corpus: 2180, signal 165226/197882 (executing program) 2023/02/24 11:22:38 fetching corpus: 2230, signal 166597/199458 (executing program) 2023/02/24 11:22:38 fetching corpus: 2280, signal 167255/200593 (executing program) 2023/02/24 11:22:38 fetching corpus: 2330, signal 168356/202005 (executing program) 2023/02/24 11:22:38 fetching corpus: 2380, signal 169579/203492 (executing program) 2023/02/24 11:22:38 fetching corpus: 2430, signal 170824/204952 (executing program) 2023/02/24 11:22:39 fetching corpus: 2480, signal 171899/206260 (executing program) 2023/02/24 11:22:39 fetching corpus: 2530, signal 173209/207725 (executing program) 2023/02/24 11:22:39 fetching corpus: 2580, signal 174124/208936 (executing program) 2023/02/24 11:22:39 fetching corpus: 2630, signal 175171/210226 (executing program) 2023/02/24 11:22:39 fetching corpus: 2680, signal 175915/211293 (executing program) 2023/02/24 11:22:39 fetching corpus: 2730, signal 176826/212472 (executing program) 2023/02/24 11:22:39 fetching corpus: 2780, signal 177736/213608 (executing program) 2023/02/24 11:22:39 fetching corpus: 2830, signal 179042/214931 (executing program) 2023/02/24 11:22:40 fetching corpus: 2880, signal 180533/216399 (executing program) 2023/02/24 11:22:40 fetching corpus: 2930, signal 182022/217801 (executing program) 2023/02/24 11:22:40 fetching corpus: 2980, signal 182710/218771 (executing program) 2023/02/24 11:22:40 fetching corpus: 3030, signal 183276/219632 (executing program) 2023/02/24 11:22:40 fetching corpus: 3080, signal 184469/220863 (executing program) 2023/02/24 11:22:40 fetching corpus: 3130, signal 185234/221823 (executing program) 2023/02/24 11:22:40 fetching corpus: 3180, signal 186020/222806 (executing program) 2023/02/24 11:22:40 fetching corpus: 3230, signal 187014/223871 (executing program) 2023/02/24 11:22:41 fetching corpus: 3280, signal 187759/224754 (executing program) 2023/02/24 11:22:41 fetching corpus: 3330, signal 188675/225725 (executing program) 2023/02/24 11:22:41 fetching corpus: 3380, signal 189376/226591 (executing program) 2023/02/24 11:22:41 fetching corpus: 3430, signal 190205/227463 (executing program) 2023/02/24 11:22:41 fetching corpus: 3480, signal 191120/228431 (executing program) 2023/02/24 11:22:41 fetching corpus: 3530, signal 191895/229309 (executing program) 2023/02/24 11:22:41 fetching corpus: 3580, signal 192774/230193 (executing program) 2023/02/24 11:22:41 fetching corpus: 3630, signal 193650/231067 (executing program) 2023/02/24 11:22:41 fetching corpus: 3680, signal 194335/231912 (executing program) 2023/02/24 11:22:42 fetching corpus: 3730, signal 194982/232715 (executing program) 2023/02/24 11:22:42 fetching corpus: 3780, signal 196176/233706 (executing program) 2023/02/24 11:22:42 fetching corpus: 3830, signal 196706/234403 (executing program) 2023/02/24 11:22:42 fetching corpus: 3880, signal 197611/235214 (executing program) 2023/02/24 11:22:42 fetching corpus: 3930, signal 198267/235899 (executing program) 2023/02/24 11:22:42 fetching corpus: 3980, signal 198926/236629 (executing program) 2023/02/24 11:22:42 fetching corpus: 4030, signal 199641/237414 (executing program) 2023/02/24 11:22:42 fetching corpus: 4080, signal 200303/238109 (executing program) 2023/02/24 11:22:43 fetching corpus: 4130, signal 200733/238724 (executing program) 2023/02/24 11:22:43 fetching corpus: 4180, signal 201425/239385 (executing program) 2023/02/24 11:22:43 fetching corpus: 4230, signal 202263/240081 (executing program) 2023/02/24 11:22:43 fetching corpus: 4280, signal 203538/240963 (executing program) 2023/02/24 11:22:43 fetching corpus: 4330, signal 204067/241577 (executing program) 2023/02/24 11:22:43 fetching corpus: 4380, signal 204621/242149 (executing program) 2023/02/24 11:22:43 fetching corpus: 4430, signal 205223/242758 (executing program) 2023/02/24 11:22:43 fetching corpus: 4480, signal 205960/243417 (executing program) 2023/02/24 11:22:44 fetching corpus: 4530, signal 206585/243984 (executing program) 2023/02/24 11:22:44 fetching corpus: 4580, signal 207523/244664 (executing program) 2023/02/24 11:22:44 fetching corpus: 4629, signal 208174/245276 (executing program) 2023/02/24 11:22:44 fetching corpus: 4679, signal 208712/245810 (executing program) 2023/02/24 11:22:44 fetching corpus: 4728, signal 209307/246377 (executing program) 2023/02/24 11:22:44 fetching corpus: 4778, signal 210572/247083 (executing program) 2023/02/24 11:22:44 fetching corpus: 4828, signal 211297/247664 (executing program) 2023/02/24 11:22:44 fetching corpus: 4878, signal 211645/248118 (executing program) 2023/02/24 11:22:44 fetching corpus: 4928, signal 212274/248647 (executing program) 2023/02/24 11:22:45 fetching corpus: 4978, signal 213038/249142 (executing program) 2023/02/24 11:22:45 fetching corpus: 5028, signal 213820/249643 (executing program) 2023/02/24 11:22:45 fetching corpus: 5078, signal 214706/250197 (executing program) 2023/02/24 11:22:45 fetching corpus: 5127, signal 215158/250603 (executing program) 2023/02/24 11:22:45 fetching corpus: 5176, signal 215558/251015 (executing program) 2023/02/24 11:22:45 fetching corpus: 5226, signal 216033/251454 (executing program) 2023/02/24 11:22:45 fetching corpus: 5276, signal 216573/251887 (executing program) 2023/02/24 11:22:45 fetching corpus: 5326, signal 217328/252305 (executing program) 2023/02/24 11:22:46 fetching corpus: 5376, signal 217780/252726 (executing program) 2023/02/24 11:22:46 fetching corpus: 5426, signal 218315/253128 (executing program) 2023/02/24 11:22:46 fetching corpus: 5476, signal 218681/253478 (executing program) 2023/02/24 11:22:46 fetching corpus: 5526, signal 219092/253830 (executing program) 2023/02/24 11:22:46 fetching corpus: 5576, signal 219540/254187 (executing program) 2023/02/24 11:22:46 fetching corpus: 5626, signal 220024/254557 (executing program) 2023/02/24 11:22:46 fetching corpus: 5676, signal 220449/254941 (executing program) 2023/02/24 11:22:46 fetching corpus: 5726, signal 221091/255303 (executing program) 2023/02/24 11:22:47 fetching corpus: 5776, signal 221698/255682 (executing program) 2023/02/24 11:22:47 fetching corpus: 5826, signal 222142/256025 (executing program) 2023/02/24 11:22:47 fetching corpus: 5876, signal 222642/256344 (executing program) 2023/02/24 11:22:47 fetching corpus: 5926, signal 223260/256684 (executing program) 2023/02/24 11:22:47 fetching corpus: 5976, signal 223740/256990 (executing program) 2023/02/24 11:22:47 fetching corpus: 6026, signal 224422/257323 (executing program) 2023/02/24 11:22:47 fetching corpus: 6076, signal 225107/257673 (executing program) 2023/02/24 11:22:47 fetching corpus: 6126, signal 225598/257995 (executing program) 2023/02/24 11:22:48 fetching corpus: 6176, signal 226292/258283 (executing program) 2023/02/24 11:22:48 fetching corpus: 6226, signal 226659/258567 (executing program) 2023/02/24 11:22:48 fetching corpus: 6276, signal 227188/258822 (executing program) 2023/02/24 11:22:48 fetching corpus: 6326, signal 227670/259065 (executing program) 2023/02/24 11:22:48 fetching corpus: 6376, signal 228035/259320 (executing program) 2023/02/24 11:22:48 fetching corpus: 6425, signal 228742/259547 (executing program) 2023/02/24 11:22:48 fetching corpus: 6475, signal 229305/259547 (executing program) 2023/02/24 11:22:48 fetching corpus: 6525, signal 229714/259551 (executing program) 2023/02/24 11:22:49 fetching corpus: 6575, signal 230163/259551 (executing program) 2023/02/24 11:22:49 fetching corpus: 6625, signal 230591/259551 (executing program) 2023/02/24 11:22:49 fetching corpus: 6675, signal 231025/259551 (executing program) 2023/02/24 11:22:49 fetching corpus: 6725, signal 231481/259551 (executing program) 2023/02/24 11:22:49 fetching corpus: 6775, signal 231799/259551 (executing program) 2023/02/24 11:22:49 fetching corpus: 6825, signal 232205/259551 (executing program) 2023/02/24 11:22:49 fetching corpus: 6875, signal 232666/259551 (executing program) 2023/02/24 11:22:50 fetching corpus: 6924, signal 233240/259551 (executing program) 2023/02/24 11:22:50 fetching corpus: 6974, signal 233752/259551 (executing program) 2023/02/24 11:22:50 fetching corpus: 7024, signal 234318/259551 (executing program) 2023/02/24 11:22:50 fetching corpus: 7074, signal 234825/259551 (executing program) 2023/02/24 11:22:50 fetching corpus: 7124, signal 235210/259551 (executing program) 2023/02/24 11:22:50 fetching corpus: 7174, signal 235848/259551 (executing program) 2023/02/24 11:22:50 fetching corpus: 7224, signal 236330/259576 (executing program) 2023/02/24 11:22:50 fetching corpus: 7274, signal 236917/259576 (executing program) 2023/02/24 11:22:51 fetching corpus: 7324, signal 237228/259576 (executing program) 2023/02/24 11:22:51 fetching corpus: 7374, signal 237620/259576 (executing program) 2023/02/24 11:22:51 fetching corpus: 7424, signal 238223/259576 (executing program) 2023/02/24 11:22:51 fetching corpus: 7474, signal 238572/259576 (executing program) 2023/02/24 11:22:51 fetching corpus: 7524, signal 238894/259576 (executing program) 2023/02/24 11:22:51 fetching corpus: 7574, signal 239199/259576 (executing program) 2023/02/24 11:22:51 fetching corpus: 7624, signal 239611/259576 (executing program) 2023/02/24 11:22:51 fetching corpus: 7674, signal 239899/259579 (executing program) 2023/02/24 11:22:52 fetching corpus: 7724, signal 240431/259579 (executing program) 2023/02/24 11:22:52 fetching corpus: 7774, signal 240935/259579 (executing program) 2023/02/24 11:22:52 fetching corpus: 7824, signal 241285/259579 (executing program) 2023/02/24 11:22:52 fetching corpus: 7874, signal 241685/259579 (executing program) 2023/02/24 11:22:52 fetching corpus: 7924, signal 242159/259579 (executing program) 2023/02/24 11:22:52 fetching corpus: 7974, signal 242360/259580 (executing program) 2023/02/24 11:22:52 fetching corpus: 8024, signal 243128/259581 (executing program) 2023/02/24 11:22:52 fetching corpus: 8072, signal 243639/259600 (executing program) 2023/02/24 11:22:52 fetching corpus: 8122, signal 244061/259600 (executing program) 2023/02/24 11:22:53 fetching corpus: 8171, signal 244382/259618 (executing program) 2023/02/24 11:22:53 fetching corpus: 8221, signal 244803/259618 (executing program) 2023/02/24 11:22:53 fetching corpus: 8271, signal 245116/259618 (executing program) 2023/02/24 11:22:53 fetching corpus: 8321, signal 245688/259618 (executing program) 2023/02/24 11:22:53 fetching corpus: 8371, signal 245966/259618 (executing program) 2023/02/24 11:22:53 fetching corpus: 8420, signal 246340/259619 (executing program) 2023/02/24 11:22:53 fetching corpus: 8470, signal 246791/259619 (executing program) 2023/02/24 11:22:53 fetching corpus: 8520, signal 247202/259619 (executing program) 2023/02/24 11:22:54 fetching corpus: 8570, signal 247507/259619 (executing program) 2023/02/24 11:22:54 fetching corpus: 8620, signal 247992/259619 (executing program) 2023/02/24 11:22:54 fetching corpus: 8670, signal 248387/259619 (executing program) 2023/02/24 11:22:54 fetching corpus: 8720, signal 248756/259619 (executing program) 2023/02/24 11:22:54 fetching corpus: 8770, signal 249275/259619 (executing program) 2023/02/24 11:22:54 fetching corpus: 8820, signal 249659/259619 (executing program) 2023/02/24 11:22:54 fetching corpus: 8870, signal 249984/259619 (executing program) 2023/02/24 11:22:55 fetching corpus: 8920, signal 250227/259619 (executing program) 2023/02/24 11:22:55 fetching corpus: 8970, signal 250636/259619 (executing program) 2023/02/24 11:22:55 fetching corpus: 9020, signal 250917/259619 (executing program) 2023/02/24 11:22:55 fetching corpus: 9070, signal 251373/259620 (executing program) 2023/02/24 11:22:55 fetching corpus: 9120, signal 251700/259620 (executing program) 2023/02/24 11:22:55 fetching corpus: 9170, signal 251978/259620 (executing program) 2023/02/24 11:22:55 fetching corpus: 9220, signal 252315/259620 (executing program) 2023/02/24 11:22:55 fetching corpus: 9270, signal 252645/259620 (executing program) 2023/02/24 11:22:55 fetching corpus: 9320, signal 253069/259620 (executing program) 2023/02/24 11:22:55 fetching corpus: 9370, signal 253490/259620 (executing program) 2023/02/24 11:22:56 fetching corpus: 9420, signal 253756/259620 (executing program) 2023/02/24 11:22:56 fetching corpus: 9470, signal 254224/259641 (executing program) 2023/02/24 11:22:56 fetching corpus: 9520, signal 254756/259641 (executing program) 2023/02/24 11:22:56 fetching corpus: 9569, signal 255222/259646 (executing program) 2023/02/24 11:22:56 fetching corpus: 9619, signal 255779/259836 (executing program) 2023/02/24 11:22:56 fetching corpus: 9668, signal 256194/259879 (executing program) 2023/02/24 11:22:56 fetching corpus: 9689, signal 256269/259879 (executing program) 2023/02/24 11:22:56 fetching corpus: 9689, signal 256269/259879 (executing program) 2023/02/24 11:22:59 starting 8 fuzzer processes 11:22:59 executing program 0: syz_emit_ethernet(0x4a, &(0x7f00000000c0)={@multicast, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, '#\x00\b', 0x14, 0x2c, 0x0, @empty, @local, {[@hopopts={0x3b}], {0x0, 0x0, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}}, 0x0) 11:22:59 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x0, &(0x7f0000000140)={0x0, 0x10ae, 0x0, 0x2, 0x212}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x0, &(0x7f0000000300)) pipe2(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) pidfd_open(0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000006c0)) r3 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x105802, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000004, 0x2811, r3, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) capset(&(0x7f0000000040)={0x20080522}, 0x0) memfd_secret(0x80000) r4 = getpid() capset(&(0x7f0000000040)={0x20080522, r4}, 0x0) r5 = memfd_secret(0x80000) mq_notify(r5, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000380)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x80000, 0x1, {0x0, r2}}, 0x7f) syz_io_uring_setup(0x43da, &(0x7f00000003c0)={0x0, 0x0, 0x10, 0x2, 0x375}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000440), &(0x7f0000000480)) 11:22:59 executing program 2: r0 = getpgid(0x0) clone3(&(0x7f0000003080)={0x40000500, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000003040)=[r0], 0x1}, 0x58) 11:22:59 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x7e) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000), 0x4) r1 = dup2(r0, r0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000180)={&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000001200)=0x40) [ 75.825670] audit: type=1400 audit(1677237779.228:6): avc: denied { execmem } for pid=259 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:22:59 executing program 4: r0 = epoll_create(0x4) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f0000000040)) r2 = ioctl$TIOCGPTPEER(r1, 0x5441, 0x0) r3 = dup2(r2, r0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r3, 0xc0189375, 0x0) 11:22:59 executing program 5: r0 = syz_io_uring_setup(0x35c3, &(0x7f0000000180)={0x0, 0x39dd}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000040), &(0x7f0000000200)) io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000240)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x100000) 11:22:59 executing program 6: r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) ioctl$EVIOCGLED(r0, 0x80404519, &(0x7f0000000240)=""/68) 11:22:59 executing program 7: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = gettid() r1 = getpid() rt_tgsigqueueinfo(r1, r0, 0x0, &(0x7f0000000340)) [ 77.129087] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 77.131288] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 77.132907] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 77.134074] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 77.135331] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 77.136886] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 77.139455] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 77.142742] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 77.143716] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 77.143755] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 77.151589] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 77.156709] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 77.169490] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 77.173093] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 77.182734] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 77.192800] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 77.195069] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 77.196248] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 77.295751] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 77.297488] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 77.301795] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 77.302506] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 77.311161] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 77.313275] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 77.314941] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 77.321690] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 77.322780] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 77.323865] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 77.326200] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 77.327005] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 79.208120] Bluetooth: hci0: command 0x0409 tx timeout [ 79.208748] Bluetooth: hci1: command 0x0409 tx timeout [ 79.209269] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 79.211403] [ 79.211545] ====================================================== [ 79.211949] WARNING: possible circular locking dependency detected [ 79.212348] 6.2.0-next-20230224 #1 Not tainted [ 79.212655] ------------------------------------------------------ [ 79.215214] syz-executor.3/270 is trying to acquire lock: [ 79.217034] ffff888018e2c880 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: __flush_work+0xdd/0xd80 [ 79.217870] [ 79.217870] but task is already holding lock: [ 79.218405] ffff888018e2c920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 79.219287] [ 79.219287] which lock already depends on the new lock. [ 79.219287] [ 79.220000] [ 79.220000] the existing dependency chain (in reverse order) is: [ 79.220651] [ 79.220651] -> #1 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}: [ 79.221286] __mutex_lock+0x133/0x14a0 [ 79.221689] hci_cmd_sync_work+0x1e6/0x320 [ 79.222108] process_one_work+0xa0f/0x1790 [ 79.222533] worker_thread+0x63b/0x1260 [ 79.222933] kthread+0x2e9/0x3a0 [ 79.223278] ret_from_fork+0x2c/0x50 [ 79.223654] [ 79.223654] -> #0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}: [ 79.224353] __lock_acquire+0x2d56/0x6380 [ 79.224784] lock_acquire.part.0+0xea/0x320 [ 79.225213] __flush_work+0x109/0xd80 [ 79.225600] __cancel_work_timer+0x39c/0x4e0 [ 79.226021] hci_cmd_sync_clear+0x52/0x250 [ 79.226436] hci_unregister_dev+0xf9/0x410 [ 79.226852] vhci_release+0x80/0x100 [ 79.227232] __fput+0x263/0xa40 [ 79.227573] task_work_run+0x174/0x280 [ 79.227963] do_exit+0xad8/0x2800 [ 79.228313] do_group_exit+0xd4/0x2a0 [ 79.228714] __x64_sys_exit_group+0x3e/0x50 [ 79.229137] do_syscall_64+0x3f/0x90 [ 79.229487] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 79.229835] [ 79.229835] other info that might help us debug this: [ 79.229835] [ 79.230311] Possible unsafe locking scenario: [ 79.230311] [ 79.230692] CPU0 CPU1 [ 79.230991] ---- ---- [ 79.231288] lock(&hdev->cmd_sync_work_lock); [ 79.231590] lock((work_completion)(&hdev->cmd_sync_work)); [ 79.232113] lock(&hdev->cmd_sync_work_lock); [ 79.232580] lock((work_completion)(&hdev->cmd_sync_work)); [ 79.232953] [ 79.232953] *** DEADLOCK *** [ 79.232953] [ 79.233345] 1 lock held by syz-executor.3/270: [ 79.233641] #0: ffff888018e2c920 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x45/0x250 [ 79.234301] [ 79.234301] stack backtrace: [ 79.234590] CPU: 0 PID: 270 Comm: syz-executor.3 Not tainted 6.2.0-next-20230224 #1 [ 79.235084] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 79.235610] Call Trace: [ 79.235783] [ 79.235939] dump_stack_lvl+0x91/0xf0 [ 79.236200] check_noncircular+0x263/0x2e0 [ 79.236489] ? __pfx_check_noncircular+0x10/0x10 [ 79.236836] __lock_acquire+0x2d56/0x6380 [ 79.237126] ? lock_is_held_type+0x9f/0x120 [ 79.237426] ? __pfx___lock_acquire+0x10/0x10 [ 79.237724] ? __pfx_register_lock_class+0x10/0x10 [ 79.238040] ? __wait_for_common+0x394/0x550 [ 79.238332] ? __pfx_lock_release+0x10/0x10 [ 79.238614] lock_acquire.part.0+0xea/0x320 [ 79.238897] ? __flush_work+0xdd/0xd80 [ 79.239154] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 79.239470] ? __flush_work+0xdd/0xd80 [ 79.239727] ? rcu_read_lock_sched_held+0x42/0x80 [ 79.240036] ? trace_lock_acquire+0x170/0x1e0 [ 79.240332] ? __flush_work+0xdd/0xd80 [ 79.240597] ? lock_acquire+0x32/0xc0 [ 79.240850] ? __flush_work+0xdd/0xd80 [ 79.241109] __flush_work+0x109/0xd80 [ 79.241362] ? __flush_work+0xdd/0xd80 [ 79.241623] ? __pfx_mark_lock.part.0+0x10/0x10 [ 79.241925] ? __pfx___flush_work+0x10/0x10 [ 79.242204] ? lock_acquire.part.0+0xea/0x320 [ 79.242503] ? hci_cmd_sync_clear+0x45/0x250 [ 79.242786] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 79.243102] ? hci_cmd_sync_clear+0x45/0x250 [ 79.243386] ? rcu_read_lock_sched_held+0x42/0x80 [ 79.243691] ? trace_lock_acquire+0x170/0x1e0 [ 79.243981] ? lock_is_held_type+0x9f/0x120 [ 79.244264] ? mark_held_locks+0x9e/0xe0 [ 79.244538] __cancel_work_timer+0x39c/0x4e0 [ 79.244821] ? __pfx___cancel_work_timer+0x10/0x10 [ 79.245126] ? __cancel_work_timer+0x2aa/0x4e0 [ 79.245415] ? __pfx___cancel_work_timer+0x10/0x10 [ 79.245720] ? lock_release+0x1e3/0x710 [ 79.245980] ? __pfx_lock_release+0x10/0x10 [ 79.246259] ? do_raw_write_lock+0x11e/0x3b0 [ 79.246540] ? __pfx_vhci_release+0x10/0x10 [ 79.246818] hci_cmd_sync_clear+0x52/0x250 [ 79.247089] ? __pfx_vhci_release+0x10/0x10 [ 79.247365] hci_unregister_dev+0xf9/0x410 [ 79.247637] vhci_release+0x80/0x100 [ 79.247883] __fput+0x263/0xa40 [ 79.248101] task_work_run+0x174/0x280 [ 79.248352] ? __pfx_task_work_run+0x10/0x10 [ 79.248654] ? do_raw_spin_unlock+0x53/0x220 [ 79.248936] do_exit+0xad8/0x2800 [ 79.249164] ? lock_release+0x1e3/0x710 [ 79.249426] ? __pfx_lock_release+0x10/0x10 [ 79.249708] ? do_raw_spin_lock+0x125/0x270 [ 79.249980] ? __pfx_do_exit+0x10/0x10 [ 79.250233] do_group_exit+0xd4/0x2a0 [ 79.250479] __x64_sys_exit_group+0x3e/0x50 [ 79.250754] do_syscall_64+0x3f/0x90 [ 79.250993] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 79.251313] RIP: 0033:0x7fe911e3fb19 [ 79.251550] Code: Unable to access opcode bytes at 0x7fe911e3faef. [ 79.251926] RSP: 002b:00007ffc6813bc88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 79.252391] RAX: ffffffffffffffda RBX: 00007ffc6813c468 RCX: 00007fe911e3fb19 [ 79.252830] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 79.253259] RBP: 0000000000000000 R08: 0000000000000026 R09: 00007ffc6813c468 [ 79.253694] R10: 0000000000000020 R11: 0000000000000246 R12: 00007fe911e99233 [ 79.254126] R13: 0000000000000002 R14: 0000000000000000 R15: 00000000000000f8 [ 79.254564] [ 79.271613] Bluetooth: hci2: command 0x0409 tx timeout [ 79.273578] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 79.274383] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 79.335646] Bluetooth: hci7: command 0x0409 tx timeout [ 79.399602] Bluetooth: hci6: command 0x0409 tx timeout [ 81.255567] Bluetooth: hci1: command 0x041b tx timeout [ 81.255996] Bluetooth: hci0: command 0x041b tx timeout [ 81.320017] Bluetooth: hci2: command 0x041b tx timeout [ 81.383562] Bluetooth: hci7: command 0x041b tx timeout [ 81.448585] Bluetooth: hci6: command 0x041b tx timeout [ 83.304578] Bluetooth: hci0: command 0x040f tx timeout [ 83.305040] Bluetooth: hci1: command 0x040f tx timeout [ 83.367563] Bluetooth: hci2: command 0x040f tx timeout [ 83.432555] Bluetooth: hci7: command 0x040f tx timeout [ 83.496616] Bluetooth: hci6: command 0x040f tx timeout [ 84.200597] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 84.647594] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 84.647620] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 85.351626] Bluetooth: hci1: command 0x0419 tx timeout [ 85.351651] Bluetooth: hci0: command 0x0419 tx timeout [ 85.415585] Bluetooth: hci2: command 0x0419 tx timeout [ 85.479574] Bluetooth: hci7: command 0x0419 tx timeout [ 85.543643] Bluetooth: hci6: command 0x0419 tx timeout [ 88.679570] Bluetooth: hci3: Opcode 0x c03 failed: -110 VM DIAGNOSIS: 11:23:02 Registers: info registers vcpu 0 RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff82502865 RDI=ffffffff87f10da0 RBP=ffffffff87f10d60 RSP=ffff88800e7bf190 R8 =0000000000000001 R9 =000000000000000a R10=000000000000002d R11=0000000000000001 R12=000000000000002d R13=ffffffff87f10d60 R14=0000000000000010 R15=ffffffff82502850 RIP=ffffffff825028bd RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe2f55ffa000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe2f55ff8000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f8db8ee0650 CR3=0000000015b7c000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=97e3bc1907823c98614e3cde5926a0bc XMM02=6b1e99b806172e3b00000000000aea28 XMM03=375afdebbf381c810000000000120358 XMM04=5fa9b212c0da1586000000000012cc30 XMM05=d3fdd5f48436fbd700000000000aead0 XMM06=a28b2753fe28e08f00000000000ae988 XMM07=a1fcdcf819d7e1e500000000000ae728 XMM08=44495f474f4c5359530069253d595449 XMM09=00000000000000000000000000000000 XMM10=00000000000000000020000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=ffff888016e722b0 RBX=0000000000000041 RCX=0000000000000000 RDX=1ffff11002b2cf8d RSI=ffffffff8189363a RDI=0000000000000005 RBP=ffff888009d19120 RSP=ffff888015967af0 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=ffff888015967c30 R13=dffffc0000000000 R14=0000000000000001 R15=ffff888015967df0 RIP=ffffffff814b75b4 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007ff4f3ff7540 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe29b100c000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe29b100a000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ff4f41924a1 CR3=00000000410bc000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=25252525252525252525252525252525 XMM01=00000000000000000000ffffffffffff XMM02=00000000000000000000ffffffffffff XMM03=65006463682d69636865203a65727020 XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=676f6c206d6f74737563000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000