Warning: Permanently added '[localhost]:23722' (ECDSA) to the list of known hosts. 2022/09/13 13:51:13 fuzzer started 2022/09/13 13:51:13 dialing manager at localhost:36597 syzkaller login: [ 39.276912] cgroup: Unknown subsys name 'net' [ 39.363533] cgroup: Unknown subsys name 'rlimit' 2022/09/13 13:51:26 syscalls: 2215 2022/09/13 13:51:26 code coverage: enabled 2022/09/13 13:51:26 comparison tracing: enabled 2022/09/13 13:51:26 extra coverage: enabled 2022/09/13 13:51:26 setuid sandbox: enabled 2022/09/13 13:51:26 namespace sandbox: enabled 2022/09/13 13:51:26 Android sandbox: enabled 2022/09/13 13:51:26 fault injection: enabled 2022/09/13 13:51:26 leak checking: enabled 2022/09/13 13:51:26 net packet injection: enabled 2022/09/13 13:51:26 net device setup: enabled 2022/09/13 13:51:26 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/13 13:51:26 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/13 13:51:26 USB emulation: enabled 2022/09/13 13:51:26 hci packet injection: enabled 2022/09/13 13:51:26 wifi device emulation: failed to parse kernel version (6.0.0-rc5-next-20220913) 2022/09/13 13:51:26 802.15.4 emulation: enabled 2022/09/13 13:51:26 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/13 13:51:26 fetching corpus: 50, signal 38248/41366 (executing program) 2022/09/13 13:51:27 fetching corpus: 100, signal 49781/54068 (executing program) 2022/09/13 13:51:27 fetching corpus: 150, signal 59641/64942 (executing program) 2022/09/13 13:51:27 fetching corpus: 200, signal 67259/73435 (executing program) 2022/09/13 13:51:27 fetching corpus: 250, signal 72711/79756 (executing program) 2022/09/13 13:51:27 fetching corpus: 300, signal 77918/85708 (executing program) 2022/09/13 13:51:27 fetching corpus: 350, signal 83719/92064 (executing program) 2022/09/13 13:51:28 fetching corpus: 400, signal 91347/99982 (executing program) 2022/09/13 13:51:28 fetching corpus: 450, signal 95719/104782 (executing program) 2022/09/13 13:51:28 fetching corpus: 500, signal 100178/109584 (executing program) 2022/09/13 13:51:28 fetching corpus: 550, signal 102634/112565 (executing program) 2022/09/13 13:51:28 fetching corpus: 600, signal 105122/115537 (executing program) 2022/09/13 13:51:29 fetching corpus: 650, signal 107905/118664 (executing program) 2022/09/13 13:51:29 fetching corpus: 700, signal 109186/120534 (executing program) 2022/09/13 13:51:29 fetching corpus: 750, signal 112277/123820 (executing program) 2022/09/13 13:51:29 fetching corpus: 800, signal 115993/127539 (executing program) 2022/09/13 13:51:29 fetching corpus: 850, signal 118081/129893 (executing program) 2022/09/13 13:51:29 fetching corpus: 900, signal 120113/132150 (executing program) 2022/09/13 13:51:29 fetching corpus: 950, signal 122068/134290 (executing program) 2022/09/13 13:51:30 fetching corpus: 1000, signal 125146/137186 (executing program) 2022/09/13 13:51:30 fetching corpus: 1050, signal 126690/138963 (executing program) 2022/09/13 13:51:30 fetching corpus: 1100, signal 130041/142037 (executing program) 2022/09/13 13:51:30 fetching corpus: 1150, signal 132208/144102 (executing program) 2022/09/13 13:51:30 fetching corpus: 1200, signal 134210/146083 (executing program) 2022/09/13 13:51:30 fetching corpus: 1250, signal 136703/148386 (executing program) 2022/09/13 13:51:31 fetching corpus: 1300, signal 138852/150354 (executing program) 2022/09/13 13:51:31 fetching corpus: 1350, signal 140412/151829 (executing program) 2022/09/13 13:51:31 fetching corpus: 1400, signal 141719/153130 (executing program) 2022/09/13 13:51:31 fetching corpus: 1450, signal 144189/155220 (executing program) 2022/09/13 13:51:31 fetching corpus: 1500, signal 145292/156299 (executing program) 2022/09/13 13:51:31 fetching corpus: 1550, signal 146891/157669 (executing program) 2022/09/13 13:51:32 fetching corpus: 1600, signal 148398/158956 (executing program) 2022/09/13 13:51:32 fetching corpus: 1650, signal 150861/160848 (executing program) 2022/09/13 13:51:32 fetching corpus: 1700, signal 152592/162164 (executing program) 2022/09/13 13:51:32 fetching corpus: 1750, signal 154074/163386 (executing program) 2022/09/13 13:51:32 fetching corpus: 1800, signal 156093/164826 (executing program) 2022/09/13 13:51:33 fetching corpus: 1850, signal 157643/165953 (executing program) 2022/09/13 13:51:33 fetching corpus: 1900, signal 159049/166979 (executing program) 2022/09/13 13:51:33 fetching corpus: 1950, signal 160429/167935 (executing program) 2022/09/13 13:51:33 fetching corpus: 2000, signal 161812/168864 (executing program) 2022/09/13 13:51:33 fetching corpus: 2050, signal 162801/169581 (executing program) 2022/09/13 13:51:33 fetching corpus: 2100, signal 163995/170398 (executing program) 2022/09/13 13:51:34 fetching corpus: 2150, signal 165304/171191 (executing program) 2022/09/13 13:51:34 fetching corpus: 2200, signal 167359/172297 (executing program) 2022/09/13 13:51:34 fetching corpus: 2250, signal 168362/172872 (executing program) 2022/09/13 13:51:34 fetching corpus: 2300, signal 169470/173538 (executing program) 2022/09/13 13:51:34 fetching corpus: 2338, signal 170451/174062 (executing program) 2022/09/13 13:51:34 fetching corpus: 2338, signal 170451/174142 (executing program) 2022/09/13 13:51:34 fetching corpus: 2338, signal 170451/174217 (executing program) 2022/09/13 13:51:34 fetching corpus: 2338, signal 170451/174293 (executing program) 2022/09/13 13:51:34 fetching corpus: 2338, signal 170451/174364 (executing program) 2022/09/13 13:51:34 fetching corpus: 2338, signal 170451/174437 (executing program) 2022/09/13 13:51:34 fetching corpus: 2338, signal 170451/174515 (executing program) 2022/09/13 13:51:34 fetching corpus: 2338, signal 170451/174603 (executing program) 2022/09/13 13:51:34 fetching corpus: 2338, signal 170451/174680 (executing program) 2022/09/13 13:51:34 fetching corpus: 2338, signal 170451/174757 (executing program) 2022/09/13 13:51:34 fetching corpus: 2338, signal 170451/174823 (executing program) 2022/09/13 13:51:34 fetching corpus: 2338, signal 170451/174896 (executing program) 2022/09/13 13:51:34 fetching corpus: 2338, signal 170451/174972 (executing program) 2022/09/13 13:51:34 fetching corpus: 2338, signal 170451/175050 (executing program) 2022/09/13 13:51:34 fetching corpus: 2338, signal 170451/175110 (executing program) 2022/09/13 13:51:34 fetching corpus: 2338, signal 170451/175187 (executing program) 2022/09/13 13:51:34 fetching corpus: 2338, signal 170451/175269 (executing program) 2022/09/13 13:51:34 fetching corpus: 2338, signal 170451/175333 (executing program) 2022/09/13 13:51:34 fetching corpus: 2338, signal 170451/175413 (executing program) 2022/09/13 13:51:34 fetching corpus: 2338, signal 170451/175494 (executing program) 2022/09/13 13:51:34 fetching corpus: 2338, signal 170451/175575 (executing program) 2022/09/13 13:51:34 fetching corpus: 2338, signal 170451/175657 (executing program) 2022/09/13 13:51:34 fetching corpus: 2338, signal 170451/175734 (executing program) 2022/09/13 13:51:34 fetching corpus: 2338, signal 170451/175821 (executing program) 2022/09/13 13:51:34 fetching corpus: 2338, signal 170451/175892 (executing program) 2022/09/13 13:51:34 fetching corpus: 2338, signal 170451/175976 (executing program) 2022/09/13 13:51:34 fetching corpus: 2338, signal 170451/176059 (executing program) 2022/09/13 13:51:34 fetching corpus: 2338, signal 170451/176114 (executing program) 2022/09/13 13:51:34 fetching corpus: 2338, signal 170451/176200 (executing program) 2022/09/13 13:51:34 fetching corpus: 2338, signal 170451/176269 (executing program) 2022/09/13 13:51:34 fetching corpus: 2338, signal 170451/176348 (executing program) 2022/09/13 13:51:35 fetching corpus: 2338, signal 170451/176432 (executing program) 2022/09/13 13:51:35 fetching corpus: 2338, signal 170451/176513 (executing program) 2022/09/13 13:51:35 fetching corpus: 2338, signal 170451/176595 (executing program) 2022/09/13 13:51:35 fetching corpus: 2338, signal 170451/176685 (executing program) 2022/09/13 13:51:35 fetching corpus: 2338, signal 170451/176769 (executing program) 2022/09/13 13:51:35 fetching corpus: 2338, signal 170451/176843 (executing program) 2022/09/13 13:51:35 fetching corpus: 2338, signal 170451/176907 (executing program) 2022/09/13 13:51:35 fetching corpus: 2338, signal 170451/176986 (executing program) 2022/09/13 13:51:35 fetching corpus: 2338, signal 170451/176986 (executing program) 2022/09/13 13:51:37 starting 8 fuzzer processes 13:51:37 executing program 0: socketpair(0x2b, 0x0, 0x0, &(0x7f0000000000)) 13:51:37 executing program 1: mknod(&(0x7f0000008d80)='./file0\x00', 0x0, 0x0) mount$9p_unix(&(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1a901e, 0x0) acct(&(0x7f0000000280)='./file0\x00') perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) umount2(&(0x7f0000000140)='./file0\x00', 0x0) 13:51:37 executing program 2: perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$msdos(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', 0x40, 0x8, &(0x7f0000000600)=[{&(0x7f0000000180)="19aa170f64d2c05856a93a201e68993ae7d7fdc29737e8d7fc2cabfe0b301acc78e6ee2a77947938996b23f372d121ff847768a6a1a1aaf0c214768e", 0x3c, 0xffffffffffffffff}, {&(0x7f0000000300)="7fdc21192b3ae5b6dbaf95bb38c4bda2f6e510ce0ada7dd66a748cf9045f70dcfd66885c76ac3a89dd59b010fbc3aae82694587ad64bd68007461c4a9a2afec0c15793c9bc6c3788cca2da486c715bb7b4a160230227c12488fd0bb38e45839cbfaae85e68d6acee1ba2c2479b29f40e383d816eb219ad43c174f8c043704eb13f230ec0aa3820d2f4c60a4ff0653cfeb3bdce37be0e281489b564e21682a6fe5fdbd7aac25a032d42d9a0fb4ac7c217a84ef844a9ae414a4ccc2588ffc1635943c7af0b9bb6a2ae3e9a4acf7c6d81a9783a699f91695e20dcb109b4a052e26d9d5972728eeabc1cab5b3bde38", 0xed, 0x2}, {&(0x7f00000001c0)="59e7dbf705b62900bc558cb3636fc86735752cdfd24ac1c3c8d17914ec86", 0x1e, 0xfff}, {&(0x7f0000000200)="4b8094ceac712fb90f7832b5a14b81595d178b7210970cce17d968171e20191d0e23bf5ff1ea6cc0c5", 0x29, 0x3f}, {&(0x7f0000000400), 0x0, 0x401}, {&(0x7f0000000500)="267d86da6ee0e1dee6acde8c29c499bf769db210237d5665e45907b63c2331c1d2664ed24405b6eaa511446782fc5c89ef4119a1858b660192945c82d93090739ce374d0a05da7a3265a39178c588ce12f0feeebf0a448914700cad6850cd12e0f559fcb794e35563add3ec571780f74bd44da3047e483ddd90ec4d6", 0x7c, 0x5}, {&(0x7f0000000580)="82b7715aad21f98d2f3b37817f220e12eb18fe6c4d96be2b8b316dfadcdff124695cb9f165340527845f89f71447c8bf88156a46ba2bc5da25514adca6f45d20a3f45330541ad121d047cae0", 0xfffffffffffffde5, 0x800000000000ecb}, {&(0x7f0000000240)="624657a08fffdca5fad87a18ffe23fe2178c0f5966ace6f89776c083527aaadc32e1cb6cb090e09385a601032ab09446107ea01e068e", 0x36, 0x5}], 0x2000000, &(0x7f00000006c0)={[{@dots}, {@dots}, {@dots}, {@dots}]}) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) creat(&(0x7f0000000440)='./file0\x00', 0x2) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x1010c2, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x10000027f) 13:51:37 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$SIOCGSTAMP(r0, 0x8906, 0x0) ioctl$SIOCGSTAMPNS(r0, 0x8907, 0x0) 13:51:37 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0xe57d) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_timeval(r1, 0x1, 0x49, &(0x7f0000000000)={0x77359400}, 0x10) 13:51:37 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [], {0x14}}, 0x28}}, 0x0) [ 63.489305] audit: type=1400 audit(1663077097.974:6): avc: denied { execmem } for pid=284 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 13:51:37 executing program 6: syz_mount_image$tmpfs(&(0x7f00000002c0), &(0x7f0000000300)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={[{@mpol={'mpol', 0x3d, {'interleave', '=static', @val={0x3a, [0x36, 0x2d, 0x36, 0x3a]}}}}]}) 13:51:38 executing program 7: perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x204800, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40042409, 0x1) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00') r2 = dup(r1) fdatasync(r2) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) ioctl$AUTOFS_DEV_IOCTL_READY(r1, 0xc0189376, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1, {0x40}}, './file0\x00'}) preadv2(r3, &(0x7f0000001300)=[{&(0x7f0000000080)=""/193, 0xc1}, {&(0x7f0000000180)=""/250, 0xfa}, {&(0x7f0000000300)=""/4096, 0x1000}], 0x3, 0x80000000, 0x66, 0x18) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x90) ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000040)) pwrite64(r4, &(0x7f0000001340)="8ecb7e02000000000000002ab37eb9", 0xf, 0x8048c00) r5 = openat(r4, 0x0, 0x422e1, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r0, 0x40089413, &(0x7f0000001380)=0x100000) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) fallocate(r6, 0x0, 0x0, 0x87ffffc) r7 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000013c0), 0x840, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r7, 0x2401, 0x7) sendfile(r6, r5, 0x0, 0x80000000) [ 64.890226] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 64.892859] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 64.900217] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 64.901595] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 64.903345] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 64.905191] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 64.906908] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 64.908490] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 64.909726] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 64.910943] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 64.912719] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 64.914011] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 64.915644] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 64.916797] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 64.918478] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 64.920082] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 64.921597] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 64.925104] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 64.930665] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 64.932048] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 64.933366] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 64.934511] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 64.936117] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 64.937771] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 64.939021] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 64.940745] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 64.941917] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 64.943115] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 64.950428] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 64.951561] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 64.952805] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 64.954040] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 64.954114] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 64.955087] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 64.956085] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 64.965400] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 64.967331] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 64.968745] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 64.970144] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 64.974709] Bluetooth: hci2: HCI_REQ-0x0c1a [ 64.978924] Bluetooth: hci5: HCI_REQ-0x0c1a [ 64.980960] Bluetooth: hci3: HCI_REQ-0x0c1a [ 64.993235] Bluetooth: hci7: HCI_REQ-0x0c1a [ 64.993723] Bluetooth: hci0: HCI_REQ-0x0c1a [ 65.001394] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 65.002873] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 65.003237] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 65.009616] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 65.011331] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 65.012800] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 65.021283] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 65.026190] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 65.029998] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 65.044175] Bluetooth: hci1: HCI_REQ-0x0c1a [ 65.048057] Bluetooth: hci4: HCI_REQ-0x0c1a [ 65.049109] Bluetooth: hci6: HCI_REQ-0x0c1a [ 66.994614] Bluetooth: hci2: command 0x0409 tx timeout [ 67.056872] Bluetooth: hci5: command 0x0409 tx timeout [ 67.057407] Bluetooth: hci3: command 0x0409 tx timeout [ 67.057911] Bluetooth: hci6: command 0x0409 tx timeout [ 67.058421] Bluetooth: hci1: command 0x0409 tx timeout [ 67.058878] Bluetooth: hci4: command 0x0409 tx timeout [ 67.059352] Bluetooth: hci0: command 0x0409 tx timeout [ 67.059770] Bluetooth: hci7: command 0x0409 tx timeout [ 69.041185] Bluetooth: hci2: command 0x041b tx timeout [ 69.105008] Bluetooth: hci7: command 0x041b tx timeout [ 69.105966] Bluetooth: hci0: command 0x041b tx timeout [ 69.106739] Bluetooth: hci4: command 0x041b tx timeout [ 69.108159] Bluetooth: hci1: command 0x041b tx timeout [ 69.108967] Bluetooth: hci6: command 0x041b tx timeout [ 69.109791] Bluetooth: hci3: command 0x041b tx timeout [ 69.110651] Bluetooth: hci5: command 0x041b tx timeout [ 71.088913] Bluetooth: hci2: command 0x040f tx timeout [ 71.153910] Bluetooth: hci5: command 0x040f tx timeout [ 71.154443] Bluetooth: hci3: command 0x040f tx timeout [ 71.155552] Bluetooth: hci6: command 0x040f tx timeout [ 71.156001] Bluetooth: hci1: command 0x040f tx timeout [ 71.157006] Bluetooth: hci4: command 0x040f tx timeout [ 71.157677] Bluetooth: hci0: command 0x040f tx timeout [ 71.158537] Bluetooth: hci7: command 0x040f tx timeout [ 73.136874] Bluetooth: hci2: command 0x0419 tx timeout [ 73.201947] Bluetooth: hci7: command 0x0419 tx timeout [ 73.202587] Bluetooth: hci0: command 0x0419 tx timeout [ 73.203210] Bluetooth: hci4: command 0x0419 tx timeout [ 73.203754] Bluetooth: hci1: command 0x0419 tx timeout [ 73.204792] Bluetooth: hci6: command 0x0419 tx timeout [ 73.205887] Bluetooth: hci3: command 0x0419 tx timeout [ 73.206443] Bluetooth: hci5: command 0x0419 tx timeout [ 121.921079] audit: type=1400 audit(1663077156.405:7): avc: denied { open } for pid=3889 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 121.924187] audit: type=1400 audit(1663077156.406:8): avc: denied { kernel } for pid=3889 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 121.942734] hrtimer: interrupt took 27271 ns [ 121.949430] ------------[ cut here ]------------ [ 121.949462] [ 121.949467] ====================================================== [ 121.949473] WARNING: possible circular locking dependency detected [ 121.949480] 6.0.0-rc5-next-20220913 #1 Not tainted [ 121.949492] ------------------------------------------------------ [ 121.949497] syz-executor.7/3890 is trying to acquire lock: [ 121.949508] ffffffff853fa878 ((console_sem).lock){-...}-{2:2}, at: down_trylock+0xe/0x70 [ 121.949570] [ 121.949570] but task is already holding lock: [ 121.949574] ffff888008918020 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 121.949623] [ 121.949623] which lock already depends on the new lock. [ 121.949623] [ 121.949628] [ 121.949628] the existing dependency chain (in reverse order) is: [ 121.949634] [ 121.949634] -> #3 (&ctx->lock){....}-{2:2}: [ 121.949659] _raw_spin_lock+0x2a/0x40 [ 121.949688] __perf_event_task_sched_out+0x53b/0x18d0 [ 121.949711] __schedule+0xedd/0x2470 [ 121.949729] preempt_schedule_common+0x45/0xc0 [ 121.949749] __cond_resched+0x17/0x30 [ 121.949767] __mutex_lock+0xa3/0x14d0 [ 121.949788] __do_sys_perf_event_open+0x1eec/0x32c0 [ 121.949811] do_syscall_64+0x3b/0x90 [ 121.949836] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 121.949867] [ 121.949867] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 121.949893] _raw_spin_lock_nested+0x30/0x40 [ 121.949920] raw_spin_rq_lock_nested+0x1e/0x30 [ 121.949943] task_fork_fair+0x63/0x4d0 [ 121.949974] sched_cgroup_fork+0x3d0/0x540 [ 121.950001] copy_process+0x3f9e/0x6df0 [ 121.950019] kernel_clone+0xe7/0x890 [ 121.950037] user_mode_thread+0xad/0xf0 [ 121.950055] rest_init+0x24/0x250 [ 121.950112] arch_call_rest_init+0xf/0x14 [ 121.950147] start_kernel+0x4c1/0x4e6 [ 121.950179] secondary_startup_64_no_verify+0xe0/0xeb [ 121.950204] [ 121.950204] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 121.950230] _raw_spin_lock_irqsave+0x39/0x60 [ 121.950258] try_to_wake_up+0xab/0x1920 [ 121.950282] up+0x75/0xb0 [ 121.950303] __up_console_sem+0x6e/0x80 [ 121.950332] console_unlock+0x46a/0x590 [ 121.950362] vt_ioctl+0x2822/0x2ca0 [ 121.950384] tty_ioctl+0x7c4/0x1700 [ 121.950404] __x64_sys_ioctl+0x19a/0x210 [ 121.950431] do_syscall_64+0x3b/0x90 [ 121.950455] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 121.950487] [ 121.950487] -> #0 ((console_sem).lock){-...}-{2:2}: [ 121.950514] __lock_acquire+0x2a02/0x5e70 [ 121.950547] lock_acquire+0x1a2/0x530 [ 121.950577] _raw_spin_lock_irqsave+0x39/0x60 [ 121.950605] down_trylock+0xe/0x70 [ 121.950628] __down_trylock_console_sem+0x3b/0xd0 [ 121.950658] vprintk_emit+0x16b/0x560 [ 121.950689] vprintk+0x84/0xa0 [ 121.950720] _printk+0xba/0xf1 [ 121.950751] report_bug.cold+0x72/0xab [ 121.950774] handle_bug+0x3c/0x70 [ 121.950798] exc_invalid_op+0x14/0x50 [ 121.950822] asm_exc_invalid_op+0x16/0x20 [ 121.950852] group_sched_out.part.0+0x2c7/0x460 [ 121.950871] ctx_sched_out+0x8f1/0xc10 [ 121.950889] __perf_event_task_sched_out+0x6d0/0x18d0 [ 121.950912] __schedule+0xedd/0x2470 [ 121.950929] preempt_schedule_common+0x45/0xc0 [ 121.950950] __cond_resched+0x17/0x30 [ 121.950968] __mutex_lock+0xa3/0x14d0 [ 121.950989] __do_sys_perf_event_open+0x1eec/0x32c0 [ 121.951012] do_syscall_64+0x3b/0x90 [ 121.951036] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 121.951068] [ 121.951068] other info that might help us debug this: [ 121.951068] [ 121.951072] Chain exists of: [ 121.951072] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 121.951072] [ 121.951100] Possible unsafe locking scenario: [ 121.951100] [ 121.951104] CPU0 CPU1 [ 121.951108] ---- ---- [ 121.951112] lock(&ctx->lock); [ 121.951122] lock(&rq->__lock); [ 121.951134] lock(&ctx->lock); [ 121.951145] lock((console_sem).lock); [ 121.951156] [ 121.951156] *** DEADLOCK *** [ 121.951156] [ 121.951159] 2 locks held by syz-executor.7/3890: [ 121.951172] #0: ffff88806cf37cd8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 121.951219] #1: ffff888008918020 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 121.951270] [ 121.951270] stack backtrace: [ 121.951275] CPU: 1 PID: 3890 Comm: syz-executor.7 Not tainted 6.0.0-rc5-next-20220913 #1 [ 121.951298] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 121.951312] Call Trace: [ 121.951318] [ 121.951324] dump_stack_lvl+0x8b/0xb3 [ 121.951351] check_noncircular+0x263/0x2e0 [ 121.951382] ? format_decode+0x26c/0xb50 [ 121.951408] ? print_circular_bug+0x450/0x450 [ 121.951441] ? enable_ptr_key_workfn+0x20/0x20 [ 121.951466] ? __lockdep_reset_lock+0x180/0x180 [ 121.951498] ? format_decode+0x26c/0xb50 [ 121.951527] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 121.951560] __lock_acquire+0x2a02/0x5e70 [ 121.951601] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 121.951643] lock_acquire+0x1a2/0x530 [ 121.951675] ? down_trylock+0xe/0x70 [ 121.951702] ? rcu_read_unlock+0x40/0x40 [ 121.951742] ? vprintk+0x84/0xa0 [ 121.951776] _raw_spin_lock_irqsave+0x39/0x60 [ 121.951805] ? down_trylock+0xe/0x70 [ 121.951830] down_trylock+0xe/0x70 [ 121.951855] ? vprintk+0x84/0xa0 [ 121.951887] __down_trylock_console_sem+0x3b/0xd0 [ 121.951920] vprintk_emit+0x16b/0x560 [ 121.951956] vprintk+0x84/0xa0 [ 121.951989] _printk+0xba/0xf1 [ 121.952022] ? record_print_text.cold+0x16/0x16 [ 121.952059] ? hrtimer_try_to_cancel+0x163/0x2c0 [ 121.952084] ? lock_downgrade+0x6d0/0x6d0 [ 121.952117] ? report_bug.cold+0x66/0xab [ 121.952144] ? group_sched_out.part.0+0x2c7/0x460 [ 121.952165] report_bug.cold+0x72/0xab [ 121.952192] handle_bug+0x3c/0x70 [ 121.952218] exc_invalid_op+0x14/0x50 [ 121.952245] asm_exc_invalid_op+0x16/0x20 [ 121.952277] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 121.952301] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 121.952322] RSP: 0018:ffff88801c097978 EFLAGS: 00010006 [ 121.952338] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 121.952352] RDX: ffff888015c55040 RSI: ffffffff81566027 RDI: 0000000000000005 [ 121.952366] RBP: ffff88801b3c8000 R08: 0000000000000005 R09: 0000000000000001 [ 121.952380] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888008918000 [ 121.952393] R13: ffff88806cf3d100 R14: ffffffff8547bfc0 R15: 0000000000000002 [ 121.952413] ? group_sched_out.part.0+0x2c7/0x460 [ 121.952438] ? group_sched_out.part.0+0x2c7/0x460 [ 121.952461] ctx_sched_out+0x8f1/0xc10 [ 121.952485] __perf_event_task_sched_out+0x6d0/0x18d0 [ 121.952513] ? lock_is_held_type+0xd7/0x130 [ 121.952547] ? __perf_cgroup_move+0x160/0x160 [ 121.952569] ? set_next_entity+0x304/0x550 [ 121.952603] ? update_curr+0x267/0x740 [ 121.952638] ? lock_is_held_type+0xd7/0x130 [ 121.952672] __schedule+0xedd/0x2470 [ 121.952696] ? io_schedule_timeout+0x150/0x150 [ 121.952717] ? find_held_lock+0x2c/0x110 [ 121.952748] ? lock_is_held_type+0xd7/0x130 [ 121.952780] ? __cond_resched+0x17/0x30 [ 121.952801] preempt_schedule_common+0x45/0xc0 [ 121.952825] __cond_resched+0x17/0x30 [ 121.952844] __mutex_lock+0xa3/0x14d0 [ 121.952868] ? lock_is_held_type+0xd7/0x130 [ 121.952900] ? __do_sys_perf_event_open+0x1eec/0x32c0 [ 121.952928] ? mutex_lock_io_nested+0x1310/0x1310 [ 121.952951] ? lock_release+0x3b2/0x750 [ 121.952984] ? __up_read+0x192/0x730 [ 121.953011] ? up_write+0x480/0x480 [ 121.953043] __do_sys_perf_event_open+0x1eec/0x32c0 [ 121.953073] ? __up_read+0x192/0x730 [ 121.953099] ? perf_compat_ioctl+0x130/0x130 [ 121.953123] ? up_write+0x480/0x480 [ 121.953157] ? syscall_enter_from_user_mode+0x1d/0x50 [ 121.953191] ? syscall_enter_from_user_mode+0x1d/0x50 [ 121.953229] do_syscall_64+0x3b/0x90 [ 121.953255] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 121.953288] RIP: 0033:0x7f0957454b19 [ 121.953304] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 121.953324] RSP: 002b:00007f09549ca188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 121.953344] RAX: ffffffffffffffda RBX: 00007f0957567f60 RCX: 00007f0957454b19 [ 121.953359] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000280 [ 121.953373] RBP: 00007f09574aef6d R08: 0000000000000000 R09: 0000000000000000 [ 121.953386] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 121.953400] R13: 00007ffc7b8a696f R14: 00007f09549ca300 R15: 0000000000022000 [ 121.953423] [ 122.066168] WARNING: CPU: 1 PID: 3890 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 122.067450] Modules linked in: [ 122.067899] CPU: 1 PID: 3890 Comm: syz-executor.7 Not tainted 6.0.0-rc5-next-20220913 #1 [ 122.069037] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 122.070593] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 122.071360] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 122.073841] RSP: 0018:ffff88801c097978 EFLAGS: 00010006 [ 122.074597] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 122.075579] RDX: ffff888015c55040 RSI: ffffffff81566027 RDI: 0000000000000005 [ 122.076561] RBP: ffff88801b3c8000 R08: 0000000000000005 R09: 0000000000000001 [ 122.077550] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888008918000 [ 122.078560] R13: ffff88806cf3d100 R14: ffffffff8547bfc0 R15: 0000000000000002 [ 122.079539] FS: 00007f09549ca700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 122.080643] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.081448] CR2: 00007fd70a500000 CR3: 000000000effc000 CR4: 0000000000350ee0 [ 122.082453] Call Trace: [ 122.082817] [ 122.083152] ctx_sched_out+0x8f1/0xc10 [ 122.083694] __perf_event_task_sched_out+0x6d0/0x18d0 [ 122.084420] ? lock_is_held_type+0xd7/0x130 [ 122.085040] ? __perf_cgroup_move+0x160/0x160 [ 122.085669] ? set_next_entity+0x304/0x550 [ 122.086329] ? update_curr+0x267/0x740 [ 122.086890] ? lock_is_held_type+0xd7/0x130 [ 122.087516] __schedule+0xedd/0x2470 [ 122.088065] ? io_schedule_timeout+0x150/0x150 [ 122.088694] ? find_held_lock+0x2c/0x110 [ 122.089272] ? lock_is_held_type+0xd7/0x130 [ 122.089882] ? __cond_resched+0x17/0x30 [ 122.090470] preempt_schedule_common+0x45/0xc0 [ 122.091126] __cond_resched+0x17/0x30 [ 122.091656] __mutex_lock+0xa3/0x14d0 [ 122.092210] ? lock_is_held_type+0xd7/0x130 [ 122.092816] ? __do_sys_perf_event_open+0x1eec/0x32c0 [ 122.093542] ? mutex_lock_io_nested+0x1310/0x1310 [ 122.094244] ? lock_release+0x3b2/0x750 [ 122.094808] ? __up_read+0x192/0x730 [ 122.095359] ? up_write+0x480/0x480 [ 122.095866] __do_sys_perf_event_open+0x1eec/0x32c0 [ 122.096543] ? __up_read+0x192/0x730 [ 122.097077] ? perf_compat_ioctl+0x130/0x130 [ 122.097674] ? up_write+0x480/0x480 [ 122.098224] ? syscall_enter_from_user_mode+0x1d/0x50 [ 122.098946] ? syscall_enter_from_user_mode+0x1d/0x50 [ 122.099651] do_syscall_64+0x3b/0x90 [ 122.100185] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 122.100890] RIP: 0033:0x7f0957454b19 [ 122.101416] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 122.103816] RSP: 002b:00007f09549ca188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 122.104832] RAX: ffffffffffffffda RBX: 00007f0957567f60 RCX: 00007f0957454b19 [ 122.105775] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000280 [ 122.106754] RBP: 00007f09574aef6d R08: 0000000000000000 R09: 0000000000000000 [ 122.107717] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 122.108666] R13: 00007ffc7b8a696f R14: 00007f09549ca300 R15: 0000000000022000 [ 122.109637] [ 122.109982] irq event stamp: 1158 [ 122.110461] hardirqs last enabled at (1157): [] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 122.111770] hardirqs last disabled at (1158): [] __schedule+0x1225/0x2470 [ 122.112890] softirqs last enabled at (1156): [] __irq_exit_rcu+0x11b/0x180 [ 122.114107] softirqs last disabled at (617): [] __irq_exit_rcu+0x11b/0x180 [ 122.115266] ---[ end trace 0000000000000000 ]--- 13:52:36 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [], {0x14}}, 0x28}}, 0x0) 13:52:36 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [], {0x14}}, 0x28}}, 0x0) 13:52:36 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$SIOCGSTAMP(r0, 0x8906, 0x0) ioctl$SIOCGSTAMPNS(r0, 0x8907, 0x0) 13:52:37 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [], {0x14}}, 0x28}}, 0x0) 13:52:37 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$SIOCGSTAMP(r0, 0x8906, 0x0) ioctl$SIOCGSTAMPNS(r0, 0x8907, 0x0) [ 122.629318] audit: type=1400 audit(1663077157.099:9): avc: denied { write } for pid=3932 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 122.655678] Process accounting resumed 13:52:37 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$SIOCGSTAMP(r0, 0x8906, 0x0) ioctl$SIOCGSTAMPNS(r0, 0x8907, 0x0) 13:52:37 executing program 5: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x4) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') sendmsg$SOCK_DESTROY(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000600)=ANY=[@ANYBLOB="300100001500040028bd7000fcdbdf252b083d000100a45ae428936b6a4b1162cfed7ad73ce5ff1fd9835f01c4216ba72de85642df2d031dbc586692b80da0d695b7bbd5c4c8d0328a0c7fd0bfc37a0000003800010024f73f3912cab6c6c6372f527412174e5fa68fcb7ab51a7be90dcf202e775e73bd43ca8c09273a81bd853449efd85556ef776903a1000100d79ab5a4bf43fedcca3971ce1dcc6cc5acc0488e1a45e38f2ec8ab3d5483a97f270b929a207edf05b226fefb3203a4354c4e041ccda50f4d485bcabdb3e218bd3ffe7ae3535d1eebcbc41cd329b13ebd56a6ae6b0323cdf2acdbed5128c6f3e8d081b46cb344d96a07cf42d378ac67949e8ae1c2f908c886711083e12b4b7281c6b01e9425199330d0c0a4edc034a68687a1fd30a230dd7501538a83b0000000000067f3238979cb4c52a3f86cd7b866300ba3eed81383dcbef2b47da17a0dee570179ae0b7f82847989c6b6e2d20cb3ae755cee324faaac46a818"], 0x130}, 0x1, 0x0, 0x0, 0x4}, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r2 = openat2(r0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0xb) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r3) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r4, 0x3305) mremap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) mremap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000ffa000/0x2000)=nil) shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ff5000/0x2000)=nil) [ 122.819668] random: crng reseeded on system resumption [ 122.821295] Restarting kernel threads ... done. 13:52:37 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$bt_hci(r0, 0x0, 0x3, 0x0, &(0x7f0000000040)) [ 122.932283] Process accounting resumed [ 123.062968] random: crng reseeded on system resumption [ 123.065827] Restarting kernel threads ... done. [ 123.359395] tmpfs: Bad value for 'mpol' [ 123.362301] tmpfs: Bad value for 'mpol' [ 125.831338] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 125.832718] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 125.834543] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 125.836930] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 125.838552] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 125.841028] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 125.844365] Bluetooth: hci1: HCI_REQ-0x0c1a [ 127.856892] Bluetooth: hci1: command 0x0409 tx timeout [ 129.904889] Bluetooth: hci1: command 0x041b tx timeout [ 131.952859] Bluetooth: hci1: command 0x040f tx timeout VM DIAGNOSIS: 13:52:36 Registers: info registers vcpu 0 RAX=0000000000000030 RBX=dffffc0000000000 RCX=0000000000000000 RDX=0000000000000000 RSI=ffffffff8153b500 RDI=ffffc90000650082 RBP=ffff8880188d7d28 RSP=ffff8880188d7c58 R8 =0000000000000006 R9 =0000000000000101 R10=0000000040000000 R11=0000000000000001 R12=0000000040000000 R13=ffff8880188d7d60 R14=0000000000000101 R15=ffffc90000650208 RIP=ffffffff81461740 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f41581d4900 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f41575dff70 CR3=000000000f252000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM01=0000000000000000 0000000000000000 3030623438613630 3638616663356134 YMM02=0000000000000000 0000000000000000 3830306234386136 3036386166633561 YMM03=0000000000000000 0000000000000000 2f6c616e72756f6a 2f676f6c2f6e7572 YMM04=0000000000000000 0000000000000000 bf480ff1637f50a8 0000000000135490 YMM05=0000000000000000 0000000000000000 d3fdd5f48436fbd7 00000000000aead0 YMM06=0000000000000000 0000000000000000 a2f33f16ea14d8c8 00000000000ae988 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 44495f474f4c5359 530069253d595449 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 2000000000000000 2000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff822b253c RDI=ffffffff8763fae0 RBP=ffffffff8763faa0 RSP=ffff88801c097370 R8 =0000000000000004 R9 =0000000000000010 R10=0000000000000010 R11=0000000000000001 R12=0000000000002710 R13=0000000000000020 R14=fffffbfff0ec7fab R15=dffffc0000000000 RIP=ffffffff822b2591 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f09549ca700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fd70a500000 CR3=000000000effc000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 ffff00ffffffffff ffffffffffff00ff YMM02=0000000000000000 0000000000000000 4c4700362e322e32 5f4342494c470035 YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000470035 YMM04=0000000000000000 0000000000000000 4342494c4700362e 322e325f4342494c YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000