Warning: Permanently added '[localhost]:37470' (ECDSA) to the list of known hosts. 2022/10/01 02:52:43 fuzzer started 2022/10/01 02:52:44 dialing manager at localhost:35095 syzkaller login: [ 45.133335] cgroup: Unknown subsys name 'net' [ 45.367697] cgroup: Unknown subsys name 'rlimit' 2022/10/01 02:52:58 syscalls: 2215 2022/10/01 02:52:58 code coverage: enabled 2022/10/01 02:52:58 comparison tracing: enabled 2022/10/01 02:52:58 extra coverage: enabled 2022/10/01 02:52:58 setuid sandbox: enabled 2022/10/01 02:52:58 namespace sandbox: enabled 2022/10/01 02:52:58 Android sandbox: enabled 2022/10/01 02:52:58 fault injection: enabled 2022/10/01 02:52:58 leak checking: enabled 2022/10/01 02:52:58 net packet injection: enabled 2022/10/01 02:52:58 net device setup: enabled 2022/10/01 02:52:58 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/10/01 02:52:58 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/10/01 02:52:58 USB emulation: enabled 2022/10/01 02:52:58 hci packet injection: enabled 2022/10/01 02:52:58 wifi device emulation: failed to parse kernel version (6.0.0-rc7-next-20220930) 2022/10/01 02:52:58 802.15.4 emulation: enabled 2022/10/01 02:52:58 fetching corpus: 0, signal 0/2000 (executing program) 2022/10/01 02:52:58 fetching corpus: 24, signal 16308/19867 (executing program) 2022/10/01 02:52:59 fetching corpus: 63, signal 36149/40621 (executing program) 2022/10/01 02:52:59 fetching corpus: 113, signal 44409/49887 (executing program) 2022/10/01 02:52:59 fetching corpus: 163, signal 50686/57082 (executing program) 2022/10/01 02:52:59 fetching corpus: 213, signal 56500/63712 (executing program) 2022/10/01 02:52:59 fetching corpus: 263, signal 60612/68652 (executing program) 2022/10/01 02:52:59 fetching corpus: 313, signal 65708/74311 (executing program) 2022/10/01 02:52:59 fetching corpus: 363, signal 69762/78862 (executing program) 2022/10/01 02:52:59 fetching corpus: 413, signal 74004/83503 (executing program) 2022/10/01 02:52:59 fetching corpus: 463, signal 76167/86299 (executing program) 2022/10/01 02:53:00 fetching corpus: 513, signal 80834/91016 (executing program) 2022/10/01 02:53:00 fetching corpus: 563, signal 82783/93536 (executing program) 2022/10/01 02:53:00 fetching corpus: 613, signal 84637/95827 (executing program) 2022/10/01 02:53:00 fetching corpus: 663, signal 87101/98507 (executing program) 2022/10/01 02:53:00 fetching corpus: 713, signal 89032/100832 (executing program) 2022/10/01 02:53:00 fetching corpus: 763, signal 91447/103390 (executing program) 2022/10/01 02:53:00 fetching corpus: 813, signal 94582/106482 (executing program) 2022/10/01 02:53:00 fetching corpus: 863, signal 96381/108452 (executing program) 2022/10/01 02:53:01 fetching corpus: 913, signal 97868/110205 (executing program) 2022/10/01 02:53:01 fetching corpus: 963, signal 99845/112244 (executing program) 2022/10/01 02:53:01 fetching corpus: 1013, signal 100907/113569 (executing program) 2022/10/01 02:53:01 fetching corpus: 1063, signal 102406/115162 (executing program) 2022/10/01 02:53:01 fetching corpus: 1113, signal 104471/117132 (executing program) 2022/10/01 02:53:01 fetching corpus: 1163, signal 105936/118554 (executing program) 2022/10/01 02:53:01 fetching corpus: 1213, signal 107488/120062 (executing program) 2022/10/01 02:53:01 fetching corpus: 1263, signal 108524/121170 (executing program) 2022/10/01 02:53:02 fetching corpus: 1313, signal 110378/122745 (executing program) 2022/10/01 02:53:02 fetching corpus: 1363, signal 112187/124267 (executing program) 2022/10/01 02:53:02 fetching corpus: 1413, signal 114186/125780 (executing program) 2022/10/01 02:53:02 fetching corpus: 1463, signal 116992/127669 (executing program) 2022/10/01 02:53:02 fetching corpus: 1513, signal 118013/128702 (executing program) 2022/10/01 02:53:02 fetching corpus: 1563, signal 119073/129594 (executing program) 2022/10/01 02:53:02 fetching corpus: 1613, signal 120305/130552 (executing program) 2022/10/01 02:53:02 fetching corpus: 1663, signal 121909/131659 (executing program) 2022/10/01 02:53:03 fetching corpus: 1713, signal 123049/132485 (executing program) 2022/10/01 02:53:03 fetching corpus: 1763, signal 124350/133386 (executing program) 2022/10/01 02:53:03 fetching corpus: 1813, signal 125186/134043 (executing program) 2022/10/01 02:53:03 fetching corpus: 1863, signal 126014/134625 (executing program) 2022/10/01 02:53:03 fetching corpus: 1913, signal 126953/135309 (executing program) 2022/10/01 02:53:03 fetching corpus: 1963, signal 128136/135975 (executing program) 2022/10/01 02:53:03 fetching corpus: 2013, signal 129349/136633 (executing program) 2022/10/01 02:53:04 fetching corpus: 2063, signal 131287/137582 (executing program) 2022/10/01 02:53:04 fetching corpus: 2113, signal 132043/138005 (executing program) 2022/10/01 02:53:04 fetching corpus: 2163, signal 133884/138745 (executing program) 2022/10/01 02:53:04 fetching corpus: 2213, signal 135177/139283 (executing program) 2022/10/01 02:53:04 fetching corpus: 2263, signal 135855/139580 (executing program) 2022/10/01 02:53:04 fetching corpus: 2313, signal 136725/139950 (executing program) 2022/10/01 02:53:04 fetching corpus: 2363, signal 138089/140526 (executing program) 2022/10/01 02:53:04 fetching corpus: 2379, signal 138644/140759 (executing program) 2022/10/01 02:53:04 fetching corpus: 2379, signal 138644/140798 (executing program) 2022/10/01 02:53:04 fetching corpus: 2379, signal 138644/140837 (executing program) 2022/10/01 02:53:04 fetching corpus: 2379, signal 138644/140893 (executing program) 2022/10/01 02:53:04 fetching corpus: 2379, signal 138644/140928 (executing program) 2022/10/01 02:53:04 fetching corpus: 2379, signal 138644/140958 (executing program) 2022/10/01 02:53:04 fetching corpus: 2379, signal 138644/141004 (executing program) 2022/10/01 02:53:04 fetching corpus: 2379, signal 138644/141054 (executing program) 2022/10/01 02:53:04 fetching corpus: 2379, signal 138644/141097 (executing program) 2022/10/01 02:53:04 fetching corpus: 2379, signal 138644/141139 (executing program) 2022/10/01 02:53:04 fetching corpus: 2379, signal 138644/141189 (executing program) 2022/10/01 02:53:04 fetching corpus: 2379, signal 138644/141236 (executing program) 2022/10/01 02:53:04 fetching corpus: 2379, signal 138644/141276 (executing program) 2022/10/01 02:53:04 fetching corpus: 2379, signal 138644/141325 (executing program) 2022/10/01 02:53:04 fetching corpus: 2379, signal 138644/141362 (executing program) 2022/10/01 02:53:04 fetching corpus: 2379, signal 138644/141408 (executing program) 2022/10/01 02:53:04 fetching corpus: 2379, signal 138644/141446 (executing program) 2022/10/01 02:53:04 fetching corpus: 2379, signal 138644/141502 (executing program) 2022/10/01 02:53:04 fetching corpus: 2379, signal 138644/141553 (executing program) 2022/10/01 02:53:04 fetching corpus: 2379, signal 138644/141595 (executing program) 2022/10/01 02:53:04 fetching corpus: 2379, signal 138644/141599 (executing program) 2022/10/01 02:53:04 fetching corpus: 2379, signal 138644/141599 (executing program) 2022/10/01 02:53:07 starting 8 fuzzer processes 02:53:07 executing program 0: mknod(&(0x7f0000008d80)='./file0\x00', 0x0, 0x0) mount$9p_unix(&(0x7f0000000180)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x12b008, 0x0) creat(&(0x7f0000000240)='./file1\x00', 0x0) mount$9p_unix(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file1\x00', 0x0, 0x2000, 0x0) 02:53:07 executing program 1: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f0000000380)=0xffffffff, 0x4) 02:53:07 executing program 2: r0 = shmget$private(0x0, 0x3000, 0x54001b05, &(0x7f0000ff9000/0x3000)=nil) shmctl$IPC_RMID(r0, 0x0) 02:53:07 executing program 4: keyctl$chown(0x4, 0x0, 0xee01, 0xffffffffffffffff) 02:53:07 executing program 3: fsconfig$FSCONFIG_SET_PATH(0xffffffffffffffff, 0x3, 0x0, &(0x7f0000000040)='./file0\x00', 0xffffffffffffff9c) unlinkat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x57, 0x4, &(0x7f00000012c0)=[{&(0x7f0000000140)="c11c880d6555942e9a59f678ff9c8adb4c67", 0x12, 0x9}, {&(0x7f0000000240)="bb75012cd004e178ae0c0104f877d24b3445e28dcfdd586e6716ee4939bd787f455a148fe4c7fe94ab0878c3c1222f93c840fca22504e17041e883499849aae5fb221187e00436bb4def13925b882825bec6147697976774c0612b802578b88d7e13afa80dccb5e5e10bdc1ef7d4f9aa58a5e525f5a261c342f12afe5c374bb0f5aa6f4d671c54bdba2d50de7e0fcdd7ea998bcb2c22a03bb41d13f4f6c0958de49b503491227e57fd80ce2157c096e72bc8f6e144baa0a4b0a11c965de31a7710838321331e9ac5c362172b9eb9cb5d9ae5880c2e352feed6d99ab6f93a1e9d81c3bc8f68c53b09e806af70ddbcff302aa0cd2ec7167177f67941069b36459b6701ac6f23347ef3964aa286544cb126e7e3cb5be056e84a0a811028e03ec93941d90378b38b0d1079dd37bf339cebf2969d4229572627c2198b524c1ccfb4825b6db5b3e401b02e808beec6d3be104c4e9d4511526b1f8020d9adb3b9322f351c7fe39d83fdedfba35bbb22f925144269ca7b4216d4fc6a7e2015810a62cd415f628e828842841df22154710d7d39e2eb12704af20e216a2d11c9f2d3672275f1ea0f3f23f68d8f243fd3a2816cd789da47113d247e410ae29d63788ec72b7a1801c81945f5ad71aec71f7997297bc94b165fb97e593937ebec1d5b2983d05f285f66fd4001aeccf7afc33fdcf3c1bc483662a38fdd9c6c650f80689fd52653bb519d5ee589922abc70d9feb4a494d871bad2dd7d654248bb073d9ad01a9a6ce388fbe8f19d58653271176f441b4cdcae42aa998b7802fc2a97e9553798ef28512233d9850b1064dd226b5046cd44d3473261381c291786a9c7e41a36af87ccc250ca151534e4cd8c21dda52b8b7d647aff0db27bdc6b541291a5f5e071a4599c7d5a60091468a872f7e4d6a439f595825b04b3876ab3c606766bedbab8633505fd9a504f29ca6e5940a4257bfc8ce03b0661a6d68b6b4ef150c0f81a39fa569d89ef1f0ada632216bebc5b4c87728320fe27bebba7b9f062d9c67cb1e2d97073ba63c7d5d316f3643bca9b6bf75abaf9b42b931fe13d62e90aa4baff7280a558996af3c60d3599ec3430d82936bc511bb133e119862e43cbd90736e2ce1ba45cf5db05fc172b05aad232dc549b7734526b952a1d208c2f3ecd2810aa62b8cda06bd1135ec682eb03d908c61136c81ac81f50fbf0f78206de1f2907878c68abd4f4a2856c9a1daed04b4e3966e8d66fb08eabaa6cfd7eee4f9c4abde3f4c4bf3d7e78c03d88ece4314951d991cb643bf7dea7b28630d68234c44400a658bc5103370fe9b537993352f43c3eabcb05b1d24a0eecbc6fa9ea4707f45d57ab31a95f1ea4e5a3c3860ea9ac72b91d2f7b642119cb05f30744e2432b40c6bd19c9d1e5ae80b00040c4ab11b74ad4faebc5c583e30556d5f63d44052e2e9d038d6c4ca508f34f8aad7061a2bcad2527d7fc5bec6ad78f720718173750adbe9f54b1d553e4cb78d7c6f7dc0aeb539f605d9767babbae595f354f16f2c72e5c5f24fb9f94b868d62ccced83df020c05046b1f0104020e61f0fb33e8fa8442a89c388a846b667e358482213f77b71dddab1b65da65a6d220ebaee2d9b50ee51f530155b9f8ac779d47c462b160660c8ed930d17201e71703394084167c1a9e887180f4b55d2bb82dbd9795b4a59f158bcdea2b0484656f2b13cdbd42fb360e73ed3398c7029c5f2320a03c360b24ad20e8d40faca86dd01fc10f1799a04fa2522bc28918e27b79d41a5cafb7da2702e400b3af4b2dea62071ab407ca217ca4058c5d20cac21d34547f9f649785aa53aa99906da75207aec9daf5fb61b162b5c75f222d9ae5dc89e16ad6292ed6f3abf94611d8d1d37aa2871f91b65ab6d167048239cd0a211e82832c7629b351bc639953b9dff454c04b88b7692ed68d83bd0c778411779b6ff6d46e2694201d2a5c6cdf588aa6359e4897bbb3c5ed187eee00abc7bfc1d041accf3716b48dace8ea39bbcb36a8248dd695bed3f4a17f8877b7f092fe71ddd3fb75cabb2b88ef85e1b0bf399abdd5ad26a824409d73d4cea69d18369500f826eadcc6317c8e8e4a70755cc4a24856ae47cc209f8f8cd355e29114ad944d2a202d0ea7adf449e3f128331e8ffd80f6892e0005f1dee37b1e27a83cbc04b2833cd3183eb4e859bf5dba4fd1910ef315d00af0c32989ac9f7a07aa55cb39cdc5f6ec528c6104a50e231bd3f7da864eb3b1e17de8aeb86c5916ba681310e3bd80542ba3c8e43cc81101a561ef47ff50ed2774577a6aba2fe280596726bf0685fc470fd53627cad0933aa9e4e374e0fee272ff68dc873ecc70cae9fbc0912edd8a0116205eb390d0d86b1e4e5d422e7a7c7f9b0c04872da655da44495eb66bca608d630361ab56d3a38b8d7b230f940374ec34eb71fda4250c322e7de949bd062453e3ab2b457f142bf2ab52b87d11faa7ca46d68aa90a319c7469c477b17e9bf4cd4b8e908251eff2e0e3bcc2e52095354124674f2cc47164817a99b312455bacafb6ec979ba6838391a9f59268c08918f268e6e6fcf6e48fced0a8826959109074f32b91006095d04d9af07f6577e13a9615ae61a4faa4f4b076479580f369ca2c85fcd9976592945bfbba1cc25c10a8e25b4658cfaf5e44b60631be1012c16e227bf4f7de023fd9362af3f79467588cab10e9cb31897c3248020906110ec5da6b54693f05b514c01cc4300d996202582c8836b1150d46a23f6fa0882b4c4f98ff03c8822e3b7f62b87497033eabbf8aac161a6c8f82e45760980500348730726bc1a312051dc150689e0ed673eff3a46ceb9f5ff13298931af25719783ee23c53997eec3f36b61986ad258fad5aa228cb6309628423d0786997d44fc057fe6930b7ee237ab4b3f6453239d34ed01a09d358db2c340f7a52292ec22c2768b9af03cf2e17628b842e00442c6d25b1afbed84114cb208c34ebb3deaf9e14b3a20268a5bd5b56eddd961ce494d69301eaf3f82d8beeb87be1b1bb0437772075df4d7bfb9afa40286ebbff06d7c3cd03279278123f1d808aa2bae0e17fbf30612d4f78fd9d4bcfd798a04e1cfae48d60c276bce93c17f7720f2a7a84d740f156e35683d0501aeddd1e4747a15fe7877c3a760c577d323d5d1dffbc1f9a5709c3a7069a824c423760151f01457c79e03369a271d49d2a50d28e8b39645f9f055079f4ba8c4952efc20b03b1684f9947f3bb61d75f9e0519e68b915ed00cdbfa78ba308ccec4b4b958c75c05e5bae3e4c3ccea9d1c28ecc7a0c0e624c31b829154f46eec7f8320ac493a6cfe7be73f3e220f84f6d959d8229427f998c4bbdeebc0a67d0a66d1971c0f7f14cf70a095beaae8e427d0f5e91fc7515f10b698a61beeae99a9e4c427943cfe725bb096a038a98ed2b662e197f025b83c8ca888401cde949c85a3a4407e165bef54d160e537129cc365265f414673cb491695b17ad7f72aeffcb9c2d47d8a066b2635a09a9c01fec5b2c9281fca4c21d54e78606ffa48ea5cf2014e5b357d365329b0172ebe614f5316844d7eccb3925e220a4c8d88a50ed5f6da13a3df6492aa4f6972f80207a9a67df13d5e5f35644a7351f07be6978bba659fe2cd4098494405f5d34a86b9036746a63b53369daf28f40be5ef6a143637ab402f2e0a88f0298432998e7284f860598bde745344dc545e5595607d205e631e75c6990ed9aeaea6bd5368388ee971e013c956bbed87e9aca3bf61ecbc13199c15f36f9ed3bd96924a89e67636f881f18411f9360f8e28a11ddcbe08f15991a1e57a43227554b881b915aef2cc9d6cdd9a6ec4cdb2010fce036f7598d91505692282b62e230ae82daa6b457cc1ea231c88a77b4f5f3bc26f5dadc1107c4f7ac04dc46848390721db253b2d7221da636f321ecfe6d8371735a9704790ebb1c751b3cf1c556453e17a1cefd9ee4a1ccbbe33f20a15ee8f0d2f27aa634fe55e2d76ce0c2b3b7e7dabecd23978f7210e9812e2d21f2a5e980664a04cdc0d2ebf9de993e972b44cbcb16d7085c623d4b7a70c486a7f0198142a8de3d29edfeb79b3eda2decd365e478ebdaeefdc53398236c3bc7be07f9a6a0c7eb3994ee1f3be7540a4c882af82498dce6787a325b9a7b036c502bb0f5fb9e259adcc1a3b6aa4e40075a5bd43707b8da4885c1ae01875506afbbd9cd8496eec7d3c98016f9849a7d3af318bd44cc7d07f6f982e1f81bd3cd55e0ca27d7f831a9ec55187342a5b9408e1af3cb74ed1967205fde56b9e4f05dca2e4b58d007694c96466580c07bd600713729de542c78be8958ea75a2caf16eeb1f4159021ad6a762c97c6d118391884800870951c59b542d0c147654eab11f79eeed6775d53cb244c4133c1e27e0199613e079c61b2c1b67bce0b3e5d81d6223611b52646abdfbbbafe0e6c31a9ae821feb4ae49343649400dbd4a68891f7a52a013d039ba9bbdfae29d574def4e7d5a58abb79c8de700251fd2007e45b051c7bf8ff1f5eab3e99b456f2b75bf152f165f40c4400893e15f33c3e9f34cbfe70dfe9f8011fc5dae239e9da3b3f7b93c53095cc7586f815aad0a5d18f59092abb9c05ec785c3573733fd185ea329a5951c8ceab763b16156527acc7be2cac4c1819dae54c467673b44fc306d6c52ff0ea56e6062be2b9f74edf125824a9749afb75d83f50e752968f580a27806f321839706723399a09db14e2721388bb3c56a12cfb57cfd0dec913ef92d2c3b4c86c5fbb0736107f7e2ef1607ab4549c45ed33b83025dfd378e76a26c35ff6f025d38af152661a7a2826fbaa94ec5888fc67e1752a013873a1728b3e632bb905b608c5b1563dbc8046958e192620f7827706c9a7c5b41a11ce43104f2e0b4ec781449806edad4cdc0f19af1f7a7ac66f03fd9b5ce4f5a5582a1722e7921b2a19e8b8a14eac205749ad8288d1163c14be753f5040111466e09376c9441e86c54ecf4acf831fb56fc2ea04dbfbe2f63f91e3d01e5484de0a301d70c23242e7326311adc1bed71e56c7d31afb116aa41e4b159aeca8f3be509acf3633e6e082f16e5047492c01ac8c17b7d10528862aa93eab07774613e4a2bcb4a7a1656aa63ee34f45375069b3a5a16751ce11d4fd7012baa50e437095378614489358b886bc12fd4c01a5551667a75f617df9cd1e8ca50713847e07e288c7e49e539271650592a181e8e9e5bf1e9229e4434d86c9796417ada6b388ce9a0f4c6be2cf4ce8027583106708af6115ccd285bedf5a6d68d09da47baabb13f3f7bbcbd3ae2de6ab6f1d861d87a6c889e9bcbe17febb39a4bc108de3a28cb0bc00058d30b2a78a1b08a54be4dafc8add455196c8c664266a2054ecc5c8823f131a0183b832ed9a5230e4d4361260c8de936e3363ff70e11bfd61818cabb7d83d1ba2b653e4eba6e49adfdbcb8174694548af7907d8b770dcfa980be44f197a08c18b2b11d6ad715c4397fdd046f18920b9d219cf4d2d28d3ea30685e1236b5f91c141ba19218abc3a003a5fcf44a9b77f17d6227a6b0dd2f30adf8c2d9e5a5fdba3defb988214e8dbebe4084eba1407d91a3f881c5a6f92042e842aee341b490fd5b3dd3d51f497e41d07668aeea984d183e3ecb5c84a1844862b6c8982d8f358eb43dac823e515d8da32895ce11d58d1c1db776679a856ea8d7fefb4889df3c2a5b48fd7b29753e5ac4d53e39df4831029693a657d39e0d920e6ff2aa8f179bac8861e5f7d2b2edec64edf2b275cf1c2333", 0xfe8, 0x1f}, {&(0x7f0000001240)="876a", 0x2, 0x8}, {&(0x7f0000001280)="34608ce498f1263630", 0x9}], 0x0, 0x0) 02:53:07 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) readv(r0, &(0x7f0000000180)=[{&(0x7f0000000200)=""/179, 0xb3}], 0x1) 02:53:07 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_emit_ethernet(0x66, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "2ddc20", 0x30, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "f2e2a6", 0x0, 0x0, 0x0, @private2, @remote}}}}}}}, 0x0) recvfrom(r0, 0x0, 0x3, 0x0, 0x0, 0x0) 02:53:07 executing program 7: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r0, 0x5452, 0x0) [ 67.915329] audit: type=1400 audit(1664592787.881:6): avc: denied { execmem } for pid=287 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 69.312340] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 69.313968] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 69.315887] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 69.318095] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 69.319603] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 69.321197] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 69.324071] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 69.325892] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 69.326913] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 69.328025] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 69.329351] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 69.330843] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 69.332405] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 69.333846] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 69.335278] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 69.336610] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 69.337825] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 69.337983] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 69.338857] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 69.340069] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 69.340741] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 69.341966] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 69.344894] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 69.345000] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 69.347829] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 69.347941] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 69.350136] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 69.350178] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 69.361237] Bluetooth: hci1: HCI_REQ-0x0c1a [ 69.368761] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 69.370478] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 69.372130] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 69.374994] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 69.379065] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 69.380084] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 69.381407] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 69.383427] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 69.385695] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 69.386199] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 69.388065] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 69.389216] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 69.390460] Bluetooth: hci3: HCI_REQ-0x0c1a [ 69.391587] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 69.393544] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 69.397743] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 69.400585] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 69.401729] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 69.401782] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 69.403019] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 69.408668] Bluetooth: hci0: HCI_REQ-0x0c1a [ 69.409533] Bluetooth: hci7: HCI_REQ-0x0c1a [ 69.411377] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 69.411836] Bluetooth: hci2: HCI_REQ-0x0c1a [ 69.418303] Bluetooth: hci6: HCI_REQ-0x0c1a [ 69.423777] Bluetooth: hci4: HCI_REQ-0x0c1a [ 69.425242] Bluetooth: hci5: HCI_REQ-0x0c1a [ 71.413984] Bluetooth: hci3: command 0x0409 tx timeout [ 71.415145] Bluetooth: hci1: command 0x0409 tx timeout [ 71.478140] Bluetooth: hci0: command 0x0409 tx timeout [ 71.479088] Bluetooth: hci4: command 0x0409 tx timeout [ 71.479996] Bluetooth: hci5: command 0x0409 tx timeout [ 71.480879] Bluetooth: hci6: command 0x0409 tx timeout [ 71.481756] Bluetooth: hci2: command 0x0409 tx timeout [ 71.482607] Bluetooth: hci7: command 0x0409 tx timeout [ 73.461795] Bluetooth: hci1: command 0x041b tx timeout [ 73.462308] Bluetooth: hci3: command 0x041b tx timeout [ 73.527256] Bluetooth: hci7: command 0x041b tx timeout [ 73.527735] Bluetooth: hci2: command 0x041b tx timeout [ 73.528160] Bluetooth: hci6: command 0x041b tx timeout [ 73.528579] Bluetooth: hci5: command 0x041b tx timeout [ 73.529255] Bluetooth: hci4: command 0x041b tx timeout [ 73.529705] Bluetooth: hci0: command 0x041b tx timeout [ 75.509888] Bluetooth: hci3: command 0x040f tx timeout [ 75.510780] Bluetooth: hci1: command 0x040f tx timeout [ 75.574793] Bluetooth: hci0: command 0x040f tx timeout [ 75.575541] Bluetooth: hci4: command 0x040f tx timeout [ 75.576334] Bluetooth: hci5: command 0x040f tx timeout [ 75.577234] Bluetooth: hci6: command 0x040f tx timeout [ 75.577981] Bluetooth: hci2: command 0x040f tx timeout [ 75.578726] Bluetooth: hci7: command 0x040f tx timeout [ 77.558703] Bluetooth: hci1: command 0x0419 tx timeout [ 77.559194] Bluetooth: hci3: command 0x0419 tx timeout [ 77.622230] Bluetooth: hci7: command 0x0419 tx timeout [ 77.622707] Bluetooth: hci2: command 0x0419 tx timeout [ 77.623104] Bluetooth: hci6: command 0x0419 tx timeout [ 77.623501] Bluetooth: hci5: command 0x0419 tx timeout [ 77.623964] Bluetooth: hci4: command 0x0419 tx timeout [ 77.624364] Bluetooth: hci0: command 0x0419 tx timeout 02:54:06 executing program 1: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f0000000380)=0xffffffff, 0x4) 02:54:06 executing program 1: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f0000000380)=0xffffffff, 0x4) 02:54:06 executing program 2: r0 = shmget$private(0x0, 0x3000, 0x54001b05, &(0x7f0000ff9000/0x3000)=nil) shmctl$IPC_RMID(r0, 0x0) 02:54:07 executing program 1: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f0000000380)=0xffffffff, 0x4) 02:54:07 executing program 2: r0 = shmget$private(0x0, 0x3000, 0x54001b05, &(0x7f0000ff9000/0x3000)=nil) shmctl$IPC_RMID(r0, 0x0) [ 127.126816] audit: type=1400 audit(1664592847.092:7): avc: denied { open } for pid=3903 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 127.128359] audit: type=1400 audit(1664592847.093:8): avc: denied { kernel } for pid=3903 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 127.142777] ------------[ cut here ]------------ [ 127.142814] [ 127.142820] ====================================================== [ 127.142827] WARNING: possible circular locking dependency detected [ 127.142834] 6.0.0-rc7-next-20220930 #1 Not tainted [ 127.142846] ------------------------------------------------------ [ 127.142852] syz-executor.6/3904 is trying to acquire lock: [ 127.142865] ffffffff853faab8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 127.142935] [ 127.142935] but task is already holding lock: [ 127.142941] ffff88800d72a820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 127.142991] [ 127.142991] which lock already depends on the new lock. [ 127.142991] [ 127.142996] [ 127.142996] the existing dependency chain (in reverse order) is: [ 127.143002] [ 127.143002] -> #3 (&ctx->lock){....}-{2:2}: [ 127.143029] _raw_spin_lock+0x2a/0x40 [ 127.143050] __perf_event_task_sched_out+0x53b/0x18d0 [ 127.143072] __schedule+0xedd/0x2470 [ 127.143099] schedule+0xda/0x1b0 [ 127.143125] exit_to_user_mode_prepare+0x114/0x1a0 [ 127.143148] syscall_exit_to_user_mode+0x19/0x40 [ 127.143173] do_syscall_64+0x48/0x90 [ 127.143206] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 127.143231] [ 127.143231] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 127.143258] _raw_spin_lock_nested+0x30/0x40 [ 127.143279] raw_spin_rq_lock_nested+0x1e/0x30 [ 127.143303] task_fork_fair+0x63/0x4d0 [ 127.143335] sched_cgroup_fork+0x3d0/0x540 [ 127.143363] copy_process+0x4183/0x6e20 [ 127.143383] kernel_clone+0xe7/0x890 [ 127.143401] user_mode_thread+0xad/0xf0 [ 127.143421] rest_init+0x24/0x250 [ 127.143444] arch_call_rest_init+0xf/0x14 [ 127.143477] start_kernel+0x4c6/0x4eb [ 127.143506] secondary_startup_64_no_verify+0xe0/0xeb [ 127.143533] [ 127.143533] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 127.143559] _raw_spin_lock_irqsave+0x39/0x60 [ 127.143581] try_to_wake_up+0xab/0x1930 [ 127.143607] up+0x75/0xb0 [ 127.143634] __up_console_sem+0x6e/0x80 [ 127.143664] console_unlock+0x46a/0x590 [ 127.143695] do_con_write+0xc05/0x1d50 [ 127.143715] con_write+0x21/0x40 [ 127.143732] n_tty_write+0x4d4/0xfe0 [ 127.143755] file_tty_write.constprop.0+0x455/0x8a0 [ 127.143777] vfs_write+0x9c3/0xd90 [ 127.143807] ksys_write+0x127/0x250 [ 127.143838] do_syscall_64+0x3b/0x90 [ 127.143870] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 127.143895] [ 127.143895] -> #0 ((console_sem).lock){....}-{2:2}: [ 127.143922] __lock_acquire+0x2a02/0x5e70 [ 127.143955] lock_acquire+0x1a2/0x530 [ 127.143986] _raw_spin_lock_irqsave+0x39/0x60 [ 127.144007] down_trylock+0xe/0x70 [ 127.144036] __down_trylock_console_sem+0x3b/0xd0 [ 127.144068] vprintk_emit+0x16b/0x560 [ 127.144099] vprintk+0x84/0xa0 [ 127.144130] _printk+0xba/0xf1 [ 127.144151] report_bug.cold+0x72/0xab [ 127.144183] handle_bug+0x3c/0x70 [ 127.144215] exc_invalid_op+0x14/0x50 [ 127.144248] asm_exc_invalid_op+0x16/0x20 [ 127.144272] group_sched_out.part.0+0x2c7/0x460 [ 127.144306] ctx_sched_out+0x8f1/0xc10 [ 127.144339] __perf_event_task_sched_out+0x6d0/0x18d0 [ 127.144361] __schedule+0xedd/0x2470 [ 127.144387] schedule+0xda/0x1b0 [ 127.144413] exit_to_user_mode_prepare+0x114/0x1a0 [ 127.144434] syscall_exit_to_user_mode+0x19/0x40 [ 127.144459] do_syscall_64+0x48/0x90 [ 127.144502] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 127.144527] [ 127.144527] other info that might help us debug this: [ 127.144527] [ 127.144532] Chain exists of: [ 127.144532] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 127.144532] [ 127.144561] Possible unsafe locking scenario: [ 127.144561] [ 127.144565] CPU0 CPU1 [ 127.144569] ---- ---- [ 127.144574] lock(&ctx->lock); [ 127.144584] lock(&rq->__lock); [ 127.144597] lock(&ctx->lock); [ 127.144609] lock((console_sem).lock); [ 127.144620] [ 127.144620] *** DEADLOCK *** [ 127.144620] [ 127.144624] 2 locks held by syz-executor.6/3904: [ 127.144641] #0: ffff88806ce37e98 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 127.144699] #1: ffff88800d72a820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 127.144751] [ 127.144751] stack backtrace: [ 127.144756] CPU: 0 PID: 3904 Comm: syz-executor.6 Not tainted 6.0.0-rc7-next-20220930 #1 [ 127.144780] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 127.144795] Call Trace: [ 127.144800] [ 127.144808] dump_stack_lvl+0x8b/0xb3 [ 127.144844] check_noncircular+0x263/0x2e0 [ 127.144877] ? format_decode+0x26c/0xb50 [ 127.144908] ? print_circular_bug+0x450/0x450 [ 127.144942] ? simple_strtoul+0x30/0x30 [ 127.144973] ? format_decode+0x26c/0xb50 [ 127.145007] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 127.145042] __lock_acquire+0x2a02/0x5e70 [ 127.145084] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 127.145129] lock_acquire+0x1a2/0x530 [ 127.145161] ? down_trylock+0xe/0x70 [ 127.145195] ? lock_release+0x750/0x750 [ 127.145236] ? vprintk+0x84/0xa0 [ 127.145271] _raw_spin_lock_irqsave+0x39/0x60 [ 127.145293] ? down_trylock+0xe/0x70 [ 127.145325] down_trylock+0xe/0x70 [ 127.145356] ? vprintk+0x84/0xa0 [ 127.145389] __down_trylock_console_sem+0x3b/0xd0 [ 127.145423] vprintk_emit+0x16b/0x560 [ 127.145460] vprintk+0x84/0xa0 [ 127.145495] _printk+0xba/0xf1 [ 127.145517] ? record_print_text.cold+0x16/0x16 [ 127.145549] ? report_bug.cold+0x66/0xab [ 127.145584] ? group_sched_out.part.0+0x2c7/0x460 [ 127.145620] report_bug.cold+0x72/0xab [ 127.145657] handle_bug+0x3c/0x70 [ 127.145691] exc_invalid_op+0x14/0x50 [ 127.145727] asm_exc_invalid_op+0x16/0x20 [ 127.145752] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 127.145792] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 0b 18 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 127.145814] RSP: 0018:ffff88803cc2fc48 EFLAGS: 00010006 [ 127.145832] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 127.145846] RDX: ffff88800a223580 RSI: ffffffff81565dc7 RDI: 0000000000000005 [ 127.145861] RBP: ffff8880086605c8 R08: 0000000000000005 R09: 0000000000000001 [ 127.145876] R10: 0000000000000000 R11: ffffffff865b401b R12: ffff88800d72a800 [ 127.145890] R13: ffff88806ce3d2c0 R14: ffffffff8547d000 R15: 0000000000000002 [ 127.145912] ? group_sched_out.part.0+0x2c7/0x460 [ 127.145951] ? group_sched_out.part.0+0x2c7/0x460 [ 127.145991] ctx_sched_out+0x8f1/0xc10 [ 127.146029] __perf_event_task_sched_out+0x6d0/0x18d0 [ 127.146057] ? lock_is_held_type+0xd7/0x130 [ 127.146084] ? __perf_cgroup_move+0x160/0x160 [ 127.146105] ? set_next_entity+0x304/0x550 [ 127.146140] ? update_curr+0x267/0x740 [ 127.146176] ? lock_is_held_type+0xd7/0x130 [ 127.146204] __schedule+0xedd/0x2470 [ 127.146237] ? io_schedule_timeout+0x150/0x150 [ 127.146270] ? rcu_read_lock_sched_held+0x3e/0x80 [ 127.146310] schedule+0xda/0x1b0 [ 127.146339] exit_to_user_mode_prepare+0x114/0x1a0 [ 127.146363] syscall_exit_to_user_mode+0x19/0x40 [ 127.146390] do_syscall_64+0x48/0x90 [ 127.146425] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 127.146452] RIP: 0033:0x7f4ae9b23b19 [ 127.146467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 127.146489] RSP: 002b:00007f4ae7099218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 127.146510] RAX: 0000000000000001 RBX: 00007f4ae9c36f68 RCX: 00007f4ae9b23b19 [ 127.146524] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f4ae9c36f6c [ 127.146539] RBP: 00007f4ae9c36f60 R08: 000000000000000e R09: 0000000000000000 [ 127.146553] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f4ae9c36f6c [ 127.146567] R13: 00007ffe73a458af R14: 00007f4ae7099300 R15: 0000000000022000 [ 127.146592] [ 127.254437] WARNING: CPU: 0 PID: 3904 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 127.255084] Modules linked in: [ 127.255313] CPU: 0 PID: 3904 Comm: syz-executor.6 Not tainted 6.0.0-rc7-next-20220930 #1 [ 127.255871] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 127.256637] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 127.257019] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 0b 18 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 127.258239] RSP: 0018:ffff88803cc2fc48 EFLAGS: 00010006 [ 127.258607] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 127.259090] RDX: ffff88800a223580 RSI: ffffffff81565dc7 RDI: 0000000000000005 [ 127.259581] RBP: ffff8880086605c8 R08: 0000000000000005 R09: 0000000000000001 [ 127.260066] R10: 0000000000000000 R11: ffffffff865b401b R12: ffff88800d72a800 [ 127.260563] R13: ffff88806ce3d2c0 R14: ffffffff8547d000 R15: 0000000000000002 [ 127.261051] FS: 00007f4ae7099700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 127.261602] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 127.262001] CR2: 00007f5e068f4368 CR3: 000000003d754000 CR4: 0000000000350ef0 [ 127.262484] Call Trace: [ 127.262668] [ 127.262841] ctx_sched_out+0x8f1/0xc10 [ 127.263123] __perf_event_task_sched_out+0x6d0/0x18d0 [ 127.263480] ? lock_is_held_type+0xd7/0x130 [ 127.263786] ? __perf_cgroup_move+0x160/0x160 [ 127.264097] ? set_next_entity+0x304/0x550 [ 127.264400] ? update_curr+0x267/0x740 [ 127.264685] ? lock_is_held_type+0xd7/0x130 [ 127.264988] __schedule+0xedd/0x2470 [ 127.265259] ? io_schedule_timeout+0x150/0x150 [ 127.265583] ? rcu_read_lock_sched_held+0x3e/0x80 [ 127.265939] schedule+0xda/0x1b0 [ 127.266187] exit_to_user_mode_prepare+0x114/0x1a0 [ 127.266528] syscall_exit_to_user_mode+0x19/0x40 [ 127.266859] do_syscall_64+0x48/0x90 [ 127.267132] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 127.267490] RIP: 0033:0x7f4ae9b23b19 [ 127.267754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 127.268984] RSP: 002b:00007f4ae7099218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 127.269502] RAX: 0000000000000001 RBX: 00007f4ae9c36f68 RCX: 00007f4ae9b23b19 [ 127.269983] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f4ae9c36f6c [ 127.270465] RBP: 00007f4ae9c36f60 R08: 000000000000000e R09: 0000000000000000 [ 127.270947] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f4ae9c36f6c [ 127.271425] R13: 00007ffe73a458af R14: 00007f4ae7099300 R15: 0000000000022000 [ 127.271910] [ 127.272075] irq event stamp: 712 [ 127.272308] hardirqs last enabled at (711): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 127.272947] hardirqs last disabled at (712): [] __schedule+0x1225/0x2470 [ 127.273512] softirqs last enabled at (532): [] __irq_exit_rcu+0x11b/0x180 [ 127.274098] softirqs last disabled at (467): [] __irq_exit_rcu+0x11b/0x180 [ 127.274677] ---[ end trace 0000000000000000 ]--- 02:54:07 executing program 2: r0 = shmget$private(0x0, 0x3000, 0x54001b05, &(0x7f0000ff9000/0x3000)=nil) shmctl$IPC_RMID(r0, 0x0) 02:54:07 executing program 1: r0 = shmget$private(0x0, 0x3000, 0x54001b05, &(0x7f0000ff9000/0x3000)=nil) shmctl$IPC_RMID(r0, 0x0) 02:54:07 executing program 2: r0 = accept$packet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f00000006c0)=0x5, 0x4) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_triestat\x00') pread64(r1, &(0x7f0000000040)=""/170, 0xaa, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002880), 0x4000101, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x0) [ 127.526959] audit: type=1400 audit(1664592847.493:9): avc: denied { read } for pid=3903 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 130.314405] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 130.320352] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 130.322333] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 130.324952] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 130.326381] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 130.328296] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 130.328398] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 130.329933] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 130.330935] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 130.332276] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 130.333301] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 130.333414] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 130.336910] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 130.338957] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 130.340434] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 130.342441] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 130.344032] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 130.347357] Bluetooth: hci1: HCI_REQ-0x0c1a [ 130.349726] Bluetooth: hci3: HCI_REQ-0x0c1a [ 130.349787] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 130.371839] Bluetooth: hci0: HCI_REQ-0x0c1a [ 132.405725] Bluetooth: hci0: command 0x0409 tx timeout [ 132.406431] Bluetooth: hci3: command 0x0409 tx timeout [ 132.407287] Bluetooth: hci1: command 0x0409 tx timeout [ 132.408025] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 134.453691] Bluetooth: hci1: command 0x041b tx timeout [ 134.454282] Bluetooth: hci3: command 0x041b tx timeout [ 134.454833] Bluetooth: hci0: command 0x041b tx timeout [ 134.590377] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 134.591226] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 134.592167] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 134.593266] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 134.594172] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 134.595031] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 134.606003] Bluetooth: hci5: HCI_REQ-0x0c1a [ 136.502689] Bluetooth: hci0: command 0x040f tx timeout [ 136.503128] Bluetooth: hci3: command 0x040f tx timeout [ 136.503489] Bluetooth: hci1: command 0x040f tx timeout [ 136.629655] Bluetooth: hci5: command 0x0409 tx timeout VM DIAGNOSIS: 02:54:07 Registers: info registers vcpu 0 RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff823bb0f1 RDI=ffffffff8765a9a0 RBP=ffffffff8765a960 RSP=ffff88803cc2f690 R8 =0000000000000001 R9 =000000000000000a R10=000000000000002d R11=0000000000000001 R12=000000000000002d R13=ffffffff8765a960 R14=0000000000000010 R15=ffffffff823bb0e0 RIP=ffffffff823bb149 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f4ae7099700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f5e068f4368 CR3=000000003d754000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007f4ae9c0a7c0 00007f4ae9c0a7c8 YMM02=0000000000000000 0000000000000000 00007f4ae9c0a7e0 00007f4ae9c0a7c0 YMM03=0000000000000000 0000000000000000 00007f4ae9c0a7c8 00007f4ae9c0a7c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=0000000000000001 RCX=ffffffff84274587 RDX=ffffed100d9c6fd1 RSI=0000000000000004 RDI=ffff88806ce37e80 RBP=ffff88806ce37e80 RSP=ffff88806cf09b28 R8 =0000000000000000 R9 =ffff88806ce37e83 R10=ffffed100d9c6fd0 R11=0000000000000001 R12=0000000000000003 R13=ffffed100d9c6fd0 R14=0000000000000001 R15=1ffff1100d9e1366 RIP=ffffffff84274604 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555556942400 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f6cc575d6f4 CR3=00000000208f0000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000ffff00000000 000000000000ffff YMM01=0000000000000000 0000000000000000 2525252525252525 2525252525252525 YMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM04=0000000000000000 0000000000000000 000000ff00000000 00000000000000ff YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000