Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:46952' (ECDSA) to the list of known hosts. 2022/10/06 12:00:42 fuzzer started 2022/10/06 12:00:42 dialing manager at localhost:37161 syzkaller login: [ 36.474673] cgroup: Unknown subsys name 'net' [ 36.558783] cgroup: Unknown subsys name 'rlimit' 2022/10/06 12:00:57 syscalls: 2215 2022/10/06 12:00:57 code coverage: enabled 2022/10/06 12:00:57 comparison tracing: enabled 2022/10/06 12:00:57 extra coverage: enabled 2022/10/06 12:00:57 setuid sandbox: enabled 2022/10/06 12:00:57 namespace sandbox: enabled 2022/10/06 12:00:57 Android sandbox: enabled 2022/10/06 12:00:57 fault injection: enabled 2022/10/06 12:00:57 leak checking: enabled 2022/10/06 12:00:57 net packet injection: enabled 2022/10/06 12:00:57 net device setup: enabled 2022/10/06 12:00:57 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/10/06 12:00:57 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/10/06 12:00:57 USB emulation: enabled 2022/10/06 12:00:57 hci packet injection: enabled 2022/10/06 12:00:57 wifi device emulation: failed to parse kernel version (6.0.0-next-20221006) 2022/10/06 12:00:57 802.15.4 emulation: enabled 2022/10/06 12:00:57 fetching corpus: 0, signal 0/2000 (executing program) 2022/10/06 12:00:57 fetching corpus: 50, signal 23835/27322 (executing program) 2022/10/06 12:00:57 fetching corpus: 100, signal 36633/41444 (executing program) 2022/10/06 12:00:57 fetching corpus: 150, signal 46699/52676 (executing program) 2022/10/06 12:00:57 fetching corpus: 200, signal 55368/62353 (executing program) 2022/10/06 12:00:57 fetching corpus: 250, signal 60291/68360 (executing program) 2022/10/06 12:00:57 fetching corpus: 300, signal 66426/75364 (executing program) 2022/10/06 12:00:58 fetching corpus: 350, signal 69516/79445 (executing program) 2022/10/06 12:00:58 fetching corpus: 400, signal 76762/87231 (executing program) 2022/10/06 12:00:58 fetching corpus: 450, signal 80536/91735 (executing program) 2022/10/06 12:00:58 fetching corpus: 500, signal 82980/94982 (executing program) 2022/10/06 12:00:58 fetching corpus: 550, signal 84699/97595 (executing program) 2022/10/06 12:00:58 fetching corpus: 600, signal 86719/100368 (executing program) 2022/10/06 12:00:58 fetching corpus: 650, signal 89460/103730 (executing program) 2022/10/06 12:00:58 fetching corpus: 700, signal 92953/107683 (executing program) 2022/10/06 12:00:58 fetching corpus: 750, signal 94182/109717 (executing program) 2022/10/06 12:00:58 fetching corpus: 800, signal 96929/112907 (executing program) 2022/10/06 12:00:59 fetching corpus: 850, signal 99570/115960 (executing program) 2022/10/06 12:00:59 fetching corpus: 900, signal 101278/118250 (executing program) 2022/10/06 12:00:59 fetching corpus: 950, signal 104489/121697 (executing program) 2022/10/06 12:00:59 fetching corpus: 1000, signal 106483/124136 (executing program) 2022/10/06 12:00:59 fetching corpus: 1050, signal 108282/126329 (executing program) 2022/10/06 12:00:59 fetching corpus: 1100, signal 111633/129659 (executing program) 2022/10/06 12:00:59 fetching corpus: 1150, signal 112495/131081 (executing program) 2022/10/06 12:00:59 fetching corpus: 1200, signal 113360/132483 (executing program) 2022/10/06 12:01:00 fetching corpus: 1250, signal 115367/134746 (executing program) 2022/10/06 12:01:00 fetching corpus: 1300, signal 116751/136503 (executing program) 2022/10/06 12:01:00 fetching corpus: 1350, signal 119310/138987 (executing program) 2022/10/06 12:01:00 fetching corpus: 1400, signal 120567/140518 (executing program) 2022/10/06 12:01:00 fetching corpus: 1450, signal 122101/142219 (executing program) 2022/10/06 12:01:00 fetching corpus: 1500, signal 123576/143876 (executing program) 2022/10/06 12:01:00 fetching corpus: 1550, signal 124660/145211 (executing program) 2022/10/06 12:01:00 fetching corpus: 1600, signal 125733/146482 (executing program) 2022/10/06 12:01:00 fetching corpus: 1650, signal 126943/147864 (executing program) 2022/10/06 12:01:00 fetching corpus: 1700, signal 128292/149410 (executing program) 2022/10/06 12:01:01 fetching corpus: 1750, signal 129459/150744 (executing program) 2022/10/06 12:01:01 fetching corpus: 1800, signal 130615/152011 (executing program) 2022/10/06 12:01:01 fetching corpus: 1850, signal 131742/153251 (executing program) 2022/10/06 12:01:01 fetching corpus: 1900, signal 132885/154501 (executing program) 2022/10/06 12:01:01 fetching corpus: 1950, signal 134649/156023 (executing program) 2022/10/06 12:01:01 fetching corpus: 2000, signal 136419/157555 (executing program) 2022/10/06 12:01:01 fetching corpus: 2050, signal 137655/158742 (executing program) 2022/10/06 12:01:01 fetching corpus: 2100, signal 138640/159799 (executing program) 2022/10/06 12:01:02 fetching corpus: 2150, signal 139709/160859 (executing program) 2022/10/06 12:01:02 fetching corpus: 2200, signal 140676/161808 (executing program) 2022/10/06 12:01:02 fetching corpus: 2250, signal 141900/162870 (executing program) 2022/10/06 12:01:02 fetching corpus: 2300, signal 142377/163574 (executing program) 2022/10/06 12:01:02 fetching corpus: 2350, signal 143104/164384 (executing program) 2022/10/06 12:01:02 fetching corpus: 2400, signal 144958/165669 (executing program) 2022/10/06 12:01:02 fetching corpus: 2450, signal 145555/166351 (executing program) 2022/10/06 12:01:02 fetching corpus: 2500, signal 146358/167140 (executing program) 2022/10/06 12:01:02 fetching corpus: 2550, signal 147315/167950 (executing program) 2022/10/06 12:01:03 fetching corpus: 2600, signal 148328/168852 (executing program) 2022/10/06 12:01:03 fetching corpus: 2650, signal 149001/169534 (executing program) 2022/10/06 12:01:03 fetching corpus: 2700, signal 149797/170229 (executing program) 2022/10/06 12:01:03 fetching corpus: 2750, signal 150509/170865 (executing program) 2022/10/06 12:01:03 fetching corpus: 2800, signal 151421/171544 (executing program) 2022/10/06 12:01:03 fetching corpus: 2850, signal 152285/172194 (executing program) 2022/10/06 12:01:03 fetching corpus: 2900, signal 153063/172797 (executing program) 2022/10/06 12:01:03 fetching corpus: 2950, signal 154465/173565 (executing program) 2022/10/06 12:01:03 fetching corpus: 3000, signal 156008/174473 (executing program) 2022/10/06 12:01:04 fetching corpus: 3050, signal 156506/174948 (executing program) 2022/10/06 12:01:04 fetching corpus: 3100, signal 157852/175687 (executing program) 2022/10/06 12:01:04 fetching corpus: 3150, signal 158738/176231 (executing program) 2022/10/06 12:01:04 fetching corpus: 3200, signal 159556/176731 (executing program) 2022/10/06 12:01:04 fetching corpus: 3250, signal 160234/177163 (executing program) 2022/10/06 12:01:04 fetching corpus: 3300, signal 161167/177640 (executing program) 2022/10/06 12:01:04 fetching corpus: 3350, signal 161902/178091 (executing program) 2022/10/06 12:01:04 fetching corpus: 3400, signal 162419/178486 (executing program) 2022/10/06 12:01:04 fetching corpus: 3450, signal 162901/178819 (executing program) 2022/10/06 12:01:05 fetching corpus: 3500, signal 163946/179289 (executing program) 2022/10/06 12:01:05 fetching corpus: 3550, signal 165269/179782 (executing program) 2022/10/06 12:01:05 fetching corpus: 3600, signal 165936/180092 (executing program) 2022/10/06 12:01:05 fetching corpus: 3650, signal 166502/180389 (executing program) 2022/10/06 12:01:05 fetching corpus: 3700, signal 167055/180682 (executing program) 2022/10/06 12:01:05 fetching corpus: 3750, signal 167372/180921 (executing program) 2022/10/06 12:01:05 fetching corpus: 3800, signal 168986/181309 (executing program) 2022/10/06 12:01:05 fetching corpus: 3850, signal 169348/181535 (executing program) 2022/10/06 12:01:06 fetching corpus: 3900, signal 170405/181835 (executing program) 2022/10/06 12:01:06 fetching corpus: 3950, signal 170909/182040 (executing program) 2022/10/06 12:01:06 fetching corpus: 4000, signal 171247/182219 (executing program) 2022/10/06 12:01:06 fetching corpus: 4050, signal 171697/182440 (executing program) 2022/10/06 12:01:06 fetching corpus: 4100, signal 172392/182634 (executing program) 2022/10/06 12:01:06 fetching corpus: 4150, signal 173179/182830 (executing program) 2022/10/06 12:01:06 fetching corpus: 4200, signal 174351/183046 (executing program) 2022/10/06 12:01:06 fetching corpus: 4250, signal 175200/183213 (executing program) 2022/10/06 12:01:06 fetching corpus: 4300, signal 175696/183337 (executing program) 2022/10/06 12:01:06 fetching corpus: 4350, signal 176761/183463 (executing program) 2022/10/06 12:01:07 fetching corpus: 4400, signal 177330/183546 (executing program) 2022/10/06 12:01:07 fetching corpus: 4450, signal 178085/183661 (executing program) 2022/10/06 12:01:07 fetching corpus: 4500, signal 178851/183717 (executing program) 2022/10/06 12:01:07 fetching corpus: 4550, signal 179411/183718 (executing program) 2022/10/06 12:01:07 fetching corpus: 4578, signal 179844/183723 (executing program) 2022/10/06 12:01:07 fetching corpus: 4578, signal 179844/183723 (executing program) 2022/10/06 12:01:09 starting 8 fuzzer processes 12:01:09 executing program 0: syz_mount_image$nfs4(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x0, 0x2, &(0x7f0000000500)=[{&(0x7f0000000240)="b2", 0x1}, {&(0x7f0000000280)="da", 0x1}], 0xc0000, &(0x7f0000000580)={[{}]}) 12:01:09 executing program 1: capset(&(0x7f0000000000)={0x20080522, 0xffffffffffffffff}, 0x0) 12:01:09 executing program 2: syz_mount_image$iso9660(&(0x7f00000005c0), &(0x7f0000000600)='./file0\x00', 0x0, 0x0, &(0x7f0000000740), 0x0, &(0x7f0000000780)={[{}], [{@obj_type={'obj_type', 0x3d, '/dev/vcs#\x00'}}]}) 12:01:09 executing program 3: r0 = syz_io_uring_setup(0xeaf, &(0x7f0000000200), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) syz_io_uring_submit(r1, r2, &(0x7f00000006c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x40}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) [ 63.292317] audit: type=1400 audit(1665057669.802:6): avc: denied { execmem } for pid=283 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 12:01:09 executing program 4: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000240), 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000280)={{}, 'port0\x00'}) 12:01:09 executing program 5: syz_io_uring_setup(0x80b, &(0x7f00000004c0), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000000540), &(0x7f0000000580)) 12:01:09 executing program 7: clock_adjtime(0x0, &(0x7f0000000000)={0x2edf, 0x0, 0x0, 0x0, 0x0, 0xb}) 12:01:09 executing program 6: socket$inet(0x2, 0x0, 0x0) [ 64.494865] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 64.500721] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 64.510603] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 64.521192] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 64.523016] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 64.524717] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 64.529467] Bluetooth: hci0: HCI_REQ-0x0c1a [ 64.542898] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 64.549714] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 64.563737] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 64.565015] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 64.566890] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 64.568464] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 64.571331] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 64.573530] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 64.575488] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 64.591905] Bluetooth: hci2: HCI_REQ-0x0c1a [ 64.625921] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 64.628076] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 64.631718] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 64.634726] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 64.635950] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 64.641236] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 64.643047] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 64.645055] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 64.646207] Bluetooth: hci1: HCI_REQ-0x0c1a [ 64.646890] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 64.657566] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 64.659068] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 64.666035] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 64.670438] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 64.671753] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 64.673064] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 64.674682] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 64.676200] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 64.679860] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 64.681240] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 64.682541] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 64.687872] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 64.690179] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 64.691317] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 64.693002] Bluetooth: hci3: HCI_REQ-0x0c1a [ 64.709408] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 64.710648] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 64.718713] Bluetooth: hci5: HCI_REQ-0x0c1a [ 64.720598] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 64.723609] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 64.730537] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 64.732567] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 64.736764] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 64.738098] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 64.739591] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 64.741305] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 64.746372] Bluetooth: hci6: HCI_REQ-0x0c1a [ 64.750236] Bluetooth: hci4: HCI_REQ-0x0c1a [ 64.758657] Bluetooth: hci7: HCI_REQ-0x0c1a [ 66.585517] Bluetooth: hci0: command 0x0409 tx timeout [ 66.648240] Bluetooth: hci2: command 0x0409 tx timeout [ 66.712346] Bluetooth: hci1: command 0x0409 tx timeout [ 66.713058] Bluetooth: hci3: command 0x0409 tx timeout [ 66.776392] Bluetooth: hci5: command 0x0409 tx timeout [ 66.777123] Bluetooth: hci7: command 0x0409 tx timeout [ 66.777798] Bluetooth: hci4: command 0x0409 tx timeout [ 66.778431] Bluetooth: hci6: command 0x0409 tx timeout [ 68.632511] Bluetooth: hci0: command 0x041b tx timeout [ 68.696179] Bluetooth: hci2: command 0x041b tx timeout [ 68.760251] Bluetooth: hci3: command 0x041b tx timeout [ 68.760659] Bluetooth: hci1: command 0x041b tx timeout [ 68.824217] Bluetooth: hci6: command 0x041b tx timeout [ 68.824615] Bluetooth: hci4: command 0x041b tx timeout [ 68.824970] Bluetooth: hci7: command 0x041b tx timeout [ 68.825376] Bluetooth: hci5: command 0x041b tx timeout [ 70.680230] Bluetooth: hci0: command 0x040f tx timeout [ 70.744220] Bluetooth: hci2: command 0x040f tx timeout [ 70.808477] Bluetooth: hci1: command 0x040f tx timeout [ 70.808876] Bluetooth: hci3: command 0x040f tx timeout [ 70.872394] Bluetooth: hci5: command 0x040f tx timeout [ 70.872818] Bluetooth: hci7: command 0x040f tx timeout [ 70.873212] Bluetooth: hci4: command 0x040f tx timeout [ 70.873573] Bluetooth: hci6: command 0x040f tx timeout [ 72.728197] Bluetooth: hci0: command 0x0419 tx timeout [ 72.792204] Bluetooth: hci2: command 0x0419 tx timeout [ 72.856240] Bluetooth: hci3: command 0x0419 tx timeout [ 72.856670] Bluetooth: hci1: command 0x0419 tx timeout [ 72.920266] Bluetooth: hci6: command 0x0419 tx timeout [ 72.920690] Bluetooth: hci4: command 0x0419 tx timeout [ 72.921040] Bluetooth: hci7: command 0x0419 tx timeout [ 72.921428] Bluetooth: hci5: command 0x0419 tx timeout 12:02:01 executing program 2: syz_mount_image$iso9660(&(0x7f00000005c0), &(0x7f0000000600)='./file0\x00', 0x0, 0x0, &(0x7f0000000740), 0x0, &(0x7f0000000780)={[{}], [{@obj_type={'obj_type', 0x3d, '/dev/vcs#\x00'}}]}) 12:02:01 executing program 2: syz_mount_image$iso9660(&(0x7f00000005c0), &(0x7f0000000600)='./file0\x00', 0x0, 0x0, &(0x7f0000000740), 0x0, &(0x7f0000000780)={[{}], [{@obj_type={'obj_type', 0x3d, '/dev/vcs#\x00'}}]}) 12:02:01 executing program 2: syz_mount_image$iso9660(&(0x7f00000005c0), &(0x7f0000000600)='./file0\x00', 0x0, 0x0, &(0x7f0000000740), 0x0, &(0x7f0000000780)={[{}], [{@obj_type={'obj_type', 0x3d, '/dev/vcs#\x00'}}]}) 12:02:01 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x26e1, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc0c0583b, &(0x7f0000000240)={0xf0ffffff0f0000}) 12:02:02 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) syncfs(r0) 12:02:02 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) syncfs(r0) 12:02:02 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) syncfs(r0) 12:02:02 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) syncfs(r0) 12:02:06 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000440)={@private1, 0x0, 0x2}, 0x20) 12:02:06 executing program 1: capset(&(0x7f0000000000)={0x20080522, 0xffffffffffffffff}, 0x0) 12:02:06 executing program 6: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000000)=[{0x87}, {0x6}]}, 0x10) 12:02:06 executing program 7: syz_open_dev$mouse(0x0, 0x0, 0x0) syz_mount_image$nfs4(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 12:02:06 executing program 2: syz_io_uring_setup(0x2846, &(0x7f0000001700)={0x0, 0x0, 0x2, 0x0, 0xfffffffd}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000100), &(0x7f0000000000)) 12:02:06 executing program 4: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000240), 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000280)={{}, 'port0\x00'}) 12:02:06 executing program 5: pwritev(0xffffffffffffffff, &(0x7f0000000640)=[{&(0x7f00000002c0)="19", 0x1}], 0x1, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000180), 0x1000000000000096, 0x0) 12:02:06 executing program 3: syz_open_procfs$userns(0xffffffffffffffff, 0x0) 12:02:23 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_icmp_ICMP_FILTER(r0, 0x1, 0x1, 0x0, 0x0) 12:02:23 executing program 1: capset(&(0x7f0000000000)={0x20080522, 0xffffffffffffffff}, 0x0) 12:02:23 executing program 7: syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) chdir(&(0x7f0000000000)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0xa015000) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}}) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000240)={0xc0000008}) fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000180)=']{\x00', 0x0, r0) acct(&(0x7f00000001c0)='./file1\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r2, &(0x7f0000001180)=ANY=[], 0x220) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x1, 0x1, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000480), 0x7}, 0x0, 0x0, 0xfffffffd, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_EXPIRE(0xffffffffffffffff, 0x810c9365, &(0x7f0000000340)={{0x101, 0x7}, 0x100, './file1\x00'}) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = fsopen(&(0x7f0000000040)='rpc_pipefs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x6, 0x0, 0x0, 0x0) fsmount(r3, 0x0, 0x0) 12:02:23 executing program 4: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000240), 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000280)={{}, 'port0\x00'}) 12:02:23 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, '\x00', [{}, {0x0, 0x0, 0x0, 0x0, 0xbe6}]}) 12:02:23 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x303c2, 0x1) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x10, r1, 0x8000000) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) setns(r3, 0x0) perf_event_open(&(0x7f0000000640)={0x4, 0x80, 0xa9, 0x7f, 0xc1, 0x8, 0x0, 0x6f, 0x8001, 0x2, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={&(0x7f0000000600), 0xb}, 0x40, 0x8, 0x1, 0x6, 0xffffffff, 0x40, 0x6, 0x0, 0x7fffffff, 0x0, 0x100}, 0xffffffffffffffff, 0x3, r3, 0x0) sendfile(r1, r2, 0x0, 0x10000027f) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) readv(r1, &(0x7f0000000380)=[{&(0x7f0000000040)=""/17, 0x11}, {&(0x7f0000000100)=""/224, 0xe0}, {&(0x7f0000000200)}, {&(0x7f0000000240)=""/64, 0x40}, {&(0x7f0000000400)=""/90, 0x5a}], 0x5) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0xfffffffffffffffb) setxattr$trusted_overlay_redirect(&(0x7f0000000540)='./file1\x00', &(0x7f0000000580), &(0x7f00000005c0)='./file1\x00', 0x8, 0x1) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f0000002dc0)=0x3, 0x2) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000002b80)=0x0) ptrace(0x10, r4) r5 = openat$sr(0xffffffffffffff9c, &(0x7f0000000080), 0x1c3c00, 0x0) ioctl$CDROM_DISC_STATUS(r5, 0x5327) 12:02:23 executing program 5: pwritev(0xffffffffffffffff, &(0x7f0000000640)=[{&(0x7f00000002c0)="19", 0x1}], 0x1, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000180), 0x1000000000000096, 0x0) [ 137.047421] loop7: detected capacity change from 0 to 40 [ 137.057030] audit: type=1400 audit(1665057743.567:7): avc: denied { open } for pid=3986 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 137.059110] audit: type=1400 audit(1665057743.567:8): avc: denied { kernel } for pid=3986 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 12:02:23 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000440)={@private1, 0x0, 0x2}, 0x20) [ 137.080938] ------------[ cut here ]------------ [ 137.080966] [ 137.080970] ====================================================== [ 137.080976] WARNING: possible circular locking dependency detected [ 137.080982] 6.0.0-next-20221006 #1 Not tainted [ 137.080991] ------------------------------------------------------ [ 137.080997] syz-executor.7/3988 is trying to acquire lock: [ 137.081006] ffffffff853fac98 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 137.081066] [ 137.081066] but task is already holding lock: [ 137.081070] ffff88803f672c20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 137.081111] [ 137.081111] which lock already depends on the new lock. [ 137.081111] [ 137.081115] [ 137.081115] the existing dependency chain (in reverse order) is: [ 137.081120] [ 137.081120] -> #3 (&ctx->lock){....}-{2:2}: [ 137.081141] _raw_spin_lock+0x2a/0x40 [ 137.081160] __perf_event_task_sched_out+0x53b/0x18d0 [ 137.081177] __schedule+0xedd/0x2470 [ 137.081200] schedule+0xda/0x1b0 [ 137.081223] exit_to_user_mode_prepare+0x114/0x1a0 [ 137.081241] syscall_exit_to_user_mode+0x19/0x40 [ 137.081262] do_syscall_64+0x48/0x90 [ 137.081278] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 137.081300] [ 137.081300] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 137.081320] _raw_spin_lock_nested+0x30/0x40 [ 137.081339] raw_spin_rq_lock_nested+0x1e/0x30 [ 137.081359] task_fork_fair+0x63/0x4d0 [ 137.081384] sched_cgroup_fork+0x3d0/0x540 [ 137.081406] copy_process+0x4183/0x6e20 [ 137.081422] kernel_clone+0xe7/0x890 [ 137.081437] user_mode_thread+0xad/0xf0 [ 137.081452] rest_init+0x24/0x250 [ 137.081472] arch_call_rest_init+0xf/0x14 [ 137.081489] start_kernel+0x4c6/0x4eb [ 137.081504] secondary_startup_64_no_verify+0xe0/0xeb [ 137.081526] [ 137.081526] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 137.081546] _raw_spin_lock_irqsave+0x39/0x60 [ 137.081565] try_to_wake_up+0xab/0x1930 [ 137.081585] up+0x75/0xb0 [ 137.081608] __up_console_sem+0x6e/0x80 [ 137.081632] console_unlock+0x46a/0x590 [ 137.081656] vprintk_emit+0x1bd/0x560 [ 137.081681] vprintk+0x84/0xa0 [ 137.081705] _printk+0xba/0xf1 [ 137.081724] do_exit.cold+0xb7/0xdf [ 137.081748] do_group_exit+0xd0/0x2a0 [ 137.081770] __x64_sys_exit_group+0x3a/0x50 [ 137.081793] do_syscall_64+0x3b/0x90 [ 137.081808] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 137.081829] [ 137.081829] -> #0 ((console_sem).lock){....}-{2:2}: [ 137.081850] __lock_acquire+0x2a02/0x5e70 [ 137.081876] lock_acquire+0x1a2/0x530 [ 137.081900] _raw_spin_lock_irqsave+0x39/0x60 [ 137.081918] down_trylock+0xe/0x70 [ 137.081943] __down_trylock_console_sem+0x3b/0xd0 [ 137.081967] vprintk_emit+0x16b/0x560 [ 137.081992] vprintk+0x84/0xa0 [ 137.082016] _printk+0xba/0xf1 [ 137.082033] report_bug.cold+0x72/0xab [ 137.082047] handle_bug+0x3c/0x70 [ 137.082062] exc_invalid_op+0x14/0x50 [ 137.082078] asm_exc_invalid_op+0x16/0x20 [ 137.082098] group_sched_out.part.0+0x2c7/0x460 [ 137.082125] ctx_sched_out+0x8f1/0xc10 [ 137.082151] __perf_event_task_sched_out+0x6d0/0x18d0 [ 137.082168] __schedule+0xedd/0x2470 [ 137.082190] schedule+0xda/0x1b0 [ 137.082212] exit_to_user_mode_prepare+0x114/0x1a0 [ 137.082229] syscall_exit_to_user_mode+0x19/0x40 [ 137.082250] do_syscall_64+0x48/0x90 [ 137.082265] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 137.082286] [ 137.082286] other info that might help us debug this: [ 137.082286] [ 137.082290] Chain exists of: [ 137.082290] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 137.082290] [ 137.082313] Possible unsafe locking scenario: [ 137.082313] [ 137.082317] CPU0 CPU1 [ 137.082320] ---- ---- [ 137.082324] lock(&ctx->lock); [ 137.082332] lock(&rq->__lock); [ 137.082342] lock(&ctx->lock); [ 137.082352] lock((console_sem).lock); [ 137.082361] [ 137.082361] *** DEADLOCK *** [ 137.082361] [ 137.082363] 2 locks held by syz-executor.7/3988: [ 137.082374] #0: ffff88806cf37e98 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 137.082421] #1: ffff88803f672c20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 137.082461] [ 137.082461] stack backtrace: [ 137.082465] CPU: 1 PID: 3988 Comm: syz-executor.7 Not tainted 6.0.0-next-20221006 #1 [ 137.082488] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 137.082498] Call Trace: [ 137.082502] [ 137.082508] dump_stack_lvl+0x8b/0xb3 [ 137.082525] check_noncircular+0x263/0x2e0 [ 137.082551] ? format_decode+0x26c/0xb50 [ 137.082577] ? print_circular_bug+0x450/0x450 [ 137.082603] ? simple_strtoul+0x30/0x30 [ 137.082629] ? format_decode+0x26c/0xb50 [ 137.082657] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 137.082684] __lock_acquire+0x2a02/0x5e70 [ 137.082717] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 137.082751] lock_acquire+0x1a2/0x530 [ 137.082777] ? down_trylock+0xe/0x70 [ 137.082805] ? lock_release+0x750/0x750 [ 137.082836] ? vprintk+0x84/0xa0 [ 137.082863] _raw_spin_lock_irqsave+0x39/0x60 [ 137.082883] ? down_trylock+0xe/0x70 [ 137.082909] down_trylock+0xe/0x70 [ 137.082935] ? vprintk+0x84/0xa0 [ 137.082961] __down_trylock_console_sem+0x3b/0xd0 [ 137.082987] vprintk_emit+0x16b/0x560 [ 137.083016] vprintk+0x84/0xa0 [ 137.083042] _printk+0xba/0xf1 [ 137.083062] ? record_print_text.cold+0x16/0x16 [ 137.083088] ? report_bug.cold+0x66/0xab [ 137.083105] ? group_sched_out.part.0+0x2c7/0x460 [ 137.083133] report_bug.cold+0x72/0xab [ 137.083151] handle_bug+0x3c/0x70 [ 137.083168] exc_invalid_op+0x14/0x50 [ 137.083185] asm_exc_invalid_op+0x16/0x20 [ 137.083206] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 137.083237] Code: 5e 41 5f e9 5b a5 ef ff e8 56 a5 ef ff 65 8b 1d 1b fe ab 7e 31 ff 89 de e8 f6 a1 ef ff 85 db 0f 84 8a 00 00 00 e8 39 a5 ef ff <0f> 0b e9 a5 fe ff ff e8 2d a5 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 137.083255] RSP: 0018:ffff88804074fc48 EFLAGS: 00010006 [ 137.083269] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 137.083280] RDX: ffff888020670000 RSI: ffffffff815677b7 RDI: 0000000000000005 [ 137.083292] RBP: ffff888040c38000 R08: 0000000000000005 R09: 0000000000000001 [ 137.083303] R10: 0000000000000000 R11: ffffffff865b605b R12: ffff88803f672c00 [ 137.083314] R13: ffff88806cf3d2c0 R14: ffffffff8547d200 R15: 0000000000000002 [ 137.083331] ? group_sched_out.part.0+0x2c7/0x460 [ 137.083362] ? group_sched_out.part.0+0x2c7/0x460 [ 137.083393] ctx_sched_out+0x8f1/0xc10 [ 137.083422] __perf_event_task_sched_out+0x6d0/0x18d0 [ 137.083444] ? lock_is_held_type+0xd7/0x130 [ 137.083468] ? __perf_cgroup_move+0x160/0x160 [ 137.083484] ? set_next_entity+0x304/0x550 [ 137.083511] ? update_curr+0x267/0x740 [ 137.083539] ? lock_is_held_type+0xd7/0x130 [ 137.083562] __schedule+0xedd/0x2470 [ 137.083590] ? io_schedule_timeout+0x150/0x150 [ 137.083618] ? rcu_read_lock_sched_held+0x3e/0x80 [ 137.083649] schedule+0xda/0x1b0 [ 137.083674] exit_to_user_mode_prepare+0x114/0x1a0 [ 137.083693] syscall_exit_to_user_mode+0x19/0x40 [ 137.083716] do_syscall_64+0x48/0x90 [ 137.083733] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 137.083755] RIP: 0033:0x7fef5a19cb19 [ 137.083767] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 137.083784] RSP: 002b:00007fef57712218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 137.083801] RAX: 0000000000000001 RBX: 00007fef5a2aff68 RCX: 00007fef5a19cb19 [ 137.083812] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fef5a2aff6c [ 137.083823] RBP: 00007fef5a2aff60 R08: 000000000000000e R09: 0000000000000000 [ 137.083834] R10: 0000000000000006 R11: 0000000000000246 R12: 00007fef5a2aff6c [ 137.083845] R13: 00007ffdb3ff020f R14: 00007fef57712300 R15: 0000000000022000 [ 137.083864] [ 137.160371] WARNING: CPU: 1 PID: 3988 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 137.161258] Modules linked in: [ 137.161572] CPU: 1 PID: 3988 Comm: syz-executor.7 Not tainted 6.0.0-next-20221006 #1 [ 137.162301] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 137.163071] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 137.163594] Code: 5e 41 5f e9 5b a5 ef ff e8 56 a5 ef ff 65 8b 1d 1b fe ab 7e 31 ff 89 de e8 f6 a1 ef ff 85 db 0f 84 8a 00 00 00 e8 39 a5 ef ff <0f> 0b e9 a5 fe ff ff e8 2d a5 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 137.165290] RSP: 0018:ffff88804074fc48 EFLAGS: 00010006 [ 137.165799] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 137.166467] RDX: ffff888020670000 RSI: ffffffff815677b7 RDI: 0000000000000005 [ 137.167137] RBP: ffff888040c38000 R08: 0000000000000005 R09: 0000000000000001 [ 137.167821] R10: 0000000000000000 R11: ffffffff865b605b R12: ffff88803f672c00 [ 137.168497] R13: ffff88806cf3d2c0 R14: ffffffff8547d200 R15: 0000000000000002 [ 137.169179] FS: 00007fef57712700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 137.169944] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 137.170507] CR2: 00007fec52412820 CR3: 000000001bca6000 CR4: 0000000000350ee0 [ 137.171190] Call Trace: [ 137.171439] [ 137.171667] ctx_sched_out+0x8f1/0xc10 [ 137.172059] __perf_event_task_sched_out+0x6d0/0x18d0 [ 137.172554] ? lock_is_held_type+0xd7/0x130 [ 137.172988] ? __perf_cgroup_move+0x160/0x160 [ 137.173420] ? set_next_entity+0x304/0x550 [ 137.173836] ? update_curr+0x267/0x740 [ 137.174221] ? lock_is_held_type+0xd7/0x130 [ 137.174636] __schedule+0xedd/0x2470 [ 137.175006] ? io_schedule_timeout+0x150/0x150 [ 137.175458] ? rcu_read_lock_sched_held+0x3e/0x80 [ 137.175932] schedule+0xda/0x1b0 [ 137.176270] exit_to_user_mode_prepare+0x114/0x1a0 [ 137.176744] syscall_exit_to_user_mode+0x19/0x40 [ 137.177205] do_syscall_64+0x48/0x90 [ 137.177567] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 137.178061] RIP: 0033:0x7fef5a19cb19 [ 137.178415] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 137.180098] RSP: 002b:00007fef57712218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 137.180832] RAX: 0000000000000001 RBX: 00007fef5a2aff68 RCX: 00007fef5a19cb19 [ 137.181499] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fef5a2aff6c [ 137.182169] RBP: 00007fef5a2aff60 R08: 000000000000000e R09: 0000000000000000 [ 137.182839] R10: 0000000000000006 R11: 0000000000000246 R12: 00007fef5a2aff6c [ 137.183507] R13: 00007ffdb3ff020f R14: 00007fef57712300 R15: 0000000000022000 [ 137.184176] [ 137.184403] irq event stamp: 1544 [ 137.184739] hardirqs last enabled at (1543): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 137.185613] hardirqs last disabled at (1544): [] __schedule+0x1225/0x2470 [ 137.186397] softirqs last enabled at (1398): [] __irq_exit_rcu+0x11b/0x180 [ 137.187202] softirqs last disabled at (1389): [] __irq_exit_rcu+0x11b/0x180 [ 137.188014] ---[ end trace 0000000000000000 ]--- [ 137.198140] hrtimer: interrupt took 16511 ns 12:02:23 executing program 1: capset(&(0x7f0000000000)={0x20080522, 0xffffffffffffffff}, 0x0) 12:02:23 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f00000012c0), 0x6) 12:02:23 executing program 4: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000240), 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000280)={{}, 'port0\x00'}) 12:02:23 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000440)={@private1, 0x0, 0x2}, 0x20) 12:02:23 executing program 5: pwritev(0xffffffffffffffff, &(0x7f0000000640)=[{&(0x7f00000002c0)="19", 0x1}], 0x1, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000180), 0x1000000000000096, 0x0) [ 137.291049] audit: type=1400 audit(1665057743.801:9): avc: denied { write } for pid=3991 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 137.436279] loop7: detected capacity change from 0 to 40 [ 137.438766] Process accounting resumed [ 137.497742] Process accounting resumed [ 137.608222] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 VM DIAGNOSIS: 12:02:23 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=0000000000000001 RCX=ffffffff8427b697 RDX=ffffed100d9e6fd1 RSI=0000000000000004 RDI=ffff88806cf37e80 RBP=ffff88806cf37e80 RSP=ffff88803ff47a98 R8 =0000000000000000 R9 =ffff88806cf37e83 R10=ffffed100d9e6fd0 R11=0000000000000001 R12=0000000000000003 R13=ffffed100d9e6fd0 R14=0000000000000001 R15=1ffff11007fe8f54 RIP=ffffffff8427b714 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555556fdd400 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000555556fdec18 CR3=0000000020dc4000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff823c0801 RDI=ffffffff8765c9e0 RBP=ffffffff8765c9a0 RSP=ffff88804074f690 R8 =0000000000000001 R9 =000000000000000a R10=000000000000002d R11=0000000000000001 R12=000000000000002d R13=ffffffff8765c9a0 R14=0000000000000010 R15=ffffffff823c07f0 RIP=ffffffff823c0859 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fef57712700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fec52412820 CR3=000000001bca6000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=06ed805091c2f259943bb0f4b359c933 XMM02=9573274e25397d299caa35d497e12e6e XMM03=2750d0f3844950250082a2b2ed58e73c XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=0d0c0f0e09080b0a0504070601000302 XMM07=0e0d0c0f0a09080b0605040702010003 XMM08=bbde34efdca299972a31abead381046f XMM09=027b6a4990ababa9caa5189c78f0fbc9 XMM10=83a4350a877aec314661f0e65d2443c2 XMM11=cd02cf1a0808371dc35651a013b2a23d XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000