Warning: Permanently added '[localhost]:59746' (ECDSA) to the list of known hosts. 2022/09/14 11:20:43 fuzzer started 2022/09/14 11:20:43 dialing manager at localhost:33849 syzkaller login: [ 37.534967] cgroup: Unknown subsys name 'net' [ 37.645069] cgroup: Unknown subsys name 'rlimit' 2022/09/14 11:20:59 syscalls: 2215 2022/09/14 11:20:59 code coverage: enabled 2022/09/14 11:20:59 comparison tracing: enabled 2022/09/14 11:20:59 extra coverage: enabled 2022/09/14 11:20:59 setuid sandbox: enabled 2022/09/14 11:20:59 namespace sandbox: enabled 2022/09/14 11:20:59 Android sandbox: enabled 2022/09/14 11:20:59 fault injection: enabled 2022/09/14 11:20:59 leak checking: enabled 2022/09/14 11:20:59 net packet injection: enabled 2022/09/14 11:20:59 net device setup: enabled 2022/09/14 11:20:59 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/14 11:20:59 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/14 11:20:59 USB emulation: enabled 2022/09/14 11:20:59 hci packet injection: enabled 2022/09/14 11:20:59 wifi device emulation: failed to parse kernel version (6.0.0-rc5-next-20220914) 2022/09/14 11:20:59 802.15.4 emulation: enabled 2022/09/14 11:20:59 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/14 11:20:59 fetching corpus: 48, signal 25991/29178 (executing program) 2022/09/14 11:20:59 fetching corpus: 98, signal 46582/50384 (executing program) 2022/09/14 11:20:59 fetching corpus: 148, signal 56011/60533 (executing program) 2022/09/14 11:21:00 fetching corpus: 198, signal 65310/70150 (executing program) 2022/09/14 11:21:00 fetching corpus: 248, signal 70293/75593 (executing program) 2022/09/14 11:21:00 fetching corpus: 298, signal 74294/80014 (executing program) 2022/09/14 11:21:00 fetching corpus: 348, signal 79472/85249 (executing program) 2022/09/14 11:21:00 fetching corpus: 398, signal 84397/90096 (executing program) 2022/09/14 11:21:00 fetching corpus: 448, signal 87114/92965 (executing program) 2022/09/14 11:21:01 fetching corpus: 498, signal 90779/96629 (executing program) 2022/09/14 11:21:01 fetching corpus: 548, signal 93339/99180 (executing program) 2022/09/14 11:21:01 fetching corpus: 598, signal 97589/102945 (executing program) 2022/09/14 11:21:01 fetching corpus: 648, signal 100314/105419 (executing program) 2022/09/14 11:21:01 fetching corpus: 698, signal 103297/108045 (executing program) 2022/09/14 11:21:01 fetching corpus: 747, signal 106127/110641 (executing program) 2022/09/14 11:21:02 fetching corpus: 797, signal 109573/113425 (executing program) 2022/09/14 11:21:02 fetching corpus: 847, signal 112292/115679 (executing program) 2022/09/14 11:21:02 fetching corpus: 897, signal 114866/117560 (executing program) 2022/09/14 11:21:02 fetching corpus: 947, signal 116237/118583 (executing program) 2022/09/14 11:21:02 fetching corpus: 978, signal 118223/120155 (executing program) 2022/09/14 11:21:02 fetching corpus: 978, signal 118223/120246 (executing program) 2022/09/14 11:21:02 fetching corpus: 978, signal 118223/120336 (executing program) 2022/09/14 11:21:02 fetching corpus: 978, signal 118223/120442 (executing program) 2022/09/14 11:21:02 fetching corpus: 978, signal 118223/120526 (executing program) 2022/09/14 11:21:02 fetching corpus: 978, signal 118223/120615 (executing program) 2022/09/14 11:21:02 fetching corpus: 978, signal 118223/120715 (executing program) 2022/09/14 11:21:02 fetching corpus: 978, signal 118223/120809 (executing program) 2022/09/14 11:21:02 fetching corpus: 978, signal 118223/120905 (executing program) 2022/09/14 11:21:02 fetching corpus: 978, signal 118223/120989 (executing program) 2022/09/14 11:21:02 fetching corpus: 978, signal 118223/121066 (executing program) 2022/09/14 11:21:02 fetching corpus: 978, signal 118223/121164 (executing program) 2022/09/14 11:21:02 fetching corpus: 978, signal 118223/121259 (executing program) 2022/09/14 11:21:02 fetching corpus: 978, signal 118223/121379 (executing program) 2022/09/14 11:21:02 fetching corpus: 978, signal 118223/121464 (executing program) 2022/09/14 11:21:03 fetching corpus: 978, signal 118223/121553 (executing program) 2022/09/14 11:21:03 fetching corpus: 978, signal 118223/121647 (executing program) 2022/09/14 11:21:03 fetching corpus: 978, signal 118223/121730 (executing program) 2022/09/14 11:21:03 fetching corpus: 978, signal 118223/121802 (executing program) 2022/09/14 11:21:03 fetching corpus: 978, signal 118223/121875 (executing program) 2022/09/14 11:21:03 fetching corpus: 978, signal 118223/121954 (executing program) 2022/09/14 11:21:03 fetching corpus: 978, signal 118223/122046 (executing program) 2022/09/14 11:21:03 fetching corpus: 978, signal 118223/122124 (executing program) 2022/09/14 11:21:03 fetching corpus: 978, signal 118223/122231 (executing program) 2022/09/14 11:21:03 fetching corpus: 978, signal 118223/122317 (executing program) 2022/09/14 11:21:03 fetching corpus: 978, signal 118223/122391 (executing program) 2022/09/14 11:21:03 fetching corpus: 978, signal 118223/122492 (executing program) 2022/09/14 11:21:03 fetching corpus: 978, signal 118223/122574 (executing program) 2022/09/14 11:21:03 fetching corpus: 978, signal 118223/122669 (executing program) 2022/09/14 11:21:03 fetching corpus: 978, signal 118223/122759 (executing program) 2022/09/14 11:21:03 fetching corpus: 978, signal 118223/122871 (executing program) 2022/09/14 11:21:03 fetching corpus: 978, signal 118223/122954 (executing program) 2022/09/14 11:21:03 fetching corpus: 978, signal 118223/123058 (executing program) 2022/09/14 11:21:03 fetching corpus: 978, signal 118223/123151 (executing program) 2022/09/14 11:21:03 fetching corpus: 978, signal 118223/123229 (executing program) 2022/09/14 11:21:03 fetching corpus: 978, signal 118223/123229 (executing program) 2022/09/14 11:21:05 starting 8 fuzzer processes 11:21:05 executing program 1: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, @perf_config_ext, 0x2002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000011c0)={0x1, 0x80, 0xff, 0x20, 0x3f, 0x7f, 0x0, 0x2, 0x5010, 0x3, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_config_ext={0x3e, 0x6}, 0x10000, 0x6, 0x3ec000, 0x8, 0xffffffff, 0x9, 0x4, 0x0, 0x2, 0x0, 0x7}, 0xffffffffffffffff, 0x6, r0, 0xa) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) sendfile(r2, r1, 0x0, 0xfffffdef) perf_event_open(&(0x7f0000000300)={0x2, 0x80, 0x0, 0x0, 0xb7, 0x2, 0x0, 0x1, 0x38021, 0x8, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0xaa, 0x0, @perf_bp={&(0x7f0000000180), 0xe}, 0x2820, 0x3, 0x3, 0x1, 0x1273, 0x4, 0x826, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xd, r2, 0xb) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file0\x00') sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000200)={&(0x7f0000000480)=ANY=[@ANYRES64=r0, @ANYRES16=0x0, @ANYBLOB="000423bdabc5ff0000005c000180060004004e23000008002f82950e12d57ad088af20125890dfb9080000020000060004004e230000060082003c00000000000300ff0200000000000000000000000000010c000700200000000100000008000b007369700008000b0073697000060004004e23000007ffe900e90a000008000600020000000800040000007e000800040000210000355c965688eed630edefc9acb85ff35fdeb7bb961620a0dae802be9f8b74623d42c9bd892fae0aca9f4cee9ce3e2f090f7dcdede6da696d02d3c99137bf2594599b85fa71274d6254704d7bbfdc328a68b82cd0aef0f9c79e2ff669f773f1de1675f18b4af2d804e4ca7912750e0ab515aff130f483b9cad80f41ebf4cc9caea11eae445e79c2b60717a98bc5ef854a8052b2b37acfa7277ced458f939ac2ea170d1c1a2e5760428edadf9d905a4b3f09f09881ca89f7f9096d91beffa584b8d2e7cc5102f09d8868d245590f811541c9d52eec7984fd86c"], 0x90}, 0x1, 0x0, 0x0, 0x22000850}, 0x20040044) syz_genetlink_get_family_id$nl80211(&(0x7f0000001280), 0xffffffffffffffff) unlinkat(0xffffffffffffffff, &(0x7f0000001240)='./file0\x00', 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='numa_maps\x00') r3 = syz_open_procfs(0x0, &(0x7f0000000f00)='mountinfo\x00') read$hiddev(r3, &(0x7f0000000040)=""/169, 0x200000e9) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r3, 0xc018937c, &(0x7f0000000140)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x5}}, './file0\x00'}) ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, &(0x7f00000012c0)={{r4}, "98d5117dcdf3ba65a37a5177a90fc478938e5b0e77df4853039e412a2ed35d673ec36a460da5f47d9f8d50e51400148fe5094f96940178eddf3acd8727f8c2df4d2ad351909029c73e5467076cc5e959436803fecb293e4d2f74f960c9dd753be252b72894d26711f4f5d1dabe16dd243bc8624cb6e572c82c0eb66bdf0268cad8fa63eb4a3c8b9a836c59e9a81ecb309daadb82ea96e214b0f3e1856d48c16dca6f486e0725c76cb7365e94f2cc89c30c1ab84fa8eee2ee64bc36f58fa6f8edc82336d510b3e430611509d4a4d6834e7f2dbe7f2af6e5180f271e4994055bbcbbab66716248ba50823c09cf98c2d6258d7ce01b1672a2c24bdc4df7bfa1afd8edbbf67436500a2417d672522dceb427bed354930cb3ac9ac78f71ccdf6cc2944054b6712c5da571b91e1aa6ae3e373f679cc2c552cdb54eabe0e0e6afd9123590f7a3d7adb7b422598a326da0e99cadba0584f3093bb7c7c288fd5e520a94b9d77cdf06c55ffb698c75c32a969c21f9d16030c3c6b43b43e61bc9609c087a186415e7140c764d4e601d89024fc46d909b3138b9ddcc7f506a336a2e79268d78d648fd9e2f7ed108d3f2ed62ab672349b9cb735152320406bc7e48458c38d92b01e42e98dc99980299aef47155f160f97529b3c6991f28842d03e09788aa526fae70e214fc943b2e8ac614430497778202b788b534ac69f127c6bcb0000602fe4bb1430e2d927408d9f5f9ff6683a54eca1b7aa98c3431abbb63ae3bd639e173cc3ef5f04bbeb3a5e7c454394ff1d7fa2c27073b3a90f5b05e7a4d4b7c1bd1898eb272fa8b6f689a4d5043fe78afb3292f84eaae6c933e0d291ab94f7e53883482cb8352e7c3a15b4114ffa66d17822747328a56e50eb2fe07ce9ff2fef3035fbc3ba63d69ba31dad03701dd61b0976021b3ac7b1584642d892ea4b0fb11a4bbbb6e82c84a0694bea4d23ad7f3637fd0e1d946c8c86ecc017dcd52b64021a3069b71f30724ba44f8fb8e59075b6a5d15f36331e57d4f62c511501ad373bebb38f4d915fe0324baacf086ed88b653daef198af3ccaadea8ec216c4b818cc60541f14b268fdafb182027865aae7d89c90e180400ebfc1080d9c50feb88a55f706e7101f18a5d716493c1c5375311598761a08bbd1fe631d7c3cd050de93eaaae93a592996984f4e177ec674ae60e52405e056fce896d2d31b3769b4802a02888a0e525f820ff76b755e39c6ce61d337a4707d65f8f05935d69eab2e1de1330abc37bfea3b7b48b7f6b1d22744e3036326afc7f00f90b1e08ddbbb01db0b773e52858c58a5933caa6beb8bb9b459a97be5fc140628b0402cd5746a2308ce1881d564dc1df0c28c3d8587640f8e952611b7466cb34babb5ffe2b14c4eef50fd682c12adb783d5bcb9dc3e29a536998e14e56692c92f2cb837524df5bb467ae43ccb0381628234b7ce67cdf0ecff7e9b00fbf0d659c78c2df01d59f70cbe7e657b4cbf3479ddd8595131a87b980417a0558e69825c78aaa85f59196a15dbffd63c835d2829fb9b4225f618ae1481281b52db14a2e47cd15ede6083ea8184aec10508c10487dfc1be1360aa96f9aae85467653bc5fcf8554302273b892d74220ffa64785fcc7ab4db939452d3fec30cfea2bd8ea823add48aa3cdee66b6df06902bfc11d6f798c6874b8562dfeaf96606a9d14ac4274f7ec71d7d0d8710b1a9922cb412b44924a4fa65d0f6b45489ea364af6488d817c51adac2df271533f6dc56c1d8af0c099e74ed3ace6215a250a5a736a474d6578ec1c0f927f1874b4e7b3d9c0ac5ecf5ddf95f4119f71932a8ca2e14ad8a7fdff192177d634931c50f198cb6ab30016cc03307d7fd63f8782751436da82f242c1a2ce85a246aa18df3ff363d4cbfad23cbaf6432e618842a1313d853e2bfc54f4a975c0e80cdd563d5d986f71ffc70be22c92e0e0d8f985795d3b61e689011347a0c9bbbfb1995f8400df6b5e854adea2cf7b9c3e339f0e5e99ca86047d2431caedc247d064a3b292bdb7e7ed06b83ecbed22921284630517b42a960c531ebf8e7b99a272ff1760150bee80b823aa562736da4c7bb6c4558284d136ad2188ad398ddad0f48c24c245bcf4f272b632b8fcc519a46e0029b64632d0fc0bd57b00614bd7dcaf57f7fc659c38bcf8e69ff308a58687eb1e28dcde5e53a9c5d4a2877f9dfc7b688bc28a61330e784616e6a8b07b56a70f3a4411b187134001c7665bb28203232ecc252ed87fdd4059783a86188e6caab3cbfbd0b25d44e8ca77851a0ee4e24891141ccebd856df898bf9e8e99bc67ed9ed8f9dcd4c85e845058499e98001cb04ad7e5a803eed878212af2deeba0f20b642b49ad6724566dc4d0d1c3894b2ed4a5a8496b0e34d65de32c972fdd0d13b8607e8934eaae1092fc8ffb25102abb8325fd15e7a3d8b9336700eaee713c8f0a5d19f8c248796353bc7e20a2bb7a48f18804d44887827f45bf0cfe035205217f23d88af7df446fa2712ae9d08d8768d792c4b6f8ccd65edd1dd2dd13d6e8875d3f8f42f1627c461a07cd0ddf61dfc30395722eda76608b17cc7a1dd72c79f3dd722ce04c74a78df4c0d398630a6e2784a9709d738f76e320cb02980032f165a00940264a2932f3478796eda362348dff19dc40a0c8762715852936d2f994e8f3e802b7375b6076a8d130ad9da7bb243e2221f55ace6d83b937506f1591d88d9c867a5f682d2815a30b136db481ba2694421e4428dd6a883b29bfa31e7e7f8e4d363dfafa9c3bba0479ef819bc942de0bc54dd4c682730d9292b39bdd51b30bac6c2f829f44df4aafbc6824229f4af84ebbf6697cc327d4b1d9074cc36237068725171332d2420883b2e33ec8e1245cf1e3d78b1da5972c4cb92969a5bdb0298b6bf5c9debcf77c6b202c925b8f609b0a5c56ef57fd40fcfe3da22335164c1c3eba59d7b16f57a7283945275755074af859a6ef25f969a9f0aaf38c953814029584c336e3b65072ff064612f94c0ade14f8014c8be661fffc3e2799f658f8cc791d42a91eff2c1ffcea27b0b670e610417faa9d287a59d8bcbfb7e96e18fe5233787643a6d1d1ad9580adac11a794fbac58bba937e80a686f1b45a98642ee64ea603dff0676224352b2bed9b1f350c82f6152fcb8700a3442c4186e1b4821306ce4cf1aa99ee1075deadc4233ed7e63467441d7967e1d576bcabf370fd381465c6a0593d0a11985a992bacad61e910bbc3f7e821167b89ffba05a030bc604ecbd607d0c75bbb62a18ccb45e79c079334f7881dd6db7662ae37c0b1b13981e7ae824451937d16094b96c5e54eeaf5f3da4439ea25f33eead56353758796c76866ec0d49ece6a691c2b2b84c41a1c90eb955a4bbc03ca152d80d1d359e9e1d3681d943b02aef83c7bf7b94bf6fbc62bfc51fb4c2d1f7f8a33dc6707fedd2074b3826e5fe701cff85ea980582ae3cc3072fbb415f9c32dc502789818adef030d4504ec7f05c27adb51f00608e90bbac0ed7eb6b0eeb77cad37c88be991c346dc54a032189a4818f6a3058371a615c67c6f629eea19e917229a3ebe49f1e41c6b1af9c0d3a9f4be93b0528f3873c8ca0a25986abe2e713b3954bf6935c94945acde41ea2a692e5d21cd19db21f5cc5ea400b20b45339ee8c948ccdc6881b03cdc159f7f0b11124cf215e74b903daa6e805d26de9dc1dc6fa6227dc0b921b715a5d662cb56d174a14c62503963f039adb9786a365bf2345596a5d544853a81ca361c579b241a68fb36705dbd643ee95a7cedb4648392ffeff52aa9a9ec710d37d26ab6bbd2fd9c7716a27d218e6f53e46b7d1d295d85e07b79f8f9ad1ced62f7dec607befaf9b02390b408beab11f9f9e1123d06290aec246ac78017afff41f47749fac16fcfddd38c9a21f03ca012b9672dd45acf3104a1f1a362cd6cdfbf0418bfe7d8d280fbbac4b81aec6a5b9989081763a57a1b920f26f2db9828beb6b72ef485d659b494937e8c076e32e7bcaa1dcc4fa4e6d2e92881748122494d3dfd9f00e57125fec27fe02723992eac7f2e902299e146918f3f946dd0a682a0012bb4dcc72c626e62f5e55fb5289b8f3048215205e14d68393d413812ba4c7fc63e8a76e8d742c1bdea8fbf7289a30f0afb0d8594d96891c1df2629fc58c887c6f7c55502097dcb646084be9707fecb206c7586ae555e22317b147ce7a47a07cbda6ada3df1b81bf0499795148e6136f9f3e37420437afec3c5512185ec188503dd51feb67808d80328906280cc1eabc56df0d93536ee8f4f6807690139ef09c0877cf99c3441d1010cf0ab33cae850abff871463fdc295beb0cd3d50339a496ea6ce1cf3e2ab3c866d511708e48124698794adab36b5113141db3717f100063e98febdfe583f3efbdfdb86f802d85f03ba5cf1afcf9b0f05e51a2ee56d9b12b8ea3989f37d9b3b4012eff6ed192a5b6a1b514d47754ad3a99c4a94b8fae1d4d4dd26734c305a6bc56afa6b0334a018de6a4f3c722e1ae1ba77334c8bdb1b533bd710acf4afea8adec3e51d658c9662e64754ec339fcb5a2b1a82f27f5039b5e0c632d841f526d2d37ded74b64ba4b3b57542c50099e3ec7186ff6cd9a9c8f30130103b0f445de3fa0a45aedefa1af1df70bb16534a1b08b7f8434a0c7d4d2bd3a7c8b78508347af6661a748a8f9942ee3bf48a12e9ba225c7b05fa4850a84b487ab58ec36ef782b95f64c5fbfb4584434fb90b232cfd9760f134d13eb8e3d328e0c19f6f1b0692e4bddc0d27449112bfa5c6d308cd9943d0ed834e4464e287532c6a44da725086c9daad250b4fc9349bb0f1ad3f6d892d3a7715cb9f15c7d102890fd7239139ef7728285202ebe2ae7ee29966182303339446df8b8d4c81ee066d7b24bda82cdd51aaae56e5ba878a81cbf9ba9e3b3169ba7321c5b3f82ca79e9b241c08960e2e40107a482b0aef6a0e022848c99f6d600014b5f02ef2cb6af23ffc3bac536b91d6f13661f68ca8c3fe0eb5b50467d62fb320243207a781d1f994d5cd1fd1058f794ca6ea51fb386d88592e671ce33a65f60ad2f2290497651d5906327bdb05ba7bf4001a88a987a24f3beee5c24e5dbb480a80faa204804961953e7f733bf4f0b00153c5ad4d54a93129ca06d64d9a55faec26ed47165e61aa3c9f53075aae9a40c188c7093cc58e76da30de32ad081f478707fd68959927db69cdf59fdaaa1f9a9b8e2ea0104a2168a736bb1dd8a26b31525f304312f221477da097ce47520f137fddc78e55ab85a8636f1af448a722c27bd983c470cd3074cb55ed282976818caa7a1edede4396b2efe86b915379b7ca9aa523331cefb44724757479140b22cafa7fc934df0b99d5317c7e69b73516190a4dc24d01efe49b1ebbba54eef2b4e3a83d89be9e1a68294e81195ceb2b3099fc4f263a9ba11933cb31606c43b61de3d37f893dcdb84cea602e16cc6fc777316b50e9b441ac88d26f66ee2a102257b58da96ff4bcf66fca1cbb91b99e34bce9035b5032ea79284109e14f1f1ac880bc0560a17ce0694c9daeb6a24cc17d0b1546cbc117b1880df93c59043d3a2fc16ebc4cf3f8ae29dc779464e1128d720b10df6cccd783f363123a4695c6247b97291d5f8684e435b1c70e40b965579b32fca6be223c60ecfea202a8398d54df610d7fa0d4d38da568f16678855aa156b0f892760924a6bf461fc2c70c0cdb42e0dfe2ecb81f15bb5ea6d09a8d978c579f79aa760d15b6cd120740663a16869496c0b761238cc48c71b094c949f5965"}) openat(r3, &(0x7f0000000040)='./file2\x00', 0x1, 0x1d0) openat(r3, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x134) 11:21:05 executing program 7: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f0000000040), 0x0) 11:21:05 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0003}]}) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/udp6\x00') read$hiddev(r0, &(0x7f0000001140)=""/212, 0xd4) 11:21:05 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000001180)='-', 0x1}], 0x1, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000800)='./file1\x00', 0x42, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000002, 0x13, r1, 0x0) syz_io_uring_submit(r2, 0x0, 0x0, 0x0) madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x15) creat(&(0x7f0000000180)='./file1\x00', 0x0) 11:21:05 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={[{@mpol={'mpol', 0x3d, {'prefer', '=relative', @val={0x3a, [0xa]}}}}]}) 11:21:05 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @broadcast}, 0x10) getsockopt$IPT_SO_GET_REVISION_MATCH(r1, 0x0, 0x42, &(0x7f0000000080)={'ah\x00'}, &(0x7f00000000c0)=0x1e) close_range(r0, 0xffffffffffffffff, 0x0) 11:21:05 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000600)={0x0, {{0xa, 0x0, 0x0, @empty}}, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108) 11:21:05 executing program 0: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETSW(r0, 0x4bfa, 0x0) [ 59.009973] audit: type=1400 audit(1663154465.315:6): avc: denied { execmem } for pid=284 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 60.279004] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 60.281862] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 60.283251] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 60.286490] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 60.288217] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 60.289772] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 60.294629] Bluetooth: hci0: HCI_REQ-0x0c1a [ 60.317848] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 60.333695] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 60.340715] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 60.342117] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 60.343554] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 60.345174] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 60.346526] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 60.347813] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 60.349109] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 60.351071] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 60.352524] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 60.353708] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 60.354855] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 60.355906] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 60.356961] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 60.361555] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 60.362628] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 60.363778] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 60.364938] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 60.365984] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 60.367245] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 60.394650] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 60.405544] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 60.407903] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 60.409943] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 60.412669] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 60.414764] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 60.422151] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 60.424066] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 60.424602] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 60.428271] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 60.430120] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 60.434072] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 60.435427] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 60.435761] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 60.437907] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 60.439786] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 60.441562] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 60.444784] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 60.450711] Bluetooth: hci4: HCI_REQ-0x0c1a [ 60.454139] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 60.467137] Bluetooth: hci1: HCI_REQ-0x0c1a [ 60.473639] Bluetooth: hci7: HCI_REQ-0x0c1a [ 60.476398] Bluetooth: hci3: HCI_REQ-0x0c1a [ 60.477416] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 60.483386] Bluetooth: hci2: HCI_REQ-0x0c1a [ 60.493936] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 60.514125] Bluetooth: hci6: HCI_REQ-0x0c1a [ 60.531110] Bluetooth: hci5: HCI_REQ-0x0c1a [ 62.350724] Bluetooth: hci0: command 0x0409 tx timeout [ 62.478369] Bluetooth: hci4: command 0x0409 tx timeout [ 62.542454] Bluetooth: hci1: command 0x0409 tx timeout [ 62.542470] Bluetooth: hci5: command 0x0409 tx timeout [ 62.543944] Bluetooth: hci6: command 0x0409 tx timeout [ 62.544478] Bluetooth: hci7: command 0x0409 tx timeout [ 62.544975] Bluetooth: hci2: command 0x0409 tx timeout [ 62.545484] Bluetooth: hci3: command 0x0409 tx timeout [ 64.399339] Bluetooth: hci0: command 0x041b tx timeout [ 64.527385] Bluetooth: hci4: command 0x041b tx timeout [ 64.591551] Bluetooth: hci3: command 0x041b tx timeout [ 64.592724] Bluetooth: hci2: command 0x041b tx timeout [ 64.593582] Bluetooth: hci7: command 0x041b tx timeout [ 64.594405] Bluetooth: hci6: command 0x041b tx timeout [ 64.595173] Bluetooth: hci5: command 0x041b tx timeout [ 64.595982] Bluetooth: hci1: command 0x041b tx timeout [ 66.446351] Bluetooth: hci0: command 0x040f tx timeout [ 66.574358] Bluetooth: hci4: command 0x040f tx timeout [ 66.638415] Bluetooth: hci1: command 0x040f tx timeout [ 66.639182] Bluetooth: hci5: command 0x040f tx timeout [ 66.640201] Bluetooth: hci6: command 0x040f tx timeout [ 66.640950] Bluetooth: hci7: command 0x040f tx timeout [ 66.641792] Bluetooth: hci2: command 0x040f tx timeout [ 66.642519] Bluetooth: hci3: command 0x040f tx timeout [ 68.495381] Bluetooth: hci0: command 0x0419 tx timeout [ 68.622382] Bluetooth: hci4: command 0x0419 tx timeout [ 68.687372] Bluetooth: hci3: command 0x0419 tx timeout [ 68.687844] Bluetooth: hci2: command 0x0419 tx timeout [ 68.688265] Bluetooth: hci7: command 0x0419 tx timeout [ 68.689054] Bluetooth: hci6: command 0x0419 tx timeout [ 68.689848] Bluetooth: hci5: command 0x0419 tx timeout [ 68.690256] Bluetooth: hci1: command 0x0419 tx timeout 11:22:01 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0003}]}) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/udp6\x00') read$hiddev(r0, &(0x7f0000001140)=""/212, 0xd4) 11:22:01 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0003}]}) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/udp6\x00') read$hiddev(r0, &(0x7f0000001140)=""/212, 0xd4) 11:22:01 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0003}]}) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/udp6\x00') read$hiddev(r0, &(0x7f0000001140)=""/212, 0xd4) 11:22:01 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0003}]}) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/udp6\x00') read$hiddev(r0, &(0x7f0000001140)=""/212, 0xd4) 11:22:01 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0003}]}) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/udp6\x00') read$hiddev(r0, &(0x7f0000001140)=""/212, 0xd4) 11:22:01 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0003}]}) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/udp6\x00') read$hiddev(r0, &(0x7f0000001140)=""/212, 0xd4) 11:22:02 executing program 2: syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) lseek(r0, 0x0, 0x3) 11:22:02 executing program 2: syz_mount_image$vfat(0x0, &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) lseek(r0, 0x0, 0x3) [ 116.571869] audit: type=1400 audit(1663154522.877:7): avc: denied { open } for pid=3766 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 116.573500] audit: type=1400 audit(1663154522.877:8): avc: denied { kernel } for pid=3766 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 116.588922] ------------[ cut here ]------------ [ 116.588942] [ 116.588945] ====================================================== [ 116.588949] WARNING: possible circular locking dependency detected [ 116.588953] 6.0.0-rc5-next-20220914 #1 Not tainted [ 116.588959] ------------------------------------------------------ [ 116.588962] syz-executor.1/3769 is trying to acquire lock: [ 116.588969] ffffffff853fa878 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 116.589006] [ 116.589006] but task is already holding lock: [ 116.589009] ffff88800e917c20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 116.589037] [ 116.589037] which lock already depends on the new lock. [ 116.589037] [ 116.589040] [ 116.589040] the existing dependency chain (in reverse order) is: [ 116.589043] [ 116.589043] -> #3 (&ctx->lock){....}-{2:2}: [ 116.589057] _raw_spin_lock+0x2a/0x40 [ 116.589074] __perf_event_task_sched_out+0x53b/0x18d0 [ 116.589087] __schedule+0xedd/0x2470 [ 116.589097] schedule+0xda/0x1b0 [ 116.589107] exit_to_user_mode_prepare+0x114/0x1a0 [ 116.589127] syscall_exit_to_user_mode+0x19/0x40 [ 116.589145] do_syscall_64+0x48/0x90 [ 116.589158] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 116.589175] [ 116.589175] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 116.589189] _raw_spin_lock_nested+0x30/0x40 [ 116.589204] raw_spin_rq_lock_nested+0x1e/0x30 [ 116.589217] task_fork_fair+0x63/0x4d0 [ 116.589233] sched_cgroup_fork+0x3d0/0x540 [ 116.589247] copy_process+0x4183/0x6e20 [ 116.589258] kernel_clone+0xe7/0x890 [ 116.589285] user_mode_thread+0xad/0xf0 [ 116.589296] rest_init+0x24/0x250 [ 116.589312] arch_call_rest_init+0xf/0x14 [ 116.589324] start_kernel+0x4c1/0x4e6 [ 116.589334] secondary_startup_64_no_verify+0xe0/0xeb [ 116.589348] [ 116.589348] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 116.589362] _raw_spin_lock_irqsave+0x39/0x60 [ 116.589377] try_to_wake_up+0xab/0x1920 [ 116.589390] up+0x75/0xb0 [ 116.589401] __up_console_sem+0x6e/0x80 [ 116.589417] console_unlock+0x46a/0x590 [ 116.589433] vt_ioctl+0x2822/0x2ca0 [ 116.589445] tty_ioctl+0x7c4/0x1700 [ 116.589456] __x64_sys_ioctl+0x19a/0x210 [ 116.589471] do_syscall_64+0x3b/0x90 [ 116.589484] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 116.589501] [ 116.589501] -> #0 ((console_sem).lock){....}-{2:2}: [ 116.589514] __lock_acquire+0x2a02/0x5e70 [ 116.589530] lock_acquire+0x1a2/0x530 [ 116.589546] _raw_spin_lock_irqsave+0x39/0x60 [ 116.589560] down_trylock+0xe/0x70 [ 116.589572] __down_trylock_console_sem+0x3b/0xd0 [ 116.589588] vprintk_emit+0x16b/0x560 [ 116.589604] vprintk+0x84/0xa0 [ 116.589620] _printk+0xba/0xf1 [ 116.589637] report_bug.cold+0x72/0xab [ 116.589649] handle_bug+0x3c/0x70 [ 116.589661] exc_invalid_op+0x14/0x50 [ 116.589674] asm_exc_invalid_op+0x16/0x20 [ 116.589690] group_sched_out.part.0+0x2c7/0x460 [ 116.589701] ctx_sched_out+0x8f1/0xc10 [ 116.589710] __perf_event_task_sched_out+0x6d0/0x18d0 [ 116.589722] __schedule+0xedd/0x2470 [ 116.589732] schedule+0xda/0x1b0 [ 116.589741] exit_to_user_mode_prepare+0x114/0x1a0 [ 116.589759] syscall_exit_to_user_mode+0x19/0x40 [ 116.589776] do_syscall_64+0x48/0x90 [ 116.589789] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 116.589806] [ 116.589806] other info that might help us debug this: [ 116.589806] [ 116.589809] Chain exists of: [ 116.589809] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 116.589809] [ 116.589824] Possible unsafe locking scenario: [ 116.589824] [ 116.589826] CPU0 CPU1 [ 116.589828] ---- ---- [ 116.589831] lock(&ctx->lock); [ 116.589836] lock(&rq->__lock); [ 116.589843] lock(&ctx->lock); [ 116.589849] lock((console_sem).lock); [ 116.589855] [ 116.589855] *** DEADLOCK *** [ 116.589855] [ 116.589857] 2 locks held by syz-executor.1/3769: [ 116.589864] #0: ffff88806cf37cd8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 116.589890] #1: ffff88800e917c20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 116.589917] [ 116.589917] stack backtrace: [ 116.589920] CPU: 1 PID: 3769 Comm: syz-executor.1 Not tainted 6.0.0-rc5-next-20220914 #1 [ 116.589933] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 116.589942] Call Trace: [ 116.589945] [ 116.589949] dump_stack_lvl+0x8b/0xb3 [ 116.589964] check_noncircular+0x263/0x2e0 [ 116.589980] ? format_decode+0x26c/0xb50 [ 116.589995] ? print_circular_bug+0x450/0x450 [ 116.590012] ? enable_ptr_key_workfn+0x20/0x20 [ 116.590026] ? format_decode+0x26c/0xb50 [ 116.590042] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 116.590059] __lock_acquire+0x2a02/0x5e70 [ 116.590080] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 116.590104] lock_acquire+0x1a2/0x530 [ 116.590123] ? down_trylock+0xe/0x70 [ 116.590140] ? rcu_read_unlock+0x40/0x40 [ 116.590162] ? vprintk+0x84/0xa0 [ 116.590180] _raw_spin_lock_irqsave+0x39/0x60 [ 116.590195] ? down_trylock+0xe/0x70 [ 116.590209] down_trylock+0xe/0x70 [ 116.590222] ? vprintk+0x84/0xa0 [ 116.590238] __down_trylock_console_sem+0x3b/0xd0 [ 116.590255] vprintk_emit+0x16b/0x560 [ 116.590274] vprintk+0x84/0xa0 [ 116.590291] _printk+0xba/0xf1 [ 116.590308] ? record_print_text.cold+0x16/0x16 [ 116.590330] ? report_bug.cold+0x66/0xab [ 116.590344] ? group_sched_out.part.0+0x2c7/0x460 [ 116.590355] report_bug.cold+0x72/0xab [ 116.590370] handle_bug+0x3c/0x70 [ 116.590383] exc_invalid_op+0x14/0x50 [ 116.590398] asm_exc_invalid_op+0x16/0x20 [ 116.590414] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 116.590427] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 116.590439] RSP: 0018:ffff8880172cfc48 EFLAGS: 00010006 [ 116.590448] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 116.590456] RDX: ffff88801f44b580 RSI: ffffffff81566027 RDI: 0000000000000005 [ 116.590463] RBP: ffff88803f948000 R08: 0000000000000005 R09: 0000000000000001 [ 116.590471] R10: 0000000000000000 R11: ffffffff865ac05b R12: ffff88800e917c00 [ 116.590479] R13: ffff88806cf3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 116.590490] ? group_sched_out.part.0+0x2c7/0x460 [ 116.590503] ? group_sched_out.part.0+0x2c7/0x460 [ 116.590516] ctx_sched_out+0x8f1/0xc10 [ 116.590528] __perf_event_task_sched_out+0x6d0/0x18d0 [ 116.590544] ? lock_is_held_type+0xd7/0x130 [ 116.590562] ? __perf_cgroup_move+0x160/0x160 [ 116.590573] ? set_next_entity+0x304/0x550 [ 116.590591] ? update_curr+0x267/0x740 [ 116.590609] ? lock_is_held_type+0xd7/0x130 [ 116.590627] __schedule+0xedd/0x2470 [ 116.590640] ? io_schedule_timeout+0x150/0x150 [ 116.590653] ? rcu_read_lock_sched_held+0x3e/0x80 [ 116.590673] schedule+0xda/0x1b0 [ 116.590684] exit_to_user_mode_prepare+0x114/0x1a0 [ 116.590704] syscall_exit_to_user_mode+0x19/0x40 [ 116.590722] do_syscall_64+0x48/0x90 [ 116.590736] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 116.590753] RIP: 0033:0x7fc7cbc49b19 [ 116.590762] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 116.590773] RSP: 002b:00007fc7c91bf218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 116.590784] RAX: 0000000000000001 RBX: 00007fc7cbd5cf68 RCX: 00007fc7cbc49b19 [ 116.590791] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc7cbd5cf6c [ 116.590798] RBP: 00007fc7cbd5cf60 R08: 000000000000000e R09: 0000000000000000 [ 116.590806] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fc7cbd5cf6c [ 116.590813] R13: 00007ffd3cb988cf R14: 00007fc7c91bf300 R15: 0000000000022000 [ 116.590826] [ 116.645236] WARNING: CPU: 1 PID: 3769 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 116.645957] Modules linked in: [ 116.646207] CPU: 1 PID: 3769 Comm: syz-executor.1 Not tainted 6.0.0-rc5-next-20220914 #1 [ 116.646817] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 116.647671] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 116.648066] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 116.649364] RSP: 0018:ffff8880172cfc48 EFLAGS: 00010006 [ 116.649748] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 116.650252] RDX: ffff88801f44b580 RSI: ffffffff81566027 RDI: 0000000000000005 [ 116.650757] RBP: ffff88803f948000 R08: 0000000000000005 R09: 0000000000000001 [ 116.651253] R10: 0000000000000000 R11: ffffffff865ac05b R12: ffff88800e917c00 [ 116.651761] R13: ffff88806cf3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 116.652262] FS: 00007fc7c91bf700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 116.652829] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 116.653242] CR2: 00007f91edeb8028 CR3: 000000003e4d4000 CR4: 0000000000350ee0 [ 116.653760] Call Trace: [ 116.653947] [ 116.654114] ctx_sched_out+0x8f1/0xc10 [ 116.654401] __perf_event_task_sched_out+0x6d0/0x18d0 [ 116.654773] ? lock_is_held_type+0xd7/0x130 [ 116.655089] ? __perf_cgroup_move+0x160/0x160 [ 116.655436] ? set_next_entity+0x304/0x550 [ 116.655760] ? update_curr+0x267/0x740 [ 116.656059] ? lock_is_held_type+0xd7/0x130 [ 116.656391] __schedule+0xedd/0x2470 [ 116.656678] ? io_schedule_timeout+0x150/0x150 [ 116.657027] ? rcu_read_lock_sched_held+0x3e/0x80 [ 116.657419] schedule+0xda/0x1b0 [ 116.657694] exit_to_user_mode_prepare+0x114/0x1a0 [ 116.658064] syscall_exit_to_user_mode+0x19/0x40 [ 116.658422] do_syscall_64+0x48/0x90 [ 116.658713] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 116.659098] RIP: 0033:0x7fc7cbc49b19 [ 116.659375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 116.660679] RSP: 002b:00007fc7c91bf218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 116.661236] RAX: 0000000000000001 RBX: 00007fc7cbd5cf68 RCX: 00007fc7cbc49b19 [ 116.661780] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc7cbd5cf6c [ 116.662301] RBP: 00007fc7cbd5cf60 R08: 000000000000000e R09: 0000000000000000 [ 116.662827] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fc7cbd5cf6c [ 116.663343] R13: 00007ffd3cb988cf R14: 00007fc7c91bf300 R15: 0000000000022000 [ 116.663886] [ 116.664064] irq event stamp: 634 [ 116.664325] hardirqs last enabled at (633): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 116.665017] hardirqs last disabled at (634): [] __schedule+0x1225/0x2470 [ 116.665618] softirqs last enabled at (328): [] __irq_exit_rcu+0x11b/0x180 [ 116.666244] softirqs last disabled at (319): [] __irq_exit_rcu+0x11b/0x180 [ 116.666869] ---[ end trace 0000000000000000 ]--- [ 116.865812] audit: type=1400 audit(1663154523.171:9): avc: denied { write } for pid=3766 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 121.445593] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 121.446614] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 121.450423] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 121.452209] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 121.453433] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 121.454157] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 121.457863] Bluetooth: hci7: HCI_REQ-0x0c1a [ 123.470421] Bluetooth: hci7: command 0x0409 tx timeout [ 125.518358] Bluetooth: hci7: command 0x041b tx timeout VM DIAGNOSIS: 11:22:03 Registers: info registers vcpu 0 RAX=1ffff920000d3a10 RBX=dffffc0000000000 RCX=0000000000000000 RDX=0000000000000000 RSI=ffffffff8153b500 RDI=ffffc9000069d082 RBP=ffff88801f637d28 RSP=ffff88801f637c60 R8 =0000000000000006 R9 =0000000000000101 R10=0000000040000000 R11=0000000000000001 R12=0000000040000000 R13=ffff88801f637d60 R14=0000000000000101 R15=ffffc9000069d080 RIP=ffffffff8153b50f RFL=00000212 [----A--] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f152489d8c0 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f260b061028 CR3=000000000eb8e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 372f6b636f6c622f 7665642f7379732f YMM01=0000000000000000 0000000000000000 00313a372f6b636f 6c622f7665642f73 YMM02=0000000000000000 0000000000000000 00ff000000000000 0000000000000000 YMM03=0000000000000000 0000000000000000 696e656420737365 636341002f737973 YMM04=0000000000000000 0000000000000000 00005628532dfba0 00005628532dfd50 YMM05=0000000000000000 0000000000000000 0000000600000005 00005628532c9430 YMM06=0000000000000000 0000000000000000 00005628532d67c0 0000000000000004 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 610064253a64252f 6b636f6c622f7665 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=000000000000005b RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822b24f1 RDI=ffffffff87641b60 RBP=ffffffff87641b20 RSP=ffff8880172cf698 R8 =0000000000000001 R9 =000000000000000a R10=000000000000005b R11=0000000000000001 R12=000000000000005b R13=ffffffff87641b20 R14=0000000000000010 R15=ffffffff822b24e0 RIP=ffffffff822b2549 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fc7c91bf700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f91edeb8028 CR3=000000003e4d4000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007fc7cbd307c0 00007fc7cbd307c8 YMM02=0000000000000000 0000000000000000 00007fc7cbd307e0 00007fc7cbd307c0 YMM03=0000000000000000 0000000000000000 00007fc7cbd307c8 00007fc7cbd307c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000