Warning: Permanently added '[localhost]:27916' (ECDSA) to the list of known hosts. 2022/09/15 11:47:44 fuzzer started 2022/09/15 11:47:44 dialing manager at localhost:36559 syzkaller login: [ 42.706509] cgroup: Unknown subsys name 'net' [ 42.793149] cgroup: Unknown subsys name 'rlimit' 2022/09/15 11:47:57 syscalls: 2215 2022/09/15 11:47:57 code coverage: enabled 2022/09/15 11:47:57 comparison tracing: enabled 2022/09/15 11:47:57 extra coverage: enabled 2022/09/15 11:47:57 setuid sandbox: enabled 2022/09/15 11:47:57 namespace sandbox: enabled 2022/09/15 11:47:57 Android sandbox: enabled 2022/09/15 11:47:57 fault injection: enabled 2022/09/15 11:47:57 leak checking: enabled 2022/09/15 11:47:57 net packet injection: enabled 2022/09/15 11:47:57 net device setup: enabled 2022/09/15 11:47:57 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/15 11:47:57 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/15 11:47:57 USB emulation: enabled 2022/09/15 11:47:57 hci packet injection: enabled 2022/09/15 11:47:57 wifi device emulation: failed to parse kernel version (6.0.0-rc5-next-20220915) 2022/09/15 11:47:57 802.15.4 emulation: enabled 2022/09/15 11:47:57 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/15 11:47:57 fetching corpus: 23, signal 24580/27974 (executing program) 2022/09/15 11:47:57 fetching corpus: 71, signal 41659/46190 (executing program) 2022/09/15 11:47:58 fetching corpus: 121, signal 50982/56548 (executing program) 2022/09/15 11:47:58 fetching corpus: 171, signal 56978/63596 (executing program) 2022/09/15 11:47:58 fetching corpus: 220, signal 61655/69235 (executing program) 2022/09/15 11:47:58 fetching corpus: 269, signal 68909/77211 (executing program) 2022/09/15 11:47:58 fetching corpus: 319, signal 72926/82027 (executing program) 2022/09/15 11:47:58 fetching corpus: 367, signal 77943/87670 (executing program) 2022/09/15 11:47:58 fetching corpus: 417, signal 83918/94078 (executing program) 2022/09/15 11:47:58 fetching corpus: 466, signal 87765/98477 (executing program) 2022/09/15 11:47:59 fetching corpus: 515, signal 90347/101642 (executing program) 2022/09/15 11:47:59 fetching corpus: 565, signal 94474/106031 (executing program) 2022/09/15 11:47:59 fetching corpus: 612, signal 98495/110246 (executing program) 2022/09/15 11:47:59 fetching corpus: 661, signal 102137/114069 (executing program) 2022/09/15 11:47:59 fetching corpus: 710, signal 103842/116213 (executing program) 2022/09/15 11:47:59 fetching corpus: 760, signal 105667/118414 (executing program) 2022/09/15 11:48:00 fetching corpus: 809, signal 107351/120505 (executing program) 2022/09/15 11:48:00 fetching corpus: 859, signal 110937/124021 (executing program) 2022/09/15 11:48:00 fetching corpus: 909, signal 114219/127221 (executing program) 2022/09/15 11:48:00 fetching corpus: 959, signal 116631/129812 (executing program) 2022/09/15 11:48:00 fetching corpus: 1008, signal 118455/131803 (executing program) 2022/09/15 11:48:00 fetching corpus: 1057, signal 120712/134063 (executing program) 2022/09/15 11:48:00 fetching corpus: 1104, signal 123725/136799 (executing program) 2022/09/15 11:48:01 fetching corpus: 1154, signal 126017/139031 (executing program) 2022/09/15 11:48:01 fetching corpus: 1203, signal 127720/140803 (executing program) 2022/09/15 11:48:01 fetching corpus: 1251, signal 129737/142600 (executing program) 2022/09/15 11:48:01 fetching corpus: 1301, signal 131154/144012 (executing program) 2022/09/15 11:48:01 fetching corpus: 1351, signal 133217/145808 (executing program) 2022/09/15 11:48:01 fetching corpus: 1401, signal 134587/147139 (executing program) 2022/09/15 11:48:02 fetching corpus: 1451, signal 136806/148958 (executing program) 2022/09/15 11:48:02 fetching corpus: 1501, signal 139016/150745 (executing program) 2022/09/15 11:48:02 fetching corpus: 1549, signal 141346/152634 (executing program) 2022/09/15 11:48:02 fetching corpus: 1598, signal 142530/153668 (executing program) 2022/09/15 11:48:02 fetching corpus: 1648, signal 144833/155336 (executing program) 2022/09/15 11:48:02 fetching corpus: 1698, signal 146048/156357 (executing program) 2022/09/15 11:48:02 fetching corpus: 1748, signal 147285/157393 (executing program) 2022/09/15 11:48:03 fetching corpus: 1798, signal 149274/158800 (executing program) 2022/09/15 11:48:03 fetching corpus: 1848, signal 150437/159657 (executing program) 2022/09/15 11:48:03 fetching corpus: 1898, signal 151714/160651 (executing program) 2022/09/15 11:48:03 fetching corpus: 1948, signal 153331/161718 (executing program) 2022/09/15 11:48:03 fetching corpus: 1998, signal 154627/162590 (executing program) 2022/09/15 11:48:03 fetching corpus: 2048, signal 155807/163373 (executing program) 2022/09/15 11:48:04 fetching corpus: 2098, signal 157100/164338 (executing program) 2022/09/15 11:48:04 fetching corpus: 2148, signal 157853/164853 (executing program) 2022/09/15 11:48:04 fetching corpus: 2198, signal 158920/165520 (executing program) 2022/09/15 11:48:04 fetching corpus: 2248, signal 160221/166324 (executing program) 2022/09/15 11:48:04 fetching corpus: 2298, signal 161376/167035 (executing program) 2022/09/15 11:48:04 fetching corpus: 2348, signal 161928/167365 (executing program) 2022/09/15 11:48:04 fetching corpus: 2398, signal 163067/167963 (executing program) 2022/09/15 11:48:05 fetching corpus: 2448, signal 163987/168403 (executing program) 2022/09/15 11:48:05 fetching corpus: 2498, signal 165020/168897 (executing program) 2022/09/15 11:48:05 fetching corpus: 2529, signal 165577/169195 (executing program) 2022/09/15 11:48:05 fetching corpus: 2529, signal 165577/169268 (executing program) 2022/09/15 11:48:05 fetching corpus: 2529, signal 165577/169341 (executing program) 2022/09/15 11:48:05 fetching corpus: 2529, signal 165577/169413 (executing program) 2022/09/15 11:48:05 fetching corpus: 2529, signal 165577/169485 (executing program) 2022/09/15 11:48:05 fetching corpus: 2529, signal 165577/169559 (executing program) 2022/09/15 11:48:05 fetching corpus: 2529, signal 165577/169636 (executing program) 2022/09/15 11:48:05 fetching corpus: 2529, signal 165577/169702 (executing program) 2022/09/15 11:48:05 fetching corpus: 2529, signal 165577/169758 (executing program) 2022/09/15 11:48:05 fetching corpus: 2529, signal 165577/169818 (executing program) 2022/09/15 11:48:05 fetching corpus: 2529, signal 165577/169879 (executing program) 2022/09/15 11:48:05 fetching corpus: 2529, signal 165577/169938 (executing program) 2022/09/15 11:48:05 fetching corpus: 2529, signal 165577/170009 (executing program) 2022/09/15 11:48:05 fetching corpus: 2529, signal 165577/170082 (executing program) 2022/09/15 11:48:05 fetching corpus: 2529, signal 165577/170155 (executing program) 2022/09/15 11:48:05 fetching corpus: 2529, signal 165577/170215 (executing program) 2022/09/15 11:48:05 fetching corpus: 2529, signal 165577/170275 (executing program) 2022/09/15 11:48:05 fetching corpus: 2529, signal 165577/170321 (executing program) 2022/09/15 11:48:05 fetching corpus: 2529, signal 165577/170389 (executing program) 2022/09/15 11:48:05 fetching corpus: 2529, signal 165577/170448 (executing program) 2022/09/15 11:48:05 fetching corpus: 2529, signal 165577/170520 (executing program) 2022/09/15 11:48:05 fetching corpus: 2529, signal 165577/170575 (executing program) 2022/09/15 11:48:05 fetching corpus: 2529, signal 165577/170637 (executing program) 2022/09/15 11:48:05 fetching corpus: 2529, signal 165577/170708 (executing program) 2022/09/15 11:48:05 fetching corpus: 2529, signal 165577/170758 (executing program) 2022/09/15 11:48:05 fetching corpus: 2529, signal 165577/170823 (executing program) 2022/09/15 11:48:05 fetching corpus: 2529, signal 165577/170898 (executing program) 2022/09/15 11:48:05 fetching corpus: 2529, signal 165577/170978 (executing program) 2022/09/15 11:48:05 fetching corpus: 2529, signal 165577/171039 (executing program) 2022/09/15 11:48:05 fetching corpus: 2529, signal 165577/171090 (executing program) 2022/09/15 11:48:05 fetching corpus: 2529, signal 165577/171090 (executing program) 2022/09/15 11:48:08 starting 8 fuzzer processes 11:48:08 executing program 0: r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x0) ioctl$EVIOCGBITKEY(r0, 0x80404521, &(0x7f0000000100)=""/207) 11:48:08 executing program 1: openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)) 11:48:08 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0xeb, 0x4) sendmmsg(r0, &(0x7f0000000480)=[{{&(0x7f0000000000)=@ieee802154={0x24, @long}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000400)="00030000000000004ea1ba28e9a2543c9e7d4b626f04420b", 0x18}], 0x1}}], 0x1, 0x0) 11:48:08 executing program 3: syz_emit_ethernet(0x7e, &(0x7f0000000280)={@local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @remote}, @source_quench={0x3, 0x4, 0x0, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x29, 0x0, @loopback, @loopback, {[@cipso={0x86, 0x15, 0x0, [{0x0, 0xc, "83f3a291eb181e9b0258"}, {0x0, 0x3, "fe"}]}, @rr={0x7, 0x3}, @lsrr={0x83, 0xb, 0x0, [@multicast1, @rand_addr]}, @lsrr={0x83, 0x7, 0x0, [@initdev={0xac, 0x1e, 0x0, 0x0}]}, @ssrr={0x89, 0xf, 0x0, [@broadcast, @dev, @loopback]}, @timestamp_prespec={0x44, 0x4}]}}}}}}}, 0x0) 11:48:08 executing program 4: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0xffffff4c) 11:48:08 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/module/netpoll', 0x400002, 0x41) r0 = getpgrp(0x0) r1 = perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f0000000000)=0x20) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x0, 0x80, 0x1, 0x3f, 0x0, 0x2, 0x86002, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0x8}, 0x88, 0x1, 0x4, 0x8, 0x1, 0x3f, 0x7fff, 0x0, 0x8, 0x0, 0x7}, 0xffffffffffffffff, 0x0, r1, 0x3) r2 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000540)={0x5, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, '\x00', 0x2}}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108) socket$inet6(0xa, 0x1, 0x0) r3 = timerfd_create(0x0, 0x0) timerfd_settime(r3, 0x3, &(0x7f0000000100)={{}, {0x0, 0x989680}}, 0x0) [ 66.558746] audit: type=1400 audit(1663242488.468:6): avc: denied { execmem } for pid=285 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:48:08 executing program 6: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), r0) sendmsg$IEEE802154_ADD_IFACE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x28, r2, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy1\x00'}, @IEEE802154_ATTR_DEV_TYPE={0x5}]}, 0x28}}, 0x0) 11:48:08 executing program 7: keyctl$KEYCTL_MOVE(0x1e, 0x0, 0x0, 0x0, 0xf8ffffff) [ 67.867664] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 67.869462] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 67.873517] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 67.878095] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 67.881372] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 67.882966] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 67.890611] Bluetooth: hci0: HCI_REQ-0x0c1a [ 67.913893] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 67.917011] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 67.918445] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 67.921064] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 67.923419] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 67.925043] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 67.929903] Bluetooth: hci4: HCI_REQ-0x0c1a [ 67.974555] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 67.976615] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 67.978285] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 67.980184] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 67.982076] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 67.983367] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 67.985108] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 67.986538] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 67.988115] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 67.991353] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 67.994254] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 67.995757] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 67.998263] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 67.999597] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 68.000971] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 68.000982] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 68.005109] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 68.006576] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 68.011235] Bluetooth: hci2: HCI_REQ-0x0c1a [ 68.014254] Bluetooth: hci3: HCI_REQ-0x0c1a [ 68.020222] Bluetooth: hci1: HCI_REQ-0x0c1a [ 68.074394] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 68.080093] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 68.082261] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 68.083971] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 68.087138] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 68.089542] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 68.091227] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 68.099159] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 68.101852] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 68.107196] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 68.109876] Bluetooth: hci6: HCI_REQ-0x0c1a [ 68.122091] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 68.124585] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 68.138622] Bluetooth: hci7: HCI_REQ-0x0c1a [ 69.939637] Bluetooth: hci4: command 0x0409 tx timeout [ 70.002922] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 70.003885] Bluetooth: hci0: command 0x0409 tx timeout [ 70.066980] Bluetooth: hci1: command 0x0409 tx timeout [ 70.068233] Bluetooth: hci2: command 0x0409 tx timeout [ 70.069015] Bluetooth: hci3: command 0x0409 tx timeout [ 70.131891] Bluetooth: hci6: command 0x0409 tx timeout [ 70.195019] Bluetooth: hci7: command 0x0409 tx timeout [ 71.987349] Bluetooth: hci4: command 0x041b tx timeout [ 72.050951] Bluetooth: hci0: command 0x041b tx timeout [ 72.114901] Bluetooth: hci3: command 0x041b tx timeout [ 72.115556] Bluetooth: hci2: command 0x041b tx timeout [ 72.116561] Bluetooth: hci1: command 0x041b tx timeout [ 72.178892] Bluetooth: hci6: command 0x041b tx timeout [ 72.242901] Bluetooth: hci7: command 0x041b tx timeout [ 73.164020] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 73.165037] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 73.165676] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 73.173908] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 73.174780] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 73.175454] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 73.178155] Bluetooth: hci5: HCI_REQ-0x0c1a [ 74.034898] Bluetooth: hci4: command 0x040f tx timeout [ 74.098905] Bluetooth: hci0: command 0x040f tx timeout [ 74.162899] Bluetooth: hci1: command 0x040f tx timeout [ 74.163774] Bluetooth: hci2: command 0x040f tx timeout [ 74.164969] Bluetooth: hci3: command 0x040f tx timeout [ 74.226879] Bluetooth: hci6: command 0x040f tx timeout [ 74.290912] Bluetooth: hci7: command 0x040f tx timeout [ 75.240655] Bluetooth: hci5: command 0x0409 tx timeout [ 76.082955] Bluetooth: hci4: command 0x0419 tx timeout [ 76.146879] Bluetooth: hci0: command 0x0419 tx timeout [ 76.210906] Bluetooth: hci3: command 0x0419 tx timeout [ 76.211688] Bluetooth: hci2: command 0x0419 tx timeout [ 76.212486] Bluetooth: hci1: command 0x0419 tx timeout [ 76.274876] Bluetooth: hci6: command 0x0419 tx timeout [ 76.338941] Bluetooth: hci7: command 0x0419 tx timeout [ 77.299220] Bluetooth: hci5: command 0x041b tx timeout [ 79.346955] Bluetooth: hci5: command 0x040f tx timeout [ 81.394887] Bluetooth: hci5: command 0x0419 tx timeout [ 129.046169] audit: type=1400 audit(1663242550.956:7): avc: denied { open } for pid=3915 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 129.047752] audit: type=1400 audit(1663242550.956:8): avc: denied { kernel } for pid=3915 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 129.057268] ------------[ cut here ]------------ [ 129.057289] [ 129.057293] ====================================================== [ 129.057297] WARNING: possible circular locking dependency detected [ 129.057301] 6.0.0-rc5-next-20220915 #1 Not tainted [ 129.057307] ------------------------------------------------------ [ 129.057310] syz-executor.5/3916 is trying to acquire lock: [ 129.057316] ffffffff853fa878 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 129.057353] [ 129.057353] but task is already holding lock: [ 129.057355] ffff88800f006c20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 129.057382] [ 129.057382] which lock already depends on the new lock. [ 129.057382] [ 129.057385] [ 129.057385] the existing dependency chain (in reverse order) is: [ 129.057388] [ 129.057388] -> #3 (&ctx->lock){....}-{2:2}: [ 129.057402] _raw_spin_lock+0x2a/0x40 [ 129.057420] __perf_event_task_sched_out+0x53b/0x18d0 [ 129.057432] __schedule+0xedd/0x2470 [ 129.057442] schedule+0xda/0x1b0 [ 129.057452] exit_to_user_mode_prepare+0x114/0x1a0 [ 129.057473] syscall_exit_to_user_mode+0x19/0x40 [ 129.057491] do_syscall_64+0x48/0x90 [ 129.057505] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 129.057531] [ 129.057531] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 129.057557] _raw_spin_lock_nested+0x30/0x40 [ 129.057580] raw_spin_rq_lock_nested+0x1e/0x30 [ 129.057597] task_fork_fair+0x63/0x4d0 [ 129.057621] sched_cgroup_fork+0x3d0/0x540 [ 129.057640] copy_process+0x4183/0x6e20 [ 129.057654] kernel_clone+0xe7/0x890 [ 129.057667] user_mode_thread+0xad/0xf0 [ 129.057681] rest_init+0x24/0x250 [ 129.057705] arch_call_rest_init+0xf/0x14 [ 129.057721] start_kernel+0x4c1/0x4e6 [ 129.057734] secondary_startup_64_no_verify+0xe0/0xeb [ 129.057753] [ 129.057753] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 129.057772] _raw_spin_lock_irqsave+0x39/0x60 [ 129.057794] try_to_wake_up+0xab/0x1920 [ 129.057812] up+0x75/0xb0 [ 129.057828] __up_console_sem+0x6e/0x80 [ 129.057849] console_unlock+0x46a/0x590 [ 129.057872] vprintk_emit+0x1bd/0x560 [ 129.057895] vprintk+0x84/0xa0 [ 129.057918] _printk+0xba/0xf1 [ 129.057943] kauditd_hold_skb.cold+0x3f/0x4e [ 129.057963] kauditd_send_queue+0x233/0x290 [ 129.057983] kauditd_thread+0x5da/0x9a0 [ 129.058002] kthread+0x2ed/0x3a0 [ 129.058022] ret_from_fork+0x22/0x30 [ 129.058039] [ 129.058039] -> #0 ((console_sem).lock){....}-{2:2}: [ 129.058057] __lock_acquire+0x2a02/0x5e70 [ 129.058080] lock_acquire+0x1a2/0x530 [ 129.058103] _raw_spin_lock_irqsave+0x39/0x60 [ 129.058124] down_trylock+0xe/0x70 [ 129.058141] __down_trylock_console_sem+0x3b/0xd0 [ 129.058164] vprintk_emit+0x16b/0x560 [ 129.058187] vprintk+0x84/0xa0 [ 129.058210] _printk+0xba/0xf1 [ 129.058234] report_bug.cold+0x72/0xab [ 129.058252] handle_bug+0x3c/0x70 [ 129.058270] exc_invalid_op+0x14/0x50 [ 129.058289] asm_exc_invalid_op+0x16/0x20 [ 129.058313] group_sched_out.part.0+0x2c7/0x460 [ 129.058327] ctx_sched_out+0x8f1/0xc10 [ 129.058341] __perf_event_task_sched_out+0x6d0/0x18d0 [ 129.058357] __schedule+0xedd/0x2470 [ 129.058371] schedule+0xda/0x1b0 [ 129.058385] exit_to_user_mode_prepare+0x114/0x1a0 [ 129.058412] syscall_exit_to_user_mode+0x19/0x40 [ 129.058437] do_syscall_64+0x48/0x90 [ 129.058455] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 129.058480] [ 129.058480] other info that might help us debug this: [ 129.058480] [ 129.058483] Chain exists of: [ 129.058483] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 129.058483] [ 129.058504] Possible unsafe locking scenario: [ 129.058504] [ 129.058507] CPU0 CPU1 [ 129.058510] ---- ---- [ 129.058513] lock(&ctx->lock); [ 129.058520] lock(&rq->__lock); [ 129.058529] lock(&ctx->lock); [ 129.058538] lock((console_sem).lock); [ 129.058546] [ 129.058546] *** DEADLOCK *** [ 129.058546] [ 129.058548] 2 locks held by syz-executor.5/3916: [ 129.058558] #0: ffff88806ce37cd8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 129.058593] #1: ffff88800f006c20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 129.058632] [ 129.058632] stack backtrace: [ 129.058635] CPU: 0 PID: 3916 Comm: syz-executor.5 Not tainted 6.0.0-rc5-next-20220915 #1 [ 129.058652] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 129.058663] Call Trace: [ 129.058667] [ 129.058673] dump_stack_lvl+0x8b/0xb3 [ 129.058694] check_noncircular+0x263/0x2e0 [ 129.058717] ? format_decode+0x26c/0xb50 [ 129.058738] ? print_circular_bug+0x450/0x450 [ 129.058762] ? enable_ptr_key_workfn+0x20/0x20 [ 129.058784] ? format_decode+0x26c/0xb50 [ 129.058804] ? memcpy+0x39/0x60 [ 129.058835] ? vsnprintf+0x4ba/0x1600 [ 129.058859] __lock_acquire+0x2a02/0x5e70 [ 129.058890] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 129.058921] lock_acquire+0x1a2/0x530 [ 129.058945] ? down_trylock+0xe/0x70 [ 129.058966] ? rcu_read_unlock+0x40/0x40 [ 129.058995] ? vprintk+0x84/0xa0 [ 129.059021] _raw_spin_lock_irqsave+0x39/0x60 [ 129.059043] ? down_trylock+0xe/0x70 [ 129.059062] down_trylock+0xe/0x70 [ 129.059081] ? vprintk+0x84/0xa0 [ 129.059105] __down_trylock_console_sem+0x3b/0xd0 [ 129.059130] vprintk_emit+0x16b/0x560 [ 129.059157] vprintk+0x84/0xa0 [ 129.059182] _printk+0xba/0xf1 [ 129.059207] ? record_print_text.cold+0x16/0x16 [ 129.059239] ? report_bug.cold+0x66/0xab [ 129.059260] ? group_sched_out.part.0+0x2c7/0x460 [ 129.059275] report_bug.cold+0x72/0xab [ 129.059297] handle_bug+0x3c/0x70 [ 129.059317] exc_invalid_op+0x14/0x50 [ 129.059338] asm_exc_invalid_op+0x16/0x20 [ 129.059363] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 129.059381] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 129.059397] RSP: 0018:ffff88803e61fc48 EFLAGS: 00010006 [ 129.059409] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 129.059420] RDX: ffff88801b603580 RSI: ffffffff81566027 RDI: 0000000000000005 [ 129.059431] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001 [ 129.059441] R10: 0000000000000000 R11: ffffffff865ac01b R12: ffff88800f006c00 [ 129.059451] R13: ffff88806ce3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 129.059467] ? group_sched_out.part.0+0x2c7/0x460 [ 129.059485] ? group_sched_out.part.0+0x2c7/0x460 [ 129.059503] ctx_sched_out+0x8f1/0xc10 [ 129.059520] __perf_event_task_sched_out+0x6d0/0x18d0 [ 129.059541] ? lock_is_held_type+0xd7/0x130 [ 129.059568] ? __perf_cgroup_move+0x160/0x160 [ 129.059585] ? set_next_entity+0x304/0x550 [ 129.059610] ? update_curr+0x267/0x740 [ 129.059636] ? lock_is_held_type+0xd7/0x130 [ 129.059663] __schedule+0xedd/0x2470 [ 129.059682] ? io_schedule_timeout+0x150/0x150 [ 129.059700] ? rcu_read_lock_sched_held+0x3e/0x80 [ 129.059728] schedule+0xda/0x1b0 [ 129.059745] exit_to_user_mode_prepare+0x114/0x1a0 [ 129.059774] syscall_exit_to_user_mode+0x19/0x40 [ 129.059800] do_syscall_64+0x48/0x90 [ 129.059820] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 129.059846] RIP: 0033:0x7fd2f672bb19 [ 129.059857] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 129.059872] RSP: 002b:00007fd2f3ca1218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 129.059887] RAX: 0000000000000001 RBX: 00007fd2f683ef68 RCX: 00007fd2f672bb19 [ 129.059898] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fd2f683ef6c [ 129.059908] RBP: 00007fd2f683ef60 R08: 000000000000000e R09: 0000000000000000 [ 129.059918] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fd2f683ef6c [ 129.059928] R13: 00007ffcee5fb04f R14: 00007fd2f3ca1300 R15: 0000000000022000 [ 129.059946] [ 129.119860] WARNING: CPU: 0 PID: 3916 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 129.120556] Modules linked in: [ 129.120804] CPU: 0 PID: 3916 Comm: syz-executor.5 Not tainted 6.0.0-rc5-next-20220915 #1 [ 129.121411] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 129.122251] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 129.122663] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 129.124029] RSP: 0018:ffff88803e61fc48 EFLAGS: 00010006 [ 129.124440] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 129.124976] RDX: ffff88801b603580 RSI: ffffffff81566027 RDI: 0000000000000005 [ 129.125512] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001 [ 129.126053] R10: 0000000000000000 R11: ffffffff865ac01b R12: ffff88800f006c00 [ 129.126585] R13: ffff88806ce3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 129.127117] FS: 00007fd2f3ca1700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 129.127725] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 129.128161] CR2: 00007f16f0fff3b0 CR3: 000000001a49e000 CR4: 0000000000350ef0 [ 129.128699] Call Trace: [ 129.128893] [ 129.129067] ctx_sched_out+0x8f1/0xc10 [ 129.129373] __perf_event_task_sched_out+0x6d0/0x18d0 [ 129.129758] ? lock_is_held_type+0xd7/0x130 [ 129.130096] ? __perf_cgroup_move+0x160/0x160 [ 129.130437] ? set_next_entity+0x304/0x550 [ 129.130766] ? update_curr+0x267/0x740 [ 129.131075] ? lock_is_held_type+0xd7/0x130 [ 129.131410] __schedule+0xedd/0x2470 [ 129.131698] ? io_schedule_timeout+0x150/0x150 [ 129.132050] ? rcu_read_lock_sched_held+0x3e/0x80 [ 129.132436] schedule+0xda/0x1b0 [ 129.132706] exit_to_user_mode_prepare+0x114/0x1a0 [ 129.133090] syscall_exit_to_user_mode+0x19/0x40 [ 129.133463] do_syscall_64+0x48/0x90 [ 129.133749] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 129.134155] RIP: 0033:0x7fd2f672bb19 [ 129.134432] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 129.135798] RSP: 002b:00007fd2f3ca1218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 129.136393] RAX: 0000000000000001 RBX: 00007fd2f683ef68 RCX: 00007fd2f672bb19 [ 129.136921] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fd2f683ef6c [ 129.137458] RBP: 00007fd2f683ef60 R08: 000000000000000e R09: 0000000000000000 [ 129.137998] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fd2f683ef6c [ 129.138534] R13: 00007ffcee5fb04f R14: 00007fd2f3ca1300 R15: 0000000000022000 [ 129.139075] [ 129.139254] irq event stamp: 622 [ 129.139505] hardirqs last enabled at (621): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 129.140238] hardirqs last disabled at (622): [] __schedule+0x1225/0x2470 [ 129.140855] softirqs last enabled at (40): [] __irq_exit_rcu+0x11b/0x180 [ 129.141486] softirqs last disabled at (35): [] __irq_exit_rcu+0x11b/0x180 [ 129.142115] ---[ end trace 0000000000000000 ]--- [ 129.182114] audit: type=1400 audit(1663242551.091:9): avc: denied { write } for pid=3915 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 131.250885] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 131.442923] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 131.507820] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 131.634865] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 135.474962] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 135.666905] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 135.730893] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 135.858946] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 138.042910] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 138.044937] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 138.048567] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 138.052287] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 138.053904] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 138.055412] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 138.058763] Bluetooth: hci7: HCI_REQ-0x0c1a VM DIAGNOSIS: 11:49:11 Registers: info registers vcpu 0 RAX=0000000000000079 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822b29f1 RDI=ffffffff87641ba0 RBP=ffffffff87641b60 RSP=ffff88803e61f698 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000079 R11=0000000000000001 R12=0000000000000079 R13=ffffffff87641b60 R14=0000000000000010 R15=ffffffff822b29e0 RIP=ffffffff822b2a49 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fd2f3ca1700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f16f0fff3b0 CR3=000000001a49e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007fd2f68127c0 00007fd2f68127c8 YMM02=0000000000000000 0000000000000000 00007fd2f68127e0 00007fd2f68127c0 YMM03=0000000000000000 0000000000000000 00007fd2f68127c8 00007fd2f68127c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=1ffffffff0b5c1d4 RBX=ffffffff813a7150 RCX=0000000000000000 RDX=ffff88800fdf3580 RSI=ffffffff8136ec31 RDI=0000000000000001 RBP=ffff88806cf2af40 RSP=ffff88806cf09e28 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=ffff88806cf2a640 R13=ffff88806cf2a6c0 R14=dffffc0000000000 R15=0000000000000001 RIP=ffffffff8136ec48 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000556fb5b09110 CR3=0000000014776000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 ffffffffffffffff 0000556fb5a8d380 YMM02=0000000000000000 0000000000000000 ffffff0f0e0d0c0b 0a09080706050403 YMM03=0000000000000000 0000000000000000 696e656420737365 636341002f737973 YMM04=0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f YMM05=0000000000000000 0000000000000000 ffffffffffff0000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000006561 6124242f6867632f YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 49006d756e203c20 69000a313a56000a YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000