Debian GNU/Linux 11 syzkaller ttyS0 Warning: Permanently added '[localhost]:28281' (ECDSA) to the list of known hosts. 2022/09/12 14:30:53 fuzzer started 2022/09/12 14:30:53 dialing manager at localhost:38027 syzkaller login: [ 37.499452] cgroup: Unknown subsys name 'net' [ 37.595408] cgroup: Unknown subsys name 'rlimit' 2022/09/12 14:31:08 syscalls: 2215 2022/09/12 14:31:08 code coverage: enabled 2022/09/12 14:31:08 comparison tracing: enabled 2022/09/12 14:31:08 extra coverage: enabled 2022/09/12 14:31:08 setuid sandbox: enabled 2022/09/12 14:31:08 namespace sandbox: enabled 2022/09/12 14:31:08 Android sandbox: enabled 2022/09/12 14:31:08 fault injection: enabled 2022/09/12 14:31:08 leak checking: enabled 2022/09/12 14:31:08 net packet injection: enabled 2022/09/12 14:31:08 net device setup: enabled 2022/09/12 14:31:08 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/12 14:31:08 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/12 14:31:08 USB emulation: enabled 2022/09/12 14:31:08 hci packet injection: enabled 2022/09/12 14:31:08 wifi device emulation: failed to parse kernel version (6.0.0-rc5-next-20220912) 2022/09/12 14:31:08 802.15.4 emulation: enabled 2022/09/12 14:31:08 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/12 14:31:08 fetching corpus: 47, signal 32298/35630 (executing program) 2022/09/12 14:31:08 fetching corpus: 97, signal 46045/50575 (executing program) 2022/09/12 14:31:08 fetching corpus: 147, signal 53301/59063 (executing program) 2022/09/12 14:31:09 fetching corpus: 196, signal 58245/65176 (executing program) 2022/09/12 14:31:09 fetching corpus: 246, signal 66029/73836 (executing program) 2022/09/12 14:31:09 fetching corpus: 296, signal 70787/79501 (executing program) 2022/09/12 14:31:09 fetching corpus: 346, signal 76035/85562 (executing program) 2022/09/12 14:31:09 fetching corpus: 394, signal 81890/92091 (executing program) 2022/09/12 14:31:09 fetching corpus: 443, signal 86324/97209 (executing program) 2022/09/12 14:31:09 fetching corpus: 492, signal 89690/101273 (executing program) 2022/09/12 14:31:09 fetching corpus: 542, signal 92181/104503 (executing program) 2022/09/12 14:31:09 fetching corpus: 591, signal 95052/108052 (executing program) 2022/09/12 14:31:10 fetching corpus: 640, signal 97735/111395 (executing program) 2022/09/12 14:31:10 fetching corpus: 690, signal 100285/114490 (executing program) 2022/09/12 14:31:10 fetching corpus: 740, signal 103328/117952 (executing program) 2022/09/12 14:31:10 fetching corpus: 789, signal 106363/121399 (executing program) 2022/09/12 14:31:10 fetching corpus: 839, signal 109342/124669 (executing program) 2022/09/12 14:31:10 fetching corpus: 888, signal 112658/128210 (executing program) 2022/09/12 14:31:10 fetching corpus: 938, signal 115774/131523 (executing program) 2022/09/12 14:31:11 fetching corpus: 987, signal 118383/134358 (executing program) 2022/09/12 14:31:11 fetching corpus: 1037, signal 120816/137011 (executing program) 2022/09/12 14:31:11 fetching corpus: 1087, signal 124153/140290 (executing program) 2022/09/12 14:31:11 fetching corpus: 1137, signal 125392/141986 (executing program) 2022/09/12 14:31:11 fetching corpus: 1186, signal 127407/144144 (executing program) 2022/09/12 14:31:11 fetching corpus: 1235, signal 128802/145851 (executing program) 2022/09/12 14:31:12 fetching corpus: 1284, signal 131812/148687 (executing program) 2022/09/12 14:31:12 fetching corpus: 1332, signal 133635/150586 (executing program) 2022/09/12 14:31:12 fetching corpus: 1382, signal 135104/152241 (executing program) 2022/09/12 14:31:12 fetching corpus: 1432, signal 136519/153850 (executing program) 2022/09/12 14:31:12 fetching corpus: 1482, signal 138207/155575 (executing program) 2022/09/12 14:31:12 fetching corpus: 1532, signal 139464/156987 (executing program) 2022/09/12 14:31:12 fetching corpus: 1582, signal 140862/158400 (executing program) 2022/09/12 14:31:13 fetching corpus: 1632, signal 142899/160243 (executing program) 2022/09/12 14:31:13 fetching corpus: 1682, signal 144274/161642 (executing program) 2022/09/12 14:31:13 fetching corpus: 1731, signal 145893/163126 (executing program) 2022/09/12 14:31:13 fetching corpus: 1777, signal 146927/164216 (executing program) 2022/09/12 14:31:13 fetching corpus: 1825, signal 147714/165098 (executing program) 2022/09/12 14:31:13 fetching corpus: 1874, signal 148852/166252 (executing program) 2022/09/12 14:31:14 fetching corpus: 1923, signal 150030/167418 (executing program) 2022/09/12 14:31:14 fetching corpus: 1973, signal 152660/169469 (executing program) 2022/09/12 14:31:14 fetching corpus: 2023, signal 154246/170777 (executing program) 2022/09/12 14:31:14 fetching corpus: 2073, signal 155403/171838 (executing program) 2022/09/12 14:31:14 fetching corpus: 2123, signal 156667/172908 (executing program) 2022/09/12 14:31:14 fetching corpus: 2173, signal 157728/173824 (executing program) 2022/09/12 14:31:15 fetching corpus: 2223, signal 159153/174932 (executing program) 2022/09/12 14:31:15 fetching corpus: 2273, signal 161117/176240 (executing program) 2022/09/12 14:31:15 fetching corpus: 2323, signal 162441/177263 (executing program) 2022/09/12 14:31:15 fetching corpus: 2371, signal 163206/177985 (executing program) 2022/09/12 14:31:15 fetching corpus: 2419, signal 164550/178904 (executing program) 2022/09/12 14:31:16 fetching corpus: 2468, signal 165167/179538 (executing program) 2022/09/12 14:31:16 fetching corpus: 2518, signal 166365/180381 (executing program) 2022/09/12 14:31:16 fetching corpus: 2568, signal 167563/181207 (executing program) 2022/09/12 14:31:16 fetching corpus: 2618, signal 168799/181999 (executing program) 2022/09/12 14:31:16 fetching corpus: 2668, signal 169831/182700 (executing program) 2022/09/12 14:31:16 fetching corpus: 2718, signal 171016/183424 (executing program) 2022/09/12 14:31:17 fetching corpus: 2768, signal 172284/184207 (executing program) 2022/09/12 14:31:17 fetching corpus: 2818, signal 173968/185053 (executing program) 2022/09/12 14:31:17 fetching corpus: 2868, signal 174895/185590 (executing program) 2022/09/12 14:31:17 fetching corpus: 2918, signal 175930/186153 (executing program) 2022/09/12 14:31:17 fetching corpus: 2968, signal 176620/186579 (executing program) 2022/09/12 14:31:17 fetching corpus: 3018, signal 178110/187236 (executing program) 2022/09/12 14:31:17 fetching corpus: 3068, signal 178923/187687 (executing program) 2022/09/12 14:31:18 fetching corpus: 3118, signal 180006/188220 (executing program) 2022/09/12 14:31:18 fetching corpus: 3168, signal 180835/188623 (executing program) 2022/09/12 14:31:18 fetching corpus: 3218, signal 181569/189057 (executing program) 2022/09/12 14:31:18 fetching corpus: 3268, signal 182184/189376 (executing program) 2022/09/12 14:31:18 fetching corpus: 3318, signal 182826/189659 (executing program) 2022/09/12 14:31:18 fetching corpus: 3368, signal 183843/190032 (executing program) 2022/09/12 14:31:19 fetching corpus: 3418, signal 184925/190438 (executing program) 2022/09/12 14:31:19 fetching corpus: 3418, signal 184925/190515 (executing program) 2022/09/12 14:31:19 fetching corpus: 3418, signal 184925/190590 (executing program) 2022/09/12 14:31:19 fetching corpus: 3418, signal 184925/190665 (executing program) 2022/09/12 14:31:19 fetching corpus: 3418, signal 184925/190749 (executing program) 2022/09/12 14:31:19 fetching corpus: 3418, signal 184925/190823 (executing program) 2022/09/12 14:31:19 fetching corpus: 3418, signal 184925/190896 (executing program) 2022/09/12 14:31:19 fetching corpus: 3418, signal 184925/190983 (executing program) 2022/09/12 14:31:19 fetching corpus: 3418, signal 184925/191053 (executing program) 2022/09/12 14:31:19 fetching corpus: 3418, signal 184925/191137 (executing program) 2022/09/12 14:31:19 fetching corpus: 3418, signal 184925/191214 (executing program) 2022/09/12 14:31:19 fetching corpus: 3418, signal 184925/191285 (executing program) 2022/09/12 14:31:19 fetching corpus: 3418, signal 184925/191360 (executing program) 2022/09/12 14:31:19 fetching corpus: 3418, signal 184925/191436 (executing program) 2022/09/12 14:31:19 fetching corpus: 3418, signal 184925/191505 (executing program) 2022/09/12 14:31:19 fetching corpus: 3418, signal 184925/191591 (executing program) 2022/09/12 14:31:19 fetching corpus: 3418, signal 184925/191661 (executing program) 2022/09/12 14:31:19 fetching corpus: 3418, signal 184925/191734 (executing program) 2022/09/12 14:31:19 fetching corpus: 3418, signal 184925/191818 (executing program) 2022/09/12 14:31:19 fetching corpus: 3418, signal 184925/191892 (executing program) 2022/09/12 14:31:19 fetching corpus: 3418, signal 184925/191982 (executing program) 2022/09/12 14:31:19 fetching corpus: 3418, signal 184925/192057 (executing program) 2022/09/12 14:31:19 fetching corpus: 3418, signal 184925/192145 (executing program) 2022/09/12 14:31:19 fetching corpus: 3418, signal 184925/192234 (executing program) 2022/09/12 14:31:19 fetching corpus: 3418, signal 184925/192261 (executing program) 2022/09/12 14:31:19 fetching corpus: 3418, signal 184925/192261 (executing program) 2022/09/12 14:31:21 starting 8 fuzzer processes 14:31:21 executing program 0: ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, @out_args}, './file0\x00'}) io_uring_setup(0x0, &(0x7f0000000040)={0x0, 0x1f21, 0x8, 0x3, 0x1b, 0x0, r0}) ioctl$AUTOFS_DEV_IOCTL_FAIL(r0, 0xc0189377, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {0xa7, 0x7ff}}, './file0\x00'}) ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r1, 0x3) r2 = socket(0x6, 0x80000, 0x0) r3 = accept4$unix(r2, &(0x7f0000000100)=@abs, &(0x7f0000000180)=0x6e, 0x80000) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0, {0x6}}, './file0\x00'}) ioctl$HIDIOCGREPORT(r1, 0x400c4807, &(0x7f0000000200)={0x3, 0xffffffff, 0xffffff3d}) bind(0xffffffffffffffff, &(0x7f0000000240)=@tipc=@id={0x1e, 0x3, 0x0, {0x4e24, 0x1}}, 0x80) ioctl$SG_GET_VERSION_NUM(r0, 0x2282, &(0x7f00000002c0)) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc0189379, &(0x7f0000000300)={{0x1, 0x1, 0x18, r2}, './file0\x00'}) syz_io_uring_setup(0x642, &(0x7f0000000340)={0x0, 0x3a7, 0x2, 0x1, 0x3c2, 0x0, r5}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000003c0), &(0x7f0000000400)) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000480)={{0x1, 0x1, 0x18, r3, {0x8000}}, './file0\x00'}) ioctl$SG_GET_ACCESS_COUNT(r6, 0x2289, &(0x7f00000004c0)) ioctl$AUTOFS_DEV_IOCTL_FAIL(r0, 0xc0189377, &(0x7f0000000500)={{0x1, 0x1, 0x18, r4, {0x7}}, './file0\x00'}) ioctl$KDDELIO(r6, 0x4b35, 0x0) ioctl$SG_SET_FORCE_PACK_ID(0xffffffffffffffff, 0x227b, &(0x7f0000000600)=0x1) 14:31:21 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_int(r0, 0x29, 0x4c, 0x0, &(0x7f0000000040)) 14:31:21 executing program 1: syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x32261, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = getgid() ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000001200)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee00, r2}}, './file0\x00'}) fcntl$dupfd(r0, 0x0, r1) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f0000000000)={'lo\x00'}) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x7, 0x50, r1, 0x8000000) r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x1010, 0xffffffffffffffff, 0x10000000) syz_io_uring_submit(r4, r5, &(0x7f00000011c0)=@IORING_OP_MADVISE={0x19, 0x4, 0x0, 0x0, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x11, 0x1}, 0x6) perf_event_open(&(0x7f0000001840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001800), 0xd}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) write(r1, &(0x7f0000000080)="01", 0x41030) 14:31:21 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x980}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r0 = gettid() process_vm_writev(r0, &(0x7f0000002580)=[{&(0x7f0000000140)=""/89, 0x59}, {&(0x7f00000001c0)=""/175, 0xaf}, {&(0x7f0000000280)=""/4090, 0xffa}], 0x3, &(0x7f0000003840)=[{&(0x7f0000002640)=""/105, 0x69}, {0xfffffffffffffffe}], 0x2, 0x0) r1 = fork() ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(r0, &(0x7f0000000040)=[{&(0x7f0000001280)=""/123, 0x7b}], 0x1, &(0x7f0000001640)=[{&(0x7f0000000100)=""/31, 0x1f}, {&(0x7f0000001300)=""/49, 0x31}, {&(0x7f0000001340)=""/112, 0x70}, {&(0x7f00000013c0)=""/215, 0xd7}, {&(0x7f00000014c0)=""/45, 0x2d}, {&(0x7f0000001500)=""/38, 0x26}, {&(0x7f0000001540)=""/60, 0x3c}, {&(0x7f0000001580)=""/166, 0xa6}], 0x8, 0x0) ptrace$getregs(0xc, r1, 0xa56, &(0x7f00000016c0)=""/36) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x140, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fork() clone3(&(0x7f0000004c00)={0xc0002100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f00000002c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendmmsg(r2, &(0x7f0000004240)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000300)="e9", 0xfffffe8e}], 0x1}}], 0x1, 0x0) recvfrom(r2, &(0x7f00000003c0)=""/77, 0x6bc2bb1, 0x0, 0x0, 0x37) fcntl$getown(r2, 0x9) openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000002800)='devices.deny\x00', 0x2, 0x0) [ 65.508443] audit: type=1400 audit(1662993081.767:6): avc: denied { execmem } for pid=283 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 14:31:21 executing program 4: r0 = syz_io_uring_setup(0xfa7, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000280)=@l2tp={0x2, 0x0, @broadcast}}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) 14:31:21 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) wait4(0x0, 0x0, 0x0, 0x0) 14:31:21 executing program 6: ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000100)=ANY=[@ANYBLOB="010000000100", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="2e2ff7696c653000"]) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x59, 0x7d, 0x2, {{0x0, 0x40, 0x1, 0x1, {0x1, 0x0, 0x6}, 0x4040000, 0x1a809ffd, 0x10001, 0x1, 0x2, '-#', 0x6, '\x02\x02\x02\x02\x02\x02', 0x5, '%}%@:'}, 0x4, ':\'@*', 0xee01, 0xffffffffffffffff, 0xee00}}, 0x59) r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv(r0, 0x0, 0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000300)={0x44, r2, 0x100, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x1, 0x79}}}}, [@NL80211_ATTR_TX_RATES={0x1c, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x18, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0xffff, 0x0, 0x1]}}]}]}]}, 0x44}}, 0x0) syz_open_procfs(0x0, &(0x7f0000000140)='personality\x00') perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffc}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) syncfs(r4) 14:31:21 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = fsopen(&(0x7f0000000180)='ramfs\x00', 0x0) r2 = dup(r1) r3 = dup(r2) fsconfig$FSCONFIG_SET_FD(r3, 0x5, &(0x7f0000001540)='ramfs\x00', 0x0, r1) getsockopt$IP6T_SO_GET_INFO(r3, 0x29, 0x40, &(0x7f0000000040)={'filter\x00', 0x0, [0xd3f, 0x85, 0xfffffffa, 0xa9, 0x7ff]}, &(0x7f00000000c0)=0x54) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) fcntl$setstatus(r4, 0x4, 0x2400) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) dup3(r5, r4, 0x0) socket$nl_audit(0x10, 0x3, 0x9) r6 = dup2(r0, r0) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c) [ 66.644940] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 66.646815] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 66.649391] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 66.653195] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 66.656081] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 66.658297] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 66.663348] Bluetooth: hci0: HCI_REQ-0x0c1a [ 66.777437] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 66.780527] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 66.782100] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 66.785027] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 66.786907] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 66.788445] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 66.793288] Bluetooth: hci2: HCI_REQ-0x0c1a [ 66.810705] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 66.812546] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 66.816590] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 66.830198] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 66.833275] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 66.834744] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 66.848869] Bluetooth: hci3: HCI_REQ-0x0c1a [ 66.890136] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 66.892752] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 66.895540] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 66.905948] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 66.933393] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 66.934533] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 66.949488] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 66.953783] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 66.955932] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 66.958149] Bluetooth: hci7: HCI_REQ-0x0c1a [ 66.970587] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 66.974309] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 66.976603] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 66.987838] Bluetooth: hci5: HCI_REQ-0x0c1a [ 68.731254] Bluetooth: hci0: command 0x0409 tx timeout [ 68.794704] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 68.857753] Bluetooth: hci3: command 0x0409 tx timeout [ 68.857906] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 68.859680] Bluetooth: hci2: command 0x0409 tx timeout [ 68.922700] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 68.986705] Bluetooth: hci7: command 0x0409 tx timeout [ 69.049744] Bluetooth: hci5: command 0x0409 tx timeout [ 70.777756] Bluetooth: hci0: command 0x041b tx timeout [ 70.906174] Bluetooth: hci2: command 0x041b tx timeout [ 70.906824] Bluetooth: hci3: command 0x041b tx timeout [ 71.033707] Bluetooth: hci7: command 0x041b tx timeout [ 71.098692] Bluetooth: hci5: command 0x041b tx timeout [ 71.997724] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 72.000625] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 72.001385] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 72.004103] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 72.009772] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 72.010473] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 72.021031] Bluetooth: hci6: HCI_REQ-0x0c1a [ 72.826725] Bluetooth: hci0: command 0x040f tx timeout [ 72.953715] Bluetooth: hci3: command 0x040f tx timeout [ 72.954209] Bluetooth: hci2: command 0x040f tx timeout [ 73.082732] Bluetooth: hci7: command 0x040f tx timeout [ 73.146692] Bluetooth: hci5: command 0x040f tx timeout [ 73.659755] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 73.977767] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 74.042699] Bluetooth: hci6: command 0x0409 tx timeout [ 74.873817] Bluetooth: hci0: command 0x0419 tx timeout [ 75.001711] Bluetooth: hci2: command 0x0419 tx timeout [ 75.002179] Bluetooth: hci3: command 0x0419 tx timeout [ 75.129744] Bluetooth: hci7: command 0x0419 tx timeout [ 75.194835] Bluetooth: hci5: command 0x0419 tx timeout [ 76.089750] Bluetooth: hci6: command 0x041b tx timeout [ 78.073751] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 78.138069] Bluetooth: hci6: command 0x040f tx timeout [ 78.521845] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 80.185754] Bluetooth: hci6: command 0x0419 tx timeout [ 80.681076] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 80.683617] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 80.685099] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 80.691841] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 80.697046] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 80.700729] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 80.706790] Bluetooth: hci1: HCI_REQ-0x0c1a [ 82.745748] Bluetooth: hci1: command 0x0409 tx timeout [ 83.193733] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 84.794703] Bluetooth: hci1: command 0x041b tx timeout [ 85.738230] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 85.740620] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 85.748791] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 85.752049] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 85.753521] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 85.754485] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 85.757383] Bluetooth: hci4: HCI_REQ-0x0c1a [ 86.841734] Bluetooth: hci1: command 0x040f tx timeout [ 87.801814] Bluetooth: hci4: command 0x0409 tx timeout [ 88.889736] Bluetooth: hci1: command 0x0419 tx timeout [ 89.850318] Bluetooth: hci4: command 0x041b tx timeout [ 91.897713] Bluetooth: hci4: command 0x040f tx timeout [ 93.946205] Bluetooth: hci4: command 0x0419 tx timeout [ 111.932464] audit: type=1400 audit(1662993128.191:7): avc: denied { open } for pid=3438 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 111.934149] audit: type=1400 audit(1662993128.191:8): avc: denied { kernel } for pid=3438 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 111.942316] ------------[ cut here ]------------ [ 111.942341] [ 111.942346] ====================================================== [ 111.942350] WARNING: possible circular locking dependency detected [ 111.942356] 6.0.0-rc5-next-20220912 #1 Not tainted [ 111.942363] ------------------------------------------------------ [ 111.942367] syz-executor.6/3444 is trying to acquire lock: [ 111.942374] ffffffff853fa878 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 111.942416] [ 111.942416] but task is already holding lock: [ 111.942419] ffff8880175fa820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 111.942448] [ 111.942448] which lock already depends on the new lock. [ 111.942448] [ 111.942451] [ 111.942451] the existing dependency chain (in reverse order) is: [ 111.942454] [ 111.942454] -> #3 (&ctx->lock){....}-{2:2}: [ 111.942468] _raw_spin_lock+0x2a/0x40 [ 111.942485] __perf_event_task_sched_out+0x53b/0x18d0 [ 111.942498] __schedule+0xedd/0x2470 [ 111.942508] schedule+0xda/0x1b0 [ 111.942517] exit_to_user_mode_prepare+0x114/0x1a0 [ 111.942539] syscall_exit_to_user_mode+0x19/0x40 [ 111.942557] do_syscall_64+0x48/0x90 [ 111.942570] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 111.942588] [ 111.942588] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 111.942602] _raw_spin_lock_nested+0x30/0x40 [ 111.942616] raw_spin_rq_lock_nested+0x1e/0x30 [ 111.942630] task_fork_fair+0x63/0x4d0 [ 111.942650] sched_cgroup_fork+0x3d0/0x540 [ 111.942665] copy_process+0x3f9e/0x6df0 [ 111.942675] kernel_clone+0xe7/0x890 [ 111.942685] user_mode_thread+0xad/0xf0 [ 111.942696] rest_init+0x24/0x250 [ 111.942712] arch_call_rest_init+0xf/0x14 [ 111.942732] start_kernel+0x4c1/0x4e6 [ 111.942748] secondary_startup_64_no_verify+0xe0/0xeb [ 111.942764] [ 111.942764] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 111.942777] _raw_spin_lock_irqsave+0x39/0x60 [ 111.942792] try_to_wake_up+0xab/0x1920 [ 111.942806] up+0x75/0xb0 [ 111.942817] __up_console_sem+0x6e/0x80 [ 111.942834] console_unlock+0x46a/0x590 [ 111.942850] vprintk_emit+0x1bd/0x560 [ 111.942867] vprintk+0x84/0xa0 [ 111.942884] _printk+0xba/0xf1 [ 111.942902] kauditd_hold_skb.cold+0x3f/0x4e [ 111.942916] kauditd_send_queue+0x233/0x290 [ 111.942931] kauditd_thread+0x5da/0x9a0 [ 111.942945] kthread+0x2ed/0x3a0 [ 111.942960] ret_from_fork+0x22/0x30 [ 111.942973] [ 111.942973] -> #0 ((console_sem).lock){....}-{2:2}: [ 111.942987] __lock_acquire+0x2a02/0x5e70 [ 111.943003] lock_acquire+0x1a2/0x530 [ 111.943020] _raw_spin_lock_irqsave+0x39/0x60 [ 111.943034] down_trylock+0xe/0x70 [ 111.943047] __down_trylock_console_sem+0x3b/0xd0 [ 111.943063] vprintk_emit+0x16b/0x560 [ 111.943080] vprintk+0x84/0xa0 [ 111.943096] _printk+0xba/0xf1 [ 111.943113] report_bug.cold+0x72/0xab [ 111.943125] handle_bug+0x3c/0x70 [ 111.943137] exc_invalid_op+0x14/0x50 [ 111.943150] asm_exc_invalid_op+0x16/0x20 [ 111.943166] group_sched_out.part.0+0x2c7/0x460 [ 111.943177] ctx_sched_out+0x8f1/0xc10 [ 111.943189] __perf_event_task_sched_out+0x6d0/0x18d0 [ 111.943201] __schedule+0xedd/0x2470 [ 111.943211] schedule+0xda/0x1b0 [ 111.943220] exit_to_user_mode_prepare+0x114/0x1a0 [ 111.943239] syscall_exit_to_user_mode+0x19/0x40 [ 111.943256] do_syscall_64+0x48/0x90 [ 111.943269] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 111.943286] [ 111.943286] other info that might help us debug this: [ 111.943286] [ 111.943288] Chain exists of: [ 111.943288] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 111.943288] [ 111.943304] Possible unsafe locking scenario: [ 111.943304] [ 111.943306] CPU0 CPU1 [ 111.943308] ---- ---- [ 111.943311] lock(&ctx->lock); [ 111.943316] lock(&rq->__lock); [ 111.943323] lock(&ctx->lock); [ 111.943330] lock((console_sem).lock); [ 111.943335] [ 111.943335] *** DEADLOCK *** [ 111.943335] [ 111.943337] 2 locks held by syz-executor.6/3444: [ 111.943344] #0: ffff88806ce37cd8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 111.943370] #1: ffff8880175fa820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 111.943397] [ 111.943397] stack backtrace: [ 111.943400] CPU: 0 PID: 3444 Comm: syz-executor.6 Not tainted 6.0.0-rc5-next-20220912 #1 [ 111.943413] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 111.943422] Call Trace: [ 111.943425] [ 111.943430] dump_stack_lvl+0x8b/0xb3 [ 111.943444] check_noncircular+0x263/0x2e0 [ 111.943461] ? format_decode+0x26c/0xb50 [ 111.943476] ? print_circular_bug+0x450/0x450 [ 111.943494] ? enable_ptr_key_workfn+0x20/0x20 [ 111.943508] ? format_decode+0x26c/0xb50 [ 111.943524] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 111.943542] __lock_acquire+0x2a02/0x5e70 [ 111.943564] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 111.943587] lock_acquire+0x1a2/0x530 [ 111.943604] ? down_trylock+0xe/0x70 [ 111.943619] ? rcu_read_unlock+0x40/0x40 [ 111.943640] ? vprintk+0x84/0xa0 [ 111.943659] _raw_spin_lock_irqsave+0x39/0x60 [ 111.943674] ? down_trylock+0xe/0x70 [ 111.943688] down_trylock+0xe/0x70 [ 111.943701] ? vprintk+0x84/0xa0 [ 111.943719] __down_trylock_console_sem+0x3b/0xd0 [ 111.943737] vprintk_emit+0x16b/0x560 [ 111.943756] vprintk+0x84/0xa0 [ 111.943774] _printk+0xba/0xf1 [ 111.943792] ? record_print_text.cold+0x16/0x16 [ 111.943814] ? report_bug.cold+0x66/0xab [ 111.943828] ? group_sched_out.part.0+0x2c7/0x460 [ 111.943839] report_bug.cold+0x72/0xab [ 111.943854] handle_bug+0x3c/0x70 [ 111.943867] exc_invalid_op+0x14/0x50 [ 111.943882] asm_exc_invalid_op+0x16/0x20 [ 111.943899] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 111.943912] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 111.943924] RSP: 0018:ffff88803f827c48 EFLAGS: 00010006 [ 111.943933] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 111.943941] RDX: ffff88800d870000 RSI: ffffffff81566027 RDI: 0000000000000005 [ 111.943949] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001 [ 111.943956] R10: 0000000000000000 R11: ffffffff865aa01b R12: ffff8880175fa800 [ 111.943964] R13: ffff88806ce3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 111.943975] ? group_sched_out.part.0+0x2c7/0x460 [ 111.943989] ? group_sched_out.part.0+0x2c7/0x460 [ 111.944001] ctx_sched_out+0x8f1/0xc10 [ 111.944014] __perf_event_task_sched_out+0x6d0/0x18d0 [ 111.944029] ? lock_is_held_type+0xd7/0x130 [ 111.944048] ? __perf_cgroup_move+0x160/0x160 [ 111.944060] ? set_next_entity+0x304/0x550 [ 111.944078] ? update_curr+0x267/0x740 [ 111.944097] ? lock_is_held_type+0xd7/0x130 [ 111.944115] __schedule+0xedd/0x2470 [ 111.944128] ? io_schedule_timeout+0x150/0x150 [ 111.944140] ? rcu_read_lock_sched_held+0x3e/0x80 [ 111.944162] schedule+0xda/0x1b0 [ 111.944172] exit_to_user_mode_prepare+0x114/0x1a0 [ 111.944193] syscall_exit_to_user_mode+0x19/0x40 [ 111.944211] do_syscall_64+0x48/0x90 [ 111.944225] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 111.944242] RIP: 0033:0x7f47b0353b19 [ 111.944251] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 111.944262] RSP: 002b:00007f47ad8a8218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 111.944273] RAX: 0000000000000001 RBX: 00007f47b0467028 RCX: 00007f47b0353b19 [ 111.944281] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f47b046702c [ 111.944288] RBP: 00007f47b0467020 R08: 000000000000000e R09: 0000000000000000 [ 111.944295] R10: 0000000000000005 R11: 0000000000000246 R12: 00007f47b046702c [ 111.944303] R13: 00007ffde04a701f R14: 00007f47ad8a8300 R15: 0000000000022000 [ 111.944316] [ 112.012664] WARNING: CPU: 0 PID: 3444 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 112.013354] Modules linked in: [ 112.013569] CPU: 0 PID: 3444 Comm: syz-executor.6 Not tainted 6.0.0-rc5-next-20220912 #1 [ 112.014094] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 112.014818] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 112.015179] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 112.016356] RSP: 0018:ffff88803f827c48 EFLAGS: 00010006 [ 112.016710] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 112.017180] RDX: ffff88800d870000 RSI: ffffffff81566027 RDI: 0000000000000005 [ 112.017657] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001 [ 112.018123] R10: 0000000000000000 R11: ffffffff865aa01b R12: ffff8880175fa800 [ 112.018592] R13: ffff88806ce3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 112.019062] FS: 00007f47ad8a8700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 112.019587] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 112.019972] CR2: 00005648abb0bfa8 CR3: 0000000015fd2000 CR4: 0000000000350ef0 [ 112.020440] Call Trace: [ 112.020615] [ 112.020774] ctx_sched_out+0x8f1/0xc10 [ 112.021043] __perf_event_task_sched_out+0x6d0/0x18d0 [ 112.021393] ? lock_is_held_type+0xd7/0x130 [ 112.021687] ? __perf_cgroup_move+0x160/0x160 [ 112.021987] ? set_next_entity+0x304/0x550 [ 112.022280] ? update_curr+0x267/0x740 [ 112.022550] ? lock_is_held_type+0xd7/0x130 [ 112.022844] __schedule+0xedd/0x2470 [ 112.023099] ? io_schedule_timeout+0x150/0x150 [ 112.023412] ? rcu_read_lock_sched_held+0x3e/0x80 [ 112.023743] schedule+0xda/0x1b0 [ 112.023975] exit_to_user_mode_prepare+0x114/0x1a0 [ 112.024318] syscall_exit_to_user_mode+0x19/0x40 [ 112.024642] do_syscall_64+0x48/0x90 [ 112.024913] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 112.025261] RIP: 0033:0x7f47b0353b19 [ 112.025513] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 112.026694] RSP: 002b:00007f47ad8a8218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 112.027195] RAX: 0000000000000001 RBX: 00007f47b0467028 RCX: 00007f47b0353b19 [ 112.027662] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f47b046702c [ 112.028139] RBP: 00007f47b0467020 R08: 000000000000000e R09: 0000000000000000 [ 112.028606] R10: 0000000000000005 R11: 0000000000000246 R12: 00007f47b046702c [ 112.029087] R13: 00007ffde04a701f R14: 00007f47ad8a8300 R15: 0000000000022000 [ 112.029558] [ 112.029718] irq event stamp: 1036 [ 112.029950] hardirqs last enabled at (1035): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 112.030574] hardirqs last disabled at (1036): [] __schedule+0x1225/0x2470 [ 112.031117] softirqs last enabled at (900): [] __irq_exit_rcu+0x11b/0x180 [ 112.031678] softirqs last disabled at (679): [] __irq_exit_rcu+0x11b/0x180 [ 112.032236] ---[ end trace 0000000000000000 ]--- 14:32:08 executing program 6: ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000100)=ANY=[@ANYBLOB="010000000100", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="2e2ff7696c653000"]) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x59, 0x7d, 0x2, {{0x0, 0x40, 0x1, 0x1, {0x1, 0x0, 0x6}, 0x4040000, 0x1a809ffd, 0x10001, 0x1, 0x2, '-#', 0x6, '\x02\x02\x02\x02\x02\x02', 0x5, '%}%@:'}, 0x4, ':\'@*', 0xee01, 0xffffffffffffffff, 0xee00}}, 0x59) r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv(r0, 0x0, 0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000300)={0x44, r2, 0x100, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x1, 0x79}}}}, [@NL80211_ATTR_TX_RATES={0x1c, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x18, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0xffff, 0x0, 0x1]}}]}]}]}, 0x44}}, 0x0) syz_open_procfs(0x0, &(0x7f0000000140)='personality\x00') perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffc}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) syncfs(r4) 14:32:08 executing program 6: ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000100)=ANY=[@ANYBLOB="010000000100", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="2e2ff7696c653000"]) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x59, 0x7d, 0x2, {{0x0, 0x40, 0x1, 0x1, {0x1, 0x0, 0x6}, 0x4040000, 0x1a809ffd, 0x10001, 0x1, 0x2, '-#', 0x6, '\x02\x02\x02\x02\x02\x02', 0x5, '%}%@:'}, 0x4, ':\'@*', 0xee01, 0xffffffffffffffff, 0xee00}}, 0x59) r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv(r0, 0x0, 0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000300)={0x44, r2, 0x100, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x1, 0x79}}}}, [@NL80211_ATTR_TX_RATES={0x1c, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x18, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0xffff, 0x0, 0x1]}}]}]}]}, 0x44}}, 0x0) syz_open_procfs(0x0, &(0x7f0000000140)='personality\x00') perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffc}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) syncfs(r4) 14:32:09 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_int(r0, 0x29, 0x4c, 0x0, &(0x7f0000000040)) 14:32:09 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_int(r0, 0x29, 0x4c, 0x0, &(0x7f0000000040)) 14:32:09 executing program 6: ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000100)=ANY=[@ANYBLOB="010000000100", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="2e2ff7696c653000"]) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)={0x59, 0x7d, 0x2, {{0x0, 0x40, 0x1, 0x1, {0x1, 0x0, 0x6}, 0x4040000, 0x1a809ffd, 0x10001, 0x1, 0x2, '-#', 0x6, '\x02\x02\x02\x02\x02\x02', 0x5, '%}%@:'}, 0x4, ':\'@*', 0xee01, 0xffffffffffffffff, 0xee00}}, 0x59) r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv(r0, 0x0, 0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000300)={0x44, r2, 0x100, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x1, 0x79}}}}, [@NL80211_ATTR_TX_RATES={0x1c, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x18, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0xffff, 0x0, 0x1]}}]}]}]}, 0x44}}, 0x0) syz_open_procfs(0x0, &(0x7f0000000140)='personality\x00') perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffc}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) syncfs(r4) 14:32:09 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_int(r0, 0x29, 0x4c, 0x0, &(0x7f0000000040)) [ 115.778669] hrtimer: interrupt took 19566 ns VM DIAGNOSIS: 14:32:08 Registers: info registers vcpu 0 RAX=000000000000007b RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822b1e41 RDI=ffffffff8763fae0 RBP=ffffffff8763faa0 RSP=ffff88803f827698 R8 =0000000000000001 R9 =000000000000000a R10=000000000000007b R11=0000000000000001 R12=000000000000007b R13=ffffffff8763faa0 R14=0000000000000010 R15=ffffffff822b1e30 RIP=ffffffff822b1e99 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f47ad8a8700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00005648abb0bfa8 CR3=0000000015fd2000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 00000000000000ff YMM01=0000000000000000 0000000000000000 2525252525252525 2525252525252525 YMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM04=0000000000000000 0000000000000000 0000000000000000 00000000000000ff YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=ffffed100d9e676c RBX=ffffed100d9e676d RCX=ffffffff8423eed1 RDX=ffffed100d9e676d RSI=0000000000000004 RDI=ffff88806cf33b60 RBP=ffffed100d9e676c RSP=ffff88803586fa60 R8 =0000000000000000 R9 =ffff88806cf33b63 R10=ffffed100d9e676c R11=0000000000000001 R12=0000000000000004 R13=fffff940000c8000 R14=1ffffd40000c8007 R15=0000000000000200 RIP=ffffffff81787f05 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fb45c5ef8c0 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000056528e934de0 CR3=000000000fc92000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM02=0000000000000000 0000000000000000 ffffffffffffffff 00000000000000ff YMM03=0000000000000000 0000000000000000 696e656420737365 636341002f737973 YMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM05=0000000000000000 0000000000000000 ffffffff00000008 00005652907e6800 YMM06=0000000000000000 0000000000000000 00005652907c87e0 0000000000000000 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 7269762f73656369 7665642f7379732f YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000