syzkaller login: [ 42.330827] sshd (243) used greatest stack depth: 24768 bytes left Warning: Permanently added '[localhost]:26180' (ECDSA) to the list of known hosts. 2022/09/16 11:22:25 fuzzer started 2022/09/16 11:22:25 dialing manager at localhost:36051 [ 45.036267] cgroup: Unknown subsys name 'net' [ 45.212059] cgroup: Unknown subsys name 'rlimit' 2022/09/16 11:22:40 syscalls: 2215 2022/09/16 11:22:40 code coverage: enabled 2022/09/16 11:22:40 comparison tracing: enabled 2022/09/16 11:22:40 extra coverage: enabled 2022/09/16 11:22:40 setuid sandbox: enabled 2022/09/16 11:22:40 namespace sandbox: enabled 2022/09/16 11:22:40 Android sandbox: enabled 2022/09/16 11:22:40 fault injection: enabled 2022/09/16 11:22:40 leak checking: enabled 2022/09/16 11:22:40 net packet injection: enabled 2022/09/16 11:22:40 net device setup: enabled 2022/09/16 11:22:40 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/16 11:22:40 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/16 11:22:40 USB emulation: enabled 2022/09/16 11:22:40 hci packet injection: enabled 2022/09/16 11:22:40 wifi device emulation: failed to parse kernel version (6.0.0-rc5-next-20220916) 2022/09/16 11:22:40 802.15.4 emulation: enabled 2022/09/16 11:22:40 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/16 11:22:41 fetching corpus: 19, signal 19862/23278 (executing program) 2022/09/16 11:22:41 fetching corpus: 69, signal 38945/43269 (executing program) 2022/09/16 11:22:41 fetching corpus: 119, signal 49783/54973 (executing program) 2022/09/16 11:22:41 fetching corpus: 169, signal 59812/65592 (executing program) 2022/09/16 11:22:41 fetching corpus: 219, signal 67435/73787 (executing program) 2022/09/16 11:22:41 fetching corpus: 269, signal 72971/79838 (executing program) 2022/09/16 11:22:41 fetching corpus: 319, signal 76731/84134 (executing program) 2022/09/16 11:22:42 fetching corpus: 368, signal 79695/87645 (executing program) 2022/09/16 11:22:42 fetching corpus: 418, signal 83716/92031 (executing program) 2022/09/16 11:22:42 fetching corpus: 468, signal 87659/96198 (executing program) 2022/09/16 11:22:42 fetching corpus: 518, signal 90518/99355 (executing program) 2022/09/16 11:22:42 fetching corpus: 568, signal 94805/103612 (executing program) 2022/09/16 11:22:42 fetching corpus: 618, signal 99139/107794 (executing program) 2022/09/16 11:22:43 fetching corpus: 668, signal 103376/111736 (executing program) 2022/09/16 11:22:43 fetching corpus: 718, signal 105647/114077 (executing program) 2022/09/16 11:22:43 fetching corpus: 768, signal 107752/116209 (executing program) 2022/09/16 11:22:43 fetching corpus: 818, signal 111912/119787 (executing program) 2022/09/16 11:22:43 fetching corpus: 868, signal 113774/121599 (executing program) 2022/09/16 11:22:43 fetching corpus: 918, signal 114885/122809 (executing program) 2022/09/16 11:22:44 fetching corpus: 968, signal 117530/125279 (executing program) 2022/09/16 11:22:44 fetching corpus: 1018, signal 119324/126868 (executing program) 2022/09/16 11:22:44 fetching corpus: 1068, signal 122093/129095 (executing program) 2022/09/16 11:22:44 fetching corpus: 1118, signal 124701/131186 (executing program) 2022/09/16 11:22:44 fetching corpus: 1168, signal 126607/132714 (executing program) 2022/09/16 11:22:44 fetching corpus: 1218, signal 128740/134381 (executing program) 2022/09/16 11:22:45 fetching corpus: 1268, signal 130278/135583 (executing program) 2022/09/16 11:22:45 fetching corpus: 1318, signal 131937/136806 (executing program) 2022/09/16 11:22:45 fetching corpus: 1368, signal 133554/137949 (executing program) 2022/09/16 11:22:45 fetching corpus: 1418, signal 134890/138834 (executing program) 2022/09/16 11:22:45 fetching corpus: 1468, signal 136401/139844 (executing program) 2022/09/16 11:22:45 fetching corpus: 1518, signal 138057/140876 (executing program) 2022/09/16 11:22:45 fetching corpus: 1556, signal 139200/141607 (executing program) 2022/09/16 11:22:45 fetching corpus: 1556, signal 139200/141680 (executing program) 2022/09/16 11:22:45 fetching corpus: 1556, signal 139200/141750 (executing program) 2022/09/16 11:22:45 fetching corpus: 1556, signal 139200/141804 (executing program) 2022/09/16 11:22:45 fetching corpus: 1556, signal 139200/141881 (executing program) 2022/09/16 11:22:45 fetching corpus: 1556, signal 139200/141948 (executing program) 2022/09/16 11:22:45 fetching corpus: 1556, signal 139200/142024 (executing program) 2022/09/16 11:22:45 fetching corpus: 1556, signal 139200/142094 (executing program) 2022/09/16 11:22:45 fetching corpus: 1556, signal 139200/142175 (executing program) 2022/09/16 11:22:46 fetching corpus: 1556, signal 139200/142259 (executing program) 2022/09/16 11:22:46 fetching corpus: 1556, signal 139200/142331 (executing program) 2022/09/16 11:22:46 fetching corpus: 1556, signal 139200/142405 (executing program) 2022/09/16 11:22:46 fetching corpus: 1556, signal 139200/142478 (executing program) 2022/09/16 11:22:46 fetching corpus: 1556, signal 139200/142560 (executing program) 2022/09/16 11:22:46 fetching corpus: 1556, signal 139200/142632 (executing program) 2022/09/16 11:22:46 fetching corpus: 1556, signal 139200/142703 (executing program) 2022/09/16 11:22:46 fetching corpus: 1556, signal 139200/142786 (executing program) 2022/09/16 11:22:46 fetching corpus: 1556, signal 139200/142867 (executing program) 2022/09/16 11:22:46 fetching corpus: 1556, signal 139200/142933 (executing program) 2022/09/16 11:22:46 fetching corpus: 1556, signal 139200/143015 (executing program) 2022/09/16 11:22:46 fetching corpus: 1556, signal 139200/143073 (executing program) 2022/09/16 11:22:46 fetching corpus: 1556, signal 139200/143134 (executing program) 2022/09/16 11:22:46 fetching corpus: 1556, signal 139200/143217 (executing program) 2022/09/16 11:22:46 fetching corpus: 1556, signal 139200/143277 (executing program) 2022/09/16 11:22:46 fetching corpus: 1556, signal 139200/143347 (executing program) 2022/09/16 11:22:46 fetching corpus: 1556, signal 139200/143417 (executing program) 2022/09/16 11:22:46 fetching corpus: 1556, signal 139200/143471 (executing program) 2022/09/16 11:22:46 fetching corpus: 1556, signal 139200/143536 (executing program) 2022/09/16 11:22:46 fetching corpus: 1556, signal 139200/143616 (executing program) 2022/09/16 11:22:46 fetching corpus: 1556, signal 139200/143687 (executing program) 2022/09/16 11:22:46 fetching corpus: 1556, signal 139200/143755 (executing program) 2022/09/16 11:22:46 fetching corpus: 1556, signal 139200/143829 (executing program) 2022/09/16 11:22:46 fetching corpus: 1556, signal 139200/143901 (executing program) 2022/09/16 11:22:46 fetching corpus: 1556, signal 139200/143971 (executing program) 2022/09/16 11:22:46 fetching corpus: 1556, signal 139200/144041 (executing program) 2022/09/16 11:22:46 fetching corpus: 1556, signal 139200/144106 (executing program) 2022/09/16 11:22:46 fetching corpus: 1556, signal 139200/144189 (executing program) 2022/09/16 11:22:46 fetching corpus: 1556, signal 139200/144236 (executing program) 2022/09/16 11:22:46 fetching corpus: 1556, signal 139200/144236 (executing program) 2022/09/16 11:22:48 starting 8 fuzzer processes 11:22:48 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) shmat(0x0, &(0x7f0000ff6000/0x4000)=nil, 0x0) shmctl$IPC_STAT(0x0, 0x2, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xb) r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000480)={&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000011c0)=0x14) 11:22:48 executing program 1: syz_emit_ethernet(0x4a, &(0x7f00000000c0)={@multicast, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, '#\x00\b', 0x14, 0x2c, 0x0, @empty, @local, {[@hopopts={0x3b}], {0x0, 0x0, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}}, 0x0) 11:22:48 executing program 2: r0 = syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000001300)=[{&(0x7f0000010000)="601c6d6b646f736689254300080120000400004000f8000020004000030000000000000001", 0x25}, {0x0, 0x0, 0x10000}], 0x800010, &(0x7f0000000040)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) unlinkat(r0, &(0x7f0000000080)='./file1\x00', 0x0) 11:22:48 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000080)={r1, 0x1, 0x6, @broadcast}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x2, &(0x7f0000000140)={r1, 0x1, 0x6, @link_local}, 0x10) 11:22:48 executing program 4: r0 = epoll_create(0x4) r1 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000280)) 11:22:48 executing program 5: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r0, &(0x7f0000000000)={0x24, @short={0x2, 0x0, 0xfffe}}, 0x14) 11:22:48 executing program 6: rt_sigprocmask(0x0, 0x0, 0x0, 0x0) 11:22:48 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_RADAR_DETECT(r0, &(0x7f0000001340)={&(0x7f0000001240)={0x10, 0x0, 0x0, 0x6080181}, 0xc, &(0x7f0000001300)={&(0x7f0000001280)={0x28, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}}, 0x28}}, 0x0) [ 67.474362] audit: type=1400 audit(1663327368.579:6): avc: denied { execmem } for pid=288 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 68.855364] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 68.857575] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 68.859817] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 68.861616] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 68.864049] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 68.865693] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 68.869332] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 68.870741] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 68.872531] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 68.873937] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 68.902970] Bluetooth: hci0: HCI_REQ-0x0c1a [ 68.920733] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 68.921360] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 68.922329] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 68.923318] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 68.925002] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 68.927898] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 68.929462] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 68.930871] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 68.942043] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 68.943987] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 68.945416] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 68.948046] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 68.948386] Bluetooth: hci7: HCI_REQ-0x0c1a [ 68.949147] Bluetooth: hci1: HCI_REQ-0x0c1a [ 68.959322] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 68.960734] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 68.962858] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 68.964124] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 68.965644] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 68.969397] Bluetooth: hci5: HCI_REQ-0x0c1a [ 68.983267] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 68.984429] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 68.986051] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 68.988150] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 68.990588] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 68.996554] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 68.996893] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 68.999732] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 69.005367] Bluetooth: hci6: HCI_REQ-0x0c1a [ 69.006370] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 69.012365] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 69.013478] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 69.015831] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 69.017236] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 69.018462] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 69.020044] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 69.023768] Bluetooth: hci3: HCI_REQ-0x0c1a [ 69.043415] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 69.044777] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 69.049709] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 69.056710] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 69.057980] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 69.066894] Bluetooth: hci4: HCI_REQ-0x0c1a [ 69.109112] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 69.143943] Bluetooth: hci2: HCI_REQ-0x0c1a [ 70.990967] Bluetooth: hci5: command 0x0409 tx timeout [ 70.991577] Bluetooth: hci7: command 0x0409 tx timeout [ 70.991969] Bluetooth: hci1: command 0x0409 tx timeout [ 70.993425] Bluetooth: hci0: command 0x0409 tx timeout [ 71.054714] Bluetooth: hci3: command 0x0409 tx timeout [ 71.055842] Bluetooth: hci6: command 0x0409 tx timeout [ 71.118629] Bluetooth: hci4: command 0x0409 tx timeout [ 71.182630] Bluetooth: hci2: command 0x0409 tx timeout [ 73.038568] Bluetooth: hci0: command 0x041b tx timeout [ 73.039112] Bluetooth: hci1: command 0x041b tx timeout [ 73.039916] Bluetooth: hci7: command 0x041b tx timeout [ 73.040348] Bluetooth: hci5: command 0x041b tx timeout [ 73.102565] Bluetooth: hci6: command 0x041b tx timeout [ 73.103043] Bluetooth: hci3: command 0x041b tx timeout [ 73.166560] Bluetooth: hci4: command 0x041b tx timeout [ 73.230531] Bluetooth: hci2: command 0x041b tx timeout [ 75.086731] Bluetooth: hci5: command 0x040f tx timeout [ 75.087273] Bluetooth: hci7: command 0x040f tx timeout [ 75.087745] Bluetooth: hci1: command 0x040f tx timeout [ 75.088193] Bluetooth: hci0: command 0x040f tx timeout [ 75.150546] Bluetooth: hci3: command 0x040f tx timeout [ 75.151047] Bluetooth: hci6: command 0x040f tx timeout [ 75.214543] Bluetooth: hci4: command 0x040f tx timeout [ 75.278528] Bluetooth: hci2: command 0x040f tx timeout [ 77.134546] Bluetooth: hci0: command 0x0419 tx timeout [ 77.134997] Bluetooth: hci1: command 0x0419 tx timeout [ 77.135416] Bluetooth: hci7: command 0x0419 tx timeout [ 77.136540] Bluetooth: hci5: command 0x0419 tx timeout [ 77.198553] Bluetooth: hci6: command 0x0419 tx timeout [ 77.198979] Bluetooth: hci3: command 0x0419 tx timeout [ 77.262595] Bluetooth: hci4: command 0x0419 tx timeout [ 77.326573] Bluetooth: hci2: command 0x0419 tx timeout [ 125.432885] device syz_tun entered promiscuous mode [ 125.436705] device syz_tun left promiscuous mode [ 125.447181] device syz_tun entered promiscuous mode [ 125.447871] device syz_tun left promiscuous mode 11:23:46 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000080)={r1, 0x1, 0x6, @broadcast}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x2, &(0x7f0000000140)={r1, 0x1, 0x6, @link_local}, 0x10) [ 125.544293] device syz_tun entered promiscuous mode [ 125.554904] device syz_tun left promiscuous mode 11:23:46 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000080)={r1, 0x1, 0x6, @broadcast}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x2, &(0x7f0000000140)={r1, 0x1, 0x6, @link_local}, 0x10) [ 125.661436] device syz_tun entered promiscuous mode [ 125.673438] device syz_tun left promiscuous mode 11:23:46 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000080)={r1, 0x1, 0x6, @broadcast}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x2, &(0x7f0000000140)={r1, 0x1, 0x6, @link_local}, 0x10) [ 125.785804] device syz_tun entered promiscuous mode [ 125.793012] device syz_tun left promiscuous mode 11:23:46 executing program 3: r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8913, &(0x7f0000001300)={'wlan0\x00'}) 11:23:47 executing program 3: r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8913, &(0x7f0000001300)={'wlan0\x00'}) 11:23:47 executing program 3: r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8913, &(0x7f0000001300)={'wlan0\x00'}) 11:23:47 executing program 3: r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8913, &(0x7f0000001300)={'wlan0\x00'}) 11:23:47 executing program 3: modify_ldt$write2(0x11, &(0x7f0000000000), 0x10) [ 126.594379] audit: type=1400 audit(1663327427.699:7): avc: denied { open } for pid=3841 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 126.596064] audit: type=1400 audit(1663327427.699:8): avc: denied { kernel } for pid=3841 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 126.607893] ------------[ cut here ]------------ [ 126.607914] [ 126.607918] ====================================================== [ 126.607921] WARNING: possible circular locking dependency detected [ 126.607926] 6.0.0-rc5-next-20220916 #1 Not tainted [ 126.607932] ------------------------------------------------------ [ 126.607935] syz-executor.0/3842 is trying to acquire lock: [ 126.607942] ffffffff853fa878 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 126.607977] [ 126.607977] but task is already holding lock: [ 126.607980] ffff88801863b020 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 126.608007] [ 126.608007] which lock already depends on the new lock. [ 126.608007] [ 126.608010] [ 126.608010] the existing dependency chain (in reverse order) is: [ 126.608013] [ 126.608013] -> #3 (&ctx->lock){....}-{2:2}: [ 126.608026] _raw_spin_lock+0x2a/0x40 [ 126.608046] __perf_event_task_sched_out+0x53b/0x18d0 [ 126.608060] __schedule+0xedd/0x2470 [ 126.608070] schedule+0xda/0x1b0 [ 126.608080] exit_to_user_mode_prepare+0x114/0x1a0 [ 126.608100] syscall_exit_to_user_mode+0x19/0x40 [ 126.608117] do_syscall_64+0x48/0x90 [ 126.608131] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 126.608148] [ 126.608148] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 126.608161] _raw_spin_lock_nested+0x30/0x40 [ 126.608176] raw_spin_rq_lock_nested+0x1e/0x30 [ 126.608189] task_fork_fair+0x63/0x4d0 [ 126.608205] sched_cgroup_fork+0x3d0/0x540 [ 126.608219] copy_process+0x4183/0x6e20 [ 126.608229] kernel_clone+0xe7/0x890 [ 126.608238] user_mode_thread+0xad/0xf0 [ 126.608248] rest_init+0x24/0x250 [ 126.608264] arch_call_rest_init+0xf/0x14 [ 126.608276] start_kernel+0x4c1/0x4e6 [ 126.608286] secondary_startup_64_no_verify+0xe0/0xeb [ 126.608300] [ 126.608300] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 126.608313] _raw_spin_lock_irqsave+0x39/0x60 [ 126.608328] try_to_wake_up+0xab/0x1920 [ 126.608341] up+0x75/0xb0 [ 126.608351] __up_console_sem+0x6e/0x80 [ 126.608366] console_unlock+0x46a/0x590 [ 126.608382] vprintk_emit+0x1bd/0x560 [ 126.608398] vprintk+0x84/0xa0 [ 126.608413] _printk+0xba/0xf1 [ 126.608431] kauditd_hold_skb.cold+0x3f/0x4e [ 126.608445] kauditd_send_queue+0x233/0x290 [ 126.608459] kauditd_thread+0x5da/0x9a0 [ 126.608472] kthread+0x2ed/0x3a0 [ 126.608489] ret_from_fork+0x22/0x30 [ 126.608501] [ 126.608501] -> #0 ((console_sem).lock){....}-{2:2}: [ 126.608514] __lock_acquire+0x2a02/0x5e70 [ 126.608530] lock_acquire+0x1a2/0x530 [ 126.608545] _raw_spin_lock_irqsave+0x39/0x60 [ 126.608560] down_trylock+0xe/0x70 [ 126.608572] __down_trylock_console_sem+0x3b/0xd0 [ 126.608587] vprintk_emit+0x16b/0x560 [ 126.608603] vprintk+0x84/0xa0 [ 126.608618] _printk+0xba/0xf1 [ 126.608635] report_bug.cold+0x72/0xab [ 126.608647] handle_bug+0x3c/0x70 [ 126.608660] exc_invalid_op+0x14/0x50 [ 126.608673] asm_exc_invalid_op+0x16/0x20 [ 126.608689] group_sched_out.part.0+0x2c7/0x460 [ 126.608699] ctx_sched_out+0x8f1/0xc10 [ 126.608709] __perf_event_task_sched_out+0x6d0/0x18d0 [ 126.608721] __schedule+0xedd/0x2470 [ 126.608731] schedule+0xda/0x1b0 [ 126.608740] exit_to_user_mode_prepare+0x114/0x1a0 [ 126.608758] syscall_exit_to_user_mode+0x19/0x40 [ 126.608775] do_syscall_64+0x48/0x90 [ 126.608788] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 126.608805] [ 126.608805] other info that might help us debug this: [ 126.608805] [ 126.608807] Chain exists of: [ 126.608807] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 126.608807] [ 126.608822] Possible unsafe locking scenario: [ 126.608822] [ 126.608824] CPU0 CPU1 [ 126.608827] ---- ---- [ 126.608829] lock(&ctx->lock); [ 126.608834] lock(&rq->__lock); [ 126.608840] lock(&ctx->lock); [ 126.608846] lock((console_sem).lock); [ 126.608852] [ 126.608852] *** DEADLOCK *** [ 126.608852] [ 126.608854] 2 locks held by syz-executor.0/3842: [ 126.608861] #0: ffff88806ce37cd8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 126.608886] #1: ffff88801863b020 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 126.608913] [ 126.608913] stack backtrace: [ 126.608916] CPU: 0 PID: 3842 Comm: syz-executor.0 Not tainted 6.0.0-rc5-next-20220916 #1 [ 126.608929] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 126.608936] Call Trace: [ 126.608940] [ 126.608944] dump_stack_lvl+0x8b/0xb3 [ 126.608959] check_noncircular+0x263/0x2e0 [ 126.608975] ? format_decode+0x26c/0xb50 [ 126.608990] ? print_circular_bug+0x450/0x450 [ 126.609006] ? enable_ptr_key_workfn+0x20/0x20 [ 126.609022] ? format_decode+0x26c/0xb50 [ 126.609037] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 126.609054] __lock_acquire+0x2a02/0x5e70 [ 126.609075] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 126.609097] lock_acquire+0x1a2/0x530 [ 126.609114] ? down_trylock+0xe/0x70 [ 126.609128] ? rcu_read_unlock+0x40/0x40 [ 126.609148] ? vprintk+0x84/0xa0 [ 126.609165] _raw_spin_lock_irqsave+0x39/0x60 [ 126.609181] ? down_trylock+0xe/0x70 [ 126.609194] down_trylock+0xe/0x70 [ 126.609207] ? vprintk+0x84/0xa0 [ 126.609223] __down_trylock_console_sem+0x3b/0xd0 [ 126.609240] vprintk_emit+0x16b/0x560 [ 126.609259] vprintk+0x84/0xa0 [ 126.609275] _printk+0xba/0xf1 [ 126.609293] ? record_print_text.cold+0x16/0x16 [ 126.609315] ? report_bug.cold+0x66/0xab [ 126.609329] ? group_sched_out.part.0+0x2c7/0x460 [ 126.609340] report_bug.cold+0x72/0xab [ 126.609355] handle_bug+0x3c/0x70 [ 126.609369] exc_invalid_op+0x14/0x50 [ 126.609384] asm_exc_invalid_op+0x16/0x20 [ 126.609401] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 126.609414] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 126.609425] RSP: 0018:ffff88801b2b7c48 EFLAGS: 00010006 [ 126.609434] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 126.609441] RDX: ffff88801f480000 RSI: ffffffff81566027 RDI: 0000000000000005 [ 126.609449] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001 [ 126.609456] R10: 0000000000000000 R11: ffffffff865ac01b R12: ffff88801863b000 [ 126.609464] R13: ffff88806ce3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 126.609475] ? group_sched_out.part.0+0x2c7/0x460 [ 126.609488] ? group_sched_out.part.0+0x2c7/0x460 [ 126.609501] ctx_sched_out+0x8f1/0xc10 [ 126.609513] __perf_event_task_sched_out+0x6d0/0x18d0 [ 126.609528] ? lock_is_held_type+0xd7/0x130 [ 126.609546] ? __perf_cgroup_move+0x160/0x160 [ 126.609558] ? set_next_entity+0x304/0x550 [ 126.609575] ? update_curr+0x267/0x740 [ 126.609593] ? lock_is_held_type+0xd7/0x130 [ 126.609611] __schedule+0xedd/0x2470 [ 126.609625] ? io_schedule_timeout+0x150/0x150 [ 126.609638] ? rcu_read_lock_sched_held+0x3e/0x80 [ 126.609658] schedule+0xda/0x1b0 [ 126.609669] exit_to_user_mode_prepare+0x114/0x1a0 [ 126.609689] syscall_exit_to_user_mode+0x19/0x40 [ 126.609707] do_syscall_64+0x48/0x90 [ 126.609721] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 126.609738] RIP: 0033:0x7fe1bb5cab19 [ 126.609747] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 126.609758] RSP: 002b:00007fe1b8b40218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 126.609769] RAX: 0000000000000001 RBX: 00007fe1bb6ddf68 RCX: 00007fe1bb5cab19 [ 126.609776] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe1bb6ddf6c [ 126.609783] RBP: 00007fe1bb6ddf60 R08: 000000000000000e R09: 0000000000000000 [ 126.609790] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fe1bb6ddf6c [ 126.609798] R13: 00007fff1b02231f R14: 00007fe1b8b40300 R15: 0000000000022000 [ 126.609810] [ 126.680784] WARNING: CPU: 0 PID: 3842 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 126.681666] Modules linked in: [ 126.681923] CPU: 0 PID: 3842 Comm: syz-executor.0 Not tainted 6.0.0-rc5-next-20220916 #1 [ 126.682674] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 126.683780] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 126.684142] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 126.685306] RSP: 0018:ffff88801b2b7c48 EFLAGS: 00010006 [ 126.685656] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 126.686132] RDX: ffff88801f480000 RSI: ffffffff81566027 RDI: 0000000000000005 [ 126.686596] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001 [ 126.687059] R10: 0000000000000000 R11: ffffffff865ac01b R12: ffff88801863b000 [ 126.687528] R13: ffff88806ce3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 126.687994] FS: 00007fe1b8b40700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 126.688515] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 126.688896] CR2: 00007fe2e465e028 CR3: 000000000c020000 CR4: 0000000000350ef0 [ 126.689366] Call Trace: [ 126.689543] [ 126.689698] ctx_sched_out+0x8f1/0xc10 [ 126.689968] __perf_event_task_sched_out+0x6d0/0x18d0 [ 126.690315] ? lock_is_held_type+0xd7/0x130 [ 126.690612] ? __perf_cgroup_move+0x160/0x160 [ 126.690916] ? set_next_entity+0x304/0x550 [ 126.691212] ? update_curr+0x267/0x740 [ 126.691482] ? lock_is_held_type+0xd7/0x130 [ 126.691777] __schedule+0xedd/0x2470 [ 126.692031] ? io_schedule_timeout+0x150/0x150 [ 126.692343] ? rcu_read_lock_sched_held+0x3e/0x80 [ 126.692674] schedule+0xda/0x1b0 [ 126.692907] exit_to_user_mode_prepare+0x114/0x1a0 [ 126.693247] syscall_exit_to_user_mode+0x19/0x40 [ 126.693573] do_syscall_64+0x48/0x90 [ 126.693831] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 126.694186] RIP: 0033:0x7fe1bb5cab19 [ 126.694437] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 126.695602] RSP: 002b:00007fe1b8b40218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 126.696097] RAX: 0000000000000001 RBX: 00007fe1bb6ddf68 RCX: 00007fe1bb5cab19 [ 126.696562] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe1bb6ddf6c [ 126.697026] RBP: 00007fe1bb6ddf60 R08: 000000000000000e R09: 0000000000000000 [ 126.697493] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fe1bb6ddf6c [ 126.697971] R13: 00007fff1b02231f R14: 00007fe1b8b40300 R15: 0000000000022000 [ 126.698441] [ 126.698601] irq event stamp: 622 [ 126.698823] hardirqs last enabled at (621): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 126.699438] hardirqs last disabled at (622): [] __schedule+0x1225/0x2470 [ 126.699975] softirqs last enabled at (296): [] __irq_exit_rcu+0x11b/0x180 [ 126.700529] softirqs last disabled at (289): [] __irq_exit_rcu+0x11b/0x180 [ 126.701084] ---[ end trace 0000000000000000 ]--- [ 131.982632] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 132.046561] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 132.046582] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 132.110531] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 132.111578] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 136.206662] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 136.270543] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 136.270546] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 136.334515] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 136.334524] Bluetooth: hci4: Opcode 0x c03 failed: -110 VM DIAGNOSIS: 11:23:48 Registers: info registers vcpu 0 RAX=0000000000000034 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822b3251 RDI=ffffffff87641ba0 RBP=ffffffff87641b60 RSP=ffff88801b2b7698 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000034 R11=0000000000000001 R12=0000000000000034 R13=ffffffff87641b60 R14=0000000000000010 R15=ffffffff822b3240 RIP=ffffffff822b32a9 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fe1b8b40700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fe2e465e028 CR3=000000000c020000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007fe1bb6b17c0 00007fe1bb6b17c8 YMM02=0000000000000000 0000000000000000 00007fe1bb6b17e0 00007fe1bb6b17c0 YMM03=0000000000000000 0000000000000000 00007fe1bb6b17c8 00007fe1bb6b17c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=dffffc0000000000 RBX=ffffe8ffffd20e58 RCX=ffffffff814cf24b RDX=1ffffd1ffffa41cb RSI=1ffffffff0a2b715 RDI=ffffffff8545d240 RBP=ffff88802cef7f00 RSP=ffff88802cef7e38 R8 =0000000000000000 R9 =ffffffff85b02f17 R10=fffffbfff0b605e2 R11=0000000000000001 R12=ffff88802cef7ed8 R13=0000000000000000 R14=ffffffff84243688 R15=ffffffff8545d1c0 RIP=ffffffff814ce810 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555557191400 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f4d00d74260 CR3=000000000fa54000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM02=0000000000000000 0000000000000000 00524f5252450040 0000000000000000 YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM04=0000000000000000 0000000000000000 0000000000000000 00000000000000ff YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000