Warning: Permanently added '[localhost]:19749' (ECDSA) to the list of known hosts. 2022/09/21 11:57:52 fuzzer started 2022/09/21 11:57:52 dialing manager at localhost:40289 syzkaller login: [ 44.143048] cgroup: Unknown subsys name 'net' [ 44.271410] cgroup: Unknown subsys name 'rlimit' 2022/09/21 11:58:05 syscalls: 2215 2022/09/21 11:58:05 code coverage: enabled 2022/09/21 11:58:05 comparison tracing: enabled 2022/09/21 11:58:05 extra coverage: enabled 2022/09/21 11:58:05 setuid sandbox: enabled 2022/09/21 11:58:05 namespace sandbox: enabled 2022/09/21 11:58:05 Android sandbox: enabled 2022/09/21 11:58:05 fault injection: enabled 2022/09/21 11:58:05 leak checking: enabled 2022/09/21 11:58:05 net packet injection: enabled 2022/09/21 11:58:05 net device setup: enabled 2022/09/21 11:58:05 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/21 11:58:05 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/21 11:58:05 USB emulation: enabled 2022/09/21 11:58:05 hci packet injection: enabled 2022/09/21 11:58:05 wifi device emulation: failed to parse kernel version (6.0.0-rc6-next-20220921) 2022/09/21 11:58:05 802.15.4 emulation: enabled 2022/09/21 11:58:05 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/21 11:58:05 fetching corpus: 29, signal 23763/25867 (executing program) 2022/09/21 11:58:05 fetching corpus: 67, signal 32142/34314 (executing program) 2022/09/21 11:58:06 fetching corpus: 117, signal 40005/41718 (executing program) 2022/09/21 11:58:06 fetching corpus: 167, signal 48330/48824 (executing program) 2022/09/21 11:58:06 fetching corpus: 177, signal 49713/50043 (executing program) 2022/09/21 11:58:06 fetching corpus: 177, signal 49713/50092 (executing program) 2022/09/21 11:58:06 fetching corpus: 177, signal 49713/50150 (executing program) 2022/09/21 11:58:06 fetching corpus: 177, signal 49713/50205 (executing program) 2022/09/21 11:58:06 fetching corpus: 177, signal 49713/50268 (executing program) 2022/09/21 11:58:06 fetching corpus: 177, signal 49713/50335 (executing program) 2022/09/21 11:58:06 fetching corpus: 177, signal 49713/50396 (executing program) 2022/09/21 11:58:06 fetching corpus: 177, signal 49713/50454 (executing program) 2022/09/21 11:58:06 fetching corpus: 177, signal 49713/50513 (executing program) 2022/09/21 11:58:06 fetching corpus: 177, signal 49713/50556 (executing program) 2022/09/21 11:58:06 fetching corpus: 177, signal 49713/50622 (executing program) 2022/09/21 11:58:06 fetching corpus: 177, signal 49713/50673 (executing program) 2022/09/21 11:58:06 fetching corpus: 177, signal 49713/50723 (executing program) 2022/09/21 11:58:06 fetching corpus: 177, signal 49713/50778 (executing program) 2022/09/21 11:58:06 fetching corpus: 177, signal 49713/50846 (executing program) 2022/09/21 11:58:06 fetching corpus: 177, signal 49713/50910 (executing program) 2022/09/21 11:58:06 fetching corpus: 177, signal 49713/50967 (executing program) 2022/09/21 11:58:06 fetching corpus: 177, signal 49713/51026 (executing program) 2022/09/21 11:58:06 fetching corpus: 177, signal 49713/51080 (executing program) 2022/09/21 11:58:06 fetching corpus: 177, signal 49713/51135 (executing program) 2022/09/21 11:58:06 fetching corpus: 177, signal 49713/51135 (executing program) 2022/09/21 11:58:08 starting 8 fuzzer processes 11:58:08 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) mmap(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0) mlock(&(0x7f0000ff5000/0x4000)=nil, 0x4000) mremap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000ffa000/0x2000)=nil) 11:58:08 executing program 1: io_setup(0x400, &(0x7f0000000140)=0x0) io_pgetevents(r0, 0x9, 0x9, &(0x7f0000000180)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x0, 0x0) io_destroy(r0) [ 60.081740] audit: type=1400 audit(1663761488.686:6): avc: denied { execmem } for pid=287 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 11:58:08 executing program 2: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f0000001180)) 11:58:08 executing program 3: mknod(&(0x7f0000008d80)='./file0\x00', 0x0, 0x0) mount$9p_unix(&(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1a901e, 0x0) acct(&(0x7f0000000280)='./file0\x00') perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) umount2(&(0x7f0000000140)='./file0\x00', 0x0) 11:58:08 executing program 5: prctl$PR_SET_SECCOMP(0x16, 0x0, 0x0) 11:58:08 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r1 = fsopen(&(0x7f0000000140)='devtmpfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x6, 0x0, 0x0, 0x0) fsmount(r1, 0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000180)='/dev/hpet\x00', &(0x7f00000001c0)='{*\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x7, 0x0, 0x0, 0x0) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000840)={0x0, 0x9, 0x8001, 0x1}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000c40)={r2, 0x3, 0x10000}) openat$sr(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) 11:58:08 executing program 7: semop(0x0, &(0x7f0000003380)=[{}], 0x1) 11:58:08 executing program 6: syz_open_dev$vcsa(&(0x7f0000000b40), 0x0, 0x40) [ 61.266471] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 61.269769] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 61.271135] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 61.273843] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 61.277309] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 61.279160] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 61.284877] Bluetooth: hci0: HCI_REQ-0x0c1a [ 61.311592] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 61.314862] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 61.317365] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 61.322661] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 61.333641] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 61.340994] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 61.352457] Bluetooth: hci1: HCI_REQ-0x0c1a [ 61.395850] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 61.397827] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 61.400119] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 61.401623] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 61.403436] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 61.412994] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 61.415146] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 61.417699] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 61.419278] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 61.420655] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 61.425558] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 61.427120] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 61.429662] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 61.430379] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 61.431967] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 61.433948] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 61.446664] Bluetooth: hci5: HCI_REQ-0x0c1a [ 61.450149] Bluetooth: hci4: HCI_REQ-0x0c1a [ 61.482635] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 61.484148] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 61.485857] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 61.485894] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 61.490107] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 61.496841] Bluetooth: hci2: HCI_REQ-0x0c1a [ 61.548470] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 61.551745] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 61.556424] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 61.566354] Bluetooth: hci3: HCI_REQ-0x0c1a [ 61.588602] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 61.590504] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 61.592463] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 61.612521] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 61.632038] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 61.645971] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 61.669343] Bluetooth: hci7: HCI_REQ-0x0c1a [ 63.355683] Bluetooth: hci0: command 0x0409 tx timeout [ 63.419281] Bluetooth: hci1: command 0x0409 tx timeout [ 63.483661] Bluetooth: hci4: command 0x0409 tx timeout [ 63.483752] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 63.484303] Bluetooth: hci5: command 0x0409 tx timeout [ 63.547264] Bluetooth: hci2: command 0x0409 tx timeout [ 63.611293] Bluetooth: hci3: command 0x0409 tx timeout [ 63.739400] Bluetooth: hci7: command 0x0409 tx timeout [ 65.403280] Bluetooth: hci0: command 0x041b tx timeout [ 65.467302] Bluetooth: hci1: command 0x041b tx timeout [ 65.531370] Bluetooth: hci5: command 0x041b tx timeout [ 65.533241] Bluetooth: hci4: command 0x041b tx timeout [ 65.595412] Bluetooth: hci2: command 0x041b tx timeout [ 65.659629] Bluetooth: hci3: command 0x041b tx timeout [ 65.787395] Bluetooth: hci7: command 0x041b tx timeout [ 66.402579] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 66.409142] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 66.413950] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 66.425765] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 66.428968] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 66.435808] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 66.446254] Bluetooth: hci6: HCI_REQ-0x0c1a [ 67.452266] Bluetooth: hci0: command 0x040f tx timeout [ 67.515307] Bluetooth: hci1: command 0x040f tx timeout [ 67.579265] Bluetooth: hci4: command 0x040f tx timeout [ 67.580211] Bluetooth: hci5: command 0x040f tx timeout [ 67.644241] Bluetooth: hci2: command 0x040f tx timeout [ 67.708236] Bluetooth: hci3: command 0x040f tx timeout [ 67.836288] Bluetooth: hci7: command 0x040f tx timeout [ 68.477160] Bluetooth: hci6: command 0x0409 tx timeout [ 69.499245] Bluetooth: hci0: command 0x0419 tx timeout [ 69.563242] Bluetooth: hci1: command 0x0419 tx timeout [ 69.627662] Bluetooth: hci4: command 0x0419 tx timeout [ 69.628227] Bluetooth: hci5: command 0x0419 tx timeout [ 69.691222] Bluetooth: hci2: command 0x0419 tx timeout [ 69.755246] Bluetooth: hci3: command 0x0419 tx timeout [ 69.883266] Bluetooth: hci7: command 0x0419 tx timeout [ 70.523816] Bluetooth: hci6: command 0x041b tx timeout [ 72.571279] Bluetooth: hci6: command 0x040f tx timeout [ 74.619355] Bluetooth: hci6: command 0x0419 tx timeout [ 119.621267] audit: type=1400 audit(1663761548.225:7): avc: denied { open } for pid=3798 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 119.622679] audit: type=1400 audit(1663761548.225:8): avc: denied { kernel } for pid=3798 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 119.635073] ------------[ cut here ]------------ [ 119.635094] [ 119.635097] ====================================================== [ 119.635101] WARNING: possible circular locking dependency detected [ 119.635106] 6.0.0-rc6-next-20220921 #1 Not tainted [ 119.635112] ------------------------------------------------------ [ 119.635116] syz-executor.4/3800 is trying to acquire lock: [ 119.635122] ffffffff853faab8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 119.635171] [ 119.635171] but task is already holding lock: [ 119.635175] ffff88800ff5e820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 119.635211] [ 119.635211] which lock already depends on the new lock. [ 119.635211] [ 119.635215] [ 119.635215] the existing dependency chain (in reverse order) is: [ 119.635221] [ 119.635221] -> #3 (&ctx->lock){....}-{2:2}: [ 119.635237] _raw_spin_lock+0x2a/0x40 [ 119.635257] __perf_event_task_sched_out+0x53b/0x18d0 [ 119.635271] __schedule+0xedd/0x2470 [ 119.635285] preempt_schedule_common+0x45/0xc0 [ 119.635300] __cond_resched+0x17/0x30 [ 119.635314] __mutex_lock+0xa3/0x14d0 [ 119.635329] __do_sys_perf_event_open+0x1eec/0x32c0 [ 119.635343] do_syscall_64+0x3b/0x90 [ 119.635361] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 119.635373] [ 119.635373] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 119.635388] _raw_spin_lock_nested+0x30/0x40 [ 119.635407] raw_spin_rq_lock_nested+0x1e/0x30 [ 119.635421] task_fork_fair+0x63/0x4d0 [ 119.635440] sched_cgroup_fork+0x3d0/0x540 [ 119.635456] copy_process+0x4183/0x6e20 [ 119.635468] kernel_clone+0xe7/0x890 [ 119.635478] user_mode_thread+0xad/0xf0 [ 119.635490] rest_init+0x24/0x250 [ 119.635501] arch_call_rest_init+0xf/0x14 [ 119.635518] start_kernel+0x4c1/0x4e6 [ 119.635533] secondary_startup_64_no_verify+0xe0/0xeb [ 119.635548] [ 119.635548] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 119.635563] _raw_spin_lock_irqsave+0x39/0x60 [ 119.635583] try_to_wake_up+0xab/0x1930 [ 119.635597] up+0x75/0xb0 [ 119.635612] __up_console_sem+0x6e/0x80 [ 119.635630] console_unlock+0x46a/0x590 [ 119.635647] vt_ioctl+0x2822/0x2ca0 [ 119.635661] tty_ioctl+0x7c4/0x1700 [ 119.635674] __x64_sys_ioctl+0x19a/0x210 [ 119.635691] do_syscall_64+0x3b/0x90 [ 119.635709] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 119.635720] [ 119.635720] -> #0 ((console_sem).lock){....}-{2:2}: [ 119.635735] __lock_acquire+0x2a02/0x5e70 [ 119.635754] lock_acquire+0x1a2/0x530 [ 119.635771] _raw_spin_lock_irqsave+0x39/0x60 [ 119.635791] down_trylock+0xe/0x70 [ 119.635806] __down_trylock_console_sem+0x3b/0xd0 [ 119.635824] vprintk_emit+0x16b/0x560 [ 119.635843] vprintk+0x84/0xa0 [ 119.635861] _printk+0xba/0xf1 [ 119.635872] report_bug.cold+0x72/0xab [ 119.635889] handle_bug+0x3c/0x70 [ 119.635906] exc_invalid_op+0x14/0x50 [ 119.635924] asm_exc_invalid_op+0x16/0x20 [ 119.635935] group_sched_out.part.0+0x2c7/0x460 [ 119.635946] ctx_sched_out+0x8f1/0xc10 [ 119.635957] __perf_event_task_sched_out+0x6d0/0x18d0 [ 119.635970] __schedule+0xedd/0x2470 [ 119.635983] preempt_schedule_common+0x45/0xc0 [ 119.635998] __cond_resched+0x17/0x30 [ 119.636012] __mutex_lock+0xa3/0x14d0 [ 119.636027] __do_sys_perf_event_open+0x1eec/0x32c0 [ 119.636041] do_syscall_64+0x3b/0x90 [ 119.636058] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 119.636070] [ 119.636070] other info that might help us debug this: [ 119.636070] [ 119.636073] Chain exists of: [ 119.636073] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 119.636073] [ 119.636089] Possible unsafe locking scenario: [ 119.636089] [ 119.636092] CPU0 CPU1 [ 119.636095] ---- ---- [ 119.636097] lock(&ctx->lock); [ 119.636103] lock(&rq->__lock); [ 119.636110] lock(&ctx->lock); [ 119.636117] lock((console_sem).lock); [ 119.636123] [ 119.636123] *** DEADLOCK *** [ 119.636123] [ 119.636125] 2 locks held by syz-executor.4/3800: [ 119.636132] #0: ffff88806cf37d18 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 119.636162] #1: ffff88800ff5e820 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 119.636192] [ 119.636192] stack backtrace: [ 119.636195] CPU: 1 PID: 3800 Comm: syz-executor.4 Not tainted 6.0.0-rc6-next-20220921 #1 [ 119.636208] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 119.636217] Call Trace: [ 119.636220] [ 119.636224] dump_stack_lvl+0x8b/0xb3 [ 119.636244] check_noncircular+0x263/0x2e0 [ 119.636262] ? format_decode+0x26c/0xb50 [ 119.636279] ? print_circular_bug+0x450/0x450 [ 119.636298] ? enable_ptr_key_workfn+0x20/0x20 [ 119.636314] ? __lockdep_reset_lock+0x180/0x180 [ 119.636332] ? format_decode+0x26c/0xb50 [ 119.636350] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 119.636369] __lock_acquire+0x2a02/0x5e70 [ 119.636392] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 119.636416] lock_acquire+0x1a2/0x530 [ 119.636434] ? down_trylock+0xe/0x70 [ 119.636452] ? lock_release+0x750/0x750 [ 119.636470] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 119.636493] ? vprintk+0x84/0xa0 [ 119.636513] _raw_spin_lock_irqsave+0x39/0x60 [ 119.636533] ? down_trylock+0xe/0x70 [ 119.636550] down_trylock+0xe/0x70 [ 119.636566] ? vprintk+0x84/0xa0 [ 119.636584] __down_trylock_console_sem+0x3b/0xd0 [ 119.636603] vprintk_emit+0x16b/0x560 [ 119.636622] ? lock_downgrade+0x6d0/0x6d0 [ 119.636641] vprintk+0x84/0xa0 [ 119.636661] _printk+0xba/0xf1 [ 119.636672] ? record_print_text.cold+0x16/0x16 [ 119.636686] ? hrtimer_try_to_cancel+0x163/0x2c0 [ 119.636701] ? lock_downgrade+0x6d0/0x6d0 [ 119.636720] ? report_bug.cold+0x66/0xab [ 119.636738] ? group_sched_out.part.0+0x2c7/0x460 [ 119.636750] report_bug.cold+0x72/0xab [ 119.636770] handle_bug+0x3c/0x70 [ 119.636788] exc_invalid_op+0x14/0x50 [ 119.636806] asm_exc_invalid_op+0x16/0x20 [ 119.636819] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 119.636833] Code: 5e 41 5f e9 9b b9 ef ff e8 96 b9 ef ff 65 8b 1d 2b 12 ac 7e 31 ff 89 de e8 36 b6 ef ff 85 db 0f 84 8a 00 00 00 e8 79 b9 ef ff <0f> 0b e9 a5 fe ff ff e8 6d b9 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 119.636845] RSP: 0018:ffff88803eb97978 EFLAGS: 00010006 [ 119.636855] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 119.636863] RDX: ffff88801bf03580 RSI: ffffffff815663a7 RDI: 0000000000000005 [ 119.636871] RBP: ffff88803eb885c8 R08: 0000000000000005 R09: 0000000000000001 [ 119.636879] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800ff5e800 [ 119.636887] R13: ffff88806cf3d140 R14: ffffffff8547c8e0 R15: 0000000000000002 [ 119.636899] ? group_sched_out.part.0+0x2c7/0x460 [ 119.636913] ? group_sched_out.part.0+0x2c7/0x460 [ 119.636926] ctx_sched_out+0x8f1/0xc10 [ 119.636940] __perf_event_task_sched_out+0x6d0/0x18d0 [ 119.636956] ? lock_is_held_type+0xd7/0x130 [ 119.636969] ? __perf_cgroup_move+0x160/0x160 [ 119.636982] ? set_next_entity+0x304/0x550 [ 119.637001] ? update_curr+0x267/0x740 [ 119.637022] ? lock_is_held_type+0xd7/0x130 [ 119.637035] __schedule+0xedd/0x2470 [ 119.637052] ? io_schedule_timeout+0x150/0x150 [ 119.637067] ? find_held_lock+0x2c/0x110 [ 119.637088] ? lock_is_held_type+0xd7/0x130 [ 119.637102] ? __cond_resched+0x17/0x30 [ 119.637120] preempt_schedule_common+0x45/0xc0 [ 119.637137] __cond_resched+0x17/0x30 [ 119.637152] __mutex_lock+0xa3/0x14d0 [ 119.637169] ? lock_is_held_type+0xd7/0x130 [ 119.637181] ? __do_sys_perf_event_open+0x1eec/0x32c0 [ 119.637196] ? mutex_lock_io_nested+0x1310/0x1310 [ 119.637213] ? lock_release+0x3b2/0x750 [ 119.637232] ? __up_read+0x192/0x730 [ 119.637248] ? up_write+0x520/0x520 [ 119.637266] __do_sys_perf_event_open+0x1eec/0x32c0 [ 119.637284] ? perf_compat_ioctl+0x130/0x130 [ 119.637297] ? xfd_validate_state+0x59/0x180 [ 119.637323] ? syscall_enter_from_user_mode+0x1d/0x50 [ 119.637336] ? syscall_enter_from_user_mode+0x1d/0x50 [ 119.637351] do_syscall_64+0x3b/0x90 [ 119.637388] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 119.637401] RIP: 0033:0x7fc657275b19 [ 119.637410] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 119.637422] RSP: 002b:00007fc6547eb188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 119.637433] RAX: ffffffffffffffda RBX: 00007fc657388f60 RCX: 00007fc657275b19 [ 119.637442] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000280 [ 119.637450] RBP: 00007fc6572cff6d R08: 0000000000000000 R09: 0000000000000000 [ 119.637458] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 119.637465] R13: 00007ffc9ca18bbf R14: 00007fc6547eb300 R15: 0000000000022000 [ 119.637479] [ 119.700780] WARNING: CPU: 1 PID: 3800 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 119.701487] Modules linked in: [ 119.701736] CPU: 1 PID: 3800 Comm: syz-executor.4 Not tainted 6.0.0-rc6-next-20220921 #1 [ 119.702342] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 119.703181] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 119.703588] Code: 5e 41 5f e9 9b b9 ef ff e8 96 b9 ef ff 65 8b 1d 2b 12 ac 7e 31 ff 89 de e8 36 b6 ef ff 85 db 0f 84 8a 00 00 00 e8 79 b9 ef ff <0f> 0b e9 a5 fe ff ff e8 6d b9 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 119.704938] RSP: 0018:ffff88803eb97978 EFLAGS: 00010006 [ 119.705331] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 119.705880] RDX: ffff88801bf03580 RSI: ffffffff815663a7 RDI: 0000000000000005 [ 119.706420] RBP: ffff88803eb885c8 R08: 0000000000000005 R09: 0000000000000001 [ 119.706954] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800ff5e800 [ 119.707486] R13: ffff88806cf3d140 R14: ffffffff8547c8e0 R15: 0000000000000002 [ 119.708029] FS: 00007fc6547eb700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 119.708626] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.709073] CR2: 00007f7042e6f4a1 CR3: 000000003cb6c000 CR4: 0000000000350ee0 [ 119.709615] Call Trace: [ 119.709817] [ 119.709995] ctx_sched_out+0x8f1/0xc10 [ 119.710300] __perf_event_task_sched_out+0x6d0/0x18d0 [ 119.710694] ? lock_is_held_type+0xd7/0x130 [ 119.711025] ? __perf_cgroup_move+0x160/0x160 [ 119.711398] ? set_next_entity+0x304/0x550 [ 119.711730] ? update_curr+0x267/0x740 [ 119.712055] ? lock_is_held_type+0xd7/0x130 [ 119.712385] __schedule+0xedd/0x2470 [ 119.712680] ? io_schedule_timeout+0x150/0x150 [ 119.713036] ? find_held_lock+0x2c/0x110 [ 119.713365] ? lock_is_held_type+0xd7/0x130 [ 119.713705] ? __cond_resched+0x17/0x30 [ 119.714020] preempt_schedule_common+0x45/0xc0 [ 119.714375] __cond_resched+0x17/0x30 [ 119.714670] __mutex_lock+0xa3/0x14d0 [ 119.714969] ? lock_is_held_type+0xd7/0x130 [ 119.715301] ? __do_sys_perf_event_open+0x1eec/0x32c0 [ 119.715698] ? mutex_lock_io_nested+0x1310/0x1310 [ 119.716104] ? lock_release+0x3b2/0x750 [ 119.716427] ? __up_read+0x192/0x730 [ 119.716715] ? up_write+0x520/0x520 [ 119.717000] __do_sys_perf_event_open+0x1eec/0x32c0 [ 119.717394] ? perf_compat_ioctl+0x130/0x130 [ 119.717734] ? xfd_validate_state+0x59/0x180 [ 119.718086] ? syscall_enter_from_user_mode+0x1d/0x50 [ 119.718495] ? syscall_enter_from_user_mode+0x1d/0x50 [ 119.718908] do_syscall_64+0x3b/0x90 [ 119.719208] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 119.719618] RIP: 0033:0x7fc657275b19 [ 119.719909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 119.721287] RSP: 002b:00007fc6547eb188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 119.721876] RAX: ffffffffffffffda RBX: 00007fc657388f60 RCX: 00007fc657275b19 [ 119.722412] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000280 [ 119.722950] RBP: 00007fc6572cff6d R08: 0000000000000000 R09: 0000000000000000 [ 119.723485] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 119.724027] R13: 00007ffc9ca18bbf R14: 00007fc6547eb300 R15: 0000000000022000 [ 119.724566] [ 119.724748] irq event stamp: 482 [ 119.725004] hardirqs last enabled at (481): [] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 119.725749] hardirqs last disabled at (482): [] __schedule+0x1225/0x2470 [ 119.726377] softirqs last enabled at (40): [] __irq_exit_rcu+0x11b/0x180 [ 119.727014] softirqs last disabled at (35): [] __irq_exit_rcu+0x11b/0x180 [ 119.727656] ---[ end trace 0000000000000000 ]--- [ 119.812186] hrtimer: interrupt took 19237 ns [ 123.188359] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 123.189581] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 123.192119] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 123.194744] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 123.206318] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 123.207571] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 123.221259] Bluetooth: hci2: HCI_REQ-0x0c1a [ 124.859319] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 125.179218] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 125.179738] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 125.244208] Bluetooth: hci2: command 0x0409 tx timeout [ 125.244713] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 127.291325] Bluetooth: hci2: command 0x041b tx timeout [ 129.019211] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 129.340217] Bluetooth: hci2: command 0x040f tx timeout [ 129.403301] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 129.467213] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 129.467319] Bluetooth: hci5: Opcode 0x c03 failed: -110 VM DIAGNOSIS: 11:59:08 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=ffffffff8111b29c RCX=1ffffffff0e0b8e0 RDX=0000000000000000 RSI=1ffff11007d70e8a RDI=ffffffff8111b29c RBP=ffff888018aeb580 RSP=ffff88803eb87358 R8 =0000000000000000 R9 =ffff88803eb87440 R10=ffffed1007d70e95 R11=0000000000000001 R12=ffffed1007d70e8a R13=ffffed1007d70e89 R14=ffff88803eb87440 R15=ffff88803eb87440 RIP=ffffffff81206185 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f14b2d92028 CR3=000000003dd12000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 756e696c2d34365f 3638782f62696c2f YMM01=0000000000000000 0000000000000000 6f732e616d7a6c62 696c2f756e672d78 YMM02=0000000000000000 0000000000000000 00352e6f732e616d 7a6c62696c2f756e YMM03=0000000000000000 0000000000000000 672d78756e696c2d 34365f3638782f62 YMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=0000000000000065 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822b1c91 RDI=ffffffff87645ba0 RBP=ffffffff87645b60 RSP=ffff88803eb973c8 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000065 R11=0000000000000001 R12=0000000000000065 R13=ffffffff87645b60 R14=0000000000000010 R15=ffffffff822b1c80 RIP=ffffffff822b1ce9 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fc6547eb700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f7042e6f4a1 CR3=000000003cb6c000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM02=0000000000000000 0000000000000000 00524f5252450040 0000000000000000 YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM04=0000000000000000 0000000000000000 0000000000000000 00000000000000ff YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000