Warning: Permanently added '[localhost]:31190' (ECDSA) to the list of known hosts. 2022/09/21 12:40:06 fuzzer started 2022/09/21 12:40:06 dialing manager at localhost:40289 syzkaller login: [ 44.007953] cgroup: Unknown subsys name 'net' [ 44.125054] cgroup: Unknown subsys name 'rlimit' 2022/09/21 12:40:21 syscalls: 2215 2022/09/21 12:40:21 code coverage: enabled 2022/09/21 12:40:21 comparison tracing: enabled 2022/09/21 12:40:21 extra coverage: enabled 2022/09/21 12:40:21 setuid sandbox: enabled 2022/09/21 12:40:21 namespace sandbox: enabled 2022/09/21 12:40:21 Android sandbox: enabled 2022/09/21 12:40:21 fault injection: enabled 2022/09/21 12:40:21 leak checking: enabled 2022/09/21 12:40:21 net packet injection: enabled 2022/09/21 12:40:21 net device setup: enabled 2022/09/21 12:40:21 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/21 12:40:21 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/21 12:40:21 USB emulation: enabled 2022/09/21 12:40:21 hci packet injection: enabled 2022/09/21 12:40:21 wifi device emulation: failed to parse kernel version (6.0.0-rc6-next-20220921) 2022/09/21 12:40:21 802.15.4 emulation: enabled 2022/09/21 12:40:21 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/21 12:40:21 fetching corpus: 50, signal 24758/27562 (executing program) 2022/09/21 12:40:21 fetching corpus: 100, signal 39460/42627 (executing program) 2022/09/21 12:40:22 fetching corpus: 150, signal 48901/52354 (executing program) 2022/09/21 12:40:22 fetching corpus: 200, signal 55236/58782 (executing program) 2022/09/21 12:40:22 fetching corpus: 250, signal 62533/65720 (executing program) 2022/09/21 12:40:22 fetching corpus: 300, signal 65961/69223 (executing program) 2022/09/21 12:40:22 fetching corpus: 350, signal 69511/72574 (executing program) 2022/09/21 12:40:23 fetching corpus: 400, signal 74720/77179 (executing program) 2022/09/21 12:40:23 fetching corpus: 450, signal 77554/79614 (executing program) 2022/09/21 12:40:23 fetching corpus: 493, signal 81171/82587 (executing program) 2022/09/21 12:40:23 fetching corpus: 493, signal 81171/82719 (executing program) 2022/09/21 12:40:23 fetching corpus: 493, signal 81171/82836 (executing program) 2022/09/21 12:40:23 fetching corpus: 493, signal 81171/82963 (executing program) 2022/09/21 12:40:23 fetching corpus: 493, signal 81171/83090 (executing program) 2022/09/21 12:40:23 fetching corpus: 493, signal 81171/83221 (executing program) 2022/09/21 12:40:23 fetching corpus: 493, signal 81171/83350 (executing program) 2022/09/21 12:40:23 fetching corpus: 493, signal 81171/83473 (executing program) 2022/09/21 12:40:23 fetching corpus: 493, signal 81171/83602 (executing program) 2022/09/21 12:40:23 fetching corpus: 493, signal 81171/83750 (executing program) 2022/09/21 12:40:23 fetching corpus: 493, signal 81171/83893 (executing program) 2022/09/21 12:40:23 fetching corpus: 493, signal 81171/84033 (executing program) 2022/09/21 12:40:23 fetching corpus: 493, signal 81171/84157 (executing program) 2022/09/21 12:40:23 fetching corpus: 493, signal 81171/84281 (executing program) 2022/09/21 12:40:23 fetching corpus: 493, signal 81171/84403 (executing program) 2022/09/21 12:40:23 fetching corpus: 493, signal 81171/84517 (executing program) 2022/09/21 12:40:23 fetching corpus: 493, signal 81171/84654 (executing program) 2022/09/21 12:40:23 fetching corpus: 493, signal 81171/84797 (executing program) 2022/09/21 12:40:23 fetching corpus: 493, signal 81171/84928 (executing program) 2022/09/21 12:40:23 fetching corpus: 493, signal 81171/85052 (executing program) 2022/09/21 12:40:23 fetching corpus: 493, signal 81171/85181 (executing program) 2022/09/21 12:40:23 fetching corpus: 493, signal 81171/85302 (executing program) 2022/09/21 12:40:23 fetching corpus: 493, signal 81171/85422 (executing program) 2022/09/21 12:40:23 fetching corpus: 493, signal 81171/85555 (executing program) 2022/09/21 12:40:23 fetching corpus: 493, signal 81171/85693 (executing program) 2022/09/21 12:40:23 fetching corpus: 493, signal 81171/85821 (executing program) 2022/09/21 12:40:23 fetching corpus: 493, signal 81171/85965 (executing program) 2022/09/21 12:40:23 fetching corpus: 493, signal 81171/86082 (executing program) 2022/09/21 12:40:23 fetching corpus: 493, signal 81171/86216 (executing program) 2022/09/21 12:40:23 fetching corpus: 493, signal 81171/86331 (executing program) 2022/09/21 12:40:23 fetching corpus: 493, signal 81171/86406 (executing program) 2022/09/21 12:40:23 fetching corpus: 493, signal 81171/86406 (executing program) 12:40:25 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)=@getspdinfo={0x14, 0x24, 0x1}, 0x14}}, 0x0) 2022/09/21 12:40:25 starting 8 fuzzer processes 12:40:26 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config', 0x0, 0x0) openat$incfs(r0, &(0x7f0000000240)='.pending_reads\x00', 0x14002, 0x0) 12:40:26 executing program 1: shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil) r0 = shmat(0x0, &(0x7f0000ffe000/0x2000)=nil, 0x4000) shmdt(r0) syz_open_dev$mouse(0x0, 0x1, 0x0) sendmsg$BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, 0x0, 0x0) 12:40:26 executing program 3: syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @random="671700", @void, {@ipv4={0x800, @igmp={{0x8, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @dev, @remote}, {0x0, 0x0, 0x0, @empty}}}}}, 0x0) 12:40:26 executing program 4: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) sigaltstack(&(0x7f0000ffc000/0x1000)=nil, 0x0) [ 62.976500] audit: type=1400 audit(1663764026.042:6): avc: denied { execmem } for pid=287 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 12:40:26 executing program 6: openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x6000, 0x0) 12:40:26 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x5}, 0x1200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001a00010212c91e1bbeb3f02a250800ff085e762ac65f7d91053f295d4ffc20d65892ef07d227fdbe18dbfb1af3e0dd6a380e71c4fcf7eb3843a0a27d26af18e26c51db155af69e0000000000000000000000000000df63a36fd407eb99643b749f82e446ef63c21499fc9022822e14cf2dbe93dedf4e77766175ac5c31d7d34cf901e24917654cb8d3c73e60c6c12f77588b76a9611ccb029fc621b6cee12eb8459bf1b75803ac062baa94cd7dfdf5af4315b56bc0b876e61fa3a5d8f3ac20a51e8f575c1d589000"/215], 0x28}}, 0x0) recvmmsg(r0, &(0x7f0000003980)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) pwritev2(r1, 0x0, 0x0, 0x0, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f00000003c0)={0xa, 0x4e21, 0x4, @private1, 0xb5fc}, 0x1c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = gettid() rt_sigqueueinfo(r3, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r1, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x3c, 0x0, 0x100, 0x70bd27, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x5, 0x10}}}}, [@NL80211_ATTR_FRAME={0x18, 0x33, @ctrl_frame=@bar={{}, {0x8}, @device_b, @device_b, @compressed={{0x1, 0x0, 0x1, 0x0, 0x6}, {0x2, 0x8}}}}, @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x48a1}, 0x400c890) sendmmsg$unix(r4, &(0x7f0000001fc0)=[{{&(0x7f0000000040)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000000240)=[{&(0x7f00000000c0)="2a4999f1ced3a04d3e945455e6cab8493379abc3d5c2d89b792050158475106b14ac9b07e08fb2384b519262b6", 0x2d}, {&(0x7f0000000140)="e9", 0x1}, {0x0}], 0x3, 0xfffffffffffffffc}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000001f00)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff, 0xee01}}}], 0x40, 0x20040401}}], 0x2, 0x0) sendmmsg$unix(r2, &(0x7f0000001fc0)=[{{&(0x7f0000000040)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000000240)=[{&(0x7f00000000c0)="2a4999f1ced3a04d3e945455e6cab8493379abc3d5c2d89b792050158475106b14ac9b07e08fb2384b519262b6", 0x2d}, {&(0x7f0000000140)="e9", 0x1}, {0x0}], 0x3, 0xfffffffffffffffc, 0x0, 0x804}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000001f00)=[@rights={{0x14, 0x1, 0x1, [r4]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff, 0xee01}}}], 0x38, 0x24040405}}], 0x2, 0x0) r5 = socket$inet6(0xa, 0x1, 0x0) getsockopt$inet6_buf(r5, 0x29, 0x6, 0x0, &(0x7f0000000140)) rt_tgsigqueueinfo(0x0, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0xffffffc4}) 12:40:26 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000001740)={0x20}) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000000)='r', 0x1}], 0x1) fallocate(r0, 0x3, 0x0, 0x3) [ 64.238390] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 64.241353] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 64.244939] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 64.246996] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 64.250016] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 64.252316] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 64.257246] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 64.259558] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 64.263969] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 64.266039] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 64.268409] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 64.270519] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 64.294675] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 64.297759] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 64.300066] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 64.302113] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 64.307635] Bluetooth: hci0: HCI_REQ-0x0c1a [ 64.310933] Bluetooth: hci1: HCI_REQ-0x0c1a [ 64.311709] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 64.314209] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 64.331988] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 64.334720] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 64.336939] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 64.359435] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 64.359513] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 64.365030] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 64.367967] Bluetooth: hci4: HCI_REQ-0x0c1a [ 64.371229] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 64.371256] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 64.373835] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 64.375613] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 64.385673] Bluetooth: hci2: HCI_REQ-0x0c1a [ 64.385706] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 64.387344] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 64.388130] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 64.389331] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 64.390414] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 64.391226] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 64.391974] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 64.392992] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 64.404941] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 64.405985] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 64.407205] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 64.409677] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 64.410630] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 64.412280] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 64.413126] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 64.414858] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 64.416580] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 64.417544] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 64.429485] Bluetooth: hci7: HCI_REQ-0x0c1a [ 64.430375] Bluetooth: hci6: HCI_REQ-0x0c1a [ 64.433657] Bluetooth: hci5: HCI_REQ-0x0c1a [ 64.444595] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 64.449481] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 64.460331] Bluetooth: hci3: HCI_REQ-0x0c1a [ 66.322053] Bluetooth: hci0: command 0x0409 tx timeout [ 66.386302] Bluetooth: hci4: command 0x0409 tx timeout [ 66.387101] Bluetooth: hci1: command 0x0409 tx timeout [ 66.449284] Bluetooth: hci6: command 0x0409 tx timeout [ 66.451412] Bluetooth: hci5: command 0x0409 tx timeout [ 66.453196] Bluetooth: hci2: command 0x0409 tx timeout [ 66.513298] Bluetooth: hci3: command 0x0409 tx timeout [ 66.514127] Bluetooth: hci7: command 0x0409 tx timeout [ 68.369976] Bluetooth: hci0: command 0x041b tx timeout [ 68.433227] Bluetooth: hci1: command 0x041b tx timeout [ 68.433790] Bluetooth: hci4: command 0x041b tx timeout [ 68.497389] Bluetooth: hci2: command 0x041b tx timeout [ 68.498025] Bluetooth: hci5: command 0x041b tx timeout [ 68.498578] Bluetooth: hci6: command 0x041b tx timeout [ 68.561275] Bluetooth: hci7: command 0x041b tx timeout [ 68.561865] Bluetooth: hci3: command 0x041b tx timeout [ 70.417278] Bluetooth: hci0: command 0x040f tx timeout [ 70.481241] Bluetooth: hci4: command 0x040f tx timeout [ 70.481803] Bluetooth: hci1: command 0x040f tx timeout [ 70.545268] Bluetooth: hci6: command 0x040f tx timeout [ 70.545834] Bluetooth: hci5: command 0x040f tx timeout [ 70.547702] Bluetooth: hci2: command 0x040f tx timeout [ 70.609340] Bluetooth: hci3: command 0x040f tx timeout [ 70.609945] Bluetooth: hci7: command 0x040f tx timeout [ 72.465211] Bluetooth: hci0: command 0x0419 tx timeout [ 72.529375] Bluetooth: hci1: command 0x0419 tx timeout [ 72.529961] Bluetooth: hci4: command 0x0419 tx timeout [ 72.593330] Bluetooth: hci2: command 0x0419 tx timeout [ 72.593957] Bluetooth: hci5: command 0x0419 tx timeout [ 72.594519] Bluetooth: hci6: command 0x0419 tx timeout [ 72.657234] Bluetooth: hci7: command 0x0419 tx timeout [ 72.657809] Bluetooth: hci3: command 0x0419 tx timeout [ 121.269750] audit: type=1400 audit(1663764084.339:7): avc: denied { open } for pid=3824 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 121.271345] audit: type=1400 audit(1663764084.339:8): avc: denied { kernel } for pid=3824 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 121.285271] ------------[ cut here ]------------ [ 121.285293] [ 121.285297] ====================================================== [ 121.285300] WARNING: possible circular locking dependency detected [ 121.285304] 6.0.0-rc6-next-20220921 #1 Not tainted [ 121.285311] ------------------------------------------------------ [ 121.285315] syz-executor.5/3826 is trying to acquire lock: [ 121.285321] ffffffff853faab8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 121.285361] [ 121.285361] but task is already holding lock: [ 121.285364] ffff888015d63420 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 121.285393] [ 121.285393] which lock already depends on the new lock. [ 121.285393] [ 121.285396] [ 121.285396] the existing dependency chain (in reverse order) is: [ 121.285400] [ 121.285400] -> #3 (&ctx->lock){....}-{2:2}: [ 121.285414] _raw_spin_lock+0x2a/0x40 [ 121.285435] __perf_event_task_sched_out+0x53b/0x18d0 [ 121.285448] __schedule+0xedd/0x2470 [ 121.285462] schedule+0xda/0x1b0 [ 121.285476] exit_to_user_mode_prepare+0x114/0x1a0 [ 121.285488] syscall_exit_to_user_mode+0x19/0x40 [ 121.285500] do_syscall_64+0x48/0x90 [ 121.285517] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 121.285529] [ 121.285529] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 121.285544] _raw_spin_lock_nested+0x30/0x40 [ 121.285564] raw_spin_rq_lock_nested+0x1e/0x30 [ 121.285577] task_fork_fair+0x63/0x4d0 [ 121.285596] sched_cgroup_fork+0x3d0/0x540 [ 121.285612] copy_process+0x4183/0x6e20 [ 121.285622] kernel_clone+0xe7/0x890 [ 121.285632] user_mode_thread+0xad/0xf0 [ 121.285643] rest_init+0x24/0x250 [ 121.285654] arch_call_rest_init+0xf/0x14 [ 121.285671] start_kernel+0x4c1/0x4e6 [ 121.285686] secondary_startup_64_no_verify+0xe0/0xeb [ 121.285701] [ 121.285701] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 121.285716] _raw_spin_lock_irqsave+0x39/0x60 [ 121.285736] try_to_wake_up+0xab/0x1930 [ 121.285750] up+0x75/0xb0 [ 121.285765] __up_console_sem+0x6e/0x80 [ 121.285782] console_unlock+0x46a/0x590 [ 121.285800] vt_ioctl+0x2822/0x2ca0 [ 121.285813] tty_ioctl+0x7c4/0x1700 [ 121.285826] __x64_sys_ioctl+0x19a/0x210 [ 121.285842] do_syscall_64+0x3b/0x90 [ 121.285860] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 121.285872] [ 121.285872] -> #0 ((console_sem).lock){....}-{2:2}: [ 121.285886] __lock_acquire+0x2a02/0x5e70 [ 121.285906] lock_acquire+0x1a2/0x530 [ 121.285923] _raw_spin_lock_irqsave+0x39/0x60 [ 121.285943] down_trylock+0xe/0x70 [ 121.285959] __down_trylock_console_sem+0x3b/0xd0 [ 121.285977] vprintk_emit+0x16b/0x560 [ 121.285995] vprintk+0x84/0xa0 [ 121.286013] _printk+0xba/0xf1 [ 121.286024] report_bug.cold+0x72/0xab [ 121.286041] handle_bug+0x3c/0x70 [ 121.286058] exc_invalid_op+0x14/0x50 [ 121.286076] asm_exc_invalid_op+0x16/0x20 [ 121.286087] group_sched_out.part.0+0x2c7/0x460 [ 121.286099] ctx_sched_out+0x8f1/0xc10 [ 121.286109] __perf_event_task_sched_out+0x6d0/0x18d0 [ 121.286122] __schedule+0xedd/0x2470 [ 121.286136] schedule+0xda/0x1b0 [ 121.286149] exit_to_user_mode_prepare+0x114/0x1a0 [ 121.286160] syscall_exit_to_user_mode+0x19/0x40 [ 121.286172] do_syscall_64+0x48/0x90 [ 121.286190] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 121.286202] [ 121.286202] other info that might help us debug this: [ 121.286202] [ 121.286204] Chain exists of: [ 121.286204] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 121.286204] [ 121.286220] Possible unsafe locking scenario: [ 121.286220] [ 121.286223] CPU0 CPU1 [ 121.286225] ---- ---- [ 121.286227] lock(&ctx->lock); [ 121.286233] lock(&rq->__lock); [ 121.286240] lock(&ctx->lock); [ 121.286247] lock((console_sem).lock); [ 121.286253] [ 121.286253] *** DEADLOCK *** [ 121.286253] [ 121.286255] 2 locks held by syz-executor.5/3826: [ 121.286262] #0: ffff88806ce37d18 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 121.286292] #1: ffff888015d63420 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 121.286322] [ 121.286322] stack backtrace: [ 121.286325] CPU: 0 PID: 3826 Comm: syz-executor.5 Not tainted 6.0.0-rc6-next-20220921 #1 [ 121.286338] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 121.286347] Call Trace: [ 121.286350] [ 121.286355] dump_stack_lvl+0x8b/0xb3 [ 121.286374] check_noncircular+0x263/0x2e0 [ 121.286392] ? format_decode+0x26c/0xb50 [ 121.286409] ? print_circular_bug+0x450/0x450 [ 121.286428] ? enable_ptr_key_workfn+0x20/0x20 [ 121.286445] ? format_decode+0x26c/0xb50 [ 121.286463] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 121.286483] __lock_acquire+0x2a02/0x5e70 [ 121.286506] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 121.286531] lock_acquire+0x1a2/0x530 [ 121.286556] ? down_trylock+0xe/0x70 [ 121.286574] ? lock_release+0x750/0x750 [ 121.286597] ? vprintk+0x84/0xa0 [ 121.286617] _raw_spin_lock_irqsave+0x39/0x60 [ 121.286638] ? down_trylock+0xe/0x70 [ 121.286654] down_trylock+0xe/0x70 [ 121.286671] ? vprintk+0x84/0xa0 [ 121.286690] __down_trylock_console_sem+0x3b/0xd0 [ 121.286709] vprintk_emit+0x16b/0x560 [ 121.286730] vprintk+0x84/0xa0 [ 121.286750] _printk+0xba/0xf1 [ 121.286761] ? record_print_text.cold+0x16/0x16 [ 121.286777] ? report_bug.cold+0x66/0xab [ 121.286796] ? group_sched_out.part.0+0x2c7/0x460 [ 121.286808] report_bug.cold+0x72/0xab [ 121.286827] handle_bug+0x3c/0x70 [ 121.286846] exc_invalid_op+0x14/0x50 [ 121.286865] asm_exc_invalid_op+0x16/0x20 [ 121.286878] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 121.286892] Code: 5e 41 5f e9 9b b9 ef ff e8 96 b9 ef ff 65 8b 1d 2b 12 ac 7e 31 ff 89 de e8 36 b6 ef ff 85 db 0f 84 8a 00 00 00 e8 79 b9 ef ff <0f> 0b e9 a5 fe ff ff e8 6d b9 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 121.286904] RSP: 0018:ffff88801b917c48 EFLAGS: 00010006 [ 121.286913] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 121.286921] RDX: ffff88801041d040 RSI: ffffffff815663a7 RDI: 0000000000000005 [ 121.286930] RBP: ffff888008668000 R08: 0000000000000005 R09: 0000000000000001 [ 121.286937] R10: 0000000000000000 R11: ffffffff865b001b R12: ffff888015d63400 [ 121.286945] R13: ffff88806ce3d140 R14: ffffffff8547cf80 R15: 0000000000000002 [ 121.286957] ? group_sched_out.part.0+0x2c7/0x460 [ 121.286971] ? group_sched_out.part.0+0x2c7/0x460 [ 121.286985] ctx_sched_out+0x8f1/0xc10 [ 121.286998] __perf_event_task_sched_out+0x6d0/0x18d0 [ 121.287014] ? lock_is_held_type+0xd7/0x130 [ 121.287028] ? __perf_cgroup_move+0x160/0x160 [ 121.287040] ? set_next_entity+0x304/0x550 [ 121.287060] ? update_curr+0x267/0x740 [ 121.287080] ? lock_is_held_type+0xd7/0x130 [ 121.287093] __schedule+0xedd/0x2470 [ 121.287111] ? io_schedule_timeout+0x150/0x150 [ 121.287127] ? rcu_read_lock_sched_held+0x3e/0x80 [ 121.287149] schedule+0xda/0x1b0 [ 121.287164] exit_to_user_mode_prepare+0x114/0x1a0 [ 121.287177] syscall_exit_to_user_mode+0x19/0x40 [ 121.287189] do_syscall_64+0x48/0x90 [ 121.287208] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 121.287221] RIP: 0033:0x7fd8a40ceb19 [ 121.287230] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 121.287241] RSP: 002b:00007fd8a1644218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 121.287252] RAX: 0000000000000001 RBX: 00007fd8a41e1f68 RCX: 00007fd8a40ceb19 [ 121.287260] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fd8a41e1f6c [ 121.287268] RBP: 00007fd8a41e1f60 R08: 000000000000000e R09: 0000000000000000 [ 121.287276] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fd8a41e1f6c [ 121.287284] R13: 00007ffcd726683f R14: 00007fd8a1644300 R15: 0000000000022000 [ 121.287297] [ 121.342686] WARNING: CPU: 0 PID: 3826 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 121.343378] Modules linked in: [ 121.343620] CPU: 0 PID: 3826 Comm: syz-executor.5 Not tainted 6.0.0-rc6-next-20220921 #1 [ 121.344228] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 121.345074] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 121.345486] Code: 5e 41 5f e9 9b b9 ef ff e8 96 b9 ef ff 65 8b 1d 2b 12 ac 7e 31 ff 89 de e8 36 b6 ef ff 85 db 0f 84 8a 00 00 00 e8 79 b9 ef ff <0f> 0b e9 a5 fe ff ff e8 6d b9 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 121.346839] RSP: 0018:ffff88801b917c48 EFLAGS: 00010006 [ 121.347240] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 121.347761] RDX: ffff88801041d040 RSI: ffffffff815663a7 RDI: 0000000000000005 [ 121.348284] RBP: ffff888008668000 R08: 0000000000000005 R09: 0000000000000001 [ 121.348810] R10: 0000000000000000 R11: ffffffff865b001b R12: ffff888015d63400 [ 121.349330] R13: ffff88806ce3d140 R14: ffffffff8547cf80 R15: 0000000000000002 [ 121.349849] FS: 00007fd8a1644700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 121.350439] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 121.350874] CR2: 00007f2e7f9c7368 CR3: 000000003e430000 CR4: 0000000000350ef0 [ 121.351404] Call Trace: [ 121.351601] [ 121.351777] ctx_sched_out+0x8f1/0xc10 [ 121.352080] __perf_event_task_sched_out+0x6d0/0x18d0 [ 121.352469] ? lock_is_held_type+0xd7/0x130 [ 121.352800] ? __perf_cgroup_move+0x160/0x160 [ 121.353150] ? set_next_entity+0x304/0x550 [ 121.353486] ? update_curr+0x267/0x740 [ 121.353790] ? lock_is_held_type+0xd7/0x130 [ 121.354115] __schedule+0xedd/0x2470 [ 121.354405] ? io_schedule_timeout+0x150/0x150 [ 121.354773] ? rcu_read_lock_sched_held+0x3e/0x80 [ 121.355161] schedule+0xda/0x1b0 [ 121.355416] exit_to_user_mode_prepare+0x114/0x1a0 [ 121.355787] syscall_exit_to_user_mode+0x19/0x40 [ 121.356149] do_syscall_64+0x48/0x90 [ 121.356441] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 121.356836] RIP: 0033:0x7fd8a40ceb19 [ 121.357116] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 121.358473] RSP: 002b:00007fd8a1644218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 121.359044] RAX: 0000000000000001 RBX: 00007fd8a41e1f68 RCX: 00007fd8a40ceb19 [ 121.359567] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fd8a41e1f6c [ 121.360098] RBP: 00007fd8a41e1f60 R08: 000000000000000e R09: 0000000000000000 [ 121.360627] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fd8a41e1f6c [ 121.361164] R13: 00007ffcd726683f R14: 00007fd8a1644300 R15: 0000000000022000 [ 121.361702] [ 121.361882] irq event stamp: 660 [ 121.362133] hardirqs last enabled at (659): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 121.362841] hardirqs last disabled at (660): [] __schedule+0x1225/0x2470 [ 121.363451] softirqs last enabled at (320): [] __irq_exit_rcu+0x11b/0x180 [ 121.364101] softirqs last disabled at (315): [] __irq_exit_rcu+0x11b/0x180 [ 121.364730] ---[ end trace 0000000000000000 ]--- 12:41:24 executing program 6: openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x6000, 0x0) 12:41:24 executing program 6: openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x6000, 0x0) 12:41:24 executing program 6: openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x6000, 0x0) 12:41:24 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x5}, 0x1200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001a00010212c91e1bbeb3f02a250800ff085e762ac65f7d91053f295d4ffc20d65892ef07d227fdbe18dbfb1af3e0dd6a380e71c4fcf7eb3843a0a27d26af18e26c51db155af69e0000000000000000000000000000df63a36fd407eb99643b749f82e446ef63c21499fc9022822e14cf2dbe93dedf4e77766175ac5c31d7d34cf901e24917654cb8d3c73e60c6c12f77588b76a9611ccb029fc621b6cee12eb8459bf1b75803ac062baa94cd7dfdf5af4315b56bc0b876e61fa3a5d8f3ac20a51e8f575c1d589000"/215], 0x28}}, 0x0) recvmmsg(r0, &(0x7f0000003980)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) pwritev2(r1, 0x0, 0x0, 0x0, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f00000003c0)={0xa, 0x4e21, 0x4, @private1, 0xb5fc}, 0x1c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = gettid() rt_sigqueueinfo(r3, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r1, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x3c, 0x0, 0x100, 0x70bd27, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x5, 0x10}}}}, [@NL80211_ATTR_FRAME={0x18, 0x33, @ctrl_frame=@bar={{}, {0x8}, @device_b, @device_b, @compressed={{0x1, 0x0, 0x1, 0x0, 0x6}, {0x2, 0x8}}}}, @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x48a1}, 0x400c890) sendmmsg$unix(r4, &(0x7f0000001fc0)=[{{&(0x7f0000000040)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000000240)=[{&(0x7f00000000c0)="2a4999f1ced3a04d3e945455e6cab8493379abc3d5c2d89b792050158475106b14ac9b07e08fb2384b519262b6", 0x2d}, {&(0x7f0000000140)="e9", 0x1}, {0x0}], 0x3, 0xfffffffffffffffc}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000001f00)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff, 0xee01}}}], 0x40, 0x20040401}}], 0x2, 0x0) sendmmsg$unix(r2, &(0x7f0000001fc0)=[{{&(0x7f0000000040)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000000240)=[{&(0x7f00000000c0)="2a4999f1ced3a04d3e945455e6cab8493379abc3d5c2d89b792050158475106b14ac9b07e08fb2384b519262b6", 0x2d}, {&(0x7f0000000140)="e9", 0x1}, {0x0}], 0x3, 0xfffffffffffffffc, 0x0, 0x804}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000001f00)=[@rights={{0x14, 0x1, 0x1, [r4]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff, 0xee01}}}], 0x38, 0x24040405}}], 0x2, 0x0) r5 = socket$inet6(0xa, 0x1, 0x0) getsockopt$inet6_buf(r5, 0x29, 0x6, 0x0, &(0x7f0000000140)) rt_tgsigqueueinfo(0x0, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0xffffffc4}) 12:41:24 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x5}, 0x1200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001a00010212c91e1bbeb3f02a250800ff085e762ac65f7d91053f295d4ffc20d65892ef07d227fdbe18dbfb1af3e0dd6a380e71c4fcf7eb3843a0a27d26af18e26c51db155af69e0000000000000000000000000000df63a36fd407eb99643b749f82e446ef63c21499fc9022822e14cf2dbe93dedf4e77766175ac5c31d7d34cf901e24917654cb8d3c73e60c6c12f77588b76a9611ccb029fc621b6cee12eb8459bf1b75803ac062baa94cd7dfdf5af4315b56bc0b876e61fa3a5d8f3ac20a51e8f575c1d589000"/215], 0x28}}, 0x0) recvmmsg(r0, &(0x7f0000003980)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) pwritev2(r1, 0x0, 0x0, 0x0, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f00000003c0)={0xa, 0x4e21, 0x4, @private1, 0xb5fc}, 0x1c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = gettid() rt_sigqueueinfo(r3, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r1, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x3c, 0x0, 0x100, 0x70bd27, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x5, 0x10}}}}, [@NL80211_ATTR_FRAME={0x18, 0x33, @ctrl_frame=@bar={{}, {0x8}, @device_b, @device_b, @compressed={{0x1, 0x0, 0x1, 0x0, 0x6}, {0x2, 0x8}}}}, @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x48a1}, 0x400c890) sendmmsg$unix(r4, &(0x7f0000001fc0)=[{{&(0x7f0000000040)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000000240)=[{&(0x7f00000000c0)="2a4999f1ced3a04d3e945455e6cab8493379abc3d5c2d89b792050158475106b14ac9b07e08fb2384b519262b6", 0x2d}, {&(0x7f0000000140)="e9", 0x1}, {0x0}], 0x3, 0xfffffffffffffffc}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000001f00)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff, 0xee01}}}], 0x40, 0x20040401}}], 0x2, 0x0) sendmmsg$unix(r2, &(0x7f0000001fc0)=[{{&(0x7f0000000040)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000000240)=[{&(0x7f00000000c0)="2a4999f1ced3a04d3e945455e6cab8493379abc3d5c2d89b792050158475106b14ac9b07e08fb2384b519262b6", 0x2d}, {&(0x7f0000000140)="e9", 0x1}, {0x0}], 0x3, 0xfffffffffffffffc, 0x0, 0x804}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000001f00)=[@rights={{0x14, 0x1, 0x1, [r4]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff, 0xee01}}}], 0x38, 0x24040405}}], 0x2, 0x0) r5 = socket$inet6(0xa, 0x1, 0x0) getsockopt$inet6_buf(r5, 0x29, 0x6, 0x0, &(0x7f0000000140)) rt_tgsigqueueinfo(0x0, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0xffffffc4}) 12:41:25 executing program 1: shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil) r0 = shmat(0x0, &(0x7f0000ffe000/0x2000)=nil, 0x4000) shmdt(r0) syz_open_dev$mouse(0x0, 0x1, 0x0) sendmsg$BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, 0x0, 0x0) 12:41:25 executing program 5: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x5}, 0x1200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001a00010212c91e1bbeb3f02a250800ff085e762ac65f7d91053f295d4ffc20d65892ef07d227fdbe18dbfb1af3e0dd6a380e71c4fcf7eb3843a0a27d26af18e26c51db155af69e0000000000000000000000000000df63a36fd407eb99643b749f82e446ef63c21499fc9022822e14cf2dbe93dedf4e77766175ac5c31d7d34cf901e24917654cb8d3c73e60c6c12f77588b76a9611ccb029fc621b6cee12eb8459bf1b75803ac062baa94cd7dfdf5af4315b56bc0b876e61fa3a5d8f3ac20a51e8f575c1d589000"/215], 0x28}}, 0x0) recvmmsg(r0, &(0x7f0000003980)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) pwritev2(r1, 0x0, 0x0, 0x0, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f00000003c0)={0xa, 0x4e21, 0x4, @private1, 0xb5fc}, 0x1c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = gettid() rt_sigqueueinfo(r3, 0x11, &(0x7f0000000000)={0x0, 0x0, 0xfffffffe}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r1, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x3c, 0x0, 0x100, 0x70bd27, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x5, 0x10}}}}, [@NL80211_ATTR_FRAME={0x18, 0x33, @ctrl_frame=@bar={{}, {0x8}, @device_b, @device_b, @compressed={{0x1, 0x0, 0x1, 0x0, 0x6}, {0x2, 0x8}}}}, @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x48a1}, 0x400c890) sendmmsg$unix(r4, &(0x7f0000001fc0)=[{{&(0x7f0000000040)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000000240)=[{&(0x7f00000000c0)="2a4999f1ced3a04d3e945455e6cab8493379abc3d5c2d89b792050158475106b14ac9b07e08fb2384b519262b6", 0x2d}, {&(0x7f0000000140)="e9", 0x1}, {0x0}], 0x3, 0xfffffffffffffffc}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000001f00)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff, 0xee01}}}], 0x40, 0x20040401}}], 0x2, 0x0) sendmmsg$unix(r2, &(0x7f0000001fc0)=[{{&(0x7f0000000040)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000000240)=[{&(0x7f00000000c0)="2a4999f1ced3a04d3e945455e6cab8493379abc3d5c2d89b792050158475106b14ac9b07e08fb2384b519262b6", 0x2d}, {&(0x7f0000000140)="e9", 0x1}, {0x0}], 0x3, 0xfffffffffffffffc, 0x0, 0x804}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000001f00)=[@rights={{0x14, 0x1, 0x1, [r4]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff, 0xee01}}}], 0x38, 0x24040405}}], 0x2, 0x0) r5 = socket$inet6(0xa, 0x1, 0x0) getsockopt$inet6_buf(r5, 0x29, 0x6, 0x0, &(0x7f0000000140)) rt_tgsigqueueinfo(0x0, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0xffffffc4}) 12:41:25 executing program 1: shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil) r0 = shmat(0x0, &(0x7f0000ffe000/0x2000)=nil, 0x4000) shmdt(r0) syz_open_dev$mouse(0x0, 0x1, 0x0) sendmsg$BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, 0x0, 0x0) [ 125.610298] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 125.614325] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 125.616077] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 125.618695] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 125.620170] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 125.621470] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 125.625735] Bluetooth: hci0: HCI_REQ-0x0c1a [ 127.633237] Bluetooth: hci0: command 0x0409 tx timeout [ 127.634105] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 127.634776] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 129.681211] Bluetooth: hci0: command 0x041b tx timeout [ 129.814911] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 129.815896] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 129.816562] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 129.818409] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 129.819466] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 129.820099] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 129.823083] Bluetooth: hci5: HCI_REQ-0x0c1a VM DIAGNOSIS: 12:41:24 Registers: info registers vcpu 0 RAX=0000000000000062 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822b1c91 RDI=ffffffff87645ba0 RBP=ffffffff87645b60 RSP=ffff88801b917698 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000062 R11=0000000000000001 R12=0000000000000062 R13=ffffffff87645b60 R14=0000000000000010 R15=ffffffff822b1c80 RIP=ffffffff822b1ce9 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fd8a1644700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f2e7f9c7368 CR3=000000003e430000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007fd8a41b57c0 00007fd8a41b57c8 YMM02=0000000000000000 0000000000000000 00007fd8a41b57e0 00007fd8a41b57c0 YMM03=0000000000000000 0000000000000000 00007fd8a41b57c8 00007fd8a41b57c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=1ffff11003756fab RCX=0000000000000000 RDX=ffff88803564d040 RSI=ffffffff8169d423 RDI=0000000000000005 RBP=ffffffff851577a0 RSP=ffff88801bab7d10 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=0000000000000001 R13=0000000000000000 R14=ffffea00006ba080 R15=0000000000000000 RIP=ffffffff81461d57 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f1d8b71a540 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f1d8bbd9000 CR3=000000003e83c000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 ffff00ffffffffff ffffffffffff00ff YMM02=0000000000000000 0000000000000000 4c4700362e322e32 5f4342494c470035 YMM03=0000000000000000 0000000000000000 0000000000000000 0000000000470035 YMM04=0000000000000000 0000000000000000 4342494c4700362e 322e325f4342494c YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000