Warning: Permanently added '[localhost]:34791' (ECDSA) to the list of known hosts. 2022/09/12 18:35:21 fuzzer started 2022/09/12 18:35:21 dialing manager at localhost:38027 syzkaller login: [ 45.475099] cgroup: Unknown subsys name 'net' [ 45.586365] cgroup: Unknown subsys name 'rlimit' 2022/09/12 18:35:35 syscalls: 2215 2022/09/12 18:35:35 code coverage: enabled 2022/09/12 18:35:35 comparison tracing: enabled 2022/09/12 18:35:35 extra coverage: enabled 2022/09/12 18:35:35 setuid sandbox: enabled 2022/09/12 18:35:35 namespace sandbox: enabled 2022/09/12 18:35:35 Android sandbox: enabled 2022/09/12 18:35:35 fault injection: enabled 2022/09/12 18:35:35 leak checking: enabled 2022/09/12 18:35:35 net packet injection: enabled 2022/09/12 18:35:35 net device setup: enabled 2022/09/12 18:35:35 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/12 18:35:35 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/12 18:35:35 USB emulation: enabled 2022/09/12 18:35:35 hci packet injection: enabled 2022/09/12 18:35:35 wifi device emulation: failed to parse kernel version (6.0.0-rc5-next-20220912) 2022/09/12 18:35:35 802.15.4 emulation: enabled 2022/09/12 18:35:35 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/12 18:35:35 fetching corpus: 49, signal 33070/36560 (executing program) 2022/09/12 18:35:35 fetching corpus: 99, signal 46840/51794 (executing program) 2022/09/12 18:35:35 fetching corpus: 149, signal 56947/63253 (executing program) 2022/09/12 18:35:36 fetching corpus: 199, signal 62087/69800 (executing program) 2022/09/12 18:35:36 fetching corpus: 249, signal 68060/77057 (executing program) 2022/09/12 18:35:36 fetching corpus: 299, signal 78245/88273 (executing program) 2022/09/12 18:35:36 fetching corpus: 349, signal 85284/96296 (executing program) 2022/09/12 18:35:36 fetching corpus: 399, signal 92301/104286 (executing program) 2022/09/12 18:35:36 fetching corpus: 449, signal 95108/108171 (executing program) 2022/09/12 18:35:36 fetching corpus: 499, signal 97674/111807 (executing program) 2022/09/12 18:35:37 fetching corpus: 549, signal 101435/116566 (executing program) 2022/09/12 18:35:37 fetching corpus: 599, signal 104734/120848 (executing program) 2022/09/12 18:35:37 fetching corpus: 649, signal 108162/125186 (executing program) 2022/09/12 18:35:37 fetching corpus: 699, signal 111115/129059 (executing program) 2022/09/12 18:35:37 fetching corpus: 749, signal 113652/132513 (executing program) 2022/09/12 18:35:37 fetching corpus: 799, signal 115796/135571 (executing program) 2022/09/12 18:35:37 fetching corpus: 849, signal 118173/138808 (executing program) 2022/09/12 18:35:38 fetching corpus: 899, signal 120338/141828 (executing program) 2022/09/12 18:35:38 fetching corpus: 949, signal 122083/144415 (executing program) 2022/09/12 18:35:38 fetching corpus: 999, signal 124939/147935 (executing program) 2022/09/12 18:35:38 fetching corpus: 1049, signal 126996/150766 (executing program) 2022/09/12 18:35:38 fetching corpus: 1099, signal 129321/153782 (executing program) 2022/09/12 18:35:38 fetching corpus: 1149, signal 132253/157281 (executing program) 2022/09/12 18:35:38 fetching corpus: 1199, signal 133685/159527 (executing program) 2022/09/12 18:35:39 fetching corpus: 1249, signal 136087/162509 (executing program) 2022/09/12 18:35:39 fetching corpus: 1299, signal 138710/165628 (executing program) 2022/09/12 18:35:39 fetching corpus: 1349, signal 140908/168377 (executing program) 2022/09/12 18:35:39 fetching corpus: 1399, signal 142867/170873 (executing program) 2022/09/12 18:35:39 fetching corpus: 1449, signal 144090/172745 (executing program) 2022/09/12 18:35:39 fetching corpus: 1499, signal 146250/175386 (executing program) 2022/09/12 18:35:39 fetching corpus: 1549, signal 148102/177794 (executing program) 2022/09/12 18:35:40 fetching corpus: 1599, signal 150353/180487 (executing program) 2022/09/12 18:35:40 fetching corpus: 1649, signal 152143/182749 (executing program) 2022/09/12 18:35:40 fetching corpus: 1699, signal 153929/184966 (executing program) 2022/09/12 18:35:40 fetching corpus: 1749, signal 155450/187029 (executing program) 2022/09/12 18:35:40 fetching corpus: 1799, signal 156622/188792 (executing program) 2022/09/12 18:35:40 fetching corpus: 1849, signal 158289/190910 (executing program) 2022/09/12 18:35:40 fetching corpus: 1899, signal 159926/192927 (executing program) 2022/09/12 18:35:41 fetching corpus: 1949, signal 161824/195145 (executing program) 2022/09/12 18:35:41 fetching corpus: 1999, signal 163727/197312 (executing program) 2022/09/12 18:35:41 fetching corpus: 2049, signal 165270/199198 (executing program) 2022/09/12 18:35:41 fetching corpus: 2099, signal 167184/201328 (executing program) 2022/09/12 18:35:41 fetching corpus: 2149, signal 168645/203167 (executing program) 2022/09/12 18:35:41 fetching corpus: 2199, signal 170052/204913 (executing program) 2022/09/12 18:35:42 fetching corpus: 2249, signal 171655/206768 (executing program) 2022/09/12 18:35:42 fetching corpus: 2299, signal 172809/208274 (executing program) 2022/09/12 18:35:42 fetching corpus: 2349, signal 174163/209958 (executing program) 2022/09/12 18:35:42 fetching corpus: 2399, signal 174998/211216 (executing program) 2022/09/12 18:35:42 fetching corpus: 2449, signal 176078/212685 (executing program) 2022/09/12 18:35:42 fetching corpus: 2499, signal 176810/213878 (executing program) 2022/09/12 18:35:42 fetching corpus: 2549, signal 177849/215283 (executing program) 2022/09/12 18:35:43 fetching corpus: 2599, signal 178669/216491 (executing program) 2022/09/12 18:35:43 fetching corpus: 2649, signal 179970/218051 (executing program) 2022/09/12 18:35:43 fetching corpus: 2699, signal 180804/219223 (executing program) 2022/09/12 18:35:43 fetching corpus: 2749, signal 181949/220666 (executing program) 2022/09/12 18:35:43 fetching corpus: 2799, signal 182922/221941 (executing program) 2022/09/12 18:35:43 fetching corpus: 2849, signal 183950/223209 (executing program) 2022/09/12 18:35:43 fetching corpus: 2899, signal 185117/224582 (executing program) 2022/09/12 18:35:44 fetching corpus: 2949, signal 186856/226289 (executing program) 2022/09/12 18:35:44 fetching corpus: 2999, signal 187823/227436 (executing program) 2022/09/12 18:35:44 fetching corpus: 3049, signal 188578/228523 (executing program) 2022/09/12 18:35:44 fetching corpus: 3099, signal 189606/229810 (executing program) 2022/09/12 18:35:44 fetching corpus: 3149, signal 190314/230789 (executing program) 2022/09/12 18:35:44 fetching corpus: 3199, signal 191292/231935 (executing program) 2022/09/12 18:35:44 fetching corpus: 3249, signal 191958/232897 (executing program) 2022/09/12 18:35:44 fetching corpus: 3299, signal 192774/233983 (executing program) 2022/09/12 18:35:44 fetching corpus: 3349, signal 193907/235173 (executing program) 2022/09/12 18:35:45 fetching corpus: 3399, signal 195166/236411 (executing program) 2022/09/12 18:35:45 fetching corpus: 3449, signal 196298/237586 (executing program) 2022/09/12 18:35:45 fetching corpus: 3499, signal 197819/238948 (executing program) 2022/09/12 18:35:45 fetching corpus: 3549, signal 199276/240256 (executing program) 2022/09/12 18:35:45 fetching corpus: 3599, signal 200169/241230 (executing program) 2022/09/12 18:35:45 fetching corpus: 3649, signal 201303/242306 (executing program) 2022/09/12 18:35:46 fetching corpus: 3699, signal 202415/243336 (executing program) 2022/09/12 18:35:46 fetching corpus: 3749, signal 203607/244421 (executing program) 2022/09/12 18:35:46 fetching corpus: 3799, signal 204337/245300 (executing program) 2022/09/12 18:35:46 fetching corpus: 3849, signal 204921/246116 (executing program) 2022/09/12 18:35:46 fetching corpus: 3899, signal 205764/247009 (executing program) 2022/09/12 18:35:46 fetching corpus: 3949, signal 206464/247869 (executing program) 2022/09/12 18:35:46 fetching corpus: 3999, signal 207321/248713 (executing program) 2022/09/12 18:35:46 fetching corpus: 4049, signal 208370/249632 (executing program) 2022/09/12 18:35:47 fetching corpus: 4099, signal 208810/250305 (executing program) 2022/09/12 18:35:47 fetching corpus: 4149, signal 209681/251161 (executing program) 2022/09/12 18:35:47 fetching corpus: 4199, signal 210154/251886 (executing program) 2022/09/12 18:35:47 fetching corpus: 4249, signal 211129/252779 (executing program) 2022/09/12 18:35:47 fetching corpus: 4299, signal 211930/253584 (executing program) 2022/09/12 18:35:47 fetching corpus: 4349, signal 212608/254299 (executing program) 2022/09/12 18:35:47 fetching corpus: 4399, signal 213146/254962 (executing program) 2022/09/12 18:35:48 fetching corpus: 4449, signal 213760/255622 (executing program) 2022/09/12 18:35:48 fetching corpus: 4499, signal 214523/256327 (executing program) 2022/09/12 18:35:48 fetching corpus: 4548, signal 215455/257099 (executing program) 2022/09/12 18:35:48 fetching corpus: 4598, signal 216009/257775 (executing program) 2022/09/12 18:35:48 fetching corpus: 4648, signal 217112/258586 (executing program) 2022/09/12 18:35:48 fetching corpus: 4698, signal 218009/259300 (executing program) 2022/09/12 18:35:48 fetching corpus: 4748, signal 218919/259979 (executing program) 2022/09/12 18:35:49 fetching corpus: 4798, signal 219371/260499 (executing program) 2022/09/12 18:35:49 fetching corpus: 4848, signal 220058/261145 (executing program) 2022/09/12 18:35:49 fetching corpus: 4898, signal 220819/261764 (executing program) 2022/09/12 18:35:49 fetching corpus: 4948, signal 221518/262351 (executing program) 2022/09/12 18:35:49 fetching corpus: 4998, signal 222206/262980 (executing program) 2022/09/12 18:35:49 fetching corpus: 5048, signal 222815/263539 (executing program) 2022/09/12 18:35:49 fetching corpus: 5098, signal 223669/264115 (executing program) 2022/09/12 18:35:49 fetching corpus: 5148, signal 224092/264636 (executing program) 2022/09/12 18:35:49 fetching corpus: 5198, signal 224540/265111 (executing program) 2022/09/12 18:35:50 fetching corpus: 5248, signal 225189/265644 (executing program) 2022/09/12 18:35:50 fetching corpus: 5298, signal 225711/266151 (executing program) 2022/09/12 18:35:50 fetching corpus: 5348, signal 226211/266662 (executing program) 2022/09/12 18:35:50 fetching corpus: 5398, signal 226783/267131 (executing program) 2022/09/12 18:35:50 fetching corpus: 5448, signal 227396/267640 (executing program) 2022/09/12 18:35:50 fetching corpus: 5498, signal 227946/268074 (executing program) 2022/09/12 18:35:50 fetching corpus: 5548, signal 228576/268604 (executing program) 2022/09/12 18:35:51 fetching corpus: 5598, signal 229005/269042 (executing program) 2022/09/12 18:35:51 fetching corpus: 5648, signal 229615/269550 (executing program) 2022/09/12 18:35:51 fetching corpus: 5698, signal 230041/269963 (executing program) 2022/09/12 18:35:51 fetching corpus: 5748, signal 230788/270422 (executing program) 2022/09/12 18:35:51 fetching corpus: 5798, signal 231216/270872 (executing program) 2022/09/12 18:35:51 fetching corpus: 5848, signal 231700/271289 (executing program) 2022/09/12 18:35:51 fetching corpus: 5898, signal 232432/271710 (executing program) 2022/09/12 18:35:51 fetching corpus: 5948, signal 233119/272196 (executing program) 2022/09/12 18:35:52 fetching corpus: 5998, signal 233666/272566 (executing program) 2022/09/12 18:35:52 fetching corpus: 6048, signal 234346/272963 (executing program) 2022/09/12 18:35:52 fetching corpus: 6098, signal 235316/273400 (executing program) 2022/09/12 18:35:52 fetching corpus: 6148, signal 235762/273752 (executing program) 2022/09/12 18:35:52 fetching corpus: 6198, signal 236517/274134 (executing program) 2022/09/12 18:35:52 fetching corpus: 6248, signal 237074/274508 (executing program) 2022/09/12 18:35:53 fetching corpus: 6298, signal 237934/274851 (executing program) 2022/09/12 18:35:53 fetching corpus: 6348, signal 238315/275176 (executing program) 2022/09/12 18:35:53 fetching corpus: 6398, signal 238797/275512 (executing program) 2022/09/12 18:35:53 fetching corpus: 6448, signal 239364/275849 (executing program) 2022/09/12 18:35:53 fetching corpus: 6498, signal 240132/276133 (executing program) 2022/09/12 18:35:53 fetching corpus: 6548, signal 240640/276454 (executing program) 2022/09/12 18:35:53 fetching corpus: 6598, signal 241031/276816 (executing program) 2022/09/12 18:35:53 fetching corpus: 6648, signal 241603/277119 (executing program) 2022/09/12 18:35:54 fetching corpus: 6698, signal 242069/277435 (executing program) 2022/09/12 18:35:54 fetching corpus: 6748, signal 242467/277534 (executing program) 2022/09/12 18:35:54 fetching corpus: 6798, signal 242862/277544 (executing program) 2022/09/12 18:35:54 fetching corpus: 6847, signal 243355/277575 (executing program) 2022/09/12 18:35:54 fetching corpus: 6897, signal 243890/277587 (executing program) 2022/09/12 18:35:54 fetching corpus: 6947, signal 244580/277595 (executing program) 2022/09/12 18:35:54 fetching corpus: 6997, signal 245059/277619 (executing program) 2022/09/12 18:35:54 fetching corpus: 7047, signal 245529/277664 (executing program) 2022/09/12 18:35:55 fetching corpus: 7097, signal 245912/277688 (executing program) 2022/09/12 18:35:55 fetching corpus: 7147, signal 246598/277719 (executing program) 2022/09/12 18:35:55 fetching corpus: 7197, signal 247311/277792 (executing program) 2022/09/12 18:35:55 fetching corpus: 7247, signal 247932/277793 (executing program) 2022/09/12 18:35:55 fetching corpus: 7297, signal 248360/277802 (executing program) 2022/09/12 18:35:55 fetching corpus: 7347, signal 248717/277816 (executing program) 2022/09/12 18:35:56 fetching corpus: 7397, signal 249156/277848 (executing program) 2022/09/12 18:35:56 fetching corpus: 7447, signal 249662/277887 (executing program) 2022/09/12 18:35:56 fetching corpus: 7497, signal 250148/277895 (executing program) 2022/09/12 18:35:56 fetching corpus: 7547, signal 250817/277922 (executing program) 2022/09/12 18:35:56 fetching corpus: 7597, signal 251366/277928 (executing program) 2022/09/12 18:35:56 fetching corpus: 7647, signal 251858/277974 (executing program) 2022/09/12 18:35:56 fetching corpus: 7697, signal 252224/277974 (executing program) 2022/09/12 18:35:57 fetching corpus: 7747, signal 252633/277985 (executing program) 2022/09/12 18:35:57 fetching corpus: 7797, signal 253048/278007 (executing program) 2022/09/12 18:35:57 fetching corpus: 7847, signal 253596/278011 (executing program) 2022/09/12 18:35:57 fetching corpus: 7897, signal 254247/278028 (executing program) 2022/09/12 18:35:57 fetching corpus: 7947, signal 254756/278028 (executing program) 2022/09/12 18:35:57 fetching corpus: 7997, signal 255195/278080 (executing program) 2022/09/12 18:35:57 fetching corpus: 8047, signal 255573/278090 (executing program) 2022/09/12 18:35:58 fetching corpus: 8097, signal 255939/278127 (executing program) 2022/09/12 18:35:58 fetching corpus: 8147, signal 256379/278171 (executing program) 2022/09/12 18:35:58 fetching corpus: 8197, signal 256727/278174 (executing program) 2022/09/12 18:35:58 fetching corpus: 8247, signal 257162/278174 (executing program) 2022/09/12 18:35:58 fetching corpus: 8297, signal 257746/278223 (executing program) 2022/09/12 18:35:58 fetching corpus: 8347, signal 258468/278238 (executing program) 2022/09/12 18:35:58 fetching corpus: 8397, signal 258963/278264 (executing program) 2022/09/12 18:35:59 fetching corpus: 8447, signal 259552/278295 (executing program) 2022/09/12 18:35:59 fetching corpus: 8497, signal 259945/278310 (executing program) 2022/09/12 18:35:59 fetching corpus: 8547, signal 260443/278325 (executing program) 2022/09/12 18:35:59 fetching corpus: 8597, signal 260810/278370 (executing program) 2022/09/12 18:35:59 fetching corpus: 8647, signal 261120/278399 (executing program) 2022/09/12 18:35:59 fetching corpus: 8697, signal 261520/278421 (executing program) 2022/09/12 18:35:59 fetching corpus: 8747, signal 262318/278424 (executing program) 2022/09/12 18:36:00 fetching corpus: 8797, signal 262762/278447 (executing program) 2022/09/12 18:36:00 fetching corpus: 8847, signal 263251/278448 (executing program) 2022/09/12 18:36:00 fetching corpus: 8897, signal 263686/278454 (executing program) 2022/09/12 18:36:00 fetching corpus: 8947, signal 264055/278465 (executing program) 2022/09/12 18:36:00 fetching corpus: 8997, signal 264602/278560 (executing program) 2022/09/12 18:36:00 fetching corpus: 9047, signal 265221/278563 (executing program) 2022/09/12 18:36:01 fetching corpus: 9097, signal 265787/278571 (executing program) 2022/09/12 18:36:01 fetching corpus: 9147, signal 266330/278593 (executing program) 2022/09/12 18:36:01 fetching corpus: 9197, signal 266986/278595 (executing program) 2022/09/12 18:36:01 fetching corpus: 9247, signal 267522/278608 (executing program) 2022/09/12 18:36:01 fetching corpus: 9257, signal 267599/278622 (executing program) 2022/09/12 18:36:01 fetching corpus: 9257, signal 267599/278622 (executing program) 2022/09/12 18:36:04 starting 8 fuzzer processes 18:36:04 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r0, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1}], 0x1, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0xf, 0x11, r1, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write(r2, &(0x7f0000000080)="01", 0x41030) 18:36:04 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_DELETE(r0, &(0x7f0000002440)={0x0, 0x0, &(0x7f0000002400)={&(0x7f0000002280)={0x4c, 0x2, 0x2, 0x5, 0x0, 0x0, {0x2}, [@CTA_EXPECT_ID={0x8}, @CTA_EXPECT_TUPLE={0x30, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @dev}}, {0x14, 0x4, @empty}}}]}]}, 0x4c}}, 0x0) 18:36:04 executing program 1: r0 = perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x3f, 0x9, 0x0, 0x8, 0x0, 0x2, 0x901, 0xa, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x6, 0x0, @perf_bp={&(0x7f0000000000), 0xc}, 0x282, 0x7fffffff, 0x7, 0x6, 0x762162ba, 0x0, 0x3}, 0xffffffffffffffff, 0xa, r2, 0x3) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r3) write$nbd(r3, &(0x7f0000000180)=ANY=[@ANYBLOB="674400000004000300010000008c5c67550171e6022497f116549ea4f8a5df0f85e764e53a056d1cea3419000000"], 0x2e) mknod(&(0x7f0000008d80)='./file0\x00', 0x0, 0x0) mount$9p_unix(&(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1a901e, 0x0) umount2(&(0x7f0000000140)='./file0\x00', 0x0) 18:36:04 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000000)={0x0, 0x0, "958106"}) 18:36:04 executing program 4: migrate_pages(0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) 18:36:04 executing program 6: mlock2(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0) shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0) r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x4) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) finit_module(r0, &(0x7f0000000140)='/dev/loop-control\x00', 0x3) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r3 = openat2(r1, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18) syz_io_uring_submit(0x0, 0x0, &(0x7f00000003c0)=@IORING_OP_WRITE={0x17, 0x1, 0x4007, @fd_index=0x2, 0x2, &(0x7f0000000340)="1a9c9aaba3133e4d461f263a04449aced2c50aa7e6f14e393752eb4babd6ce252ef62dfcf0d9608d4f3084f43ba9084b5eb7a00d76d147427169f6f806e7be70d662be17a8c51ea55124831b2ba52a90f3", 0x51, 0x4, 0x1}, 0xc8c) ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0xb) r4 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000180)=0x1) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4) r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0) ioctl$SNAPSHOT_FREE(r5, 0x3305) mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil) perf_event_open(&(0x7f00000001c0)={0x3, 0x80, 0x81, 0x90, 0x6, 0xc7, 0x0, 0x80000ffe, 0x1, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x539, 0x2, @perf_bp={&(0x7f0000000100), 0xc}, 0x8, 0x2, 0x829c, 0x2, 0xcf4b, 0x2, 0xfffa, 0x0, 0x5, 0x0, 0x28e5}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x3) 18:36:04 executing program 5: r0 = shmget$private(0x0, 0x14000, 0x0, &(0x7f0000fe7000/0x14000)=nil) shmat(r0, &(0x7f0000ff0000/0x3000)=nil, 0x4000) shmat(r0, &(0x7f0000ffb000/0x4000)=nil, 0x4000) mlock2(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0) mbind(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x0, 0x0, 0x0) shmat(r0, &(0x7f0000ff6000/0x4000)=nil, 0x7000) 18:36:04 executing program 7: r0 = syz_io_uring_setup(0x137, &(0x7f00000003c0), &(0x7f0000ff7000/0x9000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000440)=0x0, &(0x7f0000000380)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_SENDMSG={0x9, 0x3, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) [ 88.198258] audit: type=1400 audit(1663007764.574:6): avc: denied { execmem } for pid=288 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 89.570668] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 89.623077] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 89.624697] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 89.627899] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 89.630503] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 89.631754] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 89.644720] Bluetooth: hci0: HCI_REQ-0x0c1a [ 89.761763] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 89.763565] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 89.765099] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 89.767436] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 89.770933] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 89.772162] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 89.774167] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 89.775544] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 89.780288] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 89.829002] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 89.831017] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 89.832276] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 89.834838] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 89.836784] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 89.838049] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 89.843355] Bluetooth: hci1: HCI_REQ-0x0c1a [ 89.881235] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 89.883429] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 89.884999] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 89.890190] Bluetooth: hci3: HCI_REQ-0x0c1a [ 89.930010] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 89.939052] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 89.945905] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 89.947959] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 89.949531] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 89.951046] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 89.952469] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 89.965206] Bluetooth: hci5: HCI_REQ-0x0c1a [ 89.969292] Bluetooth: hci6: HCI_REQ-0x0c1a [ 90.121522] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 90.124903] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 90.137146] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 90.145132] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 90.158098] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 90.163766] Bluetooth: hci2: HCI_REQ-0x0c1a [ 90.585056] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 90.594005] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 90.595863] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 90.638024] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 90.656334] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 90.678760] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 90.726799] Bluetooth: hci7: HCI_REQ-0x0c1a [ 91.679659] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 91.808124] Bluetooth: hci0: command 0x0409 tx timeout [ 91.871661] Bluetooth: hci1: command 0x0409 tx timeout [ 91.935728] Bluetooth: hci3: command 0x0409 tx timeout [ 91.999660] Bluetooth: hci6: command 0x0409 tx timeout [ 92.000185] Bluetooth: hci5: command 0x0409 tx timeout [ 92.191668] Bluetooth: hci2: command 0x0409 tx timeout [ 92.767655] Bluetooth: hci7: command 0x0409 tx timeout [ 93.855963] Bluetooth: hci0: command 0x041b tx timeout [ 93.919671] Bluetooth: hci1: command 0x041b tx timeout [ 93.982903] Bluetooth: hci3: command 0x041b tx timeout [ 94.047761] Bluetooth: hci5: command 0x041b tx timeout [ 94.048285] Bluetooth: hci6: command 0x041b tx timeout [ 94.238660] Bluetooth: hci2: command 0x041b tx timeout [ 94.814720] Bluetooth: hci7: command 0x041b tx timeout [ 95.209323] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 95.217796] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 95.224967] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 95.233760] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 95.242747] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 95.245448] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 95.251651] Bluetooth: hci4: HCI_REQ-0x0c1a [ 95.903706] Bluetooth: hci0: command 0x040f tx timeout [ 95.967660] Bluetooth: hci1: command 0x040f tx timeout [ 96.031904] Bluetooth: hci3: command 0x040f tx timeout [ 96.095667] Bluetooth: hci6: command 0x040f tx timeout [ 96.096128] Bluetooth: hci5: command 0x040f tx timeout [ 96.286697] Bluetooth: hci2: command 0x040f tx timeout [ 96.862688] Bluetooth: hci7: command 0x040f tx timeout [ 97.310692] Bluetooth: hci4: command 0x0409 tx timeout [ 97.951702] Bluetooth: hci0: command 0x0419 tx timeout [ 98.015709] Bluetooth: hci1: command 0x0419 tx timeout [ 98.079873] Bluetooth: hci3: command 0x0419 tx timeout [ 98.143698] Bluetooth: hci5: command 0x0419 tx timeout [ 98.145035] Bluetooth: hci6: command 0x0419 tx timeout [ 98.335650] Bluetooth: hci2: command 0x0419 tx timeout [ 98.911655] Bluetooth: hci7: command 0x0419 tx timeout [ 99.359703] Bluetooth: hci4: command 0x041b tx timeout [ 101.407652] Bluetooth: hci4: command 0x040f tx timeout [ 103.455723] Bluetooth: hci4: command 0x0419 tx timeout 18:37:04 executing program 7: r0 = syz_io_uring_setup(0x137, &(0x7f00000003c0), &(0x7f0000ff7000/0x9000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000440)=0x0, &(0x7f0000000380)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_SENDMSG={0x9, 0x3, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) 18:37:04 executing program 7: r0 = syz_io_uring_setup(0x137, &(0x7f00000003c0), &(0x7f0000ff7000/0x9000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000440)=0x0, &(0x7f0000000380)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_SENDMSG={0x9, 0x3, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) 18:37:04 executing program 7: r0 = syz_io_uring_setup(0x137, &(0x7f00000003c0), &(0x7f0000ff7000/0x9000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000440)=0x0, &(0x7f0000000380)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_SENDMSG={0x9, 0x3, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x100001, 0x0, 0x0, 0x0, 0x0) 18:37:04 executing program 7: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f00000014c0)={0x1c, 0x58, 0x1, 0x0, 0x0, "", [@nested={0xc, 0x0, 0x0, 0x1, [@typed={0x8, 0x1, 0x0, 0x0, @pid}]}]}, 0x1c}], 0x1}, 0x0) 18:37:04 executing program 7: perf_event_open(&(0x7f0000000300)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xffffffff81000000, 0x8}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 148.449202] audit: type=1400 audit(1663007824.826:7): avc: denied { open } for pid=3798 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 148.450773] audit: type=1400 audit(1663007824.826:8): avc: denied { kernel } for pid=3798 comm="syz-executor.7" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 148.462648] ------------[ cut here ]------------ [ 148.462668] [ 148.462671] ====================================================== [ 148.462674] WARNING: possible circular locking dependency detected [ 148.462678] 6.0.0-rc5-next-20220912 #1 Not tainted [ 148.462684] ------------------------------------------------------ [ 148.462687] syz-executor.7/3799 is trying to acquire lock: [ 148.462693] ffffffff853fa878 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 148.462727] [ 148.462727] but task is already holding lock: [ 148.462730] ffff888009629c20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 148.462756] [ 148.462756] which lock already depends on the new lock. [ 148.462756] [ 148.462759] [ 148.462759] the existing dependency chain (in reverse order) is: [ 148.462762] [ 148.462762] -> #3 (&ctx->lock){....}-{2:2}: [ 148.462776] _raw_spin_lock+0x2a/0x40 [ 148.462792] __perf_event_task_sched_out+0x53b/0x18d0 [ 148.462805] __schedule+0xedd/0x2470 [ 148.462814] schedule+0xda/0x1b0 [ 148.462823] exit_to_user_mode_prepare+0x114/0x1a0 [ 148.462843] syscall_exit_to_user_mode+0x19/0x40 [ 148.462861] do_syscall_64+0x48/0x90 [ 148.462874] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 148.462891] [ 148.462891] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 148.462904] _raw_spin_lock_nested+0x30/0x40 [ 148.462919] raw_spin_rq_lock_nested+0x1e/0x30 [ 148.462932] task_fork_fair+0x63/0x4d0 [ 148.462949] sched_cgroup_fork+0x3d0/0x540 [ 148.462963] copy_process+0x3f9e/0x6df0 [ 148.462973] kernel_clone+0xe7/0x890 [ 148.462982] user_mode_thread+0xad/0xf0 [ 148.462992] rest_init+0x24/0x250 [ 148.463008] arch_call_rest_init+0xf/0x14 [ 148.463027] start_kernel+0x4c1/0x4e6 [ 148.463044] secondary_startup_64_no_verify+0xe0/0xeb [ 148.463058] [ 148.463058] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 148.463071] _raw_spin_lock_irqsave+0x39/0x60 [ 148.463086] try_to_wake_up+0xab/0x1920 [ 148.463099] up+0x75/0xb0 [ 148.463111] __up_console_sem+0x6e/0x80 [ 148.463127] console_unlock+0x46a/0x590 [ 148.463143] vprintk_emit+0x1bd/0x560 [ 148.463160] vprintk+0x84/0xa0 [ 148.463176] _printk+0xba/0xf1 [ 148.463194] kauditd_hold_skb.cold+0x3f/0x4e [ 148.463207] kauditd_send_queue+0x233/0x290 [ 148.463222] kauditd_thread+0x5da/0x9a0 [ 148.463237] kthread+0x2ed/0x3a0 [ 148.463251] ret_from_fork+0x22/0x30 [ 148.463263] [ 148.463263] -> #0 ((console_sem).lock){....}-{2:2}: [ 148.463277] __lock_acquire+0x2a02/0x5e70 [ 148.463293] lock_acquire+0x1a2/0x530 [ 148.463310] _raw_spin_lock_irqsave+0x39/0x60 [ 148.463324] down_trylock+0xe/0x70 [ 148.463337] __down_trylock_console_sem+0x3b/0xd0 [ 148.463353] vprintk_emit+0x16b/0x560 [ 148.463370] vprintk+0x84/0xa0 [ 148.463386] _printk+0xba/0xf1 [ 148.463402] report_bug.cold+0x72/0xab [ 148.463415] handle_bug+0x3c/0x70 [ 148.463427] exc_invalid_op+0x14/0x50 [ 148.463440] asm_exc_invalid_op+0x16/0x20 [ 148.463456] group_sched_out.part.0+0x2c7/0x460 [ 148.463467] ctx_sched_out+0x8f1/0xc10 [ 148.463476] __perf_event_task_sched_out+0x6d0/0x18d0 [ 148.463488] __schedule+0xedd/0x2470 [ 148.463498] schedule+0xda/0x1b0 [ 148.463507] exit_to_user_mode_prepare+0x114/0x1a0 [ 148.463526] syscall_exit_to_user_mode+0x19/0x40 [ 148.463543] do_syscall_64+0x48/0x90 [ 148.463556] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 148.463572] [ 148.463572] other info that might help us debug this: [ 148.463572] [ 148.463575] Chain exists of: [ 148.463575] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 148.463575] [ 148.463590] Possible unsafe locking scenario: [ 148.463590] [ 148.463592] CPU0 CPU1 [ 148.463594] ---- ---- [ 148.463596] lock(&ctx->lock); [ 148.463602] lock(&rq->__lock); [ 148.463608] lock(&ctx->lock); [ 148.463614] lock((console_sem).lock); [ 148.463620] [ 148.463620] *** DEADLOCK *** [ 148.463620] [ 148.463622] 2 locks held by syz-executor.7/3799: [ 148.463628] #0: ffff88806ce37cd8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 148.463654] #1: ffff888009629c20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 148.463681] [ 148.463681] stack backtrace: [ 148.463684] CPU: 0 PID: 3799 Comm: syz-executor.7 Not tainted 6.0.0-rc5-next-20220912 #1 [ 148.463697] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 148.463705] Call Trace: [ 148.463708] [ 148.463712] dump_stack_lvl+0x8b/0xb3 [ 148.463726] check_noncircular+0x263/0x2e0 [ 148.463743] ? format_decode+0x26c/0xb50 [ 148.463758] ? print_circular_bug+0x450/0x450 [ 148.463775] ? enable_ptr_key_workfn+0x20/0x20 [ 148.463790] ? format_decode+0x26c/0xb50 [ 148.463805] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 148.463823] __lock_acquire+0x2a02/0x5e70 [ 148.463845] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 148.463868] lock_acquire+0x1a2/0x530 [ 148.463885] ? down_trylock+0xe/0x70 [ 148.463900] ? rcu_read_unlock+0x40/0x40 [ 148.463921] ? vprintk+0x84/0xa0 [ 148.463940] _raw_spin_lock_irqsave+0x39/0x60 [ 148.463955] ? down_trylock+0xe/0x70 [ 148.463969] down_trylock+0xe/0x70 [ 148.463982] ? vprintk+0x84/0xa0 [ 148.464000] __down_trylock_console_sem+0x3b/0xd0 [ 148.464017] vprintk_emit+0x16b/0x560 [ 148.464037] vprintk+0x84/0xa0 [ 148.464055] _printk+0xba/0xf1 [ 148.464072] ? record_print_text.cold+0x16/0x16 [ 148.464094] ? report_bug.cold+0x66/0xab [ 148.464108] ? group_sched_out.part.0+0x2c7/0x460 [ 148.464120] report_bug.cold+0x72/0xab [ 148.464134] handle_bug+0x3c/0x70 [ 148.464148] exc_invalid_op+0x14/0x50 [ 148.464162] asm_exc_invalid_op+0x16/0x20 [ 148.464179] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 148.464193] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 148.464204] RSP: 0018:ffff888041ccfc48 EFLAGS: 00010006 [ 148.464213] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 148.464221] RDX: ffff888040c93580 RSI: ffffffff81566027 RDI: 0000000000000005 [ 148.464229] RBP: ffff8880086605c8 R08: 0000000000000005 R09: 0000000000000001 [ 148.464236] R10: 0000000000000000 R11: ffffffff865aa01b R12: ffff888009629c00 [ 148.464244] R13: ffff88806ce3d100 R14: ffffffff8547faa0 R15: 0000000000000002 [ 148.464255] ? group_sched_out.part.0+0x2c7/0x460 [ 148.464268] ? group_sched_out.part.0+0x2c7/0x460 [ 148.464280] ctx_sched_out+0x8f1/0xc10 [ 148.464293] __perf_event_task_sched_out+0x6d0/0x18d0 [ 148.464308] ? lock_is_held_type+0xd7/0x130 [ 148.464327] ? __perf_cgroup_move+0x160/0x160 [ 148.464338] ? set_next_entity+0x304/0x550 [ 148.464357] ? update_curr+0x267/0x740 [ 148.464375] ? lock_is_held_type+0xd7/0x130 [ 148.464394] __schedule+0xedd/0x2470 [ 148.464407] ? io_schedule_timeout+0x150/0x150 [ 148.464419] ? __x64_sys_futex_time32+0x480/0x480 [ 148.464433] schedule+0xda/0x1b0 [ 148.464443] exit_to_user_mode_prepare+0x114/0x1a0 [ 148.464464] syscall_exit_to_user_mode+0x19/0x40 [ 148.464482] do_syscall_64+0x48/0x90 [ 148.464496] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 148.464514] RIP: 0033:0x7fd6189d8b19 [ 148.464522] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 148.464533] RSP: 002b:00007fd615f4e218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 148.464544] RAX: 0000000000000001 RBX: 00007fd618aebf68 RCX: 00007fd6189d8b19 [ 148.464551] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fd618aebf6c [ 148.464559] RBP: 00007fd618aebf60 R08: 000000000000000e R09: 0000000000000000 [ 148.464566] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fd618aebf6c [ 148.464573] R13: 00007ffd1cc6a5cf R14: 00007fd615f4e300 R15: 0000000000022000 [ 148.464586] [ 148.522309] WARNING: CPU: 0 PID: 3799 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 148.522999] Modules linked in: [ 148.523245] CPU: 0 PID: 3799 Comm: syz-executor.7 Not tainted 6.0.0-rc5-next-20220912 #1 [ 148.523845] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 148.524680] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 148.525088] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 148.526446] RSP: 0018:ffff888041ccfc48 EFLAGS: 00010006 [ 148.526860] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 148.527385] RDX: ffff888040c93580 RSI: ffffffff81566027 RDI: 0000000000000005 [ 148.527920] RBP: ffff8880086605c8 R08: 0000000000000005 R09: 0000000000000001 [ 148.528466] R10: 0000000000000000 R11: ffffffff865aa01b R12: ffff888009629c00 [ 148.528996] R13: ffff88806ce3d100 R14: ffffffff8547faa0 R15: 0000000000000002 [ 148.529531] FS: 00007fd615f4e700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 148.530145] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 148.530579] CR2: 00007f70131ab8e0 CR3: 000000001f832000 CR4: 0000000000350ef0 [ 148.531124] DR0: ffffffff81000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 148.531653] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 148.532187] Call Trace: [ 148.532382] [ 148.532558] ctx_sched_out+0x8f1/0xc10 [ 148.532852] __perf_event_task_sched_out+0x6d0/0x18d0 [ 148.533239] ? lock_is_held_type+0xd7/0x130 [ 148.533566] ? __perf_cgroup_move+0x160/0x160 [ 148.533916] ? set_next_entity+0x304/0x550 [ 148.534238] ? update_curr+0x267/0x740 [ 148.534543] ? lock_is_held_type+0xd7/0x130 [ 148.534875] __schedule+0xedd/0x2470 [ 148.535167] ? io_schedule_timeout+0x150/0x150 [ 148.535518] ? __x64_sys_futex_time32+0x480/0x480 [ 148.535894] schedule+0xda/0x1b0 [ 148.536152] exit_to_user_mode_prepare+0x114/0x1a0 [ 148.536529] syscall_exit_to_user_mode+0x19/0x40 [ 148.536894] do_syscall_64+0x48/0x90 [ 148.537178] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 148.537569] RIP: 0033:0x7fd6189d8b19 [ 148.537859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 148.539207] RSP: 002b:00007fd615f4e218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 148.539786] RAX: 0000000000000001 RBX: 00007fd618aebf68 RCX: 00007fd6189d8b19 [ 148.540324] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fd618aebf6c [ 148.540854] RBP: 00007fd618aebf60 R08: 000000000000000e R09: 0000000000000000 [ 148.541391] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fd618aebf6c [ 148.541931] R13: 00007ffd1cc6a5cf R14: 00007fd615f4e300 R15: 0000000000022000 [ 148.542467] [ 148.542645] irq event stamp: 568 [ 148.542900] hardirqs last enabled at (567): [] exit_to_user_mode_prepare+0x109/0x1a0 [ 148.543599] hardirqs last disabled at (568): [] __schedule+0x1225/0x2470 [ 148.544217] softirqs last enabled at (456): [] __irq_exit_rcu+0x11b/0x180 [ 148.544857] softirqs last disabled at (301): [] __irq_exit_rcu+0x11b/0x180 [ 148.545494] ---[ end trace 0000000000000000 ]--- 18:37:05 executing program 7: syz_emit_ethernet(0xfdef, &(0x7f0000000000)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0xfde1, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @remote}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) 18:37:05 executing program 7: syz_emit_ethernet(0xfdef, &(0x7f0000000000)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0xfde1, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @remote}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) 18:37:05 executing program 7: syz_emit_ethernet(0xfdef, &(0x7f0000000000)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0xfde1, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @remote}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) [ 149.904454] audit: type=1400 audit(1663007826.281:9): avc: denied { write } for pid=3872 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 151.434902] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 151.436869] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 151.438103] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 151.440349] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 151.441909] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 151.443300] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 151.446436] Bluetooth: hci7: HCI_REQ-0x0c1a [ 153.246648] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 153.438659] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 153.439720] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 153.440815] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 153.441816] Bluetooth: hci2: Opcode 0x c03 failed: -110 [ 153.502701] Bluetooth: hci7: command 0x0409 tx timeout [ 155.504295] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 155.506023] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 155.509183] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 155.511398] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 155.513337] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 155.515051] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 155.518853] Bluetooth: hci0: HCI_REQ-0x0c1a [ 155.550714] Bluetooth: hci7: command 0x041b tx timeout [ 155.813416] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 155.819055] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 155.820662] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 155.822543] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 155.824212] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 155.825881] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 155.828880] Bluetooth: hci2: HCI_REQ-0x0c1a [ 155.973305] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 155.975044] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 155.977261] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 155.984986] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 155.988424] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 155.990056] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 156.005777] Bluetooth: hci3: HCI_REQ-0x0c1a [ 156.056824] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 156.068108] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 156.075785] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 156.084150] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 156.085869] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 156.087352] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 156.091326] Bluetooth: hci6: HCI_REQ-0x0c1a [ 157.534688] Bluetooth: hci0: command 0x0409 tx timeout [ 157.598677] Bluetooth: hci7: command 0x040f tx timeout [ 157.854654] Bluetooth: hci2: command 0x0409 tx timeout [ 157.983674] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 158.046657] Bluetooth: hci3: command 0x0409 tx timeout [ 158.111652] Bluetooth: hci6: command 0x0409 tx timeout VM DIAGNOSIS: 18:37:05 Registers: info registers vcpu 0 RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822b1e41 RDI=ffffffff8763fae0 RBP=ffffffff8763faa0 RSP=ffff888041ccf698 R8 =0000000000000001 R9 =000000000000000a R10=0000000000000030 R11=0000000000000001 R12=0000000000000030 R13=ffffffff8763faa0 R14=0000000000000010 R15=ffffffff822b1e30 RIP=ffffffff822b1e99 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fd615f4e700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f70131ab8e0 CR3=000000001f832000 CR4=00350ef0 DR0=ffffffff81000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000600 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007fd618abf7c0 00007fd618abf7c8 YMM02=0000000000000000 0000000000000000 00007fd618abf7e0 00007fd618abf7c0 YMM03=0000000000000000 0000000000000000 00007fd618abf7c8 00007fd618abf7c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=0000000000000001 RCX=ffff888041c4fdf0 RDX=0000000000000000 RSI=0000000000000001 RDI=0000000000000001 RBP=ffff888041c4f8a8 RSP=ffff888041c4f7d0 R8 =ffffffff85e4083a R9 =ffffffff85e4083e R10=ffffed1008389f17 R11=000000000003603d R12=ffff888041c4f891 R13=ffff888041c4f8b0 R14=ffff888041c4f850 R15=ffffffff85e4083f RIP=ffffffff8111b7d4 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f3cc91406f4 CR3=0000000005226000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007f3cc914f470 00007f3cc914ef20 YMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM03=0000000000000000 0000000000000000 756e20796d6d7564 20736e6f6974706f YMM04=0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 73253d656d616e6c 6165722073253d73 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000