Warning: Permanently added '[localhost]:24100' (ECDSA) to the list of known hosts. 2022/10/12 12:16:24 fuzzer started 2022/10/12 12:16:25 dialing manager at localhost:33719 syzkaller login: [ 47.479350] cgroup: Unknown subsys name 'net' [ 47.567039] cgroup: Unknown subsys name 'rlimit' 2022/10/12 12:16:42 syscalls: 201 2022/10/12 12:16:42 code coverage: enabled 2022/10/12 12:16:42 comparison tracing: enabled 2022/10/12 12:16:42 extra coverage: enabled 2022/10/12 12:16:42 setuid sandbox: enabled 2022/10/12 12:16:42 namespace sandbox: enabled 2022/10/12 12:16:42 Android sandbox: enabled 2022/10/12 12:16:42 fault injection: enabled 2022/10/12 12:16:42 leak checking: enabled 2022/10/12 12:16:42 net packet injection: enabled 2022/10/12 12:16:42 net device setup: enabled 2022/10/12 12:16:42 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/10/12 12:16:42 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/10/12 12:16:42 USB emulation: enabled 2022/10/12 12:16:42 hci packet injection: enabled 2022/10/12 12:16:42 wifi device emulation: failed to parse kernel version (6.0.0-next-20221011) 2022/10/12 12:16:42 802.15.4 emulation: enabled 2022/10/12 12:16:42 fetching corpus: 0, signal 0/0 (executing program) 2022/10/12 12:16:43 starting 8 fuzzer processes 12:16:43 executing program 0: r0 = fork() sched_getscheduler(r0) process_vm_readv(r0, &(0x7f00000002c0)=[{&(0x7f0000000000)=""/53, 0x35}, {&(0x7f0000000040)=""/253, 0xfd}, {&(0x7f0000000140)=""/135, 0x87}, {&(0x7f0000000200)=""/154, 0x9a}], 0x4, &(0x7f0000000840)=[{&(0x7f0000000300)=""/186, 0xba}, {&(0x7f00000003c0)=""/132, 0x84}, {&(0x7f0000000480)=""/223, 0xdf}, {&(0x7f0000000580)=""/224, 0xe0}, {&(0x7f0000000680)=""/64, 0x40}, {&(0x7f00000006c0)=""/102, 0x66}, {&(0x7f0000000740)=""/247, 0xf7}], 0x7, 0x0) r1 = clone3(&(0x7f0000000a80)={0x24000, &(0x7f00000008c0), &(0x7f0000000900)=0x0, &(0x7f0000000940), {0x37}, &(0x7f0000000980)=""/70, 0x46, &(0x7f0000000a00)=""/29, &(0x7f0000000a40)=[r0, r0, r0, r0, r0], 0x5}, 0x58) write$P9_RGETLOCK(0xffffffffffffffff, &(0x7f0000000b00)={0x1f, 0x37, 0x2, {0x0, 0x1, 0x9, r2, 0x1, '\\'}}, 0x1f) process_vm_readv(r0, &(0x7f0000000c80)=[{&(0x7f0000000b40)=""/6, 0x6}, {&(0x7f0000000b80)=""/206, 0xce}], 0x2, &(0x7f0000000e00)=[{&(0x7f0000000cc0)=""/99, 0x63}, {&(0x7f0000000d40)=""/23, 0x17}, {&(0x7f0000000d80)=""/62, 0x3e}, {&(0x7f0000000dc0)=""/20, 0x14}], 0x4, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003ec0)=[{{0x0, 0x0, &(0x7f0000000fc0)=[{&(0x7f0000000e40)=""/154, 0x9a}, {&(0x7f0000000f00)=""/110, 0x6e}, {&(0x7f0000000f80)=""/40, 0x28}], 0x3}, 0x86}, {{0x0, 0x0, &(0x7f0000001200)=[{&(0x7f0000001000)=""/30, 0x1e}, {&(0x7f0000001040)=""/171, 0xab}, {&(0x7f0000001100)=""/35, 0x23}, {&(0x7f0000001140)=""/171, 0xab}], 0x4, &(0x7f0000001240)=""/4096, 0x1000}, 0x4}, {{&(0x7f0000002240)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @ipv4={""/10, ""/2, @private}}}, 0x80, &(0x7f00000023c0)=[{&(0x7f00000022c0)=""/244, 0xf4}], 0x1, &(0x7f0000002400)=""/97, 0x61}, 0xf009}, {{&(0x7f0000002480)=@can, 0x80, &(0x7f0000002800)=[{&(0x7f0000002500)=""/167, 0xa7}, {&(0x7f00000025c0)=""/108, 0x6c}, {&(0x7f0000002640)=""/185, 0xb9}, {&(0x7f0000002700)=""/237, 0xed}], 0x4, &(0x7f0000002840)=""/107, 0x6b}, 0x80000000}, {{&(0x7f00000028c0)=@hci, 0x80, &(0x7f0000003d80)=[{&(0x7f0000002940)=""/212, 0xd4}, {&(0x7f0000002a40)=""/4096, 0x1000}, {&(0x7f0000003a40)=""/183, 0xb7}, {&(0x7f0000003b00)=""/34, 0x22}, {&(0x7f0000003b40)=""/194, 0xc2}, {&(0x7f0000003c40)=""/54, 0x36}, {&(0x7f0000003c80)=""/71, 0x47}, {&(0x7f0000003d00)=""/118, 0x76}], 0x8, &(0x7f0000003e00)=""/170, 0xaa}, 0x8}], 0x5, 0x20, &(0x7f0000004000)) write$P9_RGETLOCK(0xffffffffffffffff, &(0x7f0000004040)={0x23, 0x37, 0x1, {0x0, 0x2, 0x3, r1, 0x5, ':-%:.'}}, 0x23) write$P9_RMKDIR(0xffffffffffffffff, &(0x7f0000004080)={0x14, 0x49, 0x1, {0x0, 0x3, 0x2}}, 0x14) r3 = getpgrp(r0) process_vm_readv(r3, &(0x7f00000040c0), 0x0, &(0x7f0000004840)=[{&(0x7f0000004100)=""/102, 0x66}, {&(0x7f0000004180)=""/129, 0x81}, {&(0x7f0000004240)=""/90, 0x5a}, {&(0x7f00000042c0)=""/212, 0xd4}, {&(0x7f00000043c0)=""/18, 0x12}, {&(0x7f0000004400)=""/186, 0xba}, {&(0x7f00000044c0)=""/195, 0xc3}, {&(0x7f00000045c0)=""/102, 0x66}, {&(0x7f0000004640)=""/198, 0xc6}, {&(0x7f0000004740)=""/206, 0xce}], 0xa, 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2000008, 0x20010, 0xffffffffffffffff, 0x0) r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000000, 0x10, 0xffffffffffffffff, 0x10000000) syz_io_uring_submit(r4, r5, &(0x7f0000004900)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x4007, @fd_index=0x9, 0x8a, 0x0, 0x0, 0x17, 0x0, {0x3}}, 0x9) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0xc, 0x1010, 0xffffffffffffffff, 0x0) r7 = mmap$IORING_OFF_SQES(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x2000002, 0x1030, 0xffffffffffffffff, 0x10000000) syz_io_uring_submit(r6, r7, &(0x7f0000004980)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000004940), 0x0, 0x0, 0x80000, 0x1}, 0x8) r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2, 0x110, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r8, r7, &(0x7f00000049c0)=@IORING_OP_NOP={0x0, 0x4}, 0x1b) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000004a00)={0x2, 0x4}, 0x4) 12:16:43 executing program 4: write$P9_ROPEN(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x71, 0x1, {{0x0, 0x4, 0x8}, 0x2}}, 0x18) write$P9_RSETATTR(0xffffffffffffffff, &(0x7f0000000040)={0x7, 0x1b, 0x2}, 0x7) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) write$P9_RCREATE(r1, &(0x7f00000000c0)={0x18, 0x73, 0x2, {{0x20}, 0xc4ea}}, 0x18) write$9p(r1, &(0x7f0000000100)="d5b7453dae837783258117bcbbbcbdc799ae4e3e2ab4f4ae1b0827e5babe8a6e99ed9a6af64cc70d29fc412dd47416af8d7a7e778229874094f579b260a82007e1bb828943474b55e3682429df844a543a015757ed087f1860dbce2f60a0f8846dcf92e40d39e822928adda567e3d53300e5a463454ffec87810814aafe61881e053564e30347b79b086759adb29768e6e24971b56c86b7c6a0e636f4bfac0e0728cc88ee68c1b4edd29ef4173c6567e8edf7c5e0fc2263a6414534dfaca9e66437356020650a6ee2aaedf2e0336851c9cb72154dfe7525fe384dacb19a8b64cdda8", 0xe2) write$P9_RATTACH(r1, &(0x7f0000000200)={0x14, 0x69, 0x1, {0x20, 0x2, 0x8}}, 0x14) write$P9_RXATTRCREATE(r1, &(0x7f0000000240)={0x7, 0x21, 0x2}, 0x7) r2 = pidfd_getfd(r0, 0xffffffffffffffff, 0x0) write$P9_RRENAMEAT(r2, &(0x7f0000000280)={0x7, 0x4b, 0x1}, 0x7) write$P9_ROPEN(r1, &(0x7f00000002c0)={0x18, 0x71, 0x2, {{0x1, 0x3, 0x5}, 0xe}}, 0x18) r3 = openat$cgroup_ro(r2, &(0x7f0000000300)='rdma.current\x00', 0x0, 0x0) write$P9_RREMOVE(r3, &(0x7f0000000340)={0x7, 0x7b, 0x1}, 0x7) pipe2$9p(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}, 0x5000) write$P9_ROPEN(r4, &(0x7f00000003c0)={0x18, 0x71, 0x1, {{0x0, 0x4, 0x4}, 0xfffffffb}}, 0x18) r5 = accept(r2, 0x0, &(0x7f0000000400)) setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000440)=0x140c, 0x4) openat$pidfd(0xffffffffffffff9c, &(0x7f0000000480), 0x40042, 0x0) write$P9_RFLUSH(r3, &(0x7f00000004c0)={0x7, 0x6d, 0x1}, 0x7) r6 = openat$full(0xffffffffffffff9c, &(0x7f0000000500), 0x14242, 0x0) write$P9_RREADDIR(r6, &(0x7f0000000540)={0x2a, 0x29, 0x1, {0xfffffffc, [{{0x80, 0x2, 0x3}, 0xf225, 0x3, 0x7, './file0'}]}}, 0x2a) 12:16:43 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cgroup.controllers\x00', 0x0, 0x0) connect$packet(r0, &(0x7f0000000040)={0x11, 0x5, 0x0, 0x1, 0x9, 0x6, @broadcast}, 0x14) openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000080), 0x2, 0x0) ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205) r1 = accept4$packet(r0, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000100)=0x14, 0x80000) bind$packet(r1, &(0x7f0000000140)={0x11, 0xc, 0x0, 0x1, 0x4a, 0x6, @link_local}, 0x14) r3 = syz_open_dev$usbmon(&(0x7f0000000180), 0xe7b0, 0x30b581) ioctl$MON_IOCQ_RING_SIZE(r3, 0x9205) r4 = openat$cgroup(r0, &(0x7f00000001c0)='syz1\x00', 0x200002, 0x0) openat$cgroup_type(r4, &(0x7f0000000200), 0x2, 0x0) r5 = accept4$packet(r1, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000340)=0x14, 0x0) bind$packet(r5, &(0x7f0000000380)={0x11, 0xe7, r2, 0x1, 0x3}, 0x14) ioctl$MON_IOCQ_URB_LEN(r3, 0x9201) ioctl$EVIOCSABS3F(r0, 0x401845ff, &(0x7f00000003c0)={0x401, 0x800, 0x7fffffff, 0x4, 0x3, 0x1}) openat$cgroup_type(r4, &(0x7f0000000400), 0x2, 0x0) r6 = socket$inet6_icmp(0xa, 0x2, 0x3a) ioctl$sock_SIOCGIFBR(r6, 0x8940, &(0x7f0000000440)=@generic={0x3, 0x1000, 0x6}) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000004c0)={0x1, &(0x7f0000000480)=[{0x91, 0x2, 0x40, 0x2}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000500)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r7, 0x40182103, &(0x7f0000000580)={r8, 0x1, r4, 0x8000, 0x80000}) 12:16:43 executing program 1: mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x8, &(0x7f0000000080)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cachetag={'cachetag', 0x3d, '\xc6.},*\\-.'}}, {@debug={'debug', 0x3d, 0x100}}, {@cache_none}, {@posixacl}, {@cache_mmap}, {@dfltuid={'dfltuid', 0x3d, 0xffffffffffffffff}}, {@access_uid={'access', 0x3d, 0xee01}}], [{@smackfshat={'smackfshat', 0x3d, ',,/'}}]}}) r0 = pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$P9_RGETATTR(r0, &(0x7f0000000180)={0xa0, 0x19, 0x2, {0x1120, {0x20, 0x4, 0x6}, 0x112, 0xee01, 0xffffffffffffffff, 0x3ff, 0x2, 0x8001, 0x8, 0x7, 0x722, 0x5, 0xf6, 0x5f3, 0xfffffffeffffffff, 0x3, 0x0, 0x979, 0xfffffffffffffbff, 0xffff}}, 0xa0) openat$cgroup_pressure(r0, &(0x7f0000000240)='cpu.pressure\x00', 0x2, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup_freezer_state(r1, &(0x7f00000002c0), 0x2, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000300)='syz1\x00', 0x200002, 0x0) openat$cgroup_procs(r2, &(0x7f0000000340)='cgroup.threads\x00', 0x2, 0x0) ioctl$MON_IOCX_GET(r0, 0x40189206, &(0x7f00000013c0)={&(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f00000003c0)=""/4096, 0x1000}) write$P9_RWALK(r0, &(0x7f0000001400)={0x16, 0x6f, 0x1, {0x1, [{0x0, 0x4, 0x8}]}}, 0x16) openat$cgroup(0xffffffffffffffff, &(0x7f0000001440)='syz0\x00', 0x200002, 0x0) shmat(0xffffffffffffffff, &(0x7f0000ffb000/0x3000)=nil, 0x5000) r3 = shmget$private(0x0, 0x1000, 0x1, &(0x7f0000ffe000/0x1000)=nil) shmctl$SHM_UNLOCK(r3, 0xc) accept(r0, &(0x7f0000001480)=@generic, &(0x7f0000001500)=0x80) r4 = perf_event_open$cgroup(&(0x7f0000001580)={0x4, 0x80, 0x1f, 0x3, 0x5, 0x80, 0x0, 0xe92a, 0xe000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc16af627, 0x0, @perf_bp={&(0x7f0000001540), 0x9}, 0x244, 0x0, 0x5, 0x2, 0x4, 0x717e52e4, 0x6, 0x0, 0x2, 0x0, 0x6}, r1, 0x4, r0, 0x1) ioctl$PERF_EVENT_IOC_RESET(r4, 0x2403, 0x886) r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x10, r0, 0x10000000) syz_io_uring_submit(0x0, r5, &(0x7f0000001600)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x65, 0x1}, 0x7) shmctl$IPC_SET(r3, 0x1, &(0x7f0000001980)={{0x2, 0xee00, 0x0, 0xffffffffffffffff, 0x0, 0x10, 0x101}, 0xd0, 0x6, 0x9, 0x16, 0x0, 0x0, 0xfc73}) 12:16:43 executing program 2: mmap$IORING_OFF_CQ_RING(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x200000b, 0x10, 0xffffffffffffffff, 0x8000000) write$P9_ROPEN(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x71, 0x2, {{0x80, 0x1, 0x7}, 0x8001}}, 0x18) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) openat$cgroup(r0, &(0x7f0000000080)='syz1\x00', 0x200002, 0x0) ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f00000000c0)={0x7, 'veth0_to_team\x00', {0xc}, 0xfeff}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000100)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000180)={r1, 0x3, 0xffffffffffffffff, 0x4}) write$P9_RFLUSH(r0, &(0x7f00000001c0)={0x7, 0x6d, 0x1}, 0x7) inotify_rm_watch(r0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000240)={0x3, &(0x7f0000000200)=[{0x6, 0x0, 0x6, 0x7}, {0x3, 0x80, 0x5, 0x9}, {0x4, 0x8, 0x0, 0x400}]}) r2 = openat$cgroup_ro(r0, &(0x7f0000000280)='blkio.bfq.time\x00', 0x0, 0x0) write$9p(r2, &(0x7f00000002c0)="fa5cd754e197b8dab84285a6cfef01704dc13ff18c63038c140801fc04f37d815c3e8b8b2ab8d5045e31bd73a38e3b6e57e00bdda1430f5018677625ec76344f24fde5dba97bfd0358688d258a2c06f80ee0cd038407e64c70fde7b002983069e8863db98cc0bf847dfb711afd32c5f8ff11fe9700d8f19988821d00b6bbd4458eacef50c0a1ed5ff6f33099abc57a2365019b6a010f47c6a13ea6d9c5dbe283fb8cca3b6c55110740856fce92b7eef4f9a6c8e67cd4becfc3476aa2bb2b402a8ee3aa1fa2a51515702b34a084dbfa83958613ac099f527f78718799848a96221e75e04bd195ae1aec30a68fb3feb0efd2e6b603305c9236162979eb9b2c1ba76406bb8c39aa460dcea536a9a08bf23828eade9fe31212ca642c298bb954b1d227cdd9a5758dc3112e8d9a9744640b86f7d28357d661698fa56f40cffebd55a75dfc02fac9e1a3232610d24a385382808c321889387db3f6b10d5933fa97b4f275052cb7ad884ff1172044092c21836cfbdff172e02c13c162191ccc95ada9dc30025ca37810e7b5761684d5686df209beb9f430d74a4eab335517053229d602f940e0812863d9331b89b8483daa10da77d130bf31f90868f841b4dbe3010905f3c365055368df1d86f420936ff15ac3b92b4bc04a2bf62a593682ee3c7e1e7febb9f9b2b6133f9f619e2662730fe9e644aa15b20186af2b97f95effc1dfa0c86419abfe0b90570101be3cd74e741bddc46661d0a2eddd017ee7ca8b4199234548cf0e2ea3c3cdb39eb72c15a49694a1f6a5f26197f90b1d4cbd24a0ca829cbdba3f29efa2b845b5de60395a5824281f1dca4a967250ff83bf97ddf7902b137ddd6486f921f0586c3937b32923fb0701b4b4f7b91ab01564f9181d48fdaaa3dfab876b1c2ab53072f3208dc05ad01c01bd3be0fee78860001cec3c714c9dbc1607a3949eacd44da714c07aa2313822e4e3c64465890eaf49300339bae06e13f861b48bbd7ff07d8663695bb10ea8fa0917f25a65dd4502689fa3f4d64f4336e870a87b0b62378bed1d89cf2eb3b7a283808724fac2fed9e0dd0878ec3d5593e4730ee68107138eefb007c8f0b7afd39a6f2cff28d2c9601b486c60f8038e9fa9c16e850476b8034d2db2874e663c1cb9cb5c7b18cdf64345252551b19f3bb8b317d6f0c3f64614f74ef24cd79e7a726fa371425a4c34ee5bdf574bd58673cb8c26d8568440b95dce29f6407d8382643c68bc036a0c33bbbc9962c26d7dd5ce2ecf8d596c47dec144f294b061ad08309ab22fdf427e9344d5e234ef8b7db07779fdbf36a9e08aac8710ee3674c4cf1d49481f2dcc1c60cbffb46ef47439e62a97ea0f7ef2edd8ffc76a740c66dc64da0fd852266be993b2e0a08035f15eb8852b0c7495d376c5fa787e24795c43424df4a264d95356b0e3be43358e025889b99bc461084c5e9b31f5699550b5974e300ab6a4cd177a107b863165e2abf2c1b5c65ed5325291b2e7e60f6900d0e95d5258d40c2fd0306de25c83b0a1c4cd85bb0872c50f322c0d95a4e34c88c4c08821fc5e2c88f14aa671acf1acf20eb73f43d6884f6f4eeaa436f01a1b2e9a49a15190f388a9f9711ebbdcb5f3828117a6c8ad0c77eaa72dd9e75974c57867031276c4d3c1eef16552fb0e0116347ae34ac6ebd9dc1e82fbc34922351b8e47b0a5d095444856a9fadf0e6c1eeee6c7a0d84cfbadcf194ebc74cc04376897187040e8de4ce1c999a3033df9df87bd091080438697436f50201a05a5002d4090c27ab94267ec737d5bd7c51664bb95c6fa0058559836028628a457f77fbed7c03a7b6e9d6209c6915b0de561f8a3503024ab4691be41614c08f896dff08d16f154edcacdb9b93b1097931a868903404f142046c20050189108bb5a00e553df547b70093c8f97c0d13005ed72ac5b39c61a546d950a44ad9004d99622b3b99caabd8adab303887842184bbf7f5c7b143129e84a12ff798d20b1746be88f3d42e9bd335f9409878fb89d711e0c7fc67718a2bcc58e9bc385e537794a49014eeed3f455b9695c1c366ab6e91f287a81f115bb7b32f76e9acc976258ae38625f6c694a0514b4b7b039258278316567fad614ed3e6eb76ca64d107765472f8d8fe86b12411af6b57685ede464efe7daf0b9be403af4b7029e965308075ed6059b305a951849a174c6031fe6f3a30c65733210a6651359ade0fbb46a5ad44fd6050a2d94febb1fe4e5ac4bdfbad9375f267e75a9d918d6424f8cb1d5920b99ab036083926215e826d9a36e42eb799e35745537de350ccd9d97e31e6d61fb5708fc11d0144a5e2339d75c28a0805fc78796658f6b7351388835da09f4ff31cee85c4cfe8f7b411f1f2e49bd8d94d1ee983001106e793cd25919b9bcc532160259078a38a1c4b824ba24b5d08ba9253bf5f35ca512382c42b9cc6b210eedda3944a91b3ab70c0c267f18943db51d34642ce4e1831012b2202ba15767fe69d1a52be061da27640342795b97b36272734945c20accb5d92cf4d2d3f880b12e8725036838696311cf38ff5847903316737dc4ec62d132e113f7708d15c093b3f8db75fd8ba3518f445f3a76799eb7a853b4d6930f1aadd88452625336cc65e560d964a0b641ef631c7fc3b5cce8899aa86f5440c95a84eab7ad1f2960cb129ae2f85c0d358fb34dd26ed764293e2c52c3f4fb592d357c5bdc1d659a246521375f50549e87b97c35400af1c345729c0e86bbd128ac601ed53d426f37c05178e894b64177847d8177b5cb691aebeac2b2a5c35d92cda58c0f59c26968b4baa921ccd9f5929e1a2fedeb2fca310e836ccd6c37b559da4423021e0b9f0c3846b22006c4a16ece9fb76fa6bca8bb5af5d81d75516ba2f80396edf29e06fe40cf2dacbc74973495ff226f438911083daf6ad05701a6f47ef3e596083ed3cbefaae8e14fd6dd3056acd64696caa8aab39738c4185fd54c1279e1c046b1058886f104fed7e144bffe225cc8ce3ac9e7401a3154cc3aca1e5ef77be31a1f1e5908d4f0e870ae0b859a5e72ce8c2c73224846bfb6a7486c8f1edcf5c6a6804fd218949900a299fa0586c234377ac00211e6041ffa6ebe76d3133193940c82597e751a05a7a831be31ac3ec334be641c13a6033df186ca2b97af63b38d4552634c38584bbd0aadbf6f63e2f0ea33929ac691553a09e8536f5a22098d80257464a53a03829e9b549401576ac064213d3ae9cac5da840f9ef4a37f3c18f34200d562771f27ef1fcf58f6da9ac74e11adc2bbcfcb7953e8b268f4d9a8374eb1fc567c2a4c9d440a9baac22f3500f1bc88566709a4c71d457bbbbeb466bf8867c26c0011b2000a694440372639dde502bf0c9d3be96377471da44e8cb4fb88bca00dc268f149b87ad0a30288c2084b1c197765e93ceb6466359b6d56cc4086c5fcba89e2dcf9b7921d46f8326f6b3926e0f6c971cf3cedb5792c0920339bb989dd1338dd4be980d4d35f2c140395b014cf382666feb5ae17fc72888c30297ae2dd8e7cdeb99e20eae2d7602762b086fc1cb68d8b64ab0eb20506eda5df3ecc08982dbf2bb28d99593df2f7149e3fcd8b1737aa17d61109596c7c4062763ffea79175fa3b42ae6e3a5116792100b4cdbeab1ac14c39d2ccb27d61269b67a920117a15777579ec452cdd44060e0995237e7b2d64009619097bbff5850752371ffd5c958fadbcc5cee1e6ea895e6bd66545107dc6f5eacf765bd5e6393bbd26d08308be4d6c689620ecdf513a4dae233e12cea94b71d2c1a0b921c521f66d581189efe4670fd21d3a3a4365f11a2c13d7506da76d201aa0121768695871132fb1eb2b687dba75ce14cef9382b2b7cfb69f352c454530ea0b6ba9ef1bd2490e6afcf322940fa57e7255c22820de7feffb5a756ffd7c29d6f45685671f53c1c2956064beece2124654ea8ac0a8db0d916b98d0aa913c34aadfb58d0110529a7334c50e596adc51c7eba3b189e287f25aafe63c3a41bfe7834343866e8c5dcd48df92022f7531a98f7dc7a72edc5098c52ddb3ac40a7cdaf83d5999c3766109c8abb97e22068678335b45e10c04cefc7b7595d37465f558740d46cd68a69c6765e18661b73f5e61cd9ef45b4cbc1d3030c387d46c48e19e5bb7ed254d32ae285fdd43a684bd3970f17cc3c63e3f457f75f1599e056ee0cd7ef63b5f6021a58d9b57b99bd6db91f20250a56579f8f924ff83271f7c9a4671eed16317347c4e02704b80a01142c469cc61a875ea0797f2cdb02c84698127de5bb4d5af790d8da2785c5b261dfe1b3bc550162af4ea464a7564f37fd15609e5e111ac7d4b52ac04b93a096a042875fadcb81cfb7fd2508be57481c880bfcab7aca95b7ada02a59a9a08ddbf13f83d49c981e1710c60f288c5b8a15d6af83b7c5a7a9e2815f92a447595a75e06b6b5a5a49dc138b944b054f6a15d2cf8d383f798c8e21db5122c32fc65eebd23281a203f67b25834fab6a7a441dc480dcc02fb8e98b6da7db67297d231db393be3907062be85b175be23478a87b5068cd4b6ab018938b31e9ea478f165c722f6f04aad1a5d14a9f8061852f3ffb8c178463a3ef9781e03d90da4db91f7c3b3044350cfd3ed9f583ad957303651786b44c86ff073c803b4c7f97e7d83e64f2adaea8e59a20f691c0e9aa04eeffd6325acefffc53ce6c6acc07c0b79459417ba07acfd66d72e013ff00e1a6bcb586f25bf49695ff63851fc17421b6ef6e267a45c90554939f27b839bb8729595f47e3dac8012144e201758905032b51e362d504a5d1a71d134f55ed0e106cba01e6641ff42fb60756a1ad2490bef3389bbafa687c5255bd33c7a6c003d0486e2d29228fee30f9d6382fe10d492c7ff873643fbcd3f658269563fd5a6ce4f47b5ad7caf33a8be98adbc484937e6b7ebe33405e70d135ce9f6577a34b7ed9b2ffe97393b88fc48ceaa512a7d40946d7e448a516ff0c6a7f7ddedd35abff63dd59f19cc3ffbe5e1bc87c102ec9ae901a70d8a07fd188e39516d378e41f41d78e46eed845489cba80d4fdd6ec93da4183ba699893a013ed20225e25c3095c9a0fb0c7ca394444e1edc384a4535bc4e009ab75c08807883a325c1aebe3c03bf44e91f2376d135846eb0fe0fa1f481195afae1e11a8c2bc7bbe774645b0c42d6aab82a01b5fea64442fb837da240b18cf5bff5b9786a7a653dc81892558aa4a997c4b80b743066528cc2053eb7547eb5d7ae8fb091a6113c2cd92f54f3fa81d71b9db82883bef3f8bbc00d077e45ded112c4dd5d0b8355f95e53267ee5019df83bbe8d3060feba910ae5a2e8752f46e4108785ed446c53931c78265cb95f67f73c11c010c25f3bf3b2269084b84101328e10176a4308139c56446b0d82789ace208c2eb28084d1df394aea95faacd0a8867a5a36007b44d468c25a647756df46071c2b5f6af1703b6ddb7a33e6254e4a9532e2d02fa7e7951df2c9c7a2701f137e46ec3fc74d48e87426edd5637635822cd8cf6e4e41cbb3de10c0571ba08f21683ae84516b77c2b9cf8ce3b011b884e5ff04c41cbbdaba3bb2a2984bda25edbf8c10864df27b3d3c534007a9e7cdcc0088ea72fbfd0d0cbabb6c470b2431ce14b6d930dee3e3633506af936bd944ab49c39c3d588de0c0e6a8d04f2565f26d59cc2d3339efac65169c3cd41412e1d7d2bc56a3ce6f8c3efecde222d54756c5b6af36a2806434f6330700b246d9df23ff6c348041c8f9ea1862b8cc06a6f1f507a33bd941986b0d22503f0b356ba5f52aa03c024999d9", 0x1000) ioctl$MON_IOCT_RING_SIZE(0xffffffffffffffff, 0x9204, 0x4c2cc) ioctl$MON_IOCQ_URB_LEN(r2, 0x9201) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x50, r2, 0x0) ioctl$MON_IOCQ_RING_SIZE(r0, 0x9205) pipe2$9p(&(0x7f00000012c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) write$P9_RREADDIR(r3, &(0x7f0000001300)={0x49, 0x29, 0x2, {0x3, [{{0x4, 0x0, 0x3}, 0x6, 0xbf, 0x7, './file0'}, {{0x1, 0x4, 0x2}, 0x17a, 0x94, 0x7, './file0'}]}}, 0x49) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout_data(r4, 0x107, 0x16, &(0x7f00000013c0)={0x5, &(0x7f0000001380)=[{0x8, 0x9, 0x20, 0x7fff}, {0x7, 0x3f, 0xf8, 0x70000000}, {0x200, 0xf8, 0x0, 0x400}, {0x0, 0x77, 0x2, 0x2f}, {0x5400, 0xbb, 0x16, 0xa5c5}]}, 0x10) 12:16:43 executing program 3: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x206400, 0x0) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000040)={0x0, 0x1, 0x6, @remote}, 0x10) r1 = socket$inet6_udp(0xa, 0x2, 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x42000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@privport}, {@cache_fscache}, {@posixacl}, {@cache_none}], [{@hash}, {@context={'context', 0x3d, 'user_u'}}]}}) r2 = accept4$packet(r0, 0x0, &(0x7f0000000180), 0xc0800) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000200)={0x4, &(0x7f00000001c0)=[{0x0, 0x0, 0x1, 0x7}, {0x7, 0x9, 0x1, 0x200}, {0x4, 0x4, 0x93, 0x1}, {0x243, 0x50, 0x2, 0x561}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000240)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r3, 0x40082102, &(0x7f00000002c0)=r4) r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000300), 0x1c1ac0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, &(0x7f0000000340)) ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r1, 0x8982, &(0x7f00000003c0)) r6 = accept4(r2, &(0x7f0000000400)=@l2tp6={0xa, 0x0, 0x0, @dev}, &(0x7f0000000480)=0x80, 0x800) ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r6, 0x8983, &(0x7f00000004c0)={0x7, 'wg1\x00', {0x9}, 0x4}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) syz_genetlink_get_family_id$wireguard(&(0x7f0000000540), r6) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000000580)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000600)={r8, 0x1, r7, 0xffffffff}) r9 = pidfd_getfd(r3, r1, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r9, 0xc0182101, &(0x7f0000000640)={r4, 0x80, 0x8}) ioctl$sock_inet6_udp_SIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000680)) 12:16:43 executing program 6: r0 = accept4$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000040)=0x14, 0x0) r1 = accept4$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000000c0)=0x14, 0x800) bind$packet(r0, &(0x7f0000000100)={0x11, 0x1, r2, 0x1, 0x40, 0x6, @broadcast}, 0x14) r3 = socket$packet(0x11, 0x2, 0x300) r4 = accept(r3, &(0x7f0000000140)=@phonet, &(0x7f00000001c0)=0x80) connect(r4, &(0x7f0000000200)=@x25={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x0}}, 0x80) accept4$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14, 0xc0000) r6 = inotify_init() syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_FILES_UPDATE={0x14, 0x4, 0x0, 0x0, 0x2, &(0x7f0000000300)=[r1, r6, r0], 0x3}, 0x8) socket$packet(0x11, 0x2, 0x300) r7 = syz_open_procfs$userns(0x0, &(0x7f0000000380)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000003c0)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r7, 0x0, 0x0, 0x0, {0x61d2}, 0x1}, 0x0) r8 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r4, 0x89f8, &(0x7f0000000480)={'syztnl0\x00', &(0x7f0000000400)={'ip6gre0\x00', r2, 0x0, 0xa6, 0xae, 0x8, 0x2, @loopback, @empty, 0x1, 0x7800, 0x8001, 0x7ff}}) connect$packet(r8, &(0x7f00000004c0)={0x11, 0x9, r9, 0x1, 0x0, 0x6, @random="d9758bd332b5"}, 0x14) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f0000000580)={'syztnl1\x00', &(0x7f0000000500)={'ip6_vti0\x00', r2, 0x2f, 0x20, 0x9d, 0xffffffff, 0x0, @dev={0xfe, 0x80, '\x00', 0x39}, @private1={0xfc, 0x1, '\x00', 0x1}, 0x7, 0x1, 0xffffffff, 0x8}}) recvmmsg(0xffffffffffffffff, &(0x7f0000002e80)=[{{&(0x7f00000005c0)=@nfc, 0x80, &(0x7f0000000740)=[{&(0x7f0000000640)=""/43, 0x2b}, {&(0x7f0000000680)=""/157, 0x9d}], 0x2, &(0x7f0000000780)=""/198, 0xc6}, 0x81}, {{0x0, 0x0, &(0x7f0000000ec0)=[{&(0x7f0000000880)=""/37, 0x25}, {&(0x7f00000008c0)=""/251, 0xfb}, {&(0x7f00000009c0)=""/106, 0x6a}, {&(0x7f0000000a40)=""/136, 0x88}, {&(0x7f0000000b00)=""/164, 0xa4}, {&(0x7f0000000bc0)=""/251, 0xfb}, {&(0x7f0000000cc0)=""/219, 0xdb}, {&(0x7f0000000dc0)=""/194, 0xc2}], 0x8, &(0x7f0000000f40)}, 0x8}, {{0x0, 0x0, &(0x7f0000001480)=[{&(0x7f0000000f80)=""/236, 0xec}, {&(0x7f0000001080)=""/58, 0x3a}, {&(0x7f00000010c0)=""/165, 0xa5}, {&(0x7f0000001180)=""/212, 0xd4}, {&(0x7f0000001280)=""/241, 0xf1}, {&(0x7f0000001380)=""/244, 0xf4}], 0x6}, 0x7}, {{&(0x7f0000001500)=@xdp, 0x80, &(0x7f0000001800)=[{&(0x7f0000001580)=""/36, 0x24}, {&(0x7f00000015c0)=""/91, 0x5b}, {&(0x7f0000001640)=""/207, 0xcf}, {&(0x7f0000001740)=""/154, 0x9a}], 0x4}, 0x5}, {{&(0x7f0000001840)=@nl=@proc, 0x80, &(0x7f0000002d40)=[{&(0x7f00000018c0)=""/148, 0x94}, {&(0x7f0000001980)=""/58, 0x3a}, {&(0x7f00000019c0)=""/239, 0xef}, {&(0x7f0000001ac0)=""/4096, 0x1000}, {&(0x7f0000002ac0)=""/13, 0xd}, {&(0x7f0000002b00)=""/238, 0xee}, {&(0x7f0000002c00)=""/134, 0x86}, {&(0x7f0000002cc0)=""/73, 0x49}], 0x8, &(0x7f0000002dc0)=""/136, 0x88}, 0x4}], 0x5, 0x10020, &(0x7f0000002fc0)) write$P9_RWALK(0xffffffffffffffff, &(0x7f0000003000)={0x3d, 0x6f, 0x1, {0x4, [{0x1, 0x0, 0x1}, {0x8, 0x0, 0x8}, {0x8, 0x0, 0x8}, {0x1, 0x3, 0x7}]}}, 0x3d) r10 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r10, 0x89f6, &(0x7f00000030c0)={'syztnl0\x00', &(0x7f0000003040)={'sit0\x00', r5, 0x4, 0x3, 0xc4, 0xf31, 0x20, @dev={0xfe, 0x80, '\x00', 0xb}, @rand_addr=' \x01\x00', 0x1, 0x0, 0x10000, 0x4}}) [ 62.706741] audit: type=1400 audit(1665577003.702:6): avc: denied { execmem } for pid=284 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 12:16:43 executing program 7: write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000000)={0x13, 0x65, 0xffff, 0x7, 0x6, '9P2000'}, 0x13) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000040)={0x13, 0x7, 0x2, {{0x6, '9P2000'}, 0x20}}, 0x13) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x1a3002, 0x0) write$P9_RFLUSH(r0, &(0x7f00000000c0)={0x7, 0x6d, 0x1}, 0x7) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40042409, 0x0) write$P9_RAUTH(r0, &(0x7f0000000100)={0x14, 0x67, 0x2, {0x2}}, 0x14) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000140)={0x0, 0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r0, 0x40082102, &(0x7f00000001c0)=r1) write$P9_RLERRORu(r0, &(0x7f0000000200)={0x14, 0x7, 0x2, {{0x7, '!{-/]/$'}, 0xd2}}, 0x14) r3 = socket(0x2b, 0x800, 0x4) ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r3, 0x8982, &(0x7f00000048c0)) perf_event_open(&(0x7f0000004940)={0x0, 0x80, 0x9, 0x0, 0xff, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000004900), 0x4}, 0x0, 0x80000001, 0x8, 0x8, 0x7fffffff, 0x4, 0x5, 0x0, 0x7, 0x0, 0x401}, r2, 0xb, 0xffffffffffffffff, 0x9) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f00000049c0)=0xa66, 0x4) r4 = openat$cgroup_ro(r0, &(0x7f0000004a00)='cpuacct.stat\x00', 0x0, 0x0) write$P9_RSETATTR(r4, &(0x7f0000004a40)={0x7, 0x1b, 0x1}, 0x7) accept(r3, &(0x7f0000004a80)=@hci, &(0x7f0000004b00)=0x80) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r4, 0x40042409, 0x1) ioctl$sock_ifreq(r0, 0x8971, &(0x7f0000004b40)={'geneve1\x00', @ifru_map}) ioctl$PERF_EVENT_IOC_ID(0xffffffffffffffff, 0x80082407, &(0x7f0000004b80)) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) [ 63.945275] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 63.947122] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 63.948848] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 63.950378] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 63.953068] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 63.955213] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 63.956589] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 63.961221] Bluetooth: hci1: HCI_REQ-0x0c1a [ 64.007964] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 64.010040] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 64.013415] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 64.014573] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 64.016099] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 64.017420] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 64.018645] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 64.020094] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 64.023127] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 64.025620] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 64.026883] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 64.028894] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 64.030993] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 64.032192] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 64.033907] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 64.035240] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 64.036405] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 64.038020] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 64.042696] Bluetooth: hci2: HCI_REQ-0x0c1a [ 64.046820] Bluetooth: hci3: HCI_REQ-0x0c1a [ 64.050851] Bluetooth: hci5: HCI_REQ-0x0c1a [ 64.074674] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 64.087004] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 64.089115] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 64.093794] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 64.095010] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 64.096580] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 64.097626] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 64.098933] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 64.103438] Bluetooth: hci0: HCI_REQ-0x0c1a [ 64.109944] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 64.113079] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 64.114360] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 64.123439] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 64.126818] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 64.127982] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 64.132074] Bluetooth: hci4: HCI_REQ-0x0c1a [ 64.152413] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 64.155103] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 64.157207] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 64.158573] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 64.168428] Bluetooth: hci6: HCI_REQ-0x0c1a [ 64.174721] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 64.217652] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 64.226576] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 64.229016] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 64.230181] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 64.240404] Bluetooth: hci7: HCI_REQ-0x0c1a [ 66.015926] Bluetooth: hci1: command 0x0409 tx timeout [ 66.079564] Bluetooth: hci3: command 0x0409 tx timeout [ 66.080486] Bluetooth: hci5: command 0x0409 tx timeout [ 66.081358] Bluetooth: hci2: command 0x0409 tx timeout [ 66.143555] Bluetooth: hci4: command 0x0409 tx timeout [ 66.144470] Bluetooth: hci0: command 0x0409 tx timeout [ 66.207580] Bluetooth: hci6: command 0x0409 tx timeout [ 66.271539] Bluetooth: hci7: command 0x0409 tx timeout [ 68.063393] Bluetooth: hci1: command 0x041b tx timeout [ 68.128448] Bluetooth: hci2: command 0x041b tx timeout [ 68.128826] Bluetooth: hci5: command 0x041b tx timeout [ 68.129178] Bluetooth: hci3: command 0x041b tx timeout [ 68.192420] Bluetooth: hci0: command 0x041b tx timeout [ 68.192793] Bluetooth: hci4: command 0x041b tx timeout [ 68.255474] Bluetooth: hci6: command 0x041b tx timeout [ 68.319370] Bluetooth: hci7: command 0x041b tx timeout [ 70.111458] Bluetooth: hci1: command 0x040f tx timeout [ 70.175396] Bluetooth: hci3: command 0x040f tx timeout [ 70.176126] Bluetooth: hci5: command 0x040f tx timeout [ 70.176890] Bluetooth: hci2: command 0x040f tx timeout [ 70.239497] Bluetooth: hci4: command 0x040f tx timeout [ 70.240212] Bluetooth: hci0: command 0x040f tx timeout [ 70.303451] Bluetooth: hci6: command 0x040f tx timeout [ 70.367496] Bluetooth: hci7: command 0x040f tx timeout [ 72.160376] Bluetooth: hci1: command 0x0419 tx timeout [ 72.223400] Bluetooth: hci2: command 0x0419 tx timeout [ 72.223808] Bluetooth: hci5: command 0x0419 tx timeout [ 72.224173] Bluetooth: hci3: command 0x0419 tx timeout [ 72.288362] Bluetooth: hci0: command 0x0419 tx timeout [ 72.288764] Bluetooth: hci4: command 0x0419 tx timeout [ 72.351408] Bluetooth: hci6: command 0x0419 tx timeout [ 72.416423] Bluetooth: hci7: command 0x0419 tx timeout [ 81.089334] ================================================================== [ 81.089963] BUG: KASAN: use-after-free in __lock_acquire+0x42c9/0x5e70 [ 81.090546] Read of size 8 at addr ffff88800fedd608 by task kmemleak/54 [ 81.091297] [ 81.091636] CPU: 1 PID: 54 Comm: kmemleak Not tainted 6.0.0-next-20221011 #1 [ 81.093255] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 81.095412] Call Trace: [ 81.095837] [ 81.096037] dump_stack_lvl+0x8b/0xb3 [ 81.096360] print_report+0x172/0x475 [ 81.096702] ? __lock_acquire+0x42c9/0x5e70 [ 81.097156] kasan_report+0xbb/0x1c0 [ 81.097604] ? __lock_acquire+0x42c9/0x5e70 [ 81.098128] __lock_acquire+0x42c9/0x5e70 [ 81.098651] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 81.099274] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 81.099900] ? finish_task_switch.isra.0+0x22d/0x8a0 [ 81.100515] lock_acquire+0x1a2/0x530 [ 81.100985] ? kmemleak_scan+0x21d/0x16d0 [ 81.101484] ? lock_release+0x750/0x750 [ 81.101967] ? lock_release+0x750/0x750 [ 81.102442] ? io_schedule_timeout+0x150/0x150 [ 81.102993] ? _raw_spin_lock_irq+0x41/0x50 [ 81.103509] _raw_spin_lock_irq+0x32/0x50 [ 81.104020] ? kmemleak_scan+0x21d/0x16d0 [ 81.104371] kmemleak_scan+0x21d/0x16d0 [ 81.104710] ? paint_ptr+0xc0/0xc0 [ 81.105015] ? __kthread_parkme+0x15a/0x220 [ 81.105383] ? kmemleak_write.cold+0x29/0x29 [ 81.105775] kmemleak_scan_thread+0x8f/0xb1 [ 81.106142] kthread+0x2ed/0x3a0 [ 81.106439] ? kthread_complete_and_exit+0x40/0x40 [ 81.106850] ret_from_fork+0x22/0x30 [ 81.107189] [ 81.107393] [ 81.107538] Allocated by task 184: [ 81.107850] kasan_save_stack+0x1e/0x40 [ 81.108183] kasan_set_track+0x21/0x30 [ 81.108526] __kasan_slab_alloc+0x58/0x70 [ 81.108868] kmem_cache_alloc+0x1a9/0x3e0 [ 81.109221] __create_object+0x3d/0xc10 [ 81.109545] kmemleak_alloc_percpu+0xa1/0x140 [ 81.109941] pcpu_alloc+0x7f4/0x10a0 [ 81.110270] percpu_ref_init+0x31/0x400 [ 81.110612] wb_get_create+0x270/0x1180 [ 81.110944] __inode_attach_wb+0x2e6/0x880 [ 81.111297] __mark_inode_dirty+0x9c6/0xe60 [ 81.111669] touch_atime+0x644/0x700 [ 81.111980] filemap_read+0x999/0xb60 [ 81.112305] generic_file_read_iter+0x3cd/0x530 [ 81.112705] ext4_file_read_iter+0x182/0x490 [ 81.113078] __kernel_read+0x2cb/0x7d0 [ 81.113426] kernel_read+0xbf/0x1c0 [ 81.113740] bprm_execve+0x70e/0x1920 [ 81.114067] do_execveat_common+0x72c/0x890 [ 81.114433] __x64_sys_execve+0x8f/0xc0 [ 81.114765] do_syscall_64+0x3b/0x90 [ 81.115077] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 81.115519] [ 81.115684] Freed by task 1372: [ 81.115963] kasan_save_stack+0x1e/0x40 [ 81.116294] kasan_set_track+0x21/0x30 [ 81.116630] kasan_save_free_info+0x2a/0x50 [ 81.116993] __kasan_slab_free+0x106/0x190 [ 81.117356] kmem_cache_free+0xf7/0x610 [ 81.117692] rcu_core+0x7e2/0x2080 [ 81.117999] __do_softirq+0x1c3/0x8f5 [ 81.118334] [ 81.118482] Last potentially related work creation: [ 81.118880] kasan_save_stack+0x1e/0x40 [ 81.119225] __kasan_record_aux_stack+0x95/0xb0 [ 81.119634] call_rcu+0x6a/0xa30 [ 81.119926] kmemleak_free_percpu+0x9a/0x120 [ 81.120315] free_percpu+0x2c/0xec0 [ 81.120631] percpu_ref_switch_to_atomic_rcu+0x336/0x520 [ 81.121088] rcu_core+0x7e2/0x2080 [ 81.121390] __do_softirq+0x1c3/0x8f5 [ 81.121725] [ 81.121876] Second to last potentially related work creation: [ 81.122364] kasan_save_stack+0x1e/0x40 [ 81.122704] __kasan_record_aux_stack+0x95/0xb0 [ 81.123087] call_rcu+0x6a/0xa30 [ 81.123384] kmem_cache_free+0xbd/0x610 [ 81.123736] rcu_core+0x7e2/0x2080 [ 81.124041] __do_softirq+0x1c3/0x8f5 [ 81.124364] [ 81.124511] The buggy address belongs to the object at ffff88800fedd5f0 [ 81.124511] which belongs to the cache kmemleak_object of size 368 [ 81.125561] The buggy address is located 24 bytes inside of [ 81.125561] 368-byte region [ffff88800fedd5f0, ffff88800fedd760) [ 81.126516] [ 81.126659] The buggy address belongs to the physical page: [ 81.127120] page:000000005a960a54 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffffea0000340b00 pfn:0xfedc [ 81.127993] head:000000005a960a54 order:1 compound_mapcount:0 compound_pincount:0 [ 81.128599] flags: 0x100000000010200(slab|head|node=0|zone=1) [ 81.129095] raw: 0100000000010200 ffff888007c4f780 dead000000120012 0000000000000000 [ 81.129735] raw: ffffea0000340b00 dead000000000003 00000001ffffffff 0000000000000000 [ 81.130362] page dumped because: kasan: bad access detected [ 81.130815] [ 81.130964] Memory state around the buggy address: [ 81.131371] ffff88800fedd500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 81.132002] ffff88800fedd580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fa fb [ 81.132583] >ffff88800fedd600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.133184] ^ [ 81.133477] ffff88800fedd680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.134079] ffff88800fedd700: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 81.134665] ================================================================== [ 81.135261] Disabling lock debugging due to kernel taint VM DIAGNOSIS: 12:17:02 Registers: info registers vcpu 0 RAX=0000000000000001 RBX=ffff888036b4d9b8 RCX=ffffffff8129c68a RDX=fffffbfff0d9aaf9 RSI=0000000000000008 RDI=ffffffff86cd57c0 RBP=0000000000000003 RSP=ffff888024eff470 R8 =0000000000000000 R9 =ffffffff86cd57c7 R10=fffffbfff0d9aaf8 R11=0000000000000001 R12=ffff888036b4d040 R13=ffff888036b4d9e0 R14=ffffffff85407520 R15=0000000000020000 RIP=ffffffff8178964a RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fdead6cb368 CR3=000000003758c000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=6f732e616d7a6c62696c2f756e672d78 XMM02=00352e6f732e616d7a6c62696c2f756e XMM03=672d78756e696c2d34365f3638782f62 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9 RSI=ffffffff823c1301 RDI=ffffffff8765c9e0 RBP=ffffffff8765c9a0 RSP=ffff88800fe07608 R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=0000000000000005 R13=ffffffff8765c9a0 R14=0000000000000010 R15=ffffffff823c12f0 RIP=ffffffff823c1359 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f33ae625028 CR3=000000000d02a000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=756e696c2d34365f3638782f62696c2f XMM01=6f732e616d7a6c62696c2f756e672d78 XMM02=00352e6f732e616d7a6c62696c2f756e XMM03=672d78756e696c2d34365f3638782f62 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000