Warning: Permanently added '[localhost]:57036' (ECDSA) to the list of known hosts. 2023/01/24 15:54:32 fuzzer started 2023/01/24 15:54:32 dialing manager at localhost:36587 syzkaller login: [ 46.465662] cgroup: Unknown subsys name 'net' [ 46.583517] cgroup: Unknown subsys name 'rlimit' 2023/01/24 15:54:48 syscalls: 2217 2023/01/24 15:54:48 code coverage: enabled 2023/01/24 15:54:48 comparison tracing: enabled 2023/01/24 15:54:48 extra coverage: enabled 2023/01/24 15:54:48 setuid sandbox: enabled 2023/01/24 15:54:48 namespace sandbox: enabled 2023/01/24 15:54:48 Android sandbox: enabled 2023/01/24 15:54:48 fault injection: enabled 2023/01/24 15:54:48 leak checking: enabled 2023/01/24 15:54:48 net packet injection: enabled 2023/01/24 15:54:48 net device setup: enabled 2023/01/24 15:54:48 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2023/01/24 15:54:48 devlink PCI setup: PCI device 0000:00:10.0 is not available 2023/01/24 15:54:48 USB emulation: enabled 2023/01/24 15:54:48 hci packet injection: enabled 2023/01/24 15:54:48 wifi device emulation: enabled 2023/01/24 15:54:48 802.15.4 emulation: enabled 2023/01/24 15:54:48 fetching corpus: 0, signal 0/2000 (executing program) 2023/01/24 15:54:49 fetching corpus: 38, signal 28896/32347 (executing program) 2023/01/24 15:54:49 fetching corpus: 70, signal 43701/48473 (executing program) 2023/01/24 15:54:49 fetching corpus: 120, signal 51468/57505 (executing program) 2023/01/24 15:54:49 fetching corpus: 170, signal 60896/68027 (executing program) 2023/01/24 15:54:49 fetching corpus: 219, signal 68399/76537 (executing program) 2023/01/24 15:54:49 fetching corpus: 269, signal 74290/83346 (executing program) 2023/01/24 15:54:49 fetching corpus: 318, signal 79630/89538 (executing program) 2023/01/24 15:54:49 fetching corpus: 367, signal 85618/96276 (executing program) 2023/01/24 15:54:50 fetching corpus: 416, signal 90551/101926 (executing program) 2023/01/24 15:54:50 fetching corpus: 466, signal 94014/106161 (executing program) 2023/01/24 15:54:50 fetching corpus: 516, signal 97736/110556 (executing program) 2023/01/24 15:54:50 fetching corpus: 566, signal 99953/113547 (executing program) 2023/01/24 15:54:50 fetching corpus: 615, signal 106230/120105 (executing program) 2023/01/24 15:54:50 fetching corpus: 665, signal 109597/123970 (executing program) 2023/01/24 15:54:50 fetching corpus: 714, signal 112912/127741 (executing program) 2023/01/24 15:54:50 fetching corpus: 763, signal 115137/130575 (executing program) 2023/01/24 15:54:51 fetching corpus: 813, signal 116705/132787 (executing program) 2023/01/24 15:54:51 fetching corpus: 863, signal 119597/136082 (executing program) 2023/01/24 15:54:51 fetching corpus: 912, signal 122498/139277 (executing program) 2023/01/24 15:54:51 fetching corpus: 961, signal 125018/142142 (executing program) 2023/01/24 15:54:51 fetching corpus: 1011, signal 126528/144148 (executing program) 2023/01/24 15:54:51 fetching corpus: 1061, signal 128097/146149 (executing program) 2023/01/24 15:54:51 fetching corpus: 1111, signal 129894/148342 (executing program) 2023/01/24 15:54:51 fetching corpus: 1160, signal 131083/150011 (executing program) 2023/01/24 15:54:52 fetching corpus: 1210, signal 132821/152100 (executing program) 2023/01/24 15:54:52 fetching corpus: 1260, signal 134127/153799 (executing program) 2023/01/24 15:54:52 fetching corpus: 1310, signal 135666/155662 (executing program) 2023/01/24 15:54:52 fetching corpus: 1360, signal 136849/157235 (executing program) 2023/01/24 15:54:52 fetching corpus: 1410, signal 138095/158801 (executing program) 2023/01/24 15:54:52 fetching corpus: 1460, signal 139849/160728 (executing program) 2023/01/24 15:54:52 fetching corpus: 1510, signal 141525/162576 (executing program) 2023/01/24 15:54:52 fetching corpus: 1560, signal 142689/164094 (executing program) 2023/01/24 15:54:53 fetching corpus: 1608, signal 144061/165665 (executing program) 2023/01/24 15:54:53 fetching corpus: 1657, signal 145338/167184 (executing program) 2023/01/24 15:54:53 fetching corpus: 1707, signal 146685/168645 (executing program) 2023/01/24 15:54:53 fetching corpus: 1757, signal 148237/170234 (executing program) 2023/01/24 15:54:53 fetching corpus: 1807, signal 149433/171626 (executing program) 2023/01/24 15:54:53 fetching corpus: 1857, signal 150964/173169 (executing program) 2023/01/24 15:54:53 fetching corpus: 1907, signal 152968/174994 (executing program) 2023/01/24 15:54:53 fetching corpus: 1957, signal 154053/176198 (executing program) 2023/01/24 15:54:54 fetching corpus: 2006, signal 155275/177458 (executing program) 2023/01/24 15:54:54 fetching corpus: 2056, signal 156529/178719 (executing program) 2023/01/24 15:54:54 fetching corpus: 2105, signal 157593/179876 (executing program) 2023/01/24 15:54:54 fetching corpus: 2155, signal 158203/180752 (executing program) 2023/01/24 15:54:54 fetching corpus: 2205, signal 159035/181742 (executing program) 2023/01/24 15:54:54 fetching corpus: 2255, signal 160117/182850 (executing program) 2023/01/24 15:54:54 fetching corpus: 2305, signal 160777/183693 (executing program) 2023/01/24 15:54:54 fetching corpus: 2354, signal 161781/184717 (executing program) 2023/01/24 15:54:55 fetching corpus: 2404, signal 163291/185951 (executing program) 2023/01/24 15:54:55 fetching corpus: 2454, signal 164298/186959 (executing program) 2023/01/24 15:54:55 fetching corpus: 2504, signal 165638/188083 (executing program) 2023/01/24 15:54:55 fetching corpus: 2553, signal 166359/188886 (executing program) 2023/01/24 15:54:55 fetching corpus: 2602, signal 167775/189993 (executing program) 2023/01/24 15:54:55 fetching corpus: 2652, signal 168865/190921 (executing program) 2023/01/24 15:54:55 fetching corpus: 2702, signal 169974/191835 (executing program) 2023/01/24 15:54:56 fetching corpus: 2752, signal 170870/192616 (executing program) 2023/01/24 15:54:56 fetching corpus: 2801, signal 171808/193476 (executing program) 2023/01/24 15:54:56 fetching corpus: 2851, signal 172744/194279 (executing program) 2023/01/24 15:54:56 fetching corpus: 2900, signal 173730/195037 (executing program) 2023/01/24 15:54:56 fetching corpus: 2950, signal 174621/195785 (executing program) 2023/01/24 15:54:56 fetching corpus: 2999, signal 175730/196584 (executing program) 2023/01/24 15:54:56 fetching corpus: 3049, signal 176507/197199 (executing program) 2023/01/24 15:54:56 fetching corpus: 3099, signal 177203/197831 (executing program) 2023/01/24 15:54:57 fetching corpus: 3149, signal 178491/198683 (executing program) 2023/01/24 15:54:57 fetching corpus: 3199, signal 179447/199360 (executing program) 2023/01/24 15:54:57 fetching corpus: 3249, signal 180293/199981 (executing program) 2023/01/24 15:54:57 fetching corpus: 3299, signal 180914/200487 (executing program) 2023/01/24 15:54:57 fetching corpus: 3348, signal 181609/201035 (executing program) 2023/01/24 15:54:57 fetching corpus: 3398, signal 182380/201589 (executing program) 2023/01/24 15:54:57 fetching corpus: 3447, signal 183433/202216 (executing program) 2023/01/24 15:54:58 fetching corpus: 3495, signal 184100/202715 (executing program) 2023/01/24 15:54:58 fetching corpus: 3544, signal 184843/203196 (executing program) 2023/01/24 15:54:58 fetching corpus: 3594, signal 185487/203631 (executing program) 2023/01/24 15:54:58 fetching corpus: 3644, signal 186177/204099 (executing program) 2023/01/24 15:54:58 fetching corpus: 3694, signal 186801/204567 (executing program) 2023/01/24 15:54:58 fetching corpus: 3744, signal 187379/204999 (executing program) 2023/01/24 15:54:58 fetching corpus: 3794, signal 188141/205424 (executing program) 2023/01/24 15:54:58 fetching corpus: 3841, signal 188881/205879 (executing program) 2023/01/24 15:54:58 fetching corpus: 3891, signal 189444/206250 (executing program) 2023/01/24 15:54:59 fetching corpus: 3941, signal 189874/206582 (executing program) 2023/01/24 15:54:59 fetching corpus: 3987, signal 190440/206939 (executing program) 2023/01/24 15:54:59 fetching corpus: 4037, signal 190992/207273 (executing program) 2023/01/24 15:54:59 fetching corpus: 4087, signal 191648/207623 (executing program) 2023/01/24 15:54:59 fetching corpus: 4137, signal 192481/207972 (executing program) 2023/01/24 15:54:59 fetching corpus: 4187, signal 193292/208291 (executing program) 2023/01/24 15:54:59 fetching corpus: 4236, signal 193664/208523 (executing program) 2023/01/24 15:54:59 fetching corpus: 4286, signal 194151/208829 (executing program) 2023/01/24 15:55:00 fetching corpus: 4335, signal 194978/209126 (executing program) 2023/01/24 15:55:00 fetching corpus: 4385, signal 195607/209391 (executing program) 2023/01/24 15:55:00 fetching corpus: 4435, signal 196375/209668 (executing program) 2023/01/24 15:55:00 fetching corpus: 4485, signal 196828/209867 (executing program) 2023/01/24 15:55:00 fetching corpus: 4535, signal 197314/210075 (executing program) 2023/01/24 15:55:00 fetching corpus: 4585, signal 197897/210281 (executing program) 2023/01/24 15:55:00 fetching corpus: 4635, signal 198597/210487 (executing program) 2023/01/24 15:55:00 fetching corpus: 4685, signal 199138/210665 (executing program) 2023/01/24 15:55:00 fetching corpus: 4735, signal 199576/210832 (executing program) 2023/01/24 15:55:01 fetching corpus: 4785, signal 200202/210995 (executing program) 2023/01/24 15:55:01 fetching corpus: 4835, signal 200840/211157 (executing program) 2023/01/24 15:55:01 fetching corpus: 4885, signal 201263/211282 (executing program) 2023/01/24 15:55:01 fetching corpus: 4935, signal 202066/211466 (executing program) 2023/01/24 15:55:01 fetching corpus: 4985, signal 202733/211606 (executing program) 2023/01/24 15:55:01 fetching corpus: 5035, signal 203325/211717 (executing program) 2023/01/24 15:55:01 fetching corpus: 5083, signal 203850/211834 (executing program) 2023/01/24 15:55:02 fetching corpus: 5133, signal 204338/211918 (executing program) 2023/01/24 15:55:02 fetching corpus: 5182, signal 204692/211997 (executing program) 2023/01/24 15:55:02 fetching corpus: 5230, signal 204976/212004 (executing program) 2023/01/24 15:55:02 fetching corpus: 5280, signal 206424/212004 (executing program) 2023/01/24 15:55:02 fetching corpus: 5328, signal 206911/212004 (executing program) 2023/01/24 15:55:02 fetching corpus: 5377, signal 207326/212145 (executing program) 2023/01/24 15:55:02 fetching corpus: 5426, signal 208130/212163 (executing program) 2023/01/24 15:55:02 fetching corpus: 5476, signal 208846/212163 (executing program) 2023/01/24 15:55:03 fetching corpus: 5516, signal 209174/212223 (executing program) 2023/01/24 15:55:03 fetching corpus: 5516, signal 209174/212223 (executing program) 2023/01/24 15:55:05 starting 8 fuzzer processes 15:55:05 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x7a, &(0x7f0000000140)={@local, @random="1715377a9ee0", @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "519a7c", 0x44, 0x2f, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}}, 0x0) 15:55:05 executing program 3: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) close(r0) 15:55:05 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f0000000000), 0x8) 15:55:05 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x6) getsockopt$sock_linger(r0, 0x1, 0xd, 0x0, &(0x7f0000000a80)=0xffffff7f) 15:55:05 executing program 4: getgroups(0x2, &(0x7f0000000140)=[0x0, 0xee00]) setresgid(r0, 0x0, 0x0) syz_mount_image$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r1, 0x0) r2 = getgid() r3 = getgid() r4 = getgid() setresgid(r2, r3, r4) setfsgid(0x0) 15:55:05 executing program 5: futex(&(0x7f0000000000), 0x8, 0x0, &(0x7f0000000040)={0x77359400}, 0x0, 0x0) [ 77.501205] audit: type=1400 audit(1674575705.513:6): avc: denied { execmem } for pid=261 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 15:55:05 executing program 7: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) msgrcv(0x0, 0x0, 0x0, 0x0, 0x0) 15:55:05 executing program 6: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f000000a940)=[{&(0x7f0000000180)=ANY=[@ANYBLOB="280000002800010000000000000000004c0000000100000011000a04728d20"], 0x28}], 0x1}, 0x0) [ 78.753010] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 78.754677] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 78.756121] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 78.756965] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 78.761197] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 78.763868] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 78.765423] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 78.766847] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 78.769045] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 78.788391] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 78.789882] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 78.801668] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 78.811976] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 78.813461] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 78.813610] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 78.815459] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 78.816936] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 78.817016] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 78.819089] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 78.824665] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 78.829018] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 78.842876] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 78.846965] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 78.847764] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 78.853476] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 78.855033] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 78.855289] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 78.858769] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 78.860799] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 78.863123] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 78.866299] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 78.866462] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 78.870520] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 78.877768] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 78.880804] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 78.881608] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 78.883433] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 78.884352] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 78.889200] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 78.912892] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 78.916443] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 78.917639] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 78.962452] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 78.970522] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 78.981493] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 78.989881] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 79.025169] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 79.030193] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 80.886148] Bluetooth: hci1: command 0x0409 tx timeout [ 80.886162] Bluetooth: hci2: command 0x0409 tx timeout [ 80.886487] Bluetooth: hci0: command 0x0409 tx timeout [ 80.950054] Bluetooth: hci7: command 0x0409 tx timeout [ 80.950592] Bluetooth: hci6: command 0x0409 tx timeout [ 80.951628] Bluetooth: hci5: command 0x0409 tx timeout [ 80.952129] Bluetooth: hci4: command 0x0409 tx timeout [ 81.077809] Bluetooth: hci3: command 0x0409 tx timeout [ 82.933812] Bluetooth: hci0: command 0x041b tx timeout [ 82.934752] Bluetooth: hci1: command 0x041b tx timeout [ 82.935178] Bluetooth: hci2: command 0x041b tx timeout [ 82.997843] Bluetooth: hci4: command 0x041b tx timeout [ 82.998261] Bluetooth: hci5: command 0x041b tx timeout [ 82.998625] Bluetooth: hci6: command 0x041b tx timeout [ 82.999048] Bluetooth: hci7: command 0x041b tx timeout [ 83.125801] Bluetooth: hci3: command 0x041b tx timeout [ 84.981798] Bluetooth: hci2: command 0x040f tx timeout [ 84.982245] Bluetooth: hci1: command 0x040f tx timeout [ 84.982620] Bluetooth: hci0: command 0x040f tx timeout [ 85.045840] Bluetooth: hci7: command 0x040f tx timeout [ 85.046260] Bluetooth: hci6: command 0x040f tx timeout [ 85.046643] Bluetooth: hci5: command 0x040f tx timeout [ 85.047081] Bluetooth: hci4: command 0x040f tx timeout [ 85.173815] Bluetooth: hci3: command 0x040f tx timeout [ 87.029875] Bluetooth: hci0: command 0x0419 tx timeout [ 87.030762] Bluetooth: hci1: command 0x0419 tx timeout [ 87.031538] Bluetooth: hci2: command 0x0419 tx timeout [ 87.094150] Bluetooth: hci4: command 0x0419 tx timeout [ 87.094994] Bluetooth: hci5: command 0x0419 tx timeout [ 87.096023] Bluetooth: hci6: command 0x0419 tx timeout [ 87.096817] Bluetooth: hci7: command 0x0419 tx timeout [ 87.221829] Bluetooth: hci3: command 0x0419 tx timeout [ 135.710604] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 135.711564] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 135.713209] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 135.844114] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 135.845084] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 135.846133] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 137.096485] audit: type=1400 audit(1674575765.109:7): avc: denied { open } for pid=3659 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 137.097912] audit: type=1400 audit(1674575765.109:8): avc: denied { kernel } for pid=3659 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 137.847721] [ 137.847904] ====================================================== [ 137.848389] WARNING: possible circular locking dependency detected [ 137.848814] 6.2.0-rc5-next-20230123 #1 Not tainted [ 137.849142] ------------------------------------------------------ [ 137.853079] syz-executor.7/272 is trying to acquire lock: [ 137.853458] ffff88801627e130 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_conn_del+0x11c/0x2c0 [ 137.854170] [ 137.854170] but task is already holding lock: [ 137.854583] ffffffff85beaf28 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xcb/0x230 [ 137.855209] [ 137.855209] which lock already depends on the new lock. [ 137.855209] [ 137.855852] [ 137.855852] the existing dependency chain (in reverse order) is: [ 137.856379] [ 137.856379] -> #2 (hci_cb_list_lock){+.+.}-{3:3}: [ 137.856818] __mutex_lock+0x136/0x14c0 [ 137.857130] hci_remote_features_evt+0x45a/0x950 [ 137.857492] hci_event_packet+0x91d/0xf60 [ 137.857804] hci_rx_work+0xa86/0x1110 [ 137.858099] process_one_work+0xa0f/0x16d0 [ 137.858426] worker_thread+0x63b/0x1260 [ 137.858738] kthread+0x2f1/0x3a0 [ 137.859003] ret_from_fork+0x2c/0x50 [ 137.859289] [ 137.859289] -> #1 (&hdev->lock){+.+.}-{3:3}: [ 137.859745] __mutex_lock+0x136/0x14c0 [ 137.860129] sco_sock_connect+0x1e8/0xa60 [ 137.860544] __sys_connect_file+0x159/0x1a0 [ 137.860960] __sys_connect+0x169/0x1a0 [ 137.861476] __x64_sys_connect+0x73/0xb0 [ 137.862062] do_syscall_64+0x3f/0x90 [ 137.862604] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 137.863321] [ 137.863321] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}: [ 137.864276] __lock_acquire+0x2a52/0x5e90 [ 137.864886] lock_acquire.part.0+0x120/0x340 [ 137.865511] lock_sock_nested+0x41/0xf0 [ 137.866087] sco_conn_del+0x11c/0x2c0 [ 137.866635] sco_disconn_cfm+0x66/0x80 [ 137.867208] hci_conn_hash_flush+0x11d/0x230 [ 137.867836] hci_dev_close_sync+0x57f/0xff0 [ 137.868468] hci_unregister_dev+0x15e/0x410 [ 137.869075] vhci_release+0x80/0x100 [ 137.869432] __fput+0x263/0xa40 [ 137.869758] task_work_run+0x174/0x280 [ 137.870132] do_exit+0xada/0x2780 [ 137.870456] do_group_exit+0xd4/0x2a0 [ 137.870815] get_signal+0x2255/0x2390 [ 137.871191] arch_do_signal_or_restart+0x79/0x5a0 [ 137.871635] exit_to_user_mode_prepare+0xf5/0x190 [ 137.872079] syscall_exit_to_user_mode+0x1d/0x50 [ 137.872461] do_syscall_64+0x4c/0x90 [ 137.872746] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 137.873128] [ 137.873128] other info that might help us debug this: [ 137.873128] [ 137.873674] Chain exists of: [ 137.873674] sk_lock-AF_BLUETOOTH-BTPROTO_SCO --> &hdev->lock --> hci_cb_list_lock [ 137.873674] [ 137.874644] Possible unsafe locking scenario: [ 137.874644] [ 137.875110] CPU0 CPU1 [ 137.875414] ---- ---- [ 137.875714] lock(hci_cb_list_lock); [ 137.875975] lock(&hdev->lock); [ 137.876366] lock(hci_cb_list_lock); [ 137.876769] lock(sk_lock-AF_BLUETOOTH-BTPROTO_SCO); [ 137.877111] [ 137.877111] *** DEADLOCK *** [ 137.877111] [ 137.877566] 3 locks held by syz-executor.7/272: [ 137.877958] #0: ffff88800fd85028 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x156/0x410 [ 137.878709] #1: ffff88800fd84078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x2e4/0xff0 [ 137.879435] #2: ffffffff85beaf28 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xcb/0x230 [ 137.880231] [ 137.880231] stack backtrace: [ 137.880593] CPU: 0 PID: 272 Comm: syz-executor.7 Not tainted 6.2.0-rc5-next-20230123 #1 [ 137.881148] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 137.881708] Call Trace: [ 137.881898] [ 137.882065] dump_stack_lvl+0x8f/0xb7 [ 137.882355] check_noncircular+0x263/0x2e0 [ 137.882662] ? __pfx_check_noncircular+0x10/0x10 [ 137.883003] ? __pfx_mark_lock.part.0+0x10/0x10 [ 137.883350] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 137.883680] __lock_acquire+0x2a52/0x5e90 [ 137.883991] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 137.884378] ? __pfx___lock_acquire+0x10/0x10 [ 137.884709] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 137.885101] lock_acquire.part.0+0x120/0x340 [ 137.885424] ? sco_conn_del+0x11c/0x2c0 [ 137.885722] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 137.886078] ? sco_conn_del+0x11c/0x2c0 [ 137.886369] ? rcu_read_lock_sched_held+0x42/0x80 [ 137.886720] ? trace_lock_acquire+0x16c/0x1c0 [ 137.887043] ? __pfx_lock_release+0x10/0x10 [ 137.887362] ? sco_conn_del+0x11c/0x2c0 [ 137.887658] ? lock_acquire+0x32/0xc0 [ 137.887941] ? sco_conn_del+0x11c/0x2c0 [ 137.888239] lock_sock_nested+0x41/0xf0 [ 137.888532] ? sco_conn_del+0x11c/0x2c0 [ 137.888826] sco_conn_del+0x11c/0x2c0 [ 137.889113] ? __pfx_sco_disconn_cfm+0x10/0x10 [ 137.889460] sco_disconn_cfm+0x66/0x80 [ 137.889754] hci_conn_hash_flush+0x11d/0x230 [ 137.890079] hci_dev_close_sync+0x57f/0xff0 [ 137.890395] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 137.890763] ? up_write+0x1b0/0x520 [ 137.890997] ? __pfx_vhci_release+0x10/0x10 [ 137.891265] hci_unregister_dev+0x15e/0x410 [ 137.891574] vhci_release+0x80/0x100 [ 137.891830] __fput+0x263/0xa40 [ 137.892069] task_work_run+0x174/0x280 [ 137.892351] ? __pfx_task_work_run+0x10/0x10 [ 137.892649] ? switch_task_namespaces+0xb1/0xd0 [ 137.892966] ? kmem_cache_free+0xff/0x510 [ 137.893257] do_exit+0xada/0x2780 [ 137.893491] ? find_held_lock+0x2c/0x110 [ 137.893768] ? lock_release+0x3b6/0x760 [ 137.894042] ? get_signal+0x8a1/0x2390 [ 137.894307] ? __pfx_do_exit+0x10/0x10 [ 137.894572] ? lock_is_held_type+0xdb/0x130 [ 137.894868] do_group_exit+0xd4/0x2a0 [ 137.895127] get_signal+0x2255/0x2390 [ 137.895393] ? __pfx_get_signal+0x10/0x10 [ 137.895672] ? __schedule+0xbb8/0x2b20 [ 137.895942] arch_do_signal_or_restart+0x79/0x5a0 [ 137.896260] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 137.896625] ? blkcg_maybe_throttle_current+0x2e7/0xcd0 [ 137.896986] ? lock_is_held_type+0xdb/0x130 [ 137.897280] exit_to_user_mode_prepare+0xf5/0x190 [ 137.897601] syscall_exit_to_user_mode+0x1d/0x50 [ 137.897923] do_syscall_64+0x4c/0x90 [ 137.898174] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 137.898531] RIP: 0033:0x7f441d0778ac [ 137.898780] Code: Unable to access opcode bytes at 0x7f441d077882. [ 137.899178] RSP: 002b:00007ffdf494d370 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 137.899696] RAX: 000000000000002c RBX: 00007f441e110320 RCX: 00007f441d0778ac [ 137.900123] RDX: 000000000000002c RSI: 00007f441e110370 RDI: 0000000000000003 [ 137.900570] RBP: 0000000000000000 R08: 00007ffdf494d3c4 R09: 000000000000000c [ 137.901057] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 137.901547] R13: 00007f441e110370 R14: 0000000000000003 R15: 0000000000000000 [ 137.902044] 15:56:06 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f0000000000), 0x8) [ 138.161418] syz-executor.5 (274) used greatest stack depth: 23960 bytes left 15:56:06 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f0000000000), 0x8) 15:56:07 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f0000000000), 0x8) [ 139.957739] Bluetooth: hci2: command 0x0405 tx timeout 15:56:08 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f0000000000), 0x8) 15:56:09 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f0000000000), 0x8) 15:56:10 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r0, &(0x7f0000000000), 0x8) [ 142.453754] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 142.518725] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 142.581842] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 142.645727] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 142.645735] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 142.645890] Bluetooth: hci5: Opcode 0x c03 failed: -110 [ 142.648100] Bluetooth: hci4: Opcode 0x c03 failed: -110 15:56:11 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x4) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000040)=0x1f, 0x4) 15:56:11 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x4) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000040)=0x1f, 0x4) [ 144.698684] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 144.700083] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 144.702364] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 144.704620] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 144.706515] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 144.710350] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 146.741772] Bluetooth: hci0: command 0x0409 tx timeout [ 146.869776] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 146.934727] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 147.061723] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 147.061746] Bluetooth: hci7: Opcode 0x c03 failed: -110 [ 147.061857] Bluetooth: hci4: Opcode 0x c03 failed: -110 [ 147.062617] Bluetooth: hci5: Opcode 0x c03 failed: -110 VM DIAGNOSIS: 15:56:06 Registers: info registers vcpu 0 RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff824846a5 RDI=ffffffff87dedca0 RBP=ffffffff87dedc60 RSP=ffff88801f1170d8 R8 =0000000000000001 R9 =000000000000000a R10=000000000000002d R11=0000000000000001 R12=000000000000002d R13=ffffffff87dedc60 R14=0000000000000010 R15=ffffffff82484690 RIP=ffffffff824846fd RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe2b56b8b000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe2b56b89000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f3d79d698b0 CR3=000000000dd82000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffff000000000000 XMM02=ffffff0f0e0d0c0b0a09080706050403 XMM03=696e656420737365636341002f737973 XMM04=0000000000313d45544154535f4c4c49 XMM05=494b465200347968703d454d414e5f4c XMM06=5359534255530032316c6c696b66722f XMM07=6d697377682f6d697377685f31313230 XMM08=7269762f736563697665642f7379732f XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000080000000 RBX=ffff88803da1a298 RCX=ffffffff81742bf7 RDX=ffff888015a50000 RSI=0000000000000000 RDI=0000000000000007 RBP=800000003d9f6163 RSP=ffff88800692f938 R8 =0000000000000007 R9 =0000000000000000 R10=800000003d9f6103 R11=0000000000000001 R12=ffffc90011278000 R13=800000003d9f6103 R14=ffff888008769448 R15=ffffc90011253000 RIP=ffffffff8149791b RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0dbc992000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0dbc990000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fbccb0a96f4 CR3=000000000e904000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00ff0000000000000000000000000000 XMM01=00010000000000000000000000000000 XMM02=7463656a6e695f31313230385f7a7973 XMM03=00007fab9f6c47c800007fab9f6c47c0 XMM04=ffffffffffffffffffffffff00000000 XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000