================================================
WARNING: lock held when returning to user space!
6.18.0-rc7-next-20251128 #1 Not tainted
------------------------------------------------
syz-executor.3/5022 is leaving the kernel with locks still held!
1 lock held by syz-executor.3/5022:
 #0: ffff88800b5ea348 (&sb->s_type->i_mutex_key#24/1){+.+.}-{4:4}, at: start_creating_noperm+0x84/0xd0
program syz-executor.3 is using a deprecated SCSI ioctl, please convert it to SG_IO
program syz-executor.3 is using a deprecated SCSI ioctl, please convert it to SG_IO
loop1: detected capacity change from 0 to 4
EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
EXT4-fs (loop1): unsupported descriptor size 13120
loop1: detected capacity change from 0 to 4
EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
EXT4-fs (loop1): unsupported descriptor size 13120
Invalid ELF header magic: != ELF
Invalid ELF header magic: != ELF
Invalid ELF header magic: != ELF
Invalid ELF header magic: != ELF
audit: type=1326 audit(1764557000.016:174): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=5010 comm="syz-executor.7" exe="/syz-executor.7" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fba23b4ab19 code=0x0
Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
Bluetooth: hci2: command tx timeout
Bluetooth: hci2: Opcode 0x0c1a failed: -110
Bluetooth: hci2: Error when powering off device on rfkill (-110)