Warning: Permanently added '[localhost]:46383' (ECDSA) to the list of known hosts.
2022/10/06 10:52:16 fuzzer started
2022/10/06 10:52:16 dialing manager at localhost:37161
syzkaller login: [   35.472494] cgroup: Unknown subsys name 'net'
[   35.583909] cgroup: Unknown subsys name 'rlimit'
2022/10/06 10:52:30 syscalls: 2215
2022/10/06 10:52:30 code coverage: enabled
2022/10/06 10:52:30 comparison tracing: enabled
2022/10/06 10:52:30 extra coverage: enabled
2022/10/06 10:52:30 setuid sandbox: enabled
2022/10/06 10:52:30 namespace sandbox: enabled
2022/10/06 10:52:30 Android sandbox: enabled
2022/10/06 10:52:30 fault injection: enabled
2022/10/06 10:52:30 leak checking: enabled
2022/10/06 10:52:30 net packet injection: enabled
2022/10/06 10:52:30 net device setup: enabled
2022/10/06 10:52:30 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2022/10/06 10:52:30 devlink PCI setup: PCI device 0000:00:10.0 is not available
2022/10/06 10:52:30 USB emulation: enabled
2022/10/06 10:52:30 hci packet injection: enabled
2022/10/06 10:52:30 wifi device emulation: failed to parse kernel version (6.0.0-next-20221006                                              )
2022/10/06 10:52:30 802.15.4 emulation: enabled
2022/10/06 10:52:30 fetching corpus: 0, signal 0/2000 (executing program)
2022/10/06 10:52:30 fetching corpus: 47, signal 26872/29321 (executing program)
2022/10/06 10:52:30 fetching corpus: 97, signal 35868/38743 (executing program)
2022/10/06 10:52:31 fetching corpus: 147, signal 42788/45850 (executing program)
2022/10/06 10:52:31 fetching corpus: 196, signal 47387/50529 (executing program)
2022/10/06 10:52:31 fetching corpus: 246, signal 51348/54458 (executing program)
2022/10/06 10:52:31 fetching corpus: 296, signal 57667/60106 (executing program)
2022/10/06 10:52:31 fetching corpus: 346, signal 62634/64321 (executing program)
2022/10/06 10:52:31 fetching corpus: 396, signal 67446/68104 (executing program)
2022/10/06 10:52:31 fetching corpus: 432, signal 69069/69334 (executing program)
2022/10/06 10:52:31 fetching corpus: 432, signal 69069/69358 (executing program)
2022/10/06 10:52:31 fetching corpus: 432, signal 69069/69394 (executing program)
2022/10/06 10:52:31 fetching corpus: 432, signal 69069/69419 (executing program)
2022/10/06 10:52:31 fetching corpus: 432, signal 69069/69442 (executing program)
2022/10/06 10:52:31 fetching corpus: 432, signal 69069/69475 (executing program)
2022/10/06 10:52:31 fetching corpus: 432, signal 69069/69496 (executing program)
2022/10/06 10:52:31 fetching corpus: 432, signal 69069/69518 (executing program)
2022/10/06 10:52:31 fetching corpus: 432, signal 69069/69534 (executing program)
2022/10/06 10:52:31 fetching corpus: 432, signal 69069/69558 (executing program)
2022/10/06 10:52:31 fetching corpus: 432, signal 69069/69586 (executing program)
2022/10/06 10:52:31 fetching corpus: 432, signal 69069/69610 (executing program)
2022/10/06 10:52:31 fetching corpus: 432, signal 69069/69635 (executing program)
2022/10/06 10:52:31 fetching corpus: 432, signal 69069/69657 (executing program)
2022/10/06 10:52:31 fetching corpus: 432, signal 69069/69674 (executing program)
2022/10/06 10:52:31 fetching corpus: 432, signal 69069/69693 (executing program)
2022/10/06 10:52:31 fetching corpus: 432, signal 69069/69713 (executing program)
2022/10/06 10:52:31 fetching corpus: 432, signal 69069/69736 (executing program)
2022/10/06 10:52:32 fetching corpus: 432, signal 69069/69763 (executing program)
2022/10/06 10:52:32 fetching corpus: 432, signal 69069/69796 (executing program)
2022/10/06 10:52:32 fetching corpus: 432, signal 69069/69820 (executing program)
2022/10/06 10:52:32 fetching corpus: 432, signal 69069/69851 (executing program)
2022/10/06 10:52:32 fetching corpus: 432, signal 69069/69882 (executing program)
2022/10/06 10:52:32 fetching corpus: 432, signal 69069/69912 (executing program)
2022/10/06 10:52:32 fetching corpus: 432, signal 69069/69938 (executing program)
2022/10/06 10:52:32 fetching corpus: 432, signal 69069/69965 (executing program)
2022/10/06 10:52:32 fetching corpus: 432, signal 69069/69965 (executing program)
2022/10/06 10:52:34 starting 8 fuzzer processes
10:52:34 executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x40, 0x1, 0x2, 0x101, 0x0, 0x0, {0x2}, [@CTA_EXPECT_MASTER={0x2c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @local}}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x40}}, 0x0)

10:52:34 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='mpol=tnterleave=static:15-4', @ANYRESOCT=0x0])

10:52:34 executing program 2:
r0 = epoll_create(0x4)
r1 = epoll_create(0x4)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000380))
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f00000000c0)={0x80000004})

10:52:34 executing program 0:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000200)={0x77359400}, 0x10)

10:52:34 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0)
fcntl$setlease(r0, 0x400, 0x0)
openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
unlink(&(0x7f0000000080)='./file0\x00')

10:52:34 executing program 4:
unshare(0x34060a80)

10:52:34 executing program 6:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x4156, 0x4)
sendmmsg$inet(r0, &(0x7f0000002a00)=[{{&(0x7f0000000000)={0x2, 0x4e21}, 0x10, 0x0}}], 0x1, 0x0)
recvmmsg(r0, &(0x7f0000002480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=""/203, 0xcb}}], 0x1, 0x40012000, 0x0)

10:52:34 executing program 7:
syz_mount_image$nfs4(0x0, 0x0, 0x0, 0x1, &(0x7f0000000500)=[{0x0}], 0x0, 0x0)

[   52.682128] audit: type=1400 audit(1665053554.328:6): avc:  denied  { execmem } for  pid=284 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   53.876729] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   53.878816] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   53.881014] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   53.883243] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   53.884971] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   53.888231] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   53.889569] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   53.891400] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   53.891509] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   53.892576] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   53.893842] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   53.897596] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   53.898740] Bluetooth: hci2: HCI_REQ-0x0c1a
[   53.918934] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   53.920503] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   53.928452] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   53.930690] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   53.932556] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   53.937242] Bluetooth: hci1: HCI_REQ-0x0c1a
[   53.947227] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   53.949442] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   53.951224] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   53.955582] Bluetooth: hci0: HCI_REQ-0x0c1a
[   53.956148] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   53.965471] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   53.993062] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   53.995889] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   53.997315] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   54.002030] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   54.004558] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[   54.006056] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   54.011733] Bluetooth: hci7: HCI_REQ-0x0c1a
[   54.020545] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   54.022551] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   54.024724] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   54.029959] Bluetooth: hci3: HCI_REQ-0x0c1a
[   54.052698] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   54.058034] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   54.063590] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   54.072710] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   54.077683] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   54.078303] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   54.080650] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   54.086143] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   54.091495] Bluetooth: hci4: HCI_REQ-0x0c1a
[   54.123740] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   54.135582] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[   54.139904] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   54.158722] Bluetooth: hci6: HCI_REQ-0x0c1a
[   55.953753] Bluetooth: hci1: command 0x0409 tx timeout
[   55.954417] Bluetooth: hci2: command 0x0409 tx timeout
[   56.017400] Bluetooth: hci5: Opcode 0x c03 failed: -110
[   56.017410] Bluetooth: hci0: command 0x0409 tx timeout
[   56.081661] Bluetooth: hci3: command 0x0409 tx timeout
[   56.081692] Bluetooth: hci7: command 0x0409 tx timeout
[   56.146418] Bluetooth: hci4: command 0x0409 tx timeout
[   56.209405] Bluetooth: hci6: command 0x0409 tx timeout
[   58.002829] Bluetooth: hci2: command 0x041b tx timeout
[   58.002867] Bluetooth: hci1: command 0x041b tx timeout
[   58.066392] Bluetooth: hci0: command 0x041b tx timeout
[   58.129466] Bluetooth: hci7: command 0x041b tx timeout
[   58.130488] Bluetooth: hci3: command 0x041b tx timeout
[   58.195259] Bluetooth: hci4: command 0x041b tx timeout
[   58.257400] Bluetooth: hci6: command 0x041b tx timeout
[   58.736933] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   58.738952] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   58.740714] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   58.747616] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   58.748783] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   58.749483] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   58.761388] Bluetooth: hci5: HCI_REQ-0x0c1a
[   60.049514] Bluetooth: hci2: command 0x040f tx timeout
[   60.049625] Bluetooth: hci1: command 0x040f tx timeout
[   60.113540] Bluetooth: hci0: command 0x040f tx timeout
[   60.177522] Bluetooth: hci3: command 0x040f tx timeout
[   60.177566] Bluetooth: hci7: command 0x040f tx timeout
[   60.241645] Bluetooth: hci4: command 0x040f tx timeout
[   60.305477] Bluetooth: hci6: command 0x040f tx timeout
[   60.817532] Bluetooth: hci5: command 0x0409 tx timeout
[   62.097568] Bluetooth: hci1: command 0x0419 tx timeout
[   62.097596] Bluetooth: hci2: command 0x0419 tx timeout
[   62.161411] Bluetooth: hci0: command 0x0419 tx timeout
[   62.225420] Bluetooth: hci3: command 0x0419 tx timeout
[   62.226154] Bluetooth: hci7: command 0x0419 tx timeout
[   62.289423] Bluetooth: hci4: command 0x0419 tx timeout
[   62.353412] Bluetooth: hci6: command 0x0419 tx timeout
[   62.865415] Bluetooth: hci5: command 0x041b tx timeout
[   64.914440] Bluetooth: hci5: command 0x040f tx timeout
[   66.962425] Bluetooth: hci5: command 0x0419 tx timeout
[  110.518298] audit: type=1400 audit(1665053612.164:7): avc:  denied  { open } for  pid=3686 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  110.520648] audit: type=1400 audit(1665053612.164:8): avc:  denied  { kernel } for  pid=3686 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
10:53:32 executing program 0:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000200)={0x77359400}, 0x10)

10:53:32 executing program 2:
r0 = epoll_create(0x4)
r1 = epoll_create(0x4)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000380))
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f00000000c0)={0x80000004})

10:53:32 executing program 0:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000200)={0x77359400}, 0x10)

10:53:32 executing program 2:
r0 = epoll_create(0x4)
r1 = epoll_create(0x4)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000380))
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f00000000c0)={0x80000004})

10:53:32 executing program 0:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000200)={0x77359400}, 0x10)

[  110.924984] ------------[ cut here ]------------
[  110.925014] 
[  110.925018] ======================================================
[  110.925021] WARNING: possible circular locking dependency detected
[  110.925025] 6.0.0-next-20221006 #1 Not tainted
[  110.925032] ------------------------------------------------------
[  110.925035] syz-executor.0/3721 is trying to acquire lock:
[  110.925041] ffffffff853fac98 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70
[  110.925083] 
[  110.925083] but task is already holding lock:
[  110.925086] ffff88800d68d020 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  110.925113] 
[  110.925113] which lock already depends on the new lock.
[  110.925113] 
[  110.925116] 
[  110.925116] the existing dependency chain (in reverse order) is:
[  110.925119] 
[  110.925119] -> #3 (&ctx->lock){....}-{2:2}:
[  110.925133]        _raw_spin_lock+0x2a/0x40
[  110.925145]        __perf_event_task_sched_out+0x53b/0x18d0
[  110.925157]        __schedule+0xedd/0x2470
[  110.925172]        schedule+0xda/0x1b0
[  110.925187]        exit_to_user_mode_prepare+0x114/0x1a0
[  110.925199]        syscall_exit_to_user_mode+0x19/0x40
[  110.925213]        do_syscall_64+0x48/0x90
[  110.925223]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  110.925237] 
[  110.925237] -> #2 (&rq->__lock){-.-.}-{2:2}:
[  110.925251]        _raw_spin_lock_nested+0x30/0x40
[  110.925263]        raw_spin_rq_lock_nested+0x1e/0x30
[  110.925276]        task_fork_fair+0x63/0x4d0
[  110.925293]        sched_cgroup_fork+0x3d0/0x540
[  110.925307]        copy_process+0x4183/0x6e20
[  110.925321]        kernel_clone+0xe7/0x890
[  110.925330]        user_mode_thread+0xad/0xf0
[  110.925340]        rest_init+0x24/0x250
[  110.925353]        arch_call_rest_init+0xf/0x14
[  110.925365]        start_kernel+0x4c6/0x4eb
[  110.925375]        secondary_startup_64_no_verify+0xe0/0xeb
[  110.925389] 
[  110.925389] -> #1 (&p->pi_lock){-.-.}-{2:2}:
[  110.925402]        _raw_spin_lock_irqsave+0x39/0x60
[  110.925414]        try_to_wake_up+0xab/0x1930
[  110.925428]        up+0x75/0xb0
[  110.925443]        __up_console_sem+0x6e/0x80
[  110.925459]        console_unlock+0x46a/0x590
[  110.925475]        do_con_write+0xc05/0x1d50
[  110.925487]        con_write+0x21/0x40
[  110.925497]        n_tty_write+0x4d4/0xfe0
[  110.925510]        file_tty_write.constprop.0+0x455/0x8a0
[  110.925522]        vfs_write+0x9c3/0xd90
[  110.925539]        ksys_write+0x127/0x250
[  110.925554]        do_syscall_64+0x3b/0x90
[  110.925564]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  110.925577] 
[  110.925577] -> #0 ((console_sem).lock){....}-{2:2}:
[  110.925591]        __lock_acquire+0x2a02/0x5e70
[  110.925608]        lock_acquire+0x1a2/0x530
[  110.925624]        _raw_spin_lock_irqsave+0x39/0x60
[  110.925636]        down_trylock+0xe/0x70
[  110.925652]        __down_trylock_console_sem+0x3b/0xd0
[  110.925668]        vprintk_emit+0x16b/0x560
[  110.925683]        vprintk+0x84/0xa0
[  110.925699]        _printk+0xba/0xf1
[  110.925712]        report_bug.cold+0x72/0xab
[  110.925721]        handle_bug+0x3c/0x70
[  110.925731]        exc_invalid_op+0x14/0x50
[  110.925741]        asm_exc_invalid_op+0x16/0x20
[  110.925754]        group_sched_out.part.0+0x2c7/0x460
[  110.925772]        ctx_sched_out+0x8f1/0xc10
[  110.925789]        __perf_event_task_sched_out+0x6d0/0x18d0
[  110.925800]        __schedule+0xedd/0x2470
[  110.925815]        schedule+0xda/0x1b0
[  110.925829]        futex_wait_queue+0xf5/0x1e0
[  110.925841]        futex_wait+0x28e/0x690
[  110.925851]        do_futex+0x2ff/0x380
[  110.925860]        __x64_sys_futex+0x1c6/0x4d0
[  110.925870]        do_syscall_64+0x3b/0x90
[  110.925880]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  110.925894] 
[  110.925894] other info that might help us debug this:
[  110.925894] 
[  110.925896] Chain exists of:
[  110.925896]   (console_sem).lock --> &rq->__lock --> &ctx->lock
[  110.925896] 
[  110.925911]  Possible unsafe locking scenario:
[  110.925911] 
[  110.925913]        CPU0                    CPU1
[  110.925915]        ----                    ----
[  110.925918]   lock(&ctx->lock);
[  110.925923]                                lock(&rq->__lock);
[  110.925929]                                lock(&ctx->lock);
[  110.925935]   lock((console_sem).lock);
[  110.925941] 
[  110.925941]  *** DEADLOCK ***
[  110.925941] 
[  110.925943] 2 locks held by syz-executor.0/3721:
[  110.925949]  #0: ffff88806ce37e98 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470
[  110.925980]  #1: ffff88800d68d020 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  110.926006] 
[  110.926006] stack backtrace:
[  110.926009] CPU: 0 PID: 3721 Comm: syz-executor.0 Not tainted 6.0.0-next-20221006 #1
[  110.926021] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  110.926028] Call Trace:
[  110.926031]  <TASK>
[  110.926035]  dump_stack_lvl+0x8b/0xb3
[  110.926048]  check_noncircular+0x263/0x2e0
[  110.926064]  ? format_decode+0x26c/0xb50
[  110.926082]  ? print_circular_bug+0x450/0x450
[  110.926099]  ? simple_strtoul+0x30/0x30
[  110.926116]  ? format_decode+0x26c/0xb50
[  110.926135]  ? alloc_chain_hlocks+0x1ec/0x5a0
[  110.926153]  __lock_acquire+0x2a02/0x5e70
[  110.926177]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  110.926201]  lock_acquire+0x1a2/0x530
[  110.926217]  ? down_trylock+0xe/0x70
[  110.926236]  ? lock_release+0x750/0x750
[  110.926258]  ? vprintk+0x84/0xa0
[  110.926276]  _raw_spin_lock_irqsave+0x39/0x60
[  110.926289]  ? down_trylock+0xe/0x70
[  110.926306]  down_trylock+0xe/0x70
[  110.926323]  ? vprintk+0x84/0xa0
[  110.926340]  __down_trylock_console_sem+0x3b/0xd0
[  110.926357]  vprintk_emit+0x16b/0x560
[  110.926377]  vprintk+0x84/0xa0
[  110.926394]  _printk+0xba/0xf1
[  110.926407]  ? record_print_text.cold+0x16/0x16
[  110.926425]  ? report_bug.cold+0x66/0xab
[  110.926436]  ? group_sched_out.part.0+0x2c7/0x460
[  110.926455]  report_bug.cold+0x72/0xab
[  110.926467]  handle_bug+0x3c/0x70
[  110.926478]  exc_invalid_op+0x14/0x50
[  110.926490]  asm_exc_invalid_op+0x16/0x20
[  110.926504] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  110.926525] Code: 5e 41 5f e9 5b a5 ef ff e8 56 a5 ef ff 65 8b 1d 1b fe ab 7e 31 ff 89 de e8 f6 a1 ef ff 85 db 0f 84 8a 00 00 00 e8 39 a5 ef ff <0f> 0b e9 a5 fe ff ff e8 2d a5 ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  110.926537] RSP: 0018:ffff88801893f8f8 EFLAGS: 00010006
[  110.926546] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  110.926553] RDX: ffff88803efb9ac0 RSI: ffffffff815677b7 RDI: 0000000000000005
[  110.926561] RBP: ffff8880086605c8 R08: 0000000000000005 R09: 0000000000000001
[  110.926568] R10: 0000000000000000 R11: ffffffff865b601b R12: ffff88800d68d000
[  110.926576] R13: ffff88806ce3d2c0 R14: ffffffff8547d200 R15: 0000000000000002
[  110.926588]  ? group_sched_out.part.0+0x2c7/0x460
[  110.926608]  ? group_sched_out.part.0+0x2c7/0x460
[  110.926628]  ctx_sched_out+0x8f1/0xc10
[  110.926649]  __perf_event_task_sched_out+0x6d0/0x18d0
[  110.926664]  ? lock_is_held_type+0xd7/0x130
[  110.926679]  ? __perf_cgroup_move+0x160/0x160
[  110.926690]  ? set_next_entity+0x304/0x550
[  110.926710]  ? lock_is_held_type+0xd7/0x130
[  110.926726]  __schedule+0xedd/0x2470
[  110.926745]  ? io_schedule_timeout+0x150/0x150
[  110.926762]  ? futex_wait_setup+0x166/0x230
[  110.926778]  schedule+0xda/0x1b0
[  110.926794]  futex_wait_queue+0xf5/0x1e0
[  110.926807]  futex_wait+0x28e/0x690
[  110.926820]  ? futex_wait_setup+0x230/0x230
[  110.926834]  ? wake_up_q+0x8b/0xf0
[  110.926847]  ? do_raw_spin_unlock+0x4f/0x220
[  110.926867]  ? futex_wake+0x158/0x490
[  110.926885]  ? fd_install+0x1f9/0x640
[  110.926901]  do_futex+0x2ff/0x380
[  110.926913]  ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0
[  110.926927]  ? __up_read+0x192/0x730
[  110.926943]  __x64_sys_futex+0x1c6/0x4d0
[  110.926957]  ? __x64_sys_futex_time32+0x480/0x480
[  110.926970]  ? syscall_enter_from_user_mode+0x1d/0x50
[  110.926986]  ? syscall_enter_from_user_mode+0x1d/0x50
[  110.927004]  do_syscall_64+0x3b/0x90
[  110.927015]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  110.927029] RIP: 0033:0x7f9ef748bb19
[  110.927037] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  110.927048] RSP: 002b:00007f9ef4a01218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  110.927059] RAX: ffffffffffffffda RBX: 00007f9ef759ef68 RCX: 00007f9ef748bb19
[  110.927067] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f9ef759ef68
[  110.927074] RBP: 00007f9ef759ef60 R08: 0000000000000000 R09: 0000000000000000
[  110.927081] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9ef759ef6c
[  110.927088] R13: 00007ffccbc933af R14: 00007f9ef4a01300 R15: 0000000000022000
[  110.927102]  </TASK>
[  110.981746] WARNING: CPU: 0 PID: 3721 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460
[  110.982314] Modules linked in:
[  110.982517] CPU: 0 PID: 3721 Comm: syz-executor.0 Not tainted 6.0.0-next-20221006 #1
[  110.982978] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  110.983466] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  110.983806] Code: 5e 41 5f e9 5b a5 ef ff e8 56 a5 ef ff 65 8b 1d 1b fe ab 7e 31 ff 89 de e8 f6 a1 ef ff 85 db 0f 84 8a 00 00 00 e8 39 a5 ef ff <0f> 0b e9 a5 fe ff ff e8 2d a5 ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  110.984886] RSP: 0018:ffff88801893f8f8 EFLAGS: 00010006
[  110.985206] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  110.985634] RDX: ffff88803efb9ac0 RSI: ffffffff815677b7 RDI: 0000000000000005
[  110.986060] RBP: ffff8880086605c8 R08: 0000000000000005 R09: 0000000000000001
[  110.986483] R10: 0000000000000000 R11: ffffffff865b601b R12: ffff88800d68d000
[  110.986914] R13: ffff88806ce3d2c0 R14: ffffffff8547d200 R15: 0000000000000002
[  110.987345] FS:  00007f9ef4a01700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
[  110.987819] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  110.988171] CR2: 00007f9ef759f018 CR3: 000000003e812000 CR4: 0000000000350ef0
[  110.988594] Call Trace:
[  110.988754]  <TASK>
[  110.988901]  ctx_sched_out+0x8f1/0xc10
[  110.989153]  __perf_event_task_sched_out+0x6d0/0x18d0
[  110.989467]  ? lock_is_held_type+0xd7/0x130
[  110.989736]  ? __perf_cgroup_move+0x160/0x160
[  110.990009]  ? set_next_entity+0x304/0x550
[  110.990277]  ? lock_is_held_type+0xd7/0x130
[  110.990543]  __schedule+0xedd/0x2470
[  110.990783]  ? io_schedule_timeout+0x150/0x150
[  110.991068]  ? futex_wait_setup+0x166/0x230
[  110.991336]  schedule+0xda/0x1b0
[  110.991554]  futex_wait_queue+0xf5/0x1e0
[  110.991805]  futex_wait+0x28e/0x690
[  110.992033]  ? futex_wait_setup+0x230/0x230
[  110.992311]  ? wake_up_q+0x8b/0xf0
[  110.992536]  ? do_raw_spin_unlock+0x4f/0x220
[  110.992823]  ? futex_wake+0x158/0x490
[  110.993070]  ? fd_install+0x1f9/0x640
[  110.993314]  do_futex+0x2ff/0x380
[  110.993535]  ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0
[  110.993889]  ? __up_read+0x192/0x730
[  110.994130]  __x64_sys_futex+0x1c6/0x4d0
[  110.994385]  ? __x64_sys_futex_time32+0x480/0x480
[  110.994684]  ? syscall_enter_from_user_mode+0x1d/0x50
[  110.995002]  ? syscall_enter_from_user_mode+0x1d/0x50
[  110.995323]  do_syscall_64+0x3b/0x90
[  110.995558]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  110.995883] RIP: 0033:0x7f9ef748bb19
[  110.996121] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  110.997197] RSP: 002b:00007f9ef4a01218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  110.997655] RAX: ffffffffffffffda RBX: 00007f9ef759ef68 RCX: 00007f9ef748bb19
[  110.998081] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f9ef759ef68
[  110.998512] RBP: 00007f9ef759ef60 R08: 0000000000000000 R09: 0000000000000000
[  110.998941] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9ef759ef6c
[  110.999370] R13: 00007ffccbc933af R14: 00007f9ef4a01300 R15: 0000000000022000
[  110.999806]  </TASK>
[  110.999957] irq event stamp: 240
[  111.000171] hardirqs last  enabled at (239): [<ffffffff8425a8ad>] syscall_enter_from_user_mode+0x1d/0x50
[  111.000736] hardirqs last disabled at (240): [<ffffffff84263bb5>] __schedule+0x1225/0x2470
[  111.001234] softirqs last  enabled at (40): [<ffffffff81170a0b>] __irq_exit_rcu+0x11b/0x180
[  111.001741] softirqs last disabled at (35): [<ffffffff81170a0b>] __irq_exit_rcu+0x11b/0x180
[  111.002242] ---[ end trace 0000000000000000 ]---
10:53:32 executing program 2:
r0 = epoll_create(0x4)
r1 = epoll_create(0x4)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000380))
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f00000000c0)={0x80000004})

10:53:32 executing program 2:
r0 = epoll_create(0x4)
r1 = epoll_create(0x4)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000380))
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f00000000c0)={0x80000004})

10:53:32 executing program 2:
r0 = epoll_create(0x4)
r1 = epoll_create(0x4)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000380))
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f00000000c0)={0x80000004})

[  117.009472] Bluetooth: hci0: Opcode 0x c03 failed: -110
[  117.073364] Bluetooth: hci2: Opcode 0x c03 failed: -110
[  117.073445] Bluetooth: hci7: Opcode 0x c03 failed: -110
[  119.195088] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  119.197420] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  119.199967] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  119.202135] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  119.203845] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  119.205036] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  119.208189] Bluetooth: hci0: HCI_REQ-0x0c1a

VM DIAGNOSIS:
10:53:32  Registers:
info registers vcpu 0
RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=ffffffff823c077c RDI=ffffffff8765c9e0 RBP=ffffffff8765c9a0 RSP=ffff88801893f2e8
R8 =0000000000000004 R9 =0000000000000010 R10=0000000000000010 R11=0000000000000001
R12=0000000000002710 R13=0000000000000020 R14=fffffbfff0ecb98c R15=dffffc0000000000
RIP=ffffffff823c07d1 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f9ef4a01700 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f9ef759f018 CR3=000000003e812000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f9ef75727c000007f9ef75727c8
XMM02=00007f9ef75727e000007f9ef75727c0 XMM03=00007f9ef75727c800007f9ef75727c0
XMM04=ffffffffffffffffffffffff00000000 XMM05=00000000000000000000000000000000
XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000
XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000000 RBX=ffff88806ce3f080 RCX=0000000000000000 RDX=ffff8880187dd040
RSI=ffffffff813bcb87 RDI=0000000000000005 RBP=0000000000000000 RSP=ffff88803ef4f950
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001
R12=0000000000000003 R13=ffffed100d9c7e11 R14=ffff88806ce3f088 R15=0000000000000001
RIP=ffffffff81461d27 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 00000000 00000000
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000555556896400 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f9ef759481c CR3=000000003e812000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f9ef75727c000007f9ef75727c8
XMM02=00007f9ef75727e000007f9ef75727c0 XMM03=00007f9ef75727c800007f9ef75727c0
XMM04=ffffffffffffffffffffffff00000000 XMM05=00000000000000000000000000000000
XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000
XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000