Warning: Permanently added '[localhost]:7050' (ECDSA) to the list of known hosts.
2022/10/04 12:49:52 fuzzer started
2022/10/04 12:49:52 dialing manager at localhost:35095
syzkaller login: [   44.807844] cgroup: Unknown subsys name 'net'
[   44.930982] cgroup: Unknown subsys name 'rlimit'
2022/10/04 12:50:06 syscalls: 2215
2022/10/04 12:50:06 code coverage: enabled
2022/10/04 12:50:06 comparison tracing: enabled
2022/10/04 12:50:06 extra coverage: enabled
2022/10/04 12:50:06 setuid sandbox: enabled
2022/10/04 12:50:06 namespace sandbox: enabled
2022/10/04 12:50:06 Android sandbox: enabled
2022/10/04 12:50:06 fault injection: enabled
2022/10/04 12:50:06 leak checking: enabled
2022/10/04 12:50:06 net packet injection: enabled
2022/10/04 12:50:06 net device setup: enabled
2022/10/04 12:50:06 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2022/10/04 12:50:06 devlink PCI setup: PCI device 0000:00:10.0 is not available
2022/10/04 12:50:06 USB emulation: enabled
2022/10/04 12:50:06 hci packet injection: enabled
2022/10/04 12:50:06 wifi device emulation: failed to parse kernel version (6.0.0-rc7-next-20220930                                          )
2022/10/04 12:50:06 802.15.4 emulation: enabled
2022/10/04 12:50:06 fetching corpus: 50, signal 21278/23128 (executing program)
2022/10/04 12:50:06 fetching corpus: 100, signal 35037/38585 (executing program)
2022/10/04 12:50:06 fetching corpus: 150, signal 44145/49288 (executing program)
2022/10/04 12:50:06 fetching corpus: 200, signal 47575/54372 (executing program)
2022/10/04 12:50:07 fetching corpus: 250, signal 51704/60068 (executing program)
2022/10/04 12:50:07 fetching corpus: 300, signal 55625/65554 (executing program)
2022/10/04 12:50:07 fetching corpus: 350, signal 60273/71642 (executing program)
2022/10/04 12:50:07 fetching corpus: 400, signal 64103/76902 (executing program)
2022/10/04 12:50:07 fetching corpus: 450, signal 67017/81253 (executing program)
2022/10/04 12:50:07 fetching corpus: 500, signal 71415/86904 (executing program)
2022/10/04 12:50:07 fetching corpus: 550, signal 73703/90572 (executing program)
2022/10/04 12:50:07 fetching corpus: 600, signal 76161/94366 (executing program)
2022/10/04 12:50:07 fetching corpus: 650, signal 80986/100357 (executing program)
2022/10/04 12:50:07 fetching corpus: 700, signal 83300/103984 (executing program)
2022/10/04 12:50:08 fetching corpus: 750, signal 86676/108468 (executing program)
2022/10/04 12:50:08 fetching corpus: 800, signal 88752/111810 (executing program)
2022/10/04 12:50:08 fetching corpus: 850, signal 90574/114871 (executing program)
2022/10/04 12:50:08 fetching corpus: 900, signal 92358/117899 (executing program)
2022/10/04 12:50:08 fetching corpus: 950, signal 94036/120804 (executing program)
2022/10/04 12:50:08 fetching corpus: 1000, signal 95631/123638 (executing program)
2022/10/04 12:50:08 fetching corpus: 1050, signal 97883/127022 (executing program)
2022/10/04 12:50:08 fetching corpus: 1100, signal 100126/130366 (executing program)
2022/10/04 12:50:08 fetching corpus: 1150, signal 101666/133079 (executing program)
2022/10/04 12:50:08 fetching corpus: 1200, signal 103414/135951 (executing program)
2022/10/04 12:50:08 fetching corpus: 1250, signal 105840/139324 (executing program)
2022/10/04 12:50:09 fetching corpus: 1300, signal 107481/141988 (executing program)
2022/10/04 12:50:09 fetching corpus: 1350, signal 109124/144671 (executing program)
2022/10/04 12:50:09 fetching corpus: 1400, signal 110999/147623 (executing program)
2022/10/04 12:50:09 fetching corpus: 1450, signal 112912/150472 (executing program)
2022/10/04 12:50:09 fetching corpus: 1500, signal 114989/153443 (executing program)
2022/10/04 12:50:09 fetching corpus: 1550, signal 117480/156736 (executing program)
2022/10/04 12:50:09 fetching corpus: 1600, signal 118591/158904 (executing program)
2022/10/04 12:50:09 fetching corpus: 1650, signal 120133/161345 (executing program)
2022/10/04 12:50:09 fetching corpus: 1700, signal 122045/164119 (executing program)
2022/10/04 12:50:09 fetching corpus: 1750, signal 124248/167092 (executing program)
2022/10/04 12:50:09 fetching corpus: 1800, signal 126485/170059 (executing program)
2022/10/04 12:50:10 fetching corpus: 1850, signal 128144/172545 (executing program)
2022/10/04 12:50:10 fetching corpus: 1900, signal 130241/175367 (executing program)
2022/10/04 12:50:10 fetching corpus: 1950, signal 131927/177870 (executing program)
2022/10/04 12:50:10 fetching corpus: 2000, signal 134930/181257 (executing program)
2022/10/04 12:50:10 fetching corpus: 2050, signal 137570/184412 (executing program)
2022/10/04 12:50:10 fetching corpus: 2100, signal 139483/186948 (executing program)
2022/10/04 12:50:10 fetching corpus: 2150, signal 141342/189422 (executing program)
2022/10/04 12:50:10 fetching corpus: 2200, signal 143102/191824 (executing program)
2022/10/04 12:50:10 fetching corpus: 2250, signal 143789/193397 (executing program)
2022/10/04 12:50:11 fetching corpus: 2300, signal 144298/194832 (executing program)
2022/10/04 12:50:11 fetching corpus: 2350, signal 144734/196196 (executing program)
2022/10/04 12:50:11 fetching corpus: 2400, signal 146067/198179 (executing program)
2022/10/04 12:50:11 fetching corpus: 2450, signal 148215/200735 (executing program)
2022/10/04 12:50:11 fetching corpus: 2500, signal 150412/203235 (executing program)
2022/10/04 12:50:11 fetching corpus: 2550, signal 151605/205107 (executing program)
2022/10/04 12:50:11 fetching corpus: 2600, signal 153392/207397 (executing program)
2022/10/04 12:50:11 fetching corpus: 2650, signal 155234/209726 (executing program)
2022/10/04 12:50:11 fetching corpus: 2700, signal 157014/211946 (executing program)
2022/10/04 12:50:11 fetching corpus: 2750, signal 157908/213555 (executing program)
2022/10/04 12:50:12 fetching corpus: 2800, signal 158858/215209 (executing program)
2022/10/04 12:50:12 fetching corpus: 2850, signal 159765/216798 (executing program)
2022/10/04 12:50:12 fetching corpus: 2900, signal 160338/218128 (executing program)
2022/10/04 12:50:12 fetching corpus: 2950, signal 161288/219711 (executing program)
2022/10/04 12:50:12 fetching corpus: 3000, signal 162338/221324 (executing program)
2022/10/04 12:50:12 fetching corpus: 3050, signal 163065/222794 (executing program)
2022/10/04 12:50:12 fetching corpus: 3100, signal 163763/224184 (executing program)
2022/10/04 12:50:12 fetching corpus: 3150, signal 164773/225758 (executing program)
2022/10/04 12:50:12 fetching corpus: 3200, signal 165881/227475 (executing program)
2022/10/04 12:50:12 fetching corpus: 3250, signal 166957/229135 (executing program)
2022/10/04 12:50:12 fetching corpus: 3300, signal 168177/230849 (executing program)
2022/10/04 12:50:13 fetching corpus: 3350, signal 168739/232152 (executing program)
2022/10/04 12:50:13 fetching corpus: 3400, signal 169446/233540 (executing program)
2022/10/04 12:50:13 fetching corpus: 3450, signal 170422/235031 (executing program)
2022/10/04 12:50:13 fetching corpus: 3500, signal 171205/236447 (executing program)
2022/10/04 12:50:13 fetching corpus: 3550, signal 172043/237858 (executing program)
2022/10/04 12:50:13 fetching corpus: 3600, signal 173451/239626 (executing program)
2022/10/04 12:50:13 fetching corpus: 3650, signal 174109/240922 (executing program)
2022/10/04 12:50:13 fetching corpus: 3700, signal 174614/242136 (executing program)
2022/10/04 12:50:13 fetching corpus: 3750, signal 175914/243833 (executing program)
2022/10/04 12:50:13 fetching corpus: 3800, signal 176667/245157 (executing program)
2022/10/04 12:50:13 fetching corpus: 3850, signal 177316/246390 (executing program)
2022/10/04 12:50:14 fetching corpus: 3900, signal 178170/247678 (executing program)
2022/10/04 12:50:14 fetching corpus: 3950, signal 178938/248973 (executing program)
2022/10/04 12:50:14 fetching corpus: 4000, signal 179894/250326 (executing program)
2022/10/04 12:50:14 fetching corpus: 4050, signal 180467/251492 (executing program)
2022/10/04 12:50:14 fetching corpus: 4100, signal 181095/252680 (executing program)
2022/10/04 12:50:14 fetching corpus: 4150, signal 181680/253784 (executing program)
2022/10/04 12:50:14 fetching corpus: 4200, signal 182204/254906 (executing program)
2022/10/04 12:50:14 fetching corpus: 4250, signal 183558/256424 (executing program)
2022/10/04 12:50:14 fetching corpus: 4300, signal 183901/257415 (executing program)
2022/10/04 12:50:14 fetching corpus: 4350, signal 184588/258597 (executing program)
2022/10/04 12:50:14 fetching corpus: 4400, signal 185435/259797 (executing program)
2022/10/04 12:50:15 fetching corpus: 4450, signal 186315/261138 (executing program)
2022/10/04 12:50:15 fetching corpus: 4500, signal 186842/262192 (executing program)
2022/10/04 12:50:15 fetching corpus: 4550, signal 187802/263448 (executing program)
2022/10/04 12:50:15 fetching corpus: 4600, signal 188529/264569 (executing program)
2022/10/04 12:50:15 fetching corpus: 4650, signal 188780/265529 (executing program)
2022/10/04 12:50:15 fetching corpus: 4700, signal 189458/266632 (executing program)
2022/10/04 12:50:15 fetching corpus: 4750, signal 190034/267679 (executing program)
2022/10/04 12:50:15 fetching corpus: 4800, signal 190761/268770 (executing program)
2022/10/04 12:50:15 fetching corpus: 4850, signal 191426/269888 (executing program)
2022/10/04 12:50:15 fetching corpus: 4900, signal 192506/271131 (executing program)
2022/10/04 12:50:16 fetching corpus: 4950, signal 193763/272415 (executing program)
2022/10/04 12:50:16 fetching corpus: 5000, signal 194641/273593 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/274411 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/275218 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/275975 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/276729 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/277483 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/278283 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/279062 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/279840 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/280628 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/281426 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/282235 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/283036 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/283799 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/284616 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/285422 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/286252 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/287020 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/287807 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/288639 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/289445 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/290225 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/291020 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/291841 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/292626 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/293450 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/294242 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/295025 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/295815 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/296616 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/297348 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/298119 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/298899 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/299700 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/300484 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/301271 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/302090 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/302842 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/303624 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/304462 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/305246 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/306028 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/306820 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/307648 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/308428 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/309208 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/310006 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/310772 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/311610 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/312388 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/313133 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/313934 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/314690 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/315475 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/316234 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/317073 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/317872 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/318674 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/319479 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/319818 (executing program)
2022/10/04 12:50:16 fetching corpus: 5015, signal 194826/319818 (executing program)
2022/10/04 12:50:18 starting 8 fuzzer processes
12:50:18 executing program 0:
sendmsg$NFNL_MSG_CTHELPER_NEW(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, 0x0, 0x9, 0x401, 0x0, 0x0, {0x0, 0x0, 0x1}, [@NFCTH_TUPLE={0xc, 0x2, [@CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8800}, 0x41)
sendmsg$NL802154_CMD_GET_WPAN_PHY(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x20, 0x0, 0x400, 0x70bd27, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x400}, 0x6001)
r0 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$IEEE802154_ADD_IFACE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x28, r0, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0x1}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4000)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x34, 0x3, 0x6, 0x101, 0x0, 0x0, {0xa, 0x0, 0x9}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x34}}, 0x854)
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000440), 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x30, 0x0, 0x100, 0x70bd2b, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8}, @MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x7}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4040001}, 0x80)
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000003500)=[{{&(0x7f0000000580)=@abs, 0x6e, &(0x7f0000000700)=[{&(0x7f0000000600)=""/30, 0x1e}, {&(0x7f0000000640)=""/185, 0xb9}], 0x2, &(0x7f0000000740)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, <r1=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [<r2=>0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x78}}, {{&(0x7f00000007c0)=@abs, 0x6e, &(0x7f0000001b00)=[{&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f0000001840)=""/6, 0x6}, {&(0x7f0000001880)=""/210, 0xd2}, {&(0x7f0000001980)=""/35, 0x23}, {&(0x7f00000019c0)=""/166, 0xa6}, {&(0x7f0000001a80)=""/11, 0xb}, {&(0x7f0000001ac0)=""/39, 0x27}], 0x7, &(0x7f0000001b80)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {<r3=>0x0}}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [<r4=>0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x108}}, {{&(0x7f0000001cc0), 0x6e, &(0x7f0000001f00)=[{&(0x7f0000001d40)=""/199, 0xc7}, {&(0x7f0000001e40)=""/135, 0x87}], 0x2, &(0x7f0000001f40)=[@rights={{0x34, 0x1, 0x1, [<r5=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, <r6=>0xffffffffffffffff, 0xffffffffffffffff, <r7=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x78}}, {{&(0x7f0000001fc0)=@abs, 0x6e, &(0x7f0000003440)=[{&(0x7f0000002040)=""/246, 0xf6}, {&(0x7f0000002140)=""/23, 0x17}, {&(0x7f0000002180)=""/246, 0xf6}, {&(0x7f0000002280)=""/235, 0xeb}, {&(0x7f0000002380)=""/184, 0xb8}, {&(0x7f0000002440)=""/4096, 0x1000}], 0x6, &(0x7f00000034c0)=[@cred={{0x1c}}, @cred={{0x1c}}], 0x40}}], 0x4, 0x0, &(0x7f0000003600)={0x0, 0x989680})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000003b00)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000003ac0)={&(0x7f0000003640)={0x46c, 0x3e, 0x400, 0x70bd2b, 0x25dfdbfc, {0x16}, [@generic="bd240ee650e410d4099416f804c9d5de854863f91d61fe7f4e29fda72743f958b135ecb7430d061530e48f9806c4404a88b01b4c9d51a93281fae8386453d44f0cc5b20e5aca2a5cfe63a1f71d029a95d048129f0394b4a3db93dbe2f8a0e27e578563198805beb38923590c377d04f98690615cf5118d40354446a7c6ec4c30a0134eb213f6c44bea3378e3d8c1114944976797894bb59bbf0a6e23eaf9453c07efdea9577fe4ba9aa18ac6e43a0355500e0cac73637698679193ed01139a18bdf5b2c57511494c", @nested={0x252, 0x6c, 0x0, 0x1, [@typed={0x8, 0x8c, 0x0, 0x0, @pid}, @generic="45c2a3cdb78b1e7dcb6074c88943ebcc3ab6332aad54a87de400690b83b832bceb5667f5a8fd0c61f9d62f2e414a25565d8d0e9078d284acb09e366535c636fe87bda2f0a5eaf91fd4bf12316917b8086e94d0e0ff09b6bbc403829aa9736b418ae4dc4085f69cdd32a86ecdc1cb2057c41d1addce6df6f663c7379b5d09f402", @typed={0x8, 0x5c, 0x0, 0x0, @pid=r3}, @typed={0xc, 0x8a, 0x0, 0x0, @u64=0x7f}, @typed={0x8, 0xb, 0x0, 0x0, @uid=0xee00}, @generic="4423b7acf36aae6cbaaabec5308c20a5498c1c804bd8a656a3b12af07d3d3bf382e9c1ef30ee945e257e138981873180b8bc31081831ced74f534cf897b479b757d11c19a6977750c701260b368be6da07a8a92deee66284effb2d9d1621a66ced20966841cc357f55f0eb8caaaf144974c6a4e947b52692e856e251044172df4f4281470cc56f161fb192f782545f4eb69c523167ae35b7dd4083853b69cf1d0d56bb8e8113534c4db8bf7103fdb35e9038a7", @generic="abc0e8b74439800e032c33b13945dc7553625b7d87825b973d9bc9cb9abb14681fecae907b0e34d37ba91e8ac1085b5f3eb260131517d0048b4d30ed351b4466d11421bf47895b34911cc237229effc571a02ddfcaa4c0751c5378b93501f9469de32937a1eefefd4d26a5f11fe5adf14937d36dbc5d3f89efbc39458c8ea6bc0c112a86f3dc12c472", @generic="ef5bb66cda4bbb4fbd587c50e735a3ae3812c2a3a4d94a9d31554c80b13d3794b639a6c06b0f348d3193d2dc58a4f4abc2870e2cc6545414031cf5c1671cb8089685e9506ce256ecd97dfb77adb36a341ec1cd03624d48c81f60b94e74b613d3b62fffd5a52c1aa5781fe2445dd2"]}, @nested={0x18, 0x73, 0x0, 0x1, [@typed={0x11, 0x3c, 0x0, 0x0, @str='802.15.4 MAC\x00'}]}, @nested={0x121, 0x68, 0x0, 0x1, [@generic="a17fb0cf1cf83f7f23cfd74a8e294e436d983614954041cfd0f868f9c8cdc9fed1ef98bb45cc7b3aeea9b335a4aa4250db5747cffc260b4d437bd362ad1b79283c630ac1ce0d8cd4f76f82b3ed6d11559e25222fd240854e9cf8b1bf19f12e7254a501b9f9ad11857270cf58bd3017e81eb18bd85f22db36bde4d64c3cc3acb802c6f7757e1c032b595b5a2b7c71105f84086362e16c26faca531502124c170e", @generic="afd00ecfdb8db59bf375a28becd3679e84a326421fd8e910aeb7b727bc35a3e47132742f0485864dc4594454294e6fd356eba0287b5ebd01a5156159942747428e4089b14bf3eae05906d084170cde6bb56c64aa2dfc9b5db1e29e0fc152c04b75406f2360eade1999432a217b52337633237b47f51c75003ef9c4e12c"]}]}, 0x46c}, 0x1, 0x0, 0x0, 0x14}, 0x20000050)
sendmsg$NL802154_CMD_SET_TX_POWER(0xffffffffffffffff, &(0x7f0000003c00)={&(0x7f0000003b40)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000003bc0)={&(0x7f0000003b80)={0x2c, 0x0, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_TX_POWER={0x8, 0xb, 0xfe0000}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000090}, 0x0)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r8, 0x8933, &(0x7f0000003c40)={'wpan4\x00'})
syz_genetlink_get_family_id$nl802154(&(0x7f0000003c80), r8)
ioctl$LOOP_CHANGE_FD(r4, 0x4c06, r5)
close_range(r2, r7, 0x0)
r9 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000003d00), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_ADD_DEV(r8, &(0x7f0000003dc0)={&(0x7f0000003cc0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000003d80)={&(0x7f0000003d40)={0x40, r9, 0x20, 0x70bd29, 0x25dfdbfd, {}, [@IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xfffd}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5, 0x36, 0x1}, @IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0xfffff7cf}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}]}, 0x40}, 0x1, 0x0, 0x0, 0x5}, 0x4800)
r10 = syz_genetlink_get_family_id$devlink(&(0x7f0000003e40), r6)
sendmsg$DEVLINK_CMD_RATE_DEL(r1, &(0x7f0000003f40)={&(0x7f0000003e00)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000003f00)={&(0x7f0000003e80)={0x60, r10, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @handle=@pci={{0x8}, {0x11}}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x8000}, 0x804)
sendmsg$NLBL_UNLABEL_C_STATICADD(r8, &(0x7f0000004080)={&(0x7f0000003f80)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000004040)={&(0x7f0000003fc0)={0x6c, 0x0, 0x300, 0x70bd2a, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @rand_addr=0x64010100}, @NLBL_UNLABEL_A_SECCTX={0x24, 0x7, 'system_u:object_r:apm_bios_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @rand_addr=0x64010102}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @private=0xa010101}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth0\x00'}, @NLBL_UNLABEL_A_ACPTFLG={0x5}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4000010}, 0x80)
ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f511, &(0x7f0000004100))

12:50:18 executing program 1:
prctl$PR_GET_DUMPABLE(0x3)
prctl$PR_GET_DUMPABLE(0x3)
prctl$PR_GET_DUMPABLE(0x3)
prctl$PR_GET_DUMPABLE(0x3)
prctl$PR_GET_DUMPABLE(0x3)
prctl$PR_GET_DUMPABLE(0x3)
prctl$PR_GET_DUMPABLE(0x3)
prctl$PR_GET_DUMPABLE(0x3)
prctl$PR_GET_DUMPABLE(0x3)
prctl$PR_GET_DUMPABLE(0x3)
prctl$PR_GET_DUMPABLE(0x3)
prctl$PR_GET_DUMPABLE(0x3)
prctl$PR_GET_DUMPABLE(0x3)
prctl$PR_GET_DUMPABLE(0x3)
prctl$PR_GET_DUMPABLE(0x3)
prctl$PR_GET_DUMPABLE(0x3)
prctl$PR_GET_DUMPABLE(0x3)
prctl$PR_GET_DUMPABLE(0x3)
prctl$PR_GET_DUMPABLE(0x3)
prctl$PR_GET_DUMPABLE(0x3)

12:50:18 executing program 2:
ioctl$EVIOCGABS3F(0xffffffffffffffff, 0x8018457f, &(0x7f0000000000)=""/238)
r0 = inotify_init()
ioctl$FS_IOC_READ_VERITY_METADATA(r0, 0xc0286687, &(0x7f0000000180)={0x2, 0x77, 0x57, &(0x7f0000000100)=""/87})
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/bus/mdio_bus', 0x400000, 0x1c)
ioctl$AUTOFS_DEV_IOCTL_READY(r1, 0xc0189376, &(0x7f0000000200)={{0x1, 0x1, 0x18, <r2=>r0, {0x3}}, './file0\x00'})
inotify_add_watch(r2, &(0x7f0000000240)='./file0\x00', 0x80)
ioctl$INOTIFY_IOC_SETNEXTWD(0xffffffffffffffff, 0x40044900, 0x6)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r1, 0xc018937d, &(0x7f0000000280)={{0x1, 0x1, 0x18, <r3=>r2, {0x1}}, './file0\x00'})
ioctl$EVIOCSABS2F(r3, 0x401845ef, &(0x7f00000002c0)={0x7, 0x0, 0xd95b, 0x10001, 0x4, 0x81})
inotify_add_watch(r3, &(0x7f0000000300)='./file1\x00', 0x4000000)
ioctl$EVIOCSABS2F(r1, 0x401845ef, &(0x7f0000000340)={0xffffffe1, 0x5, 0x726b43cb, 0x0, 0x1, 0x93f3})
ioctl$F2FS_IOC_GARBAGE_COLLECT(r1, 0x4004f506, &(0x7f0000000380))
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r1, 0xc400941d, &(0x7f00000003c0)={0x0, 0x7, 0x4})
r4 = signalfd4(r1, &(0x7f00000007c0)={[0x101]}, 0x8, 0x80800)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r4, &(0x7f0000000900)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x64, 0x0, 0x2, 0x70bd2c, 0x25dfdbfe, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x7f}, {0x6, 0x16, 0xffff}, {0x5}, {0x6, 0x11, 0x1000}, {0x8, 0xb, 0x1}}]}, 0x64}, 0x1, 0x0, 0x0, 0x80}, 0x15)
chmod(&(0x7f0000000940)='./file1\x00', 0x82)
ioctl$EVIOCSABS0(r4, 0x401845c0, &(0x7f0000000980)={0x1, 0x7, 0xa8da, 0x741, 0x5, 0xd7})
chmod(&(0x7f00000009c0)='./file0/file0\x00', 0x102)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000a00), 0x2400, 0x0)
ioctl$BTRFS_IOC_BALANCE(0xffffffffffffffff, 0x5000940c, 0x0)

12:50:18 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x8)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r1=>r0, {0x8, 0x2a6b}}, './file0\x00'})
r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0xff, 0x2, 0x20, 0x4, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, @perf_config_ext={0xffffffff, 0x100000000}, 0x11c02, 0xffffffff, 0x6, 0x3, 0xc9, 0x5, 0xffff, 0x0, 0x401, 0x0, 0x3}, 0x0, 0x8, r1, 0x4)
fsetxattr$security_selinux(r1, &(0x7f0000000100), &(0x7f0000000140)='system_u:object_r:hald_keymap_exec_t:s0\x00', 0x28, 0x3)
fcntl$dupfd(r0, 0x406, r1)
r3 = perf_event_open(&(0x7f0000000180)={0x3, 0x80, 0x2, 0x6, 0x80, 0xbd, 0x0, 0x1ff, 0x4, 0xd, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x2, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x6, 0x0, @perf_config_ext={0x0, 0x2}, 0x800, 0x6, 0x1, 0x2, 0x6, 0x4, 0x1, 0x0, 0x3}, 0x0, 0x2, r2, 0x9)
r4 = fork()
r5 = syz_open_procfs(r4, &(0x7f0000000200)='net/vlan/vlan0\x00')
dup(r1)
r6 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000240), 0x395a80, 0x0)
ioctl$TIOCSCTTY(r6, 0x540e, 0xff)
mkdirat$cgroup(r3, &(0x7f0000000280)='syz0\x00', 0x1ff)
ioctl$VFAT_IOCTL_READDIR_SHORT(r3, 0x82307202, &(0x7f00000002c0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
ioctl$TCSETAW(r5, 0x5407, &(0x7f0000000500)={0x1, 0x0, 0xf80, 0x4, 0x5, "e1b4c44f3a5c4c0b"})
r7 = socket(0x2c, 0x2, 0x5)
accept4$unix(r7, &(0x7f0000000540)=@abs, &(0x7f00000005c0)=0x6e, 0x80000)
socketpair(0x0, 0x1, 0x7, &(0x7f00000006c0)={<r8=>0xffffffffffffffff})
fsync(r8)
ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x3)

12:50:18 executing program 4:
ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={'rose0\x00', {0x2, 0x0, @local}})
pipe2(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x84000)
syz_genetlink_get_family_id$smc(&(0x7f0000000040), r0)
ioctl$BTRFS_IOC_BALANCE(r1, 0x5000940c, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000100)={{{@in=@remote, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in6=@mcast2}, 0x0, @in=@private}}, &(0x7f0000000200)=0xe8)
statx(r0, &(0x7f0000000240)='./file0\x00', 0x2000, 0x80, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, <r3=>0x0, <r4=>0x0})
stat(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0})
statx(r0, &(0x7f0000000440)='./file0\x00', 0x400, 0x20, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0})
getgroups(0x1, &(0x7f0000000580)=[<r7=>0xee01])
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000005c0)={0x0, 0x0, <r8=>0x0}, &(0x7f0000000600)=0xc)
fsetxattr$system_posix_acl(r1, &(0x7f00000000c0)='system.posix_acl_access\x00', &(0x7f0000000640)={{}, {0x1, 0x7}, [{0x2, 0x4}, {0x2, 0x2, 0xffffffffffffffff}, {0x2, 0x0, r2}, {0x2, 0x1}, {0x2, 0x3}, {0x2, 0x3, 0xee00}, {0x2, 0x3, r3}], {0x4, 0x5}, [{0x8, 0x7, 0xffffffffffffffff}, {0x8, 0x5, r5}, {0x8, 0x5, r6}, {0x8, 0x0, r7}, {0x8, 0x5, r8}, {0x8, 0x2, 0xffffffffffffffff}, {0x8, 0x1, 0xffffffffffffffff}], {0x10, 0x4}, {0x20, 0x4}}, 0x94, 0x2)
r9 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000700), 0x44282, 0x0)
fcntl$dupfd(r9, 0x0, r0)
ioctl$RTC_ALM_SET(r1, 0x40247007, &(0x7f0000000740)={0x17, 0x25, 0xf, 0x7, 0x8, 0x3, 0x2, 0x16c, 0xffffffffffffffff})
statx(r1, &(0x7f0000000780)='./file0\x00', 0x800, 0x20, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r10=>0x0})
r11 = getgid()
getgroups(0x5, &(0x7f00000008c0)=[r6, 0xffffffffffffffff, <r12=>r7, r4, <r13=>r7])
fstat(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, <r14=>0x0})
setgroups(0xa, &(0x7f0000000980)=[r6, r7, r6, r8, r8, r10, r11, r13, r4, r14])
setgroups(0x6, &(0x7f0000000a80)=[r12, r12, 0x0, r11, r13, 0x0])

[   70.818498] audit: type=1400 audit(1664887818.894:6): avc:  denied  { execmem } for  pid=287 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
12:50:18 executing program 5:
prctl$PR_SET_UNALIGN(0x6, 0x1)
prctl$PR_SET_UNALIGN(0x6, 0x2)
prctl$PR_SET_UNALIGN(0x6, 0x0)
prctl$PR_SET_UNALIGN(0x6, 0x0)
prctl$PR_SET_UNALIGN(0x6, 0x3)
prctl$PR_SET_UNALIGN(0x6, 0x2)
prctl$PR_SET_UNALIGN(0x6, 0x1)
prctl$PR_SET_UNALIGN(0x6, 0x1)
prctl$PR_SET_UNALIGN(0x6, 0x1)
prctl$PR_SET_UNALIGN(0x6, 0x1)
prctl$PR_SET_UNALIGN(0x6, 0x3)
prctl$PR_SET_UNALIGN(0x6, 0x2)
prctl$PR_SET_UNALIGN(0x6, 0x3)
prctl$PR_SET_UNALIGN(0x6, 0x3)
prctl$PR_SET_UNALIGN(0x6, 0x1)
prctl$PR_SET_UNALIGN(0x6, 0x1)
prctl$PR_SET_UNALIGN(0x6, 0x0)
prctl$PR_SET_UNALIGN(0x6, 0x0)
prctl$PR_SET_UNALIGN(0x6, 0x0)
prctl$PR_SET_UNALIGN(0x6, 0x2)

12:50:18 executing program 7:
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000000)={0x0, 0x1, 0xd56, 0x1})
ioctl$FITHAW(0xffffffffffffffff, 0xc0045878)
fsetxattr$security_ima(0xffffffffffffffff, &(0x7f0000000400), &(0x7f0000000440)=@ng={0x4, 0x6, "fb"}, 0x3, 0x3)
r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(0xffffffffffffffff, 0xf503, 0x0)
r1 = syz_open_dev$mouse(&(0x7f0000000480), 0x7f, 0x222840)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r1, 0xc0189378, &(0x7f00000004c0)={{0x1, 0x1, 0x18, r1, {<r2=>r1}}, './file0\x00'})
read(r2, &(0x7f0000000500)=""/46, 0x2e)
ioctl$SG_SET_TIMEOUT(r2, 0x2201, &(0x7f0000000540)=0x4)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r1, 0x5000940e, &(0x7f0000000580)={{r0}, "a015bd628e7b0a3c419dcceef22eba674d24b34543b68eee0309cf606b645190e855a2e6d89f471b3b4ac5cc871301510e872a8355562f6dfa4da8f6b95b591cf9fcfe0cd3af14962eaff502e71093b2990300f05c1a30efd9537b3415f4f7ceab4afb47aa8149bed7ceb8517da17d04cf8d059cbed923f1e5af0563c8cbe9e5a0037056b8ffa321ca71eb872a28722258362c0772378ca4225e2295445c6bab9c7b30667f71b0cf1c9522e4f47d8742cb85be343645e95b942f1aa9cc122464afe960bd1d378af2f4d611646ba3b08d33f73d4bb86bff88b8514afb3fc8d45c101dfc0dee80336d2d6bc6b6374a9a48939d8cc90a4a07447b8e3e9ab9f72f9e2fdc7599eed4955f16406aae3f277902ba60904f233d361886a95aa875c440e987a0559a11b087842dd40daf83d9995ef45c86364ea96dbe8b26b132b907238a773852157430cf8cbbeac687fcc60c22126b28b0d8e836a824a3b9f28a72efe1b49212aa15341410ff14e0b682e84f675741640a76ab120eb31e54f6c30da9faedb55a0a5e5e4d4d466139c8832463034605ac5798c5b3534adb87aef6bbadd722bbcb1b209e468837fbcf9284d5f3aaec6b0424add92cfbe53d9e24d877e5d43c6248cabdd2078f4a1d0366256c16e4602fdd06cd5bc4aa5e3c48f68faaf59ca7455e985211f62ae556131578ae7d2093e5a0262af6ce15c18ab5b223a0378e1558ea9d6c2e01578d2985bb5c58a9f68c67d6b2d6189954b0519224cd7e086a6c4160984ecfb38e38b212096687d3a3f50b0dee1b91fca09669c75529987435cb828ba1512617e5eb9abe2791a0d08ec0cb573409515532efa2c66a9a192cad38cfceb72ce2247846f092ac2144da3d0568d85560a3231719ce754c1ad47837bdf9283daabdc64d5878ebdc09c55fb8821738af608dcc489bee58f324dc415cff44127f06ad5be20340dd6ebe8a6d46da23ab2835518d20dcb22fe4877ca39ef5e8b3aea5f69704c99d8e1cc6557bb46242ff07a4e1c3ed3e4f80cc320e52b6e7d1859605707c8e1c49c4731e01cc4ed3d34cd1d0dfb5198908ec5872e4591a9cc44c2098dac5eaaae46eaa2faae20314d38c20e355899687a8d352cd80bd59dfec25f3e9610a8d2ac1b6fec77d0b3c61aa8c18044d576bdf82ad51d13ae4e4c0f119fc6f4efe290b5d1ffea0c3e008d2584b96eb586a93732935771ec13f006b366545099fb06b7359500592141be70dc91ff1f462faaa22a0990871612e61dd5b02e905e72850eb267df825b4326c93432f76e6177c52740aaba5e42d50d6f0d52dace030198732617655b930ff53c727f4ea673d558085bc3268e0ae6b21d8edcdc15d4a618c35bd69b2cdd6e4fbe059f2295ab7054b231e9452296f4f686abc4c5d66f22e0a4f781804f1961198bc93281d5bb8c3c66aa3f8bb2eccd8ee099eef6d6f1667ed14589b712e658e4685a0e8f9fac5d6ab2849084721147e1f655d9e4af3ebe4d4b38b0ff9bee4651d88bdf2f24ead0b69ca73b845a8bd19b381c042df2afa783dc2f39826004f5b78c9611844f23d63bfb4c10f429fd751f660bcf6b8c4edb0f8bdf9e591cfc8b7cb6841e83b5da2f360bd067e1d849a7e88296d616ec1a7f1325d34a9ff8f4404236deb491e7a0288beb9b37ca69199e9feef1fe5809cfefc67ed32313d46b4bc10a2470937fe3663092af9cb116ee6dd372395df21cd8cb69b71176853adbaeb718ab0422d6580627a5bab098486460da1f409979de720055dc40efb9e188927d280a26cadea323ac9f9a76b3ce032f211dcce122fcab79bc7064811b6459b12b311b4c625befd3744a0433d22eed204842e384f8ef092c99f48b665ce9c9dc9e0616565422bb7d8232433574208109a4cee0e54f762cb3c27b38ee6d646750bed87ce9112bee0130145ae4c0a0a5969f83c1582b01fb8270da3236b3fec81da66c9ecddd90e4e8338a0914bb2128d2196b88d35d29c682f1e227305469b90d7e032b68665bc1813d0b50a867b3a7329c51486e7b86c782c931cd9b11c6a72a1bb563bb5d0d90792709122aa4ffe85b52846078d12d6aea2d7637bfe5e2589cdeb004387d384c837d83c0a1fdab4db1cc8cc8d9a48158dd04da1d8a42e38b9b3a1e5237f7db463737a676fb3dfcc685f18a7ad4f4cde04ba6c2a6ffc246de085ba39d1b9796c2038208339b0f264b0bdeba0de76236f1f8a6c0109f60af8d2cde5de2162a946f5ddecbedd098f3eec06339dadc2cb3459c1289b3c3848d81aa957df162cb0b02692a6cbab4914a31f63148b763c012926cd2759e0207b7099a0ef98250f7c76f5635057ac6a8c546ba140c36736d0c5f32236c3af8a0a9777aaa954aa80837fa8d1fa91dab9ad03b54359a07595b05f3455d5c44e3186cb96ebf2262ccadaf6d038e0552b1b50f4bb6801774df37abd89ff4f6a76b47a18b5511d692e43eab4c90e5fdee19983f8a312f75962b1487a75fb940de60aae1eb9fe89b416ab144a9d4c8a011e7f35c721b8a2c0caa41c7cb0cb60ac99acf99488790260b0e44d83420de465f6806a0b4a17a95018f3870523bca938ec8c5dad5022489be20cdba4d19ae5170b8d7d500574c1ee75be4ac94b53a1fbb97b221865be86d6095aacfe6f23bbcf0779187aca2b8626f246f6684bed99efdc628fb0b5d275c9529bfaff606a6d6b96020e4d741dce28e7b3000e3f94ac06bc7b072a1d4c02a528aa61889d16466a1af1931b31c499b7a8a2e34fbcd0848877b1ff230fa2ca273287539073359b8410583be0358e2708a9dde9931ededc03c06b08d2cf2232ee542601c841c2a0e0b629c607394c09ab9e00df52e4e730d3e4283413cf8344addfc76d618e45b09e93614522477f12109ccf188d76316863b23ae9a869dd0edd769b7d240e215c8357e9aa7f49b0bf09edc3bafc2519705f6454a6f4d83618ecd7eb774f3cfcf8b457c64138ca18efd5352a2168741f3cbebb39c63603a759e56ef372ae3dc5ba11af98488a787e6533265638b0b8db4e2bcc2ce6f800856458e06cb217a06c71d29fcfc6406ea073533f760a1a89cd6c7661a1fae11b5afcef8b90f9f5ec2b528a104cbaf43051eaaf68f4dfbb4ac6b283a263c9adc489a3b0e3595309e2639b2fd28c541f86232e416434b07a5d9a8f7ba58bc8d58024264d182553def76e35896e4dbf74730fe5992525ebf4eb7785506bc0c03eb2e2a0b32b22808824de780a8c922ce9572924b9429027a1b7630afecf192ddb0d3aa53fda76c5e8c55686947e032fa5106b545cd0f05907245d8bd337d20160d0671aee4cd877840a85f852f8e74d4906d08f7a9d2066ec4ad109debe06e5fb3753cd05814a75beb4fe205a3df101e8efa66824898b6f23799d7254bea92cd0037ade161873d97abe9d4144ab36373110a9d57d4b6772d6d349a45e5ffd7d1662b63c56601a1adcb56fe47704dff20055dc4971aed55a45488e270c0632641fb2b627f30a14f24ede0595b9fcbbdd94d94aaf96f6dac19ef77b527891623d09f2fbed81dc5e3311e4cb06267db3d93df34f4d0e0018349373a375f2057577ddc076b50d4487ad890b32e1a041fedcf2024c9a49560e723c58a867f0bc8cb53b8b2151574196209ad752e81b570bf9626935434e1dc40ae4c6a25a46ff87d6fec7425aa982d2b89ac9c43e41fcfdda3aacd913b9ef2c2b5b6b3b58dc7a2cfb1dcd4b7d6f420b82f432fb6f9c4003282d7a496469d599d7ebef1d62d39527996bc5fe83debf06af7e45d520ca3d69287681c383cbd9d36fff942efca599512b10672995ad68c2b7aed3ccfefc24a136472f518b728181838ffbf22da0b1cb16f5a8afc1b7642183970b039fd6a54ebddc9d18ea4e4a43c5ab292c3061e5e2b4de193ea38f02a9f2610b694ef24758a2abaa654f2cf7e779bdde504168c77894f498ef3ed89ff90d21bfc62e853ebf69a72eaa251d012342f750bdb684030baca17ba6fc7ea2a91854a0f3d73a7d10ab3b5fba62b58bf2107e3467cd8da720e17a8790825b7470a30152fc2bc894bffb4a0eaddc7fce6ec7a4114f14a902bd3c8c1d4c8d3fdc6fb44f3ae446e56ea7165246f205c00069ad3a583dfa3fb56edf356820893fe09b819d4275b1e1d6c4cdaad71a5a54ce180ed3dcd0a9579c3ec9f9de9cb1d0a351577a848d81f58de79b32e0f7a433ceceaf0280dcabbc020a9c6d9bfd570cbcf63f388e1b4c6b92b3b3059b10d34b42d445fd357e575d7fd21fc1577b2f02c124be84486b71dc981c13c487efbbeef77480c6abafc7aeefc56f0461e6bcaf4712c32f2cc3c84647ba79ead1e160edaef93f56afe6d234b8a3df1c5e569e3032f47121fde577b23fe1a086eb2b3cf359644810d0f26b689cba199e374c3b3f14bf03f5493b8d4b41805ed4c9d49f8273a90416a5c7ee303e0c9cbcc0c3ba20067cf8d2d7f3ef56a7dfaf3ed8b796e34e4eac0cf7a1d5027123e2a273974946562004848c4058524bafd0486bab6fa603ea7f483f9dbcb168adc395ed31c3dc2687b3d8981a12a555777875d2f155a0fcceadc2b6dd6afc228804697d5d67e73e50c3e2feef79ebc02a3716b700662da694e22e55f0efe2922c1e79031fef9252f2528ad2564895c6a848a184da4708d5312352b345100b2ec42c7bee1d9c24b0ae235392a9abec4f250d9f56ed583d30cba1be21596479115daf21999398c50e32914a5a4fbc788276807c3548a4e973f89f9b4e2e475c95f3bfbac48ebb3f9c4bc6537a1ee4b2c13e65c404877932268d7ce2458ba355c4d675f6c307ad3e7c81cac3ddd34d2defa7b4cb67e6e1bc444974488f8d77f36253802be4d536398c67a24dffcedb52121d5f415cd64cd438679f39eb5acdff732c2958d9ed06e317a6ecd1446a66507164f7d142cab1924bed2cc527adc31562910395c260313110b01de7a7fcc2d8a338da4b5b821d6750eb8b1b1ff82f2e5a9f609f37403f46c8273125a407d1c5a760d7f5935d73bdab60c52f5b7bade5d390a1273d36abea592daca8df343a9ef2caf70c7292516af360b1a32f3d66aef6eb92a99cadfa153370032fda6ec4f62cc5624b326cdedb99532fc7c8b2ac3c4aa138d7f8644b660d317ce706c00ae079a9b847a9807db2b31d11710341ccd4783043c7aac037c145e9bca9a50ed1ea0f3dc046d823f55b38bcd87aa9b00705d0cec41222051613b1b66b712e0640b7d403da6c5621c88f9dd577733f6a37780c2cbb978e971660943c5ce97479a60e80d101f22c78707a8d1bbd9198339ba45c0d20b795fdebb80f44c003b817036bf412d0dc4d58437f7fbdbc14897cff33fc86da4ee2a4c974885570175b774b7bde2ae8cb4ba6e74231477070c260b93a736af5c426563a9a455e395d496e21035c4c05741992d7a7b906ef62854a305c26f733756ad9798fbbb642af93a82927d92d024aa902dba0a9169f591fc95057224b3e666b21ff30cdecdd021d114773e59242bdb2406c219831842f2c17cb39a4a624a66546a42e61d770a41bae2e1cf986cf99b403fd688ce6a8de030987e348bf5e5ad971e8038ec90632c966288a7c514bf95bc6ef890c5051b99f7563d5aa94bd9ffb116065db6328f291241df8b772f0bf1f07ca3cee101ea27417ce6ae4f5c8c4fadab7edfb57de9b65e6608b4c10d8889d77ba2f01838c4f91300a66bf753eb5b18492d0e6220abce365cf11505cc737252f7902db278e5c722977bea80882c2b9528affe91d19b4db28b1"})
r3 = getegid()
mount$9p_unix(&(0x7f0000001580)='./file0\x00', &(0x7f00000015c0)='./file0/file0\x00', &(0x7f0000001600), 0x1002410, &(0x7f0000001640)={'trans=unix,', {[{@privport}, {@nodevmap}, {@dfltgid={'dfltgid', 0x3d, r3}}, {@cache_none}], [{@subj_type={'subj_type', 0x3d, '-'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '/dev/input/mouse#\x00'}}, {@dont_measure}]}})
r4 = openat(0xffffffffffffffff, &(0x7f0000001700)='./file0\x00', 0x80140, 0x0)
ioctl$BTRFS_IOC_QUOTA_CTL(r4, 0xc0109428, &(0x7f0000001740)={0x2, 0xff})
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x4000010, 0xffffffffffffffff, 0x0)
r6 = syz_open_dev$vcsn(&(0x7f0000001780), 0xffffffff, 0x401)
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(r5, 0x0, &(0x7f00000017c0)=@IORING_OP_SPLICE={0x1e, 0x3, 0x0, @fd=r6, 0x0, {0x0, r0}, 0x9, 0x5, 0x1, {0x0, r7, r4}}, 0x873b)
ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, &(0x7f0000001800)={0x1000000000000, 0x7, 0x5})
ioctl$F2FS_IOC_PRECACHE_EXTENTS(0xffffffffffffffff, 0xf50f, 0x0)

12:50:18 executing program 6:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000080)={0x0, <r0=>0x0})
r1 = perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x3, 0x9, 0x80, 0x6, 0x0, 0x8, 0xf0204, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1ff, 0x1, @perf_config_ext={0xfc, 0x8}, 0x3109, 0x5, 0x1, 0x8, 0x7f, 0x1, 0x2, 0x0, 0x8000, 0x0, 0x8}, r0, 0x3, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_INO_LOOKUP(r1, 0xd0009412, &(0x7f00000000c0)={0x0, 0x7})
r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000001100), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_REMOTE_MNG(0xffffffffffffffff, &(0x7f00000011c0)={&(0x7f00000010c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000001180)={&(0x7f0000001140)={0x1c, r2, 0x300, 0x70bd28, 0x25dfdbfd, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x5}, 0x10)
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
r4 = syz_open_dev$hiddev(&(0x7f0000001200), 0x7ff, 0x100040)
ioctl$EXT4_IOC_MIGRATE(r4, 0x6609)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000001240)={{0x1, 0x1, 0x18, <r5=>r4, {0x4}}, './file0\x00'})
ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, r3)
write$binfmt_misc(r4, &(0x7f0000001280)={'syz1', "fad9ab13ec22389d03da7d649b527aa85067ef11f9da678525760b839add7b041cba932545fc15b308eabf14f0ed26ae90246e6195"}, 0x39)
ioctl$AUTOFS_DEV_IOCTL_VERSION(r5, 0xc0189371, &(0x7f00000012c0)={{0x1, 0x1, 0x18, <r6=>r5}, './file0\x00'})
ioctl$HIDIOCGVERSION(r6, 0x80044801, &(0x7f0000001300))
r7 = dup2(r5, 0xffffffffffffffff)
ioctl$int_out(r7, 0x2, &(0x7f0000001340))
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000001380)={'netpci0\x00'})
syz_genetlink_get_family_id$nl80211(&(0x7f00000013c0), r5)
sendmsg$TIPC_CMD_SHOW_PORTS(r6, &(0x7f00000014c0)={&(0x7f0000001400)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000001480)={&(0x7f0000001440)={0x1c, r2, 0x8, 0x70bd26, 0x25dfdbfe, {}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x10)
ioctl$HIDIOCGDEVINFO(0xffffffffffffffff, 0x801c4803, &(0x7f0000001540)=""/90)

[   72.105713] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   72.107159] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   72.108162] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   72.108470] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   72.111466] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   72.113396] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   72.117258] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   72.118559] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   72.121219] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   72.123288] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   72.125906] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   72.126881] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   72.131999] Bluetooth: hci1: HCI_REQ-0x0c1a
[   72.132562] Bluetooth: hci0: HCI_REQ-0x0c1a
[   72.177444] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   72.178782] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   72.180878] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   72.181584] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   72.183585] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   72.184873] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   72.187528] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   72.189144] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   72.191526] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   72.192823] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   72.193787] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   72.194890] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   72.196914] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   72.198348] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   72.198831] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   72.199343] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   72.201444] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   72.201887] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   72.204257] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   72.206209] Bluetooth: hci4: HCI_REQ-0x0c1a
[   72.209126] Bluetooth: hci3: HCI_REQ-0x0c1a
[   72.235797] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   72.237584] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   72.239696] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[   72.240602] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   72.242054] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   72.247657] Bluetooth: hci7: HCI_REQ-0x0c1a
[   72.248433] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   72.255414] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   72.263256] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[   72.265440] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   72.266466] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   72.271949] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   72.283166] Bluetooth: hci6: HCI_REQ-0x0c1a
[   72.295175] Bluetooth: hci5: HCI_REQ-0x0c1a
[   74.190956] Bluetooth: hci2: Opcode 0x c03 failed: -110
[   74.192431] Bluetooth: hci1: command 0x0409 tx timeout
[   74.193231] Bluetooth: hci0: command 0x0409 tx timeout
[   74.255135] Bluetooth: hci7: command 0x0409 tx timeout
[   74.255925] Bluetooth: hci3: command 0x0409 tx timeout
[   74.256575] Bluetooth: hci4: command 0x0409 tx timeout
[   74.318798] Bluetooth: hci5: command 0x0409 tx timeout
[   74.319668] Bluetooth: hci6: command 0x0409 tx timeout
[   76.238733] Bluetooth: hci0: command 0x041b tx timeout
[   76.239304] Bluetooth: hci1: command 0x041b tx timeout
[   76.302827] Bluetooth: hci4: command 0x041b tx timeout
[   76.303470] Bluetooth: hci3: command 0x041b tx timeout
[   76.304091] Bluetooth: hci7: command 0x041b tx timeout
[   76.366729] Bluetooth: hci6: command 0x041b tx timeout
[   76.367337] Bluetooth: hci5: command 0x041b tx timeout
[   78.286730] Bluetooth: hci1: command 0x040f tx timeout
[   78.287325] Bluetooth: hci0: command 0x040f tx timeout
[   78.350724] Bluetooth: hci7: command 0x040f tx timeout
[   78.351302] Bluetooth: hci3: command 0x040f tx timeout
[   78.351913] Bluetooth: hci4: command 0x040f tx timeout
[   78.414851] Bluetooth: hci5: command 0x040f tx timeout
[   78.415466] Bluetooth: hci6: command 0x040f tx timeout
[   79.566833] Bluetooth: hci2: Opcode 0x c03 failed: -110
[   80.334849] Bluetooth: hci0: command 0x0419 tx timeout
[   80.335415] Bluetooth: hci1: command 0x0419 tx timeout
[   80.398811] Bluetooth: hci4: command 0x0419 tx timeout
[   80.399392] Bluetooth: hci3: command 0x0419 tx timeout
[   80.400340] Bluetooth: hci7: command 0x0419 tx timeout
[   80.462894] Bluetooth: hci6: command 0x0419 tx timeout
[   80.463479] Bluetooth: hci5: command 0x0419 tx timeout
[   84.302779] Bluetooth: hci2: Opcode 0x c03 failed: -110
[   87.105349] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   87.107653] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   87.108532] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   87.110905] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   87.114197] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   87.115881] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   87.129496] Bluetooth: hci2: HCI_REQ-0x0c1a
[   89.166791] Bluetooth: hci2: command 0x0409 tx timeout
[   91.214771] Bluetooth: hci2: command 0x041b tx timeout
[   93.262701] Bluetooth: hci2: command 0x040f tx timeout
[   95.310773] Bluetooth: hci2: command 0x0419 tx timeout
[  134.182574] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  134.188938] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  134.192710] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  134.197885] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  134.201150] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  134.204207] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  134.210771] Bluetooth: hci0: HCI_REQ-0x0c1a
[  134.635195] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  134.637065] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  134.647373] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  134.648231] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  134.649115] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  134.650110] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  134.651463] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  134.652421] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  134.653129] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  134.654016] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  134.654744] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  134.655508] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  134.690290] Bluetooth: hci5: HCI_REQ-0x0c1a
[  134.690789] Bluetooth: hci4: HCI_REQ-0x0c1a
[  136.270705] Bluetooth: hci0: command 0x0409 tx timeout
[  136.590680] Bluetooth: hci1: Opcode 0x c03 failed: -110
[  136.654739] Bluetooth: hci3: Opcode 0x c03 failed: -110
[  136.718715] Bluetooth: hci4: command 0x0409 tx timeout
[  136.718774] Bluetooth: hci6: Opcode 0x c03 failed: -110
[  136.719452] Bluetooth: hci5: command 0x0409 tx timeout
[  136.720710] Bluetooth: hci7: Opcode 0x c03 failed: -110
[  138.318671] Bluetooth: hci0: command 0x041b tx timeout
[  138.766741] Bluetooth: hci4: command 0x041b tx timeout
[  138.767218] Bluetooth: hci5: command 0x041b tx timeout
[  139.282306] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  139.283491] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  139.285592] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  139.288340] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  139.289725] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  139.290539] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  139.296794] Bluetooth: hci3: HCI_REQ-0x0c1a
[  139.486322] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  139.488956] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  139.489807] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  139.492094] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  139.493057] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  139.493837] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  139.496270] Bluetooth: hci6: HCI_REQ-0x0c1a
[  139.602424] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  139.604270] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  139.605111] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  139.607443] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  139.608548] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  139.609537] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  139.613370] Bluetooth: hci7: HCI_REQ-0x0c1a
[  140.367678] Bluetooth: hci0: command 0x040f tx timeout
[  140.814765] Bluetooth: hci5: command 0x040f tx timeout
[  140.814826] Bluetooth: hci4: command 0x040f tx timeout
[  141.135041] Bluetooth: hci1: Opcode 0x c03 failed: -110
12:51:29 executing program 4:
r0 = perf_event_open$cgroup(&(0x7f0000000040)={0x2, 0x80, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f00000000c0)='\x00')
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x5452, &(0x7f0000000180)='journal_checksum')
close(r0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = accept(r1, &(0x7f00000001c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000000)=0x80)
fsetxattr$security_selinux(r2, &(0x7f0000000140), &(0x7f0000000240)='system_u:object_r:tpm_device_t:s0\x00', 0x22, 0x1)
r3 = dup(r1)
bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r3, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00'], 0x6)
ioctl$VFAT_IOCTL_READDIR_BOTH(r3, 0x82307201, &(0x7f0000000280)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000001, 0x50, r3, 0x8)

[  141.240281] audit: type=1400 audit(1664887889.317:7): avc:  denied  { open } for  pid=4035 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  141.242979] audit: type=1400 audit(1664887889.317:8): avc:  denied  { kernel } for  pid=4035 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  141.250046] audit: type=1400 audit(1664887889.326:9): avc:  denied  { write } for  pid=4035 comm="syz-executor.4" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  141.327711] Bluetooth: hci3: command 0x0409 tx timeout
12:51:29 executing program 4:
syz_mount_image$iso9660(&(0x7f0000000a80), &(0x7f0000000ac0)='./file0\x00', 0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000000)={[{@sbsector={'sbsector', 0x3d, 0x8}}, {@map_normal}], [{@obj_role={'obj_role', 0x3d, 'map=normal'}}, {@fscontext={'fscontext', 0x3d, 'staff_u'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '*.@/-@%'}}, {@uid_gt}, {@func={'func', 0x3d, 'KEXEC_KERNEL_CHECK'}}, {@mask={'mask', 0x3d, '^MAY_WRITE'}}, {@context={'context', 0x3d, 'system_u'}}]})

[  141.418479] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[  141.429335] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
12:51:29 executing program 4:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000000)={0x3, 0x80, 0x7f, 0x2, 0x9, 0x3, 0x0, 0x8001, 0x24000, 0xc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40e8, 0x6, @perf_config_ext={0x7ff, 0x200}, 0x41900, 0x1, 0x1e, 0x0, 0x4, 0x4, 0xfff, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xe, 0xffffffffffffffff, 0xa)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x141042, 0x0)
r1 = getpgid(0x0)
ptrace(0x8, r1)
perf_event_open(&(0x7f0000000140)={0x3, 0x80, 0x8, 0x7, 0x9, 0x6, 0x0, 0x80000001, 0x202, 0x9, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x7, 0x2, @perf_bp={&(0x7f0000000080)}, 0x51508, 0x8, 0x64cd9438, 0x2, 0x8, 0x2da0, 0x3, 0x0, 0xffff0001}, r1, 0x9, 0xffffffffffffffff, 0x1)
pwritev(r0, &(0x7f0000000240)=[{&(0x7f0000000200)="e6", 0x1}], 0x1, 0x0, 0x0)
r2 = socket$inet6(0xa, 0x1, 0x0)
perf_event_open(&(0x7f0000000540)={0x5, 0x80, 0x4, 0x1f, 0x4, 0x86, 0x0, 0x1ff, 0x3a04, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x5, 0x1, @perf_config_ext={0x7ff, 0x27}, 0x3200, 0xffff, 0x5, 0x5, 0x3, 0x800, 0x401, 0x0, 0x5, 0x0, 0x8}, 0xffffffffffffffff, 0xb, r0, 0x8)
setsockopt$inet6_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendfile(r2, r0, 0x0, 0x80000001)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f00000004c0)={0x5, 0x80, 0x4, 0x9, 0x0, 0x7, 0x0, 0xc0000000000, 0x40, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x2, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000480), 0x1}, 0x8c03, 0xff, 0x5, 0x0, 0x8000, 0xbd5, 0xab2})

[  141.519700] Bluetooth: hci6: command 0x0409 tx timeout
[  141.647714] Bluetooth: hci7: command 0x0409 tx timeout
12:51:29 executing program 4:
syz_emit_ethernet(0x3e, &(0x7f0000000140)={@local, @dev, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "b0e0ee", 0x8, 0x2c, 0x0, @private0, @mcast2, {[@routing={0x0, 0x0, 0x0, 0x7}]}}}}}, 0x0)
syz_emit_ethernet(0x1e, &(0x7f0000000000)={@remote, @local, @void, {@can={0xc, {{0x3, 0x1}, 0x2, 0x2, 0x0, 0x0, "e0489e22407ed365"}}}}, &(0x7f0000000040)={0x1, 0x1, [0xd10, 0xe91, 0x31e, 0xc36]})

12:51:29 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000000140), 0x4)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
fallocate(r2, 0x20, 0x0, 0xffff77ff000)
setsockopt$inet6_tcp_int(r2, 0x6, 0x10, &(0x7f0000000040)=0x81, 0x4)
sendmsg$nl_xfrm(r1, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="c80000001b0001000000000000000000e000000100"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008001f00", @ANYRES32=0x0, @ANYBLOB="8dd9e42b892a44b6d2fd2b50f0ffff3605d07a3de1468881652770c00013d8195aebaf41f43584c19cec142c83d7fb993f0af667f1acb1177d790a159b5b6e64d738635c5c549b1731b5388ab61357a787c9c01bb38c666e5947c03db788f06060fd8668e010f5bfc8cd0bcead86ed111103022110d608f40b72aa2b064876c83a4360482552d934096fd9f79ea0a60b0c0df2d38f1aeeffd8ad9243bc0afa9f8fcf69961ac147dacdee607d9f707b3c4d6e0a1fd0980f67c05a4075e6cb43ecbde5dbbbc9512c5ce470c264628d8fa586c1b84b"], 0xc8}}, 0x0)
ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x891b, &(0x7f0000000000)={'vlan0\x00', {0x2, 0x0, @local}})

12:51:29 executing program 4:
r0 = socket$inet6(0xa, 0x801, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @empty}, 0x1c)
shmat(0xffffffffffffffff, &(0x7f0000fed000/0x13000)=nil, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000001}, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e22, 0xff, @mcast1, 0x1}, 0x1c)
r2 = pidfd_getfd(0xffffffffffffffff, r1, 0x0)
mmap$perf(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x50, r2, 0x4)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00')
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000000000}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
r5 = openat2(r3, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={0x200, 0x21, 0x1b}, 0x18)
ioctl$LOOP_CTL_ADD(r5, 0x4c80, 0xb)
r6 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r6)
ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r6)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440), 0x20001, 0x0)
mremap(&(0x7f0000ff7000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil)
perf_event_open(&(0x7f0000000140)={0x5, 0xffffffbd, 0x81, 0x80, 0x2, 0xca, 0x0, 0x0, 0x201, 0xc, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2, @perf_bp={&(0x7f0000000100), 0x9}, 0x4000, 0x20000000000002, 0x20829c, 0x2, 0x8000cf4b, 0xaa6, 0xfffa, 0x0, 0x5, 0x0, 0x28e5}, 0xffffffffffffffff, 0xe, 0xffffffffffffffff, 0x8)
recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

[  141.969334] ------------[ cut here ]------------
[  141.969358] 
[  141.969362] ======================================================
[  141.969365] WARNING: possible circular locking dependency detected
[  141.969370] 6.0.0-rc7-next-20220930 #1 Not tainted
[  141.969376] ------------------------------------------------------
[  141.969380] syz-executor.4/4079 is trying to acquire lock:
[  141.969387] ffffffff853faab8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70
[  141.969428] 
[  141.969428] but task is already holding lock:
[  141.969431] ffff88800d143020 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  141.969458] 
[  141.969458] which lock already depends on the new lock.
[  141.969458] 
[  141.969461] 
[  141.969461] the existing dependency chain (in reverse order) is:
[  141.969464] 
[  141.969464] -> #3 (&ctx->lock){....}-{2:2}:
[  141.969478]        _raw_spin_lock+0x2a/0x40
[  141.969489]        __perf_event_task_sched_out+0x53b/0x18d0
[  141.969501]        __schedule+0xedd/0x2470
[  141.969514]        schedule+0xda/0x1b0
[  141.969528]        exit_to_user_mode_prepare+0x114/0x1a0
[  141.969540]        syscall_exit_to_user_mode+0x19/0x40
[  141.969553]        do_syscall_64+0x48/0x90
[  141.969571]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  141.969583] 
[  141.969583] -> #2 (&rq->__lock){-.-.}-{2:2}:
[  141.969597]        _raw_spin_lock_nested+0x30/0x40
[  141.969607]        raw_spin_rq_lock_nested+0x1e/0x30
[  141.969624]        task_fork_fair+0x63/0x4d0
[  141.969640]        sched_cgroup_fork+0x3d0/0x540
[  141.969654]        copy_process+0x4183/0x6e20
[  141.969666]        kernel_clone+0xe7/0x890
[  141.969675]        user_mode_thread+0xad/0xf0
[  141.969685]        rest_init+0x24/0x250
[  141.969697]        arch_call_rest_init+0xf/0x14
[  141.969714]        start_kernel+0x4c6/0x4eb
[  141.969729]        secondary_startup_64_no_verify+0xe0/0xeb
[  141.969743] 
[  141.969743] -> #1 (&p->pi_lock){-.-.}-{2:2}:
[  141.969757]        _raw_spin_lock_irqsave+0x39/0x60
[  141.969767]        try_to_wake_up+0xab/0x1930
[  141.969781]        up+0x75/0xb0
[  141.969794]        __up_console_sem+0x6e/0x80
[  141.969811]        console_unlock+0x46a/0x590
[  141.969826]        do_con_write+0xc05/0x1d50
[  141.969838]        con_write+0x21/0x40
[  141.969847]        n_tty_write+0x4d4/0xfe0
[  141.969859]        file_tty_write.constprop.0+0x455/0x8a0
[  141.969870]        vfs_write+0x9c3/0xd90
[  141.969887]        ksys_write+0x127/0x250
[  141.969902]        do_syscall_64+0x3b/0x90
[  141.969918]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  141.969931] 
[  141.969931] -> #0 ((console_sem).lock){....}-{2:2}:
[  141.969944]        __lock_acquire+0x2a02/0x5e70
[  141.969961]        lock_acquire+0x1a2/0x530
[  141.969977]        _raw_spin_lock_irqsave+0x39/0x60
[  141.969987]        down_trylock+0xe/0x70
[  141.970002]        __down_trylock_console_sem+0x3b/0xd0
[  141.970018]        vprintk_emit+0x16b/0x560
[  141.970034]        vprintk+0x84/0xa0
[  141.970050]        _printk+0xba/0xf1
[  141.970061]        report_bug.cold+0x72/0xab
[  141.970077]        handle_bug+0x3c/0x70
[  141.970093]        exc_invalid_op+0x14/0x50
[  141.970110]        asm_exc_invalid_op+0x16/0x20
[  141.970122]        group_sched_out.part.0+0x2c7/0x460
[  141.970139]        ctx_sched_out+0x8f1/0xc10
[  141.970156]        __perf_event_task_sched_out+0x6d0/0x18d0
[  141.970167]        __schedule+0xedd/0x2470
[  141.970180]        schedule+0xda/0x1b0
[  141.970193]        exit_to_user_mode_prepare+0x114/0x1a0
[  141.970204]        syscall_exit_to_user_mode+0x19/0x40
[  141.970216]        do_syscall_64+0x48/0x90
[  141.970233]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  141.970245] 
[  141.970245] other info that might help us debug this:
[  141.970245] 
[  141.970248] Chain exists of:
[  141.970248]   (console_sem).lock --> &rq->__lock --> &ctx->lock
[  141.970248] 
[  141.970262]  Possible unsafe locking scenario:
[  141.970262] 
[  141.970265]        CPU0                    CPU1
[  141.970267]        ----                    ----
[  141.970270]   lock(&ctx->lock);
[  141.970275]                                lock(&rq->__lock);
[  141.970282]                                lock(&ctx->lock);
[  141.970288]   lock((console_sem).lock);
[  141.970294] 
[  141.970294]  *** DEADLOCK ***
[  141.970294] 
[  141.970296] 2 locks held by syz-executor.4/4079:
[  141.970303]  #0: ffff88806ce37e98 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470
[  141.970332]  #1: ffff88800d143020 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  141.970358] 
[  141.970358] stack backtrace:
[  141.970361] CPU: 0 PID: 4079 Comm: syz-executor.4 Not tainted 6.0.0-rc7-next-20220930 #1
[  141.970373] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  141.970381] Call Trace:
[  141.970384]  <TASK>
[  141.970389]  dump_stack_lvl+0x8b/0xb3
[  141.970407]  check_noncircular+0x263/0x2e0
[  141.970423]  ? format_decode+0x26c/0xb50
[  141.970439]  ? print_circular_bug+0x450/0x450
[  141.970456]  ? simple_strtoul+0x30/0x30
[  141.970472]  ? format_decode+0x26c/0xb50
[  141.970489]  ? alloc_chain_hlocks+0x1ec/0x5a0
[  141.970506]  __lock_acquire+0x2a02/0x5e70
[  141.970527]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  141.970550]  lock_acquire+0x1a2/0x530
[  141.970566]  ? down_trylock+0xe/0x70
[  141.970583]  ? lock_release+0x750/0x750
[  141.970603]  ? vprintk+0x84/0xa0
[  141.970621]  _raw_spin_lock_irqsave+0x39/0x60
[  141.970632]  ? down_trylock+0xe/0x70
[  141.970648]  down_trylock+0xe/0x70
[  141.970663]  ? vprintk+0x84/0xa0
[  141.970680]  __down_trylock_console_sem+0x3b/0xd0
[  141.970697]  vprintk_emit+0x16b/0x560
[  141.970715]  vprintk+0x84/0xa0
[  141.970733]  _printk+0xba/0xf1
[  141.970744]  ? record_print_text.cold+0x16/0x16
[  141.970760]  ? report_bug.cold+0x66/0xab
[  141.970777]  ? group_sched_out.part.0+0x2c7/0x460
[  141.970795]  report_bug.cold+0x72/0xab
[  141.970814]  handle_bug+0x3c/0x70
[  141.970831]  exc_invalid_op+0x14/0x50
[  141.970849]  asm_exc_invalid_op+0x16/0x20
[  141.970861] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  141.970882] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 0b 18 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  141.970893] RSP: 0018:ffff88803dbb7c48 EFLAGS: 00010006
[  141.970902] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  141.970910] RDX: ffff88803e161ac0 RSI: ffffffff81565dc7 RDI: 0000000000000005
[  141.970918] RBP: ffff888008661158 R08: 0000000000000005 R09: 0000000000000001
[  141.970925] R10: 0000000000000000 R11: ffffffff865b401b R12: ffff88800d143000
[  141.970933] R13: ffff88806ce3d2c0 R14: ffffffff8547d000 R15: 0000000000000002
[  141.970944]  ? group_sched_out.part.0+0x2c7/0x460
[  141.970963]  ? group_sched_out.part.0+0x2c7/0x460
[  141.970983]  ctx_sched_out+0x8f1/0xc10
[  141.971002]  __perf_event_task_sched_out+0x6d0/0x18d0
[  141.971016]  ? lock_is_held_type+0xd7/0x130
[  141.971030]  ? __perf_cgroup_move+0x160/0x160
[  141.971040]  ? set_next_entity+0x304/0x550
[  141.971058]  ? update_curr+0x267/0x740
[  141.971076]  ? lock_is_held_type+0xd7/0x130
[  141.971090]  __schedule+0xedd/0x2470
[  141.971107]  ? io_schedule_timeout+0x150/0x150
[  141.971123]  ? rcu_read_lock_sched_held+0x3e/0x80
[  141.971144]  schedule+0xda/0x1b0
[  141.971158]  exit_to_user_mode_prepare+0x114/0x1a0
[  141.971171]  syscall_exit_to_user_mode+0x19/0x40
[  141.971184]  do_syscall_64+0x48/0x90
[  141.971202]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  141.971215] RIP: 0033:0x7fb2b5a89b19
[  141.971223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  141.971233] RSP: 002b:00007fb2b2fff218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  141.971244] RAX: 0000000000000001 RBX: 00007fb2b5b9cf68 RCX: 00007fb2b5a89b19
[  141.971251] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fb2b5b9cf6c
[  141.971259] RBP: 00007fb2b5b9cf60 R08: 000000000000000e R09: 0000000000000000
[  141.971266] R10: 0000000000000004 R11: 0000000000000246 R12: 00007fb2b5b9cf6c
[  141.971273] R13: 00007ffffe2ba87f R14: 00007fb2b2fff300 R15: 0000000000022000
[  141.971285]  </TASK>
[  142.027386] WARNING: CPU: 0 PID: 4079 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460
[  142.028072] Modules linked in:
[  142.028311] CPU: 0 PID: 4079 Comm: syz-executor.4 Not tainted 6.0.0-rc7-next-20220930 #1
[  142.028910] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  142.029717] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  142.030127] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 0b 18 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  142.031432] RSP: 0018:ffff88803dbb7c48 EFLAGS: 00010006
[  142.031828] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  142.032345] RDX: ffff88803e161ac0 RSI: ffffffff81565dc7 RDI: 0000000000000005
[  142.032882] RBP: ffff888008661158 R08: 0000000000000005 R09: 0000000000000001
[  142.033397] R10: 0000000000000000 R11: ffffffff865b401b R12: ffff88800d143000
[  142.033913] R13: ffff88806ce3d2c0 R14: ffffffff8547d000 R15: 0000000000000002
[  142.034423] FS:  00007fb2b2fff700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
[  142.035009] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  142.035432] CR2: 00007efdb5dd4368 CR3: 000000003724e000 CR4: 0000000000350ef0
[  142.035953] Call Trace:
[  142.036147]  <TASK>
[  142.036321]  ctx_sched_out+0x8f1/0xc10
[  142.036627]  __perf_event_task_sched_out+0x6d0/0x18d0
[  142.037010]  ? lock_is_held_type+0xd7/0x130
[  142.037335]  ? __perf_cgroup_move+0x160/0x160
[  142.037668]  ? set_next_entity+0x304/0x550
[  142.037989]  ? update_curr+0x267/0x740
[  142.038285]  ? lock_is_held_type+0xd7/0x130
[  142.038602]  __schedule+0xedd/0x2470
[  142.038887]  ? io_schedule_timeout+0x150/0x150
[  142.039235]  ? rcu_read_lock_sched_held+0x3e/0x80
[  142.039596]  schedule+0xda/0x1b0
[  142.039857]  exit_to_user_mode_prepare+0x114/0x1a0
[  142.040219]  syscall_exit_to_user_mode+0x19/0x40
[  142.040581]  do_syscall_64+0x48/0x90
[  142.040869]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  142.041251] RIP: 0033:0x7fb2b5a89b19
[  142.041526] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  142.042841] RSP: 002b:00007fb2b2fff218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  142.043386] RAX: 0000000000000001 RBX: 00007fb2b5b9cf68 RCX: 00007fb2b5a89b19
[  142.043906] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fb2b5b9cf6c
[  142.044417] RBP: 00007fb2b5b9cf60 R08: 000000000000000e R09: 0000000000000000
[  142.044950] R10: 0000000000000004 R11: 0000000000000246 R12: 00007fb2b5b9cf6c
[  142.045464] R13: 00007ffffe2ba87f R14: 00007fb2b2fff300 R15: 0000000000022000
[  142.045985]  </TASK>
[  142.046164] irq event stamp: 738
[  142.046411] hardirqs last  enabled at (737): [<ffffffff8133e829>] exit_to_user_mode_prepare+0x109/0x1a0
[  142.047096] hardirqs last disabled at (738): [<ffffffff8425caa5>] __schedule+0x1225/0x2470
[  142.047697] softirqs last  enabled at (662): [<ffffffff8116fa0b>] __irq_exit_rcu+0x11b/0x180
[  142.048317] softirqs last disabled at (569): [<ffffffff8116fa0b>] __irq_exit_rcu+0x11b/0x180
[  142.048950] ---[ end trace 0000000000000000 ]---
[  142.291646] hrtimer: interrupt took 27221 ns
[  142.362494] random: crng reseeded on system resumption
[  142.415759] Bluetooth: hci0: command 0x0419 tx timeout
[  142.478848] random: crng reseeded on system resumption
12:51:30 executing program 4:
setitimer(0x2, &(0x7f0000000000)={{0x77359400}, {0x77359400}}, 0x0)
getitimer(0x0, &(0x7f0000000280))
setitimer(0x1, &(0x7f0000000140)={{0x0, 0x2710}, {0x0, 0x2710}}, 0x0)
getitimer(0x1, &(0x7f0000000100))
setitimer(0x2, 0x0, 0x0)
semtimedop(0x0, &(0x7f0000000100), 0x0, &(0x7f0000000180)={0x0, 0x3938700})
setitimer(0x2, &(0x7f0000000080)={{0x0, 0xea60}}, 0x0)
getitimer(0x1, &(0x7f00000000c0))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
clock_gettime(0x0, &(0x7f00000001c0)={<r0=>0x0, <r1=>0x0})
setitimer(0x1, &(0x7f0000000200)={{}, {r0, r1/1000+10000}}, &(0x7f0000000240))
semctl$IPC_RMID(0xffffffffffffffff, 0x0, 0x0)

[  142.583934] syz-executor.4 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
12:51:30 executing program 4:
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x40)
r0 = syz_io_uring_setup(0x34e1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140))
sched_getscheduler(0x0)
io_uring_enter(r0, 0x1, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2, 0x20010, r0, 0x0)
syz_io_uring_setup(0x1611, &(0x7f0000000000)={0x0, 0xb5c8, 0x8, 0x1, 0x33b, 0x0, r0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000180), &(0x7f00000001c0))
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
fallocate(r1, 0x20, 0x0, 0xffff77ff000)
r2 = fork()
ioctl$BINDER_GET_FROZEN_INFO(r1, 0xc00c620f, &(0x7f0000000200)={r2})

[  142.766709] mmap: syz-executor.4 (4130) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  142.862706] Bluetooth: hci5: command 0x0419 tx timeout
[  142.863687] Bluetooth: hci4: command 0x0419 tx timeout
[  143.374646] Bluetooth: hci3: command 0x041b tx timeout
[  143.567700] Bluetooth: hci6: command 0x041b tx timeout
[  143.694740] Bluetooth: hci7: command 0x041b tx timeout
[  145.423669] Bluetooth: hci3: command 0x040f tx timeout
[  145.615672] Bluetooth: hci6: command 0x040f tx timeout
[  145.743660] Bluetooth: hci7: command 0x040f tx timeout
[  146.190668] Bluetooth: hci1: Opcode 0x c03 failed: -110
[  147.471085] Bluetooth: hci3: command 0x0419 tx timeout
[  147.662652] Bluetooth: hci6: command 0x0419 tx timeout
[  147.790853] Bluetooth: hci7: command 0x0419 tx timeout
[  148.561389] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  148.562141] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  148.568478] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  148.583051] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  148.586720] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  148.588109] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  148.592955] Bluetooth: hci1: HCI_REQ-0x0c1a
[  150.606686] Bluetooth: hci1: command 0x0409 tx timeout

VM DIAGNOSIS:
12:51:30  Registers:
info registers vcpu 0
RAX=000000000000005b RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff823bb0f1 RDI=ffffffff8765a9a0 RBP=ffffffff8765a960 RSP=ffff88803dbb7690
R8 =0000000000000001 R9 =000000000000000a R10=000000000000005b R11=0000000000000001
R12=000000000000005b R13=ffffffff8765a960 R14=0000000000000010 R15=ffffffff823bb0e0
RIP=ffffffff823bb149 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fb2b2fff700 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007efdb5dd4368 CR3=000000003724e000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 00007fb2b5b707c0 00007fb2b5b707c8
YMM02=0000000000000000 0000000000000000 00007fb2b5b707e0 00007fb2b5b707c0
YMM03=0000000000000000 0000000000000000 00007fb2b5b707c8 00007fb2b5b707c0
YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1
RAX=0000000080000000 RBX=0000000000000001 RCX=ffffffff840ee5de RDX=ffff88801b298000
RSI=0000000000000000 RDI=0000000000000001 RBP=ffff88803bbb7d78 RSP=ffff88803bbb7d20
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001
R12=ffff88800f4cf340 R13=ffff88803bbb7e50 R14=ffffffffffffffff R15=0000000000000300
RIP=ffffffff81460c37 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 00000000 00000000
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f1e763c4288 CR3=000000003c86c000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 6f732e616d7a6c62 696c2f756e672d78
YMM02=0000000000000000 0000000000000000 00352e6f732e616d 7a6c62696c2f756e
YMM03=0000000000000000 0000000000000000 672d78756e696c2d 34365f3638782f62
YMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000