Warning: Permanently added '[localhost]:5230' (ECDSA) to the list of known hosts.
2022/10/04 14:49:04 fuzzer started
2022/10/04 14:49:05 dialing manager at localhost:46847
syzkaller login: [   47.796519] cgroup: Unknown subsys name 'net'
[   47.926637] cgroup: Unknown subsys name 'rlimit'
2022/10/04 14:49:18 syscalls: 2215
2022/10/04 14:49:18 code coverage: enabled
2022/10/04 14:49:18 comparison tracing: enabled
2022/10/04 14:49:18 extra coverage: enabled
2022/10/04 14:49:18 setuid sandbox: enabled
2022/10/04 14:49:18 namespace sandbox: enabled
2022/10/04 14:49:18 Android sandbox: enabled
2022/10/04 14:49:18 fault injection: enabled
2022/10/04 14:49:18 leak checking: enabled
2022/10/04 14:49:18 net packet injection: enabled
2022/10/04 14:49:18 net device setup: enabled
2022/10/04 14:49:18 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2022/10/04 14:49:18 devlink PCI setup: PCI device 0000:00:10.0 is not available
2022/10/04 14:49:18 USB emulation: enabled
2022/10/04 14:49:18 hci packet injection: enabled
2022/10/04 14:49:18 wifi device emulation: failed to parse kernel version (6.0.0-next-20221004                                              )
2022/10/04 14:49:18 802.15.4 emulation: enabled
2022/10/04 14:49:18 fetching corpus: 0, signal 0/2000 (executing program)
2022/10/04 14:49:18 fetching corpus: 50, signal 25152/28535 (executing program)
2022/10/04 14:49:18 fetching corpus: 99, signal 38378/42962 (executing program)
2022/10/04 14:49:18 fetching corpus: 149, signal 46480/52192 (executing program)
2022/10/04 14:49:18 fetching corpus: 199, signal 52101/58892 (executing program)
2022/10/04 14:49:18 fetching corpus: 249, signal 56920/64751 (executing program)
2022/10/04 14:49:18 fetching corpus: 299, signal 59824/68703 (executing program)
2022/10/04 14:49:19 fetching corpus: 349, signal 63453/73274 (executing program)
2022/10/04 14:49:19 fetching corpus: 399, signal 66190/76945 (executing program)
2022/10/04 14:49:19 fetching corpus: 449, signal 70582/81999 (executing program)
2022/10/04 14:49:19 fetching corpus: 499, signal 75074/87122 (executing program)
2022/10/04 14:49:19 fetching corpus: 549, signal 78243/90946 (executing program)
2022/10/04 14:49:19 fetching corpus: 599, signal 80453/93841 (executing program)
2022/10/04 14:49:19 fetching corpus: 649, signal 82781/96785 (executing program)
2022/10/04 14:49:19 fetching corpus: 699, signal 85690/100184 (executing program)
2022/10/04 14:49:19 fetching corpus: 749, signal 87831/102891 (executing program)
2022/10/04 14:49:20 fetching corpus: 799, signal 89821/105416 (executing program)
2022/10/04 14:49:20 fetching corpus: 849, signal 94397/109885 (executing program)
2022/10/04 14:49:20 fetching corpus: 899, signal 96212/112108 (executing program)
2022/10/04 14:49:20 fetching corpus: 949, signal 97789/114152 (executing program)
2022/10/04 14:49:20 fetching corpus: 999, signal 99602/116366 (executing program)
2022/10/04 14:49:20 fetching corpus: 1049, signal 101138/118290 (executing program)
2022/10/04 14:49:20 fetching corpus: 1099, signal 102732/120201 (executing program)
2022/10/04 14:49:21 fetching corpus: 1149, signal 106340/123568 (executing program)
2022/10/04 14:49:21 fetching corpus: 1199, signal 108612/125897 (executing program)
2022/10/04 14:49:21 fetching corpus: 1249, signal 109857/127566 (executing program)
2022/10/04 14:49:21 fetching corpus: 1299, signal 110988/129019 (executing program)
2022/10/04 14:49:21 fetching corpus: 1349, signal 112959/130995 (executing program)
2022/10/04 14:49:21 fetching corpus: 1399, signal 115643/133371 (executing program)
2022/10/04 14:49:21 fetching corpus: 1449, signal 116626/134646 (executing program)
2022/10/04 14:49:21 fetching corpus: 1499, signal 118122/136265 (executing program)
2022/10/04 14:49:22 fetching corpus: 1549, signal 119706/137797 (executing program)
2022/10/04 14:49:22 fetching corpus: 1599, signal 120273/138718 (executing program)
2022/10/04 14:49:22 fetching corpus: 1649, signal 121690/140140 (executing program)
2022/10/04 14:49:22 fetching corpus: 1699, signal 124268/142187 (executing program)
2022/10/04 14:49:22 fetching corpus: 1748, signal 125662/143479 (executing program)
2022/10/04 14:49:22 fetching corpus: 1798, signal 126617/144546 (executing program)
2022/10/04 14:49:22 fetching corpus: 1848, signal 127620/145564 (executing program)
2022/10/04 14:49:22 fetching corpus: 1898, signal 128622/146550 (executing program)
2022/10/04 14:49:23 fetching corpus: 1948, signal 129950/147649 (executing program)
2022/10/04 14:49:23 fetching corpus: 1998, signal 131589/148887 (executing program)
2022/10/04 14:49:23 fetching corpus: 2048, signal 133121/150103 (executing program)
2022/10/04 14:49:23 fetching corpus: 2098, signal 133957/150952 (executing program)
2022/10/04 14:49:23 fetching corpus: 2148, signal 135414/152011 (executing program)
2022/10/04 14:49:23 fetching corpus: 2198, signal 136452/152840 (executing program)
2022/10/04 14:49:23 fetching corpus: 2248, signal 137403/153659 (executing program)
2022/10/04 14:49:24 fetching corpus: 2298, signal 139208/155054 (executing program)
2022/10/04 14:49:24 fetching corpus: 2348, signal 140363/155878 (executing program)
2022/10/04 14:49:24 fetching corpus: 2398, signal 141245/156571 (executing program)
2022/10/04 14:49:24 fetching corpus: 2448, signal 142451/157346 (executing program)
2022/10/04 14:49:24 fetching corpus: 2498, signal 144136/158298 (executing program)
2022/10/04 14:49:24 fetching corpus: 2548, signal 144770/158813 (executing program)
2022/10/04 14:49:24 fetching corpus: 2597, signal 145702/159433 (executing program)
2022/10/04 14:49:24 fetching corpus: 2647, signal 147235/160227 (executing program)
2022/10/04 14:49:25 fetching corpus: 2697, signal 148680/160955 (executing program)
2022/10/04 14:49:25 fetching corpus: 2747, signal 149626/161499 (executing program)
2022/10/04 14:49:25 fetching corpus: 2797, signal 150338/161909 (executing program)
2022/10/04 14:49:25 fetching corpus: 2847, signal 150806/162252 (executing program)
2022/10/04 14:49:25 fetching corpus: 2897, signal 151316/162610 (executing program)
2022/10/04 14:49:25 fetching corpus: 2947, signal 152218/163060 (executing program)
2022/10/04 14:49:25 fetching corpus: 2997, signal 152889/163418 (executing program)
2022/10/04 14:49:25 fetching corpus: 3047, signal 154460/164003 (executing program)
2022/10/04 14:49:25 fetching corpus: 3097, signal 155160/164327 (executing program)
2022/10/04 14:49:25 fetching corpus: 3147, signal 155821/164621 (executing program)
2022/10/04 14:49:26 fetching corpus: 3197, signal 156524/164903 (executing program)
2022/10/04 14:49:26 fetching corpus: 3247, signal 157342/165194 (executing program)
2022/10/04 14:49:26 fetching corpus: 3297, signal 158134/165462 (executing program)
2022/10/04 14:49:26 fetching corpus: 3347, signal 158695/165671 (executing program)
2022/10/04 14:49:26 fetching corpus: 3397, signal 159426/165900 (executing program)
2022/10/04 14:49:26 fetching corpus: 3447, signal 160377/166156 (executing program)
2022/10/04 14:49:26 fetching corpus: 3497, signal 161284/166378 (executing program)
2022/10/04 14:49:26 fetching corpus: 3536, signal 161746/166498 (executing program)
2022/10/04 14:49:26 fetching corpus: 3536, signal 161746/166575 (executing program)
2022/10/04 14:49:26 fetching corpus: 3536, signal 161746/166639 (executing program)
2022/10/04 14:49:26 fetching corpus: 3536, signal 161746/166697 (executing program)
2022/10/04 14:49:26 fetching corpus: 3536, signal 161746/166760 (executing program)
2022/10/04 14:49:26 fetching corpus: 3536, signal 161746/166824 (executing program)
2022/10/04 14:49:26 fetching corpus: 3536, signal 161746/166880 (executing program)
2022/10/04 14:49:26 fetching corpus: 3536, signal 161746/166948 (executing program)
2022/10/04 14:49:26 fetching corpus: 3536, signal 161746/167013 (executing program)
2022/10/04 14:49:26 fetching corpus: 3536, signal 161746/167071 (executing program)
2022/10/04 14:49:26 fetching corpus: 3536, signal 161746/167142 (executing program)
2022/10/04 14:49:26 fetching corpus: 3536, signal 161746/167142 (executing program)
2022/10/04 14:49:29 starting 8 fuzzer processes
14:49:29 executing program 0:
execveat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', &(0x7f0000000080)=[0x0], &(0x7f00000000c0)=[0x0], 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', &(0x7f0000000180)=[0x0], &(0x7f00000001c0)=[0x0], 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0)
write(r1, &(0x7f0000000240)="01010101", 0x4)
close(r1)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)=[0x0], &(0x7f0000000300)=[0x0], 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x42, 0x0)
close(r2)
execveat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', &(0x7f00000003c0)=[0x0], &(0x7f0000000400)=[0x0], 0x0)
fchmodat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x1ff)
execveat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', &(0x7f00000004c0)=[0x0], &(0x7f0000000500)=[0x0], 0x0)

14:49:29 executing program 1:
ptrace(0x10, 0x1)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x6, 0x0, 0x0, 0x0, 0x8000000009917, 0x400000000000fffd}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x0, 0xffffffffffffffff}, 0x0)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x0, 0x0, 0x1}, 0x0)

14:49:29 executing program 2:
r0 = getpid()
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
read(r1, &(0x7f0000000080)=""/1, 0x1)
write$cgroup_pid(r1, &(0x7f00000000c0)=r0, 0x12)
close(r1)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/pids.max\x00', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.cpu/cpuset.cpus\x00', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.net/cgroup.procs\x00', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.net/devices.allow\x00', 0x1, 0x0)

14:49:29 executing program 3:
getpid()
exit_group(0x0)
getpid()

[   70.805705] audit: type=1400 audit(1664894969.280:6): avc:  denied  { execmem } for  pid=285 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
14:49:29 executing program 4:
getpid()
exit_group(0x1)
getpid()

14:49:29 executing program 5:
close(0x3)
close(0x4)
close(0x5)
pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0)
close(0x3)
close(0x4)
close(0x5)

14:49:29 executing program 6:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x1ff)
write(r0, &(0x7f0000000080)="01010101", 0x4)
read(r0, &(0x7f00000000c0)=""/4, 0x4)
close(r0)

14:49:29 executing program 7:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000080)={0x17e})
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x1ff)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r1, 0x40086602, &(0x7f0000000140)={0x17e})

[   72.054777] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   72.056887] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   72.058253] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   72.059624] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   72.062159] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   72.063342] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   72.065062] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   72.069058] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   72.070265] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   72.070987] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   72.074376] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   72.075899] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   72.077592] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   72.078641] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   72.091939] Bluetooth: hci2: HCI_REQ-0x0c1a
[   72.093497] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   72.094587] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   72.097502] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   72.098588] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   72.109200] Bluetooth: hci1: HCI_REQ-0x0c1a
[   72.110049] Bluetooth: hci0: HCI_REQ-0x0c1a
[   72.165489] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   72.167032] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[   72.168673] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   72.171230] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[   72.172620] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   72.175000] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[   72.187976] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   72.189452] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[   72.192176] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   72.193891] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[   72.195732] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   72.212052] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[   72.216947] Bluetooth: hci5: HCI_REQ-0x0c1a
[   72.217758] Bluetooth: hci6: HCI_REQ-0x0c1a
[   74.129341] Bluetooth: hci0: command 0x0409 tx timeout
[   74.130056] Bluetooth: hci1: command 0x0409 tx timeout
[   74.130602] Bluetooth: hci2: command 0x0409 tx timeout
[   74.130765] Bluetooth: hci4: Opcode 0x c03 failed: -110
[   74.132753] Bluetooth: hci3: Opcode 0x c03 failed: -110
[   74.192875] Bluetooth: hci7: Opcode 0x c03 failed: -110
[   74.256934] Bluetooth: hci6: command 0x0409 tx timeout
[   74.257963] Bluetooth: hci5: command 0x0409 tx timeout
[   76.176904] Bluetooth: hci2: command 0x041b tx timeout
[   76.177421] Bluetooth: hci1: command 0x041b tx timeout
[   76.177966] Bluetooth: hci0: command 0x041b tx timeout
[   76.305872] Bluetooth: hci5: command 0x041b tx timeout
[   76.306351] Bluetooth: hci6: command 0x041b tx timeout
[   78.225939] Bluetooth: hci0: command 0x040f tx timeout
[   78.226725] Bluetooth: hci1: command 0x040f tx timeout
[   78.227311] Bluetooth: hci2: command 0x040f tx timeout
[   78.352912] Bluetooth: hci6: command 0x040f tx timeout
[   78.353355] Bluetooth: hci5: command 0x040f tx timeout
[   79.568901] Bluetooth: hci3: Opcode 0x c03 failed: -110
[   79.761245] Bluetooth: hci7: Opcode 0x c03 failed: -110
[   79.763309] Bluetooth: hci4: Opcode 0x c03 failed: -110
[   80.273697] Bluetooth: hci2: command 0x0419 tx timeout
[   80.274582] Bluetooth: hci1: command 0x0419 tx timeout
[   80.275933] Bluetooth: hci0: command 0x0419 tx timeout
[   80.400950] Bluetooth: hci5: command 0x0419 tx timeout
[   80.401855] Bluetooth: hci6: command 0x0419 tx timeout
[   82.774259] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[   82.775517] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[   82.777698] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[   82.780168] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[   82.781427] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[   82.782220] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[   82.785552] Bluetooth: hci7: HCI_REQ-0x0c1a
[   84.368893] Bluetooth: hci3: Opcode 0x c03 failed: -110
[   84.688914] Bluetooth: hci4: Opcode 0x c03 failed: -110
[   84.816883] Bluetooth: hci7: command 0x0409 tx timeout
[   86.864909] Bluetooth: hci7: command 0x041b tx timeout
[   87.124398] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   87.125696] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   87.131230] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   87.144059] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   87.151046] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   87.153385] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   87.160491] Bluetooth: hci4: HCI_REQ-0x0c1a
[   88.785862] Bluetooth: hci3: Opcode 0x c03 failed: -110
[   88.913894] Bluetooth: hci7: command 0x040f tx timeout
[   89.234029] Bluetooth: hci4: command 0x0409 tx timeout
[   90.961912] Bluetooth: hci7: command 0x0419 tx timeout
[   91.280900] Bluetooth: hci4: command 0x041b tx timeout
[   91.389359] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   91.392146] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   91.399028] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   91.403574] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   91.407323] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   91.414458] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   91.455935] Bluetooth: hci3: HCI_REQ-0x0c1a
[   93.329917] Bluetooth: hci4: command 0x040f tx timeout
[   93.522012] Bluetooth: hci3: command 0x0409 tx timeout
[   95.377983] Bluetooth: hci4: command 0x0419 tx timeout
[   95.569866] Bluetooth: hci3: command 0x041b tx timeout
[   97.616857] Bluetooth: hci3: command 0x040f tx timeout
[   99.664900] Bluetooth: hci3: command 0x0419 tx timeout
[  120.674049] process 'syz-executor.0' launched './file1' with NULL argv: empty string added
14:51:11 executing program 0:
ptrace(0x10, 0x1)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x6, 0x0, 0x0, 0x0, 0x8000000009917, 0x400000000000fffd}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x0, 0xffffffffffffffff}, 0x0)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x0, 0x0, 0x1}, 0x0)

14:51:11 executing program 3:
socket(0x0, 0x0, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
accept(r0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

14:51:11 executing program 5:
syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)

14:51:11 executing program 7:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000000)={0x5b03, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108)

14:51:11 executing program 6:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000940), 0x0, 0x0)
tee(r1, r0, 0x400, 0x0)

14:51:11 executing program 1:
ptrace(0x10, 0x1)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x6, 0x0, 0x0, 0x0, 0x8000000009917, 0x400000000000fffd}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x0, 0xffffffffffffffff}, 0x0)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x0, 0x0, 0x1}, 0x0)

14:51:11 executing program 2:
r0 = getpid()
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
read(r1, &(0x7f0000000080)=""/1, 0x1)
write$cgroup_pid(r1, &(0x7f00000000c0)=r0, 0x12)
close(r1)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/pids.max\x00', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.cpu/cpuset.cpus\x00', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.net/cgroup.procs\x00', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.net/devices.allow\x00', 0x1, 0x0)

14:51:11 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0xf, 0x11, r0, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0})

14:51:11 executing program 6:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000940), 0x0, 0x0)
tee(r1, r0, 0x400, 0x0)

14:51:11 executing program 7:
r0 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
vmsplice(r0, &(0x7f00000008c0)=[{&(0x7f0000000280)="7f", 0x1}, {0x0}], 0x2, 0x0)

14:51:11 executing program 5:
ptrace(0x10, 0x1)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x6, 0x0, 0x0, 0x0, 0x8000000009917, 0x400000000000fffd}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x0, 0xffffffffffffffff}, 0x0)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x0, 0x0, 0x1}, 0x0)

14:51:11 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0xf, 0x11, r0, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0})

14:51:11 executing program 2:
r0 = getpid()
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
read(r1, &(0x7f0000000080)=""/1, 0x1)
write$cgroup_pid(r1, &(0x7f00000000c0)=r0, 0x12)
close(r1)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/pids.max\x00', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.cpu/cpuset.cpus\x00', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.net/cgroup.procs\x00', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.net/devices.allow\x00', 0x1, 0x0)

14:51:11 executing program 7:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, 0x0)

14:51:11 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5603, &(0x7f0000000040))

14:51:11 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0xf, 0x11, r0, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0})

[  175.382710] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  175.384746] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  175.387502] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  175.391535] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  175.394057] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  175.395604] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  175.404562] Bluetooth: hci2: HCI_REQ-0x0c1a
[  177.424889] Bluetooth: hci2: command 0x0409 tx timeout
[  179.472889] Bluetooth: hci2: command 0x041b tx timeout
[  181.520956] Bluetooth: hci2: command 0x040f tx timeout
[  183.569904] Bluetooth: hci2: command 0x0419 tx timeout
[  196.049073] Bluetooth: hci1: command 0x0406 tx timeout
[  196.050110] Bluetooth: hci0: command 0x0406 tx timeout
[  196.050209] Bluetooth: hci5: command 0x0406 tx timeout
[  196.051046] Bluetooth: hci6: command 0x0406 tx timeout
[  208.337043] Bluetooth: hci7: command 0x0406 tx timeout
[  212.433452] Bluetooth: hci4: command 0x0406 tx timeout
[  216.529164] Bluetooth: hci3: command 0x0406 tx timeout
14:52:24 executing program 6:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000940), 0x0, 0x0)
tee(r1, r0, 0x400, 0x0)

14:52:24 executing program 2:
r0 = getpid()
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
read(r1, &(0x7f0000000080)=""/1, 0x1)
write$cgroup_pid(r1, &(0x7f00000000c0)=r0, 0x12)
close(r1)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/pids.max\x00', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.cpu/cpuset.cpus\x00', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.net/cgroup.procs\x00', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.net/devices.allow\x00', 0x1, 0x0)

14:52:24 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0xf, 0x11, r0, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0})

14:52:24 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5603, &(0x7f0000000040))

14:52:24 executing program 7:
syz_emit_ethernet(0x46, &(0x7f0000000080)={@local, @multicast, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "da172d", 0x10, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @remote, {[@hopopts={0x0, 0x1, '\x00', [@jumbo={0xc2, 0x2}, @generic]}]}}}}}, 0x0)

14:52:24 executing program 1:
ptrace(0x10, 0x1)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x6, 0x0, 0x0, 0x0, 0x8000000009917, 0x400000000000fffd}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x0, 0xffffffffffffffff}, 0x0)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x0, 0x0, 0x1}, 0x0)

14:52:24 executing program 5:
ptrace(0x10, 0x1)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x6, 0x0, 0x0, 0x0, 0x8000000009917, 0x400000000000fffd}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x0, 0xffffffffffffffff}, 0x0)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x0, 0x0, 0x1}, 0x0)

14:52:24 executing program 0:
ptrace(0x10, 0x1)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x6, 0x0, 0x0, 0x0, 0x8000000009917, 0x400000000000fffd}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x0, 0xffffffffffffffff}, 0x0)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x0, 0x0, 0x1}, 0x0)

14:52:24 executing program 6:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000940), 0x0, 0x0)
tee(r1, r0, 0x400, 0x0)

14:52:24 executing program 7:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc08c5332, &(0x7f0000000040)={0x0, @time})

14:52:24 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5603, &(0x7f0000000040))

14:52:24 executing program 7:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc08c5332, &(0x7f0000000040)={0x0, @time})

[  248.216686] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  248.218661] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  248.223143] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  248.230008] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  248.234416] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  248.238120] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  248.244767] Bluetooth: hci1: HCI_REQ-0x0c1a
[  248.298084] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  248.310718] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  248.313319] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  248.323105] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  248.327058] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  248.328566] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  248.345925] Bluetooth: hci4: HCI_REQ-0x0c1a
[  250.256937] Bluetooth: hci1: command 0x0409 tx timeout
[  250.320873] Bluetooth: hci2: Opcode 0x c03 failed: -110
[  250.384881] Bluetooth: hci4: command 0x0409 tx timeout
[  252.304861] Bluetooth: hci1: command 0x041b tx timeout
[  252.432961] Bluetooth: hci4: command 0x041b tx timeout
[  254.352861] Bluetooth: hci1: command 0x040f tx timeout
[  254.480873] Bluetooth: hci4: command 0x040f tx timeout
[  254.672915] Bluetooth: hci2: Opcode 0x c03 failed: -110
[  256.401339] Bluetooth: hci1: command 0x0419 tx timeout
[  256.528894] Bluetooth: hci4: command 0x0419 tx timeout
[  256.917755] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  256.919151] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  256.919990] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  256.923042] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  256.924404] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  256.925166] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  256.928476] Bluetooth: hci2: HCI_REQ-0x0c1a
[  258.960879] Bluetooth: hci2: command 0x0409 tx timeout
[  261.009869] Bluetooth: hci2: command 0x041b tx timeout
[  263.056843] Bluetooth: hci2: command 0x040f tx timeout
[  265.105156] Bluetooth: hci2: command 0x0419 tx timeout
14:53:43 executing program 4:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc08c5332, &(0x7f0000000040)={0x0, @time})

14:53:43 executing program 3:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCGSOFTCAR(r0, 0x5603, &(0x7f0000000040))

14:53:43 executing program 1:
ptrace(0x10, 0x1)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x6, 0x0, 0x0, 0x0, 0x8000000009917, 0x400000000000fffd}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x0, 0xffffffffffffffff}, 0x0)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x0, 0x0, 0x1}, 0x0)

14:53:43 executing program 2:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone3(0x0, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/timers\x00', 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

14:53:43 executing program 0:
ptrace(0x10, 0x1)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x6, 0x0, 0x0, 0x0, 0x8000000009917, 0x400000000000fffd}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x0, 0xffffffffffffffff}, 0x0)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x0, 0x0, 0x1}, 0x0)

[  325.439373] audit: type=1400 audit(1664895223.914:7): avc:  denied  { open } for  pid=5873 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
[  325.442074] audit: type=1400 audit(1664895223.914:8): avc:  denied  { kernel } for  pid=5873 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
14:53:43 executing program 5:
ptrace(0x10, 0x1)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x6, 0x0, 0x0, 0x0, 0x8000000009917, 0x400000000000fffd}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x0, 0xffffffffffffffff}, 0x0)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x0, 0x0, 0x1}, 0x0)

[  325.460120] ------------[ cut here ]------------
[  325.460154] 
[  325.460159] ======================================================
[  325.460165] WARNING: possible circular locking dependency detected
[  325.460171] 6.0.0-next-20221004 #1 Not tainted
[  325.460186] ------------------------------------------------------
[  325.460191] syz-executor.2/5874 is trying to acquire lock:
[  325.460203] ffffffff853faaf8 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70
[  325.460269] 
[  325.460269] but task is already holding lock:
[  325.460274] ffff888032517c20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  325.460321] 
[  325.460321] which lock already depends on the new lock.
[  325.460321] 
[  325.460326] 
[  325.460326] the existing dependency chain (in reverse order) is:
[  325.460332] 
[  325.460332] -> #3 (&ctx->lock){....}-{2:2}:
[  325.460357]        _raw_spin_lock+0x2a/0x40
[  325.460378]        __perf_event_task_sched_out+0x53b/0x18d0
[  325.460399]        __schedule+0xedd/0x2470
[  325.460425]        schedule+0xda/0x1b0
[  325.460451]        futex_wait_queue+0xf5/0x1e0
[  325.460472]        futex_wait+0x28e/0x690
[  325.460491]        do_futex+0x2ff/0x380
[  325.460508]        __x64_sys_futex+0x1c6/0x4d0
[  325.460527]        do_syscall_64+0x3b/0x90
[  325.460559]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  325.460583] 
[  325.460583] -> #2 (&rq->__lock){-.-.}-{2:2}:
[  325.460608]        _raw_spin_lock_nested+0x30/0x40
[  325.460628]        raw_spin_rq_lock_nested+0x1e/0x30
[  325.460652]        task_fork_fair+0x63/0x4d0
[  325.460683]        sched_cgroup_fork+0x3d0/0x540
[  325.460709]        copy_process+0x4183/0x6e20
[  325.460728]        kernel_clone+0xe7/0x890
[  325.460745]        user_mode_thread+0xad/0xf0
[  325.460764]        rest_init+0x24/0x250
[  325.460787]        arch_call_rest_init+0xf/0x14
[  325.460820]        start_kernel+0x4c6/0x4eb
[  325.460850]        secondary_startup_64_no_verify+0xe0/0xeb
[  325.460874] 
[  325.460874] -> #1 (&p->pi_lock){-.-.}-{2:2}:
[  325.460899]        _raw_spin_lock_irqsave+0x39/0x60
[  325.460920]        try_to_wake_up+0xab/0x1930
[  325.460944]        up+0x75/0xb0
[  325.460971]        __up_console_sem+0x6e/0x80
[  325.460999]        console_unlock+0x46a/0x590
[  325.461029]        vt_ioctl+0x2822/0x2ca0
[  325.461050]        tty_ioctl+0x785/0x16b0
[  325.461070]        __x64_sys_ioctl+0x19a/0x210
[  325.461094]        do_syscall_64+0x3b/0x90
[  325.461126]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  325.461150] 
[  325.461150] -> #0 ((console_sem).lock){....}-{2:2}:
[  325.461175]        __lock_acquire+0x2a02/0x5e70
[  325.461206]        lock_acquire+0x1a2/0x530
[  325.461235]        _raw_spin_lock_irqsave+0x39/0x60
[  325.461256]        down_trylock+0xe/0x70
[  325.461284]        __down_trylock_console_sem+0x3b/0xd0
[  325.461314]        vprintk_emit+0x16b/0x560
[  325.461343]        vprintk+0x84/0xa0
[  325.461372]        _printk+0xba/0xf1
[  325.461394]        report_bug.cold+0x72/0xab
[  325.461424]        handle_bug+0x3c/0x70
[  325.461441]        exc_invalid_op+0x14/0x50
[  325.461458]        asm_exc_invalid_op+0x16/0x20
[  325.461481]        group_sched_out.part.0+0x2c7/0x460
[  325.461514]        ctx_sched_out+0x8f1/0xc10
[  325.461544]        __perf_event_task_sched_out+0x6d0/0x18d0
[  325.461564]        __schedule+0xedd/0x2470
[  325.461590]        schedule+0xda/0x1b0
[  325.461616]        futex_wait_queue+0xf5/0x1e0
[  325.461636]        futex_wait+0x28e/0x690
[  325.461654]        do_futex+0x2ff/0x380
[  325.461671]        __x64_sys_futex+0x1c6/0x4d0
[  325.461690]        do_syscall_64+0x3b/0x90
[  325.461722]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  325.461746] 
[  325.461746] other info that might help us debug this:
[  325.461746] 
[  325.461751] Chain exists of:
[  325.461751]   (console_sem).lock --> &rq->__lock --> &ctx->lock
[  325.461751] 
[  325.461777]  Possible unsafe locking scenario:
[  325.461777] 
[  325.461781]        CPU0                    CPU1
[  325.461785]        ----                    ----
[  325.461789]   lock(&ctx->lock);
[  325.461799]                                lock(&rq->__lock);
[  325.461811]                                lock(&ctx->lock);
[  325.461822]   lock((console_sem).lock);
[  325.461833] 
[  325.461833]  *** DEADLOCK ***
[  325.461833] 
[  325.461836] 2 locks held by syz-executor.2/5874:
[  325.461848]  #0: ffff88806ce37e98 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470
[  325.461903]  #1: ffff888032517c20 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0
[  325.461951] 
[  325.461951] stack backtrace:
[  325.461956] CPU: 0 PID: 5874 Comm: syz-executor.2 Not tainted 6.0.0-next-20221004 #1
[  325.461978] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  325.461993] Call Trace:
[  325.461998]  <TASK>
[  325.462005]  dump_stack_lvl+0x8b/0xb3
[  325.462040]  check_noncircular+0x263/0x2e0
[  325.462071]  ? format_decode+0x26c/0xb50
[  325.462101]  ? print_circular_bug+0x450/0x450
[  325.462133]  ? simple_strtoul+0x30/0x30
[  325.462164]  ? format_decode+0x26c/0xb50
[  325.462195]  ? memcpy+0x39/0x60
[  325.462228]  ? vsnprintf+0x4ba/0x1600
[  325.462263]  __lock_acquire+0x2a02/0x5e70
[  325.462306]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  325.462340]  ? __mutex_add_waiter+0x120/0x120
[  325.462376]  lock_acquire+0x1a2/0x530
[  325.462407]  ? down_trylock+0xe/0x70
[  325.462441]  ? lock_release+0x750/0x750
[  325.462481]  ? vprintk+0x84/0xa0
[  325.462515]  _raw_spin_lock_irqsave+0x39/0x60
[  325.462537]  ? down_trylock+0xe/0x70
[  325.462568]  down_trylock+0xe/0x70
[  325.462598]  ? vprintk+0x84/0xa0
[  325.462629]  __down_trylock_console_sem+0x3b/0xd0
[  325.462661]  vprintk_emit+0x16b/0x560
[  325.462698]  vprintk+0x84/0xa0
[  325.462730]  _printk+0xba/0xf1
[  325.462752]  ? record_print_text.cold+0x16/0x16
[  325.462785]  ? report_bug.cold+0x66/0xab
[  325.462820]  ? group_sched_out.part.0+0x2c7/0x460
[  325.462854]  report_bug.cold+0x72/0xab
[  325.462891]  handle_bug+0x3c/0x70
[  325.462909]  exc_invalid_op+0x14/0x50
[  325.462929]  asm_exc_invalid_op+0x16/0x20
[  325.462953] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  325.462991] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 2b 08 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  325.463013] RSP: 0018:ffff88802e79f8f8 EFLAGS: 00010006
[  325.463039] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  325.463053] RDX: ffff88802f471ac0 RSI: ffffffff81566da7 RDI: 0000000000000005
[  325.463067] RBP: ffff8880086605c8 R08: 0000000000000005 R09: 0000000000000001
[  325.463081] R10: 0000000000000000 R11: ffffffff865b601b R12: ffff888032517c00
[  325.463095] R13: ffff88806ce3d2c0 R14: ffffffff8547d040 R15: 0000000000000002
[  325.463118]  ? group_sched_out.part.0+0x2c7/0x460
[  325.463156]  ? group_sched_out.part.0+0x2c7/0x460
[  325.463194]  ctx_sched_out+0x8f1/0xc10
[  325.463231]  __perf_event_task_sched_out+0x6d0/0x18d0
[  325.463260]  ? lock_is_held_type+0xd7/0x130
[  325.463287]  ? __perf_cgroup_move+0x160/0x160
[  325.463307]  ? set_next_entity+0x304/0x550
[  325.463345]  ? lock_is_held_type+0xd7/0x130
[  325.463374]  __schedule+0xedd/0x2470
[  325.463408]  ? io_schedule_timeout+0x150/0x150
[  325.463438]  ? futex_wait_setup+0x166/0x230
[  325.463467]  schedule+0xda/0x1b0
[  325.463496]  futex_wait_queue+0xf5/0x1e0
[  325.463520]  futex_wait+0x28e/0x690
[  325.463545]  ? futex_wait_setup+0x230/0x230
[  325.463571]  ? wake_up_q+0x8b/0xf0
[  325.463595]  ? do_raw_spin_unlock+0x4f/0x220
[  325.463632]  ? futex_wake+0x158/0x490
[  325.463666]  ? fd_install+0x1f9/0x640
[  325.463694]  do_futex+0x2ff/0x380
[  325.463716]  ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0
[  325.463749]  __x64_sys_futex+0x1c6/0x4d0
[  325.463774]  ? __x64_sys_futex_time32+0x480/0x480
[  325.463799]  ? syscall_enter_from_user_mode+0x1d/0x50
[  325.463827]  ? syscall_enter_from_user_mode+0x1d/0x50
[  325.463858]  do_syscall_64+0x3b/0x90
[  325.463892]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  325.463918] RIP: 0033:0x7fb48631bb19
[  325.463933] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  325.463953] RSP: 002b:00007fb483891218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  325.463973] RAX: ffffffffffffffda RBX: 00007fb48642ef68 RCX: 00007fb48631bb19
[  325.463987] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb48642ef68
[  325.464001] RBP: 00007fb48642ef60 R08: 0000000000000000 R09: 0000000000000000
[  325.464014] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb48642ef6c
[  325.464027] R13: 00007ffed3a199cf R14: 00007fb483891300 R15: 0000000000022000
[  325.464055]  </TASK>
[  325.571041] WARNING: CPU: 0 PID: 5874 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460
[  325.572283] Modules linked in:
[  325.572721] CPU: 0 PID: 5874 Comm: syz-executor.2 Not tainted 6.0.0-next-20221004 #1
[  325.573764] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[  325.575287] RIP: 0010:group_sched_out.part.0+0x2c7/0x460
[  325.576043] Code: 5e 41 5f e9 8b ae ef ff e8 86 ae ef ff 65 8b 1d 2b 08 ac 7e 31 ff 89 de e8 26 ab ef ff 85 db 0f 84 8a 00 00 00 e8 69 ae ef ff <0f> 0b e9 a5 fe ff ff e8 5d ae ef ff 48 8d 7d 10 48 b8 00 00 00 00
[  325.578499] RSP: 0018:ffff88802e79f8f8 EFLAGS: 00010006
[  325.579231] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000
[  325.580196] RDX: ffff88802f471ac0 RSI: ffffffff81566da7 RDI: 0000000000000005
[  325.581158] RBP: ffff8880086605c8 R08: 0000000000000005 R09: 0000000000000001
[  325.582130] R10: 0000000000000000 R11: ffffffff865b601b R12: ffff888032517c00
[  325.583103] R13: ffff88806ce3d2c0 R14: ffffffff8547d040 R15: 0000000000000002
[  325.584070] FS:  00007fb483891700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
[  325.585147] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  325.585939] CR2: 0000555555630708 CR3: 00000000333ae000 CR4: 0000000000350ef0
[  325.586889] Call Trace:
[  325.587249]  <TASK>
[  325.587562]  ctx_sched_out+0x8f1/0xc10
[  325.588133]  __perf_event_task_sched_out+0x6d0/0x18d0
[  325.588831]  ? lock_is_held_type+0xd7/0x130
[  325.589425]  ? __perf_cgroup_move+0x160/0x160
[  325.590045]  ? set_next_entity+0x304/0x550
[  325.590637]  ? lock_is_held_type+0xd7/0x130
[  325.591233]  __schedule+0xedd/0x2470
[  325.591762]  ? io_schedule_timeout+0x150/0x150
[  325.592392]  ? futex_wait_setup+0x166/0x230
[  325.592995]  schedule+0xda/0x1b0
[  325.593482]  futex_wait_queue+0xf5/0x1e0
[  325.594050]  futex_wait+0x28e/0x690
[  325.594564]  ? futex_wait_setup+0x230/0x230
[  325.595176]  ? wake_up_q+0x8b/0xf0
[  325.595678]  ? do_raw_spin_unlock+0x4f/0x220
[  325.596299]  ? futex_wake+0x158/0x490
[  325.596839]  ? fd_install+0x1f9/0x640
[  325.597382]  do_futex+0x2ff/0x380
[  325.597865]  ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0
[  325.598664]  __x64_sys_futex+0x1c6/0x4d0
[  325.599241]  ? __x64_sys_futex_time32+0x480/0x480
[  325.599907]  ? syscall_enter_from_user_mode+0x1d/0x50
[  325.600614]  ? syscall_enter_from_user_mode+0x1d/0x50
[  325.601328]  do_syscall_64+0x3b/0x90
[  325.601857]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  325.602570] RIP: 0033:0x7fb48631bb19
[  325.603099] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  325.605543] RSP: 002b:00007fb483891218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  325.606571] RAX: ffffffffffffffda RBX: 00007fb48642ef68 RCX: 00007fb48631bb19
[  325.607547] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb48642ef68
[  325.608504] RBP: 00007fb48642ef60 R08: 0000000000000000 R09: 0000000000000000
[  325.609454] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb48642ef6c
[  325.610406] R13: 00007ffed3a199cf R14: 00007fb483891300 R15: 0000000000022000
[  325.611399]  </TASK>
[  325.611720] irq event stamp: 628
[  325.612190] hardirqs last  enabled at (627): [<ffffffff8425590d>] syscall_enter_from_user_mode+0x1d/0x50
[  325.613456] hardirqs last disabled at (628): [<ffffffff8425ec15>] __schedule+0x1225/0x2470
[  325.614569] softirqs last  enabled at (488): [<ffffffff81170a0b>] __irq_exit_rcu+0x11b/0x180
[  325.615747] softirqs last disabled at (463): [<ffffffff81170a0b>] __irq_exit_rcu+0x11b/0x180
[  325.616904] ---[ end trace 0000000000000000 ]---
14:53:43 executing program 7:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc08c5332, &(0x7f0000000040)={0x0, @time})

14:53:43 executing program 4:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc08c5332, &(0x7f0000000040)={0x0, @time})

14:53:44 executing program 3:
perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x440}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x200f, &(0x7f0000001200)={0x0, 0x9c8c, 0x0, 0x0, 0x32d}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000001180), &(0x7f0000001280))
r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
io_uring_enter(r0, 0xb21, 0xb770, 0x0, &(0x7f0000000000)={[0xfff]}, 0x8)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
io_uring_setup(0x792a, &(0x7f0000000100)={0x0, 0x610b, 0x4, 0x2, 0x145, 0x0, r2})
sendmsg$nl_xfrm(r2, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000500)=@newae={0x50, 0x1e, 0x801, 0x0, 0x0, {{@in=@loopback}, @in6=@ipv4={'\x00', '\xff\xff', @empty}}, [@replay_val={0x10}]}, 0x50}}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/keys\x00', 0x0, 0x0)

14:53:44 executing program 6:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
getsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0xf, 0x0, &(0x7f0000000040))

14:53:44 executing program 4:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc08c5332, &(0x7f0000000040)={0x0, @time})

[  325.735801] hrtimer: interrupt took 18314 ns
14:53:44 executing program 6:
r0 = syz_io_uring_setup(0x35f1, &(0x7f00000003c0), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000440), &(0x7f0000000480))
io_uring_register$IORING_UNREGISTER_EVENTFD(r0, 0x5, 0x0, 0x0)

14:53:44 executing program 6:
r0 = syz_open_dev$vcsn(&(0x7f0000000180), 0x4a80, 0x0)
read$snapshot(r0, &(0x7f00000001c0)=""/252, 0xfc)

14:53:44 executing program 7:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc08c5332, &(0x7f0000000040)={0x0, @time})

14:53:44 executing program 2:
r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x77, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone3(0x0, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/timers\x00', 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

[  330.065004] Bluetooth: hci1: Opcode 0x c03 failed: -110
[  330.256867] Bluetooth: hci4: Opcode 0x c03 failed: -110
[  330.256868] Bluetooth: hci2: Opcode 0x c03 failed: -110
[  332.434824] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  332.435501] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  332.436236] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  332.437518] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  332.438348] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  332.439110] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  332.443603] Bluetooth: hci2: HCI_REQ-0x0c1a
[  334.288949] Bluetooth: hci1: Opcode 0x c03 failed: -110
[  334.481859] Bluetooth: hci2: command 0x0409 tx timeout
[  334.545833] Bluetooth: hci4: Opcode 0x c03 failed: -110

VM DIAGNOSIS:
14:53:44  Registers:
info registers vcpu 0
RAX=0000000000000034 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff823bd531 RDI=ffffffff8765c9a0 RBP=ffffffff8765c960 RSP=ffff88802e79f340
R8 =0000000000000001 R9 =000000000000000a R10=0000000000000034 R11=0000000000000001
R12=0000000000000034 R13=ffffffff8765c960 R14=0000000000000010 R15=ffffffff823bd520
RIP=ffffffff823bd589 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007fb483891700 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000555555630708 CR3=00000000333ae000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 00007fb4864027c0 00007fb4864027c8
YMM02=0000000000000000 0000000000000000 00007fb4864027e0 00007fb4864027c0
YMM03=0000000000000000 0000000000000000 00007fb4864027c8 00007fb4864027c0
YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1
RAX=0000000000000000 RBX=ffff88806ce3f080 RCX=0000000000000000 RDX=ffff88802f473580
RSI=ffffffff813bcaa7 RDI=0000000000000005 RBP=0000000000000000 RSP=ffff888031d17958
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001
R12=0000000000000003 R13=ffffed100d9c7e11 R14=ffff88806ce3f088 R15=0000000000000001
RIP=ffffffff813bcaa9 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 00000000 00000000
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000555555db2400 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fb48642b0a0 CR3=00000000333ae000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM01=0000000000000000 0000000000000000 00007fb4864027c0 00007fb4864027c8
YMM02=0000000000000000 0000000000000000 00007fb4864027e0 00007fb4864027c0
YMM03=0000000000000000 0000000000000000 00007fb4864027c8 00007fb4864027c0
YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000
YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245
YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040
YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000